Every year, the number of phishing scams seems to be increasing, with the malware-ridden emails getting continually more sophisticated and convincing. The latest global phishing campaign purporting to be from international courier giants DHL has been tricking users into opening a fake PDF attachment – and subsequently unleashed a previously unseen piece of malware to wreak havoc on their PCs.Read more
Cyber criminals have always targeted users, finding it easier to trick unsuspecting employees than to bypass complex technical security measures – and this trend has been growing steadily the last few years. Identify fraud, where criminals impersonate someone else in order to steal their money or use their account to manipulate others, is now one of the most common types of cyber crime there is. Account takeover attacks, where criminals gain access to a user’s account and use it to send spam or phishing emails, is also on the rise, often allowing malicious emails to bypass email security filters.
Phishing remains one of the most common attack vectors for criminals – one study alarmingly found that 93% of phishing emails contained ransomware
Adobe has been forced to release an out-of-schedule emergency security patch to its users, after a zero-day vulnerability was discovered to affect Adobe Flash Player. Users are being urged by Adobe to update to version 126.96.36.199 of Flash Player, which contains mitigations for the zero-day as well as addressing three other flaws. This latest flaw was discovered already being used in the wild to attack Windows users, and doesn’t exploit browsers like typical Flash exploits – instead, it works through Microsoft Office documents which it utilises to download and execute malicious code.
Most Flash exploits take advantage of web browsers, however this zero-day utilises Office documents and is usually received through phishing emails
It looks like the Meltdown and Spectre fiasco is only just getting warmed up. Security researchers at antivirus testing firm AV-TEST have discovered more than 130 samples of malware that attempts to leverage the Meltdown and Spectre vulnerabilities. The malware samples analysed by AV-TEST appear to be mostly Poof-of-Concept code, and still in the research phase, however, it is believed that cyber criminals will be similarly experimenting with malware that utilises these vulnerabilities.
Meltdown and Spectre will haunt IT systems for years to come, potentially, as between them they can affect most processors in use since 1995
Everyone’s talking about cyber security these days, and there’s a seemingly endless list of protective measures to be taken to prevent cyber attacks. It can be a bit daunting, and at times hard to secure the right budget, so is all this hype about security really necessary? The short answer is – YES. The long answer is that in order to understand why cyber security has taken over the forefront of IT for businesses, you must first understand that cyber criminals are no longer just bedroom hackers; they’re a fully fledged industry.
Cybercrime costs the economy an estimated $450 billion globally
Cybercrime-as-a-Service is on the rise in a big way, with criminals constantly developing more advanced ways to steal businesses’ hard-earned cash over the internet. The industry continues to evolve and adapt and is now highly organised. All one has to do is log onto certain sites on the Dark Web and they’ll be greeted with professional hackers offering ransomware, malware, phishing, DDoS and much more as-a-service.