Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s predictions that security professionals and decision-makers should keep an eye out for in the coming year. Also, read about how scammers are exploiting auto-forwarding rules to boost the success rate of Business Email Compromise (BEC) attacks.
Cybercriminals capitalized on the chaotic year by attempting to breach a record number of enterprise systems in many industries. AI and machine learning-based cybersecurity platforms combined with human expertise make it more challenging for attackers to succeed in their efforts. In 2021, cybersecurity vendors will accelerate AI and machine learning app development to combine human and machine insights to out-innovate attackers’ intent on escalating an AI-based arms race.
In response to the COVID-19 pandemic, organizations have had to rethink their operational and security processes, from everyday business functions and cloud migrations to teleworking support. These, along with constant security risks, have not only challenged organizations in 2020 but also raised concerns regarding readiness for disruption. In this blog, learn key predictions that security professionals and decision-makers should keep an eye out for in the coming year.
Older adults have faced a barrage of online scams during the COVID-19 pandemic, with the upcoming holiday season and increased consumer spending likely to intensify the problem. Older people have long been viewed as easy targets by malicious actors looking to make money and have increasingly become victims of scams aimed at everything from COVID-19 stimulus checks to other financial information.
More holiday shopping is happening online this year due to the pandemic. This sparked some curiosity as to whether the rate of phishing would increase proportionally with the growth rate of e-commerce. In this blog, Greg Young, vice president of cybersecurity at Trend Micro, takes a data deep dive to come up with some answers.
Trend Micro recently noticed an increase in the number of Gootkit cases targeting users in Germany. Upon investigation, Trend Micro found that the Gootkit loader was now capable of sophisticated behavior that enabled it to surreptitiously load itself onto an affected system and make analysis and detection more difficult. This capability was used to deploy a DLL file.
Scammers are exploiting auto-forwarding rules to boost the success rate of Business Email Compromise (BEC) attacks, the FBI said in a statement. This allows cybercriminals to better conceal their scamming activities, and scammers are doing this as the COVID-19 pandemic necessitates more telework, another factor increasing the likelihood of success.
While tracking the activities of the SideWinder group, Trend Micro identified a server used to deliver a malicious LNK file and host multiple credential phishing pages. These pages were copied from their victims’ webmail login pages and subsequently modified for phishing. Trend Micro also believes further activities are propagated via spear-phishing attacks.
Bob Zukis, CEO of Digital Directors Network, recently talked with Chris Hetner, former SEC Senior Cybersecurity Advisor to the Chairman of The United States Securities and Exchange Commission, on the changing regulatory landscape when it comes to cybersecurity.
The last set of updates for 2020 includes 58 patches for the Microsoft Office suite. Of the total number, nine have been rated Critical and 46 as Important. A significant number of updates fixes gaps in MS Exchange vulnerable to remote code execution (RCE) and information disclosure, as well as a server message block (SMB) gap also noted for the latter vulnerability.
In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands. Ransomware groups caught calling victims in the past include Sekhmet (now defunct), Maze (now defunct), Conti, and Ryuk, according to a spokesperson for cybersecurity firm Emsisoft.
The integration of the Internet of Things (IoT) and cloud computing—as prominently manifested in the profusion of cloud services that power the IoT, collectively known as the IoT cloud—poses a new frontier for how industries are run. However, it is important not to overlook their respective security risks and the implications of these risks when the two technologies converge.
Alexander Vinnik, a Russian bitcoin expert at the center of a multi-country legal tussle, was sentenced in Paris on Monday to five years in prison for money laundering and ordered to pay 100,000 euros (more than $120,000) in fines in a case of suspected cryptocurrency fraud. A court acquitted Vinnik of charges of extortion and association with a criminal enterprise, according to his lawyers.
The Advocates for Highway and Auto Safety recently released the Autonomous Vehicle (AV) Tenets. The Tenets have four categories: prioritizing the safety of all road users, guaranteeing accessibility for all, preserving consumer and worker rights, and ensuring local control and sustainable transportation. These serve as a guide for federal legislation and policy on the development and deployment of AVs.
Now that companies are moving beyond the basics of artificial intelligence, IT leaders are looking for people with experience in integrating artificial intelligence (AI) with other technologies such as automation. In this article, Jon Clay, director of global threat communications at Trend Micro, shares his thoughts on security skills needed for the cloud in 2021.
Which technology skills do you think will be in high demand in 2021? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.