Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about Povlsomware: a proof-of-concept (POC) ransomware that features Cobalt Strike compatibility. Also, learn how Trend Micro detected more than 16.7 million high-risk email threats in 2020.
High-risk email threats climbed by 32% compared to 2019, according to Trend Micro’s 2020 Cloud App Security Report. The report found that detections of malware, credential theft, and phishing emails all recorded double-digit year-on-year increases in 2020, while business email compromise volumes dropped slightly. The report looks at data from more than 16.7 million high-risk email threats that Trend Micro’s Cloud App Security detected and blocked.
Povlsomware is a proof-of-concept (POC) ransomware first released in November 2020 which, according to its Github page, is used to “securely” test the ransomware protection capabilities of security vendor products. Povlsomware has some interesting characteristics, notably its compatibility with the post-exploitation tool Cobalt Strike (which has been linked to other ransomware families such as Ryuk and DoppelPaymer).
China-linked cyber-espionage group Hafnium has been remotely plundering email inboxes using freshly discovered flaws in Microsoft mail server software Exchange, according to the company and outside researchers. This is an example of how commonly used programs can be exploited to cast a wide net online. Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software.
Trend Micro recently discovered two new ransomware variants, AlumniLocker and Humble, which exhibit different sophisticated behaviors and extortion techniques post-encryption. One of these techniques includes an unusually high ransom payment and a threat to publicize victims’ critical data. These new variants prove that ransomware’s targeted and extortion-focused era is alive and well in 2021.
An apparent ransomware attack last fall caused $67 million in pre-tax losses at Universal Health Services, one of the biggest health care providers in the country. The breach was widely reported to be a ransomware attack, with some analysts saying it involved the Ryuk strain of malicious code. It came amid a wave of suspected Ryuk incidents at the computer networks of various U.S. hospitals.
2021 is off to strong start for the cybersecurity community with the news of the infamous botnet Emotet being brought down in a coordinated global operation. As the first security vendor to detect and profile the Trojan back in 2014, Trend Micro is glad to see the back of it. This takedown sends a clear message that cybercrime has consequences.
Google Cloud, Munich Re and Allianz Global Corporate Specialty (AGCS) announced the Risk Protection Program, a collaboration between a major cloud provider and cyber insurance companies. The Risk Protection Program is designed to help customers reduce cloud security risk and in turn potentially reduce costs by connecting with two of the insurers for specialized and enhanced cyber insurance.
In the midst of the COVID-19 pandemic, millions of people are now working from home around the globe and email has become an imperative tool to communicate with peers and clients remotely. As a result, malicious hackers are evolving, too. In 2020, Trend Micro detected 1.1 million malware, 15.2 million phishing attempts and 317,500 BEC attempts.
A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks. Hackers painted a bullseye on the backs of online financial institutions in 2020 as the pandemic shuttered local branch offices and forced customers online. Over the past 12 months, incidents of adware nearly tripled.
As an enterprise’s online infrastructures become more complex, patch management has become an even more time-consuming and resource-intensive task. However, delaying or deferring the application of patches can be risky. In 2019, 60% of breaches were due to unapplied security patches. Data breaches could result in millions of dollars in financial losses, not to mention the hefty fines paid to authorities.
The Orion SolarWinds case caused a lot of noise in both the cybersecurity community and the public sphere, while attention on supply chain attacks all over the world also increased. The attacks themselves are not new; in fact, these types of threats have been prevalent for a while. In this blog, Trend Micro discusses previous examples of such attacks and dive into possible next scenarios.
Connected devices are predicted to rise to 25 billion by 2025 - a quarter of which will be in Europe. 5G technology is set to further boost people’s connectivity and productivity, which means better cybersecurity is needed to ensure the security and privacy of users. A recent report from The European Union Agency for Cybersecurity (ENISA) puts a premium on the need for cybersecurity for the national regulatory authorities responsible for the development and implementation of cybersecurity policies.
The Internet of Things Alliance Australia (IoTAA) recently unveiled Australia’s first IoT guidelines, which focus on the security, safety, and privacy of IoT devices and supporting providers. The guidelines inform providers on how their companies can ensure IoT products inherently deliver good practice, security, safety and privacy to clients.
What does your virtual patch strategy entail? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.