COVID-19 Latest: 'We Are Really Struggling'

Tom Field • November 23, 2020

It took 100 days for the world to record its first 1 million COVID-19 infections. A week ago, 1 million cases were added in just over one day. In advance of the Thanksgiving break, pandemic expert Regina Phelps shares insights on the virus, testing and how soon we might see vaccines.

Cyberwarfare / Nation-State Attacks

COVID-19: Critical Measures for Supply Chain Security

Latest

Endpoint Security

UK Telecommunications Security Bill Would Ban Huawei

Mathew J. Schwartz • November 24, 2020

The Telecommunications Security Bill introduced by the British government aims to set enforceable, minimum security standards for the nation's telecommunications providers, backed by penalties, including for any company that opted to use equipment from high-risk providers such as China's Huawei.

Cyberwarfare / Nation-State Attacks

Biden Reveals Picks to Head DHS, Intelligence

Scott Ferguson , Doug Olenick • November 23, 2020

President-elect Joe Biden on Monday announced that two former Obama-era officials are his nominees to head the U.S. Department of Homeland Security and the Office of Director of National Intelligence.

Fraud Management & Cybercrime

Bill Looks to Close Federal Cybersecurity Loopholes

Doug Olenick • November 23, 2020

Sen. Ron Wyden, D-Ore., and Rep. Lauren Underwood, D-Ill., have introduced a bill designed to patch loopholes in the Federal Cybersecurity Enhancement Act of 2015 that they say allow federal agencies to easily avoid implementing required cybersecurity procedures.

Business Continuity Management / Disaster Recovery

From St. Louis to France, Ransomware Victim List Expands

Mathew J. Schwartz • November 23, 2020

Ransomware continues to pummel many types of organizations, recently including South Korea's E-Land retail group, French newspaper Paris-Normandie and a Georgia county school system. A ransomware hit against hosting giant Managed.com has resulted in ongoing site outages for numerous others.

Breach Notification

Fraudsters Target Cryptocurrency Platforms Through GoDaddy

Prajeet Nair • November 23, 2020

Last week, fraudsters targeted two cryptocurrency platforms by accessing domains managed by GoDaddy, according to notices published by the victimized firms. The domain register company previously has had issues with unauthorized access.

Cybercrime as-a-service

Qbot Banking Trojan Now Deploying Egregor Ransomware

Akshaya Asokan • November 23, 2020

The operators behind the Qbot banking Trojan are now deploying a recently uncovered ransomware variant called Egregor to target organizations across the world, according to researchers at Group-IB.

Cybercrime

Fraudsters Use Free Google Services in Phishing Campaigns

Prajeet Nair • November 20, 2020

Fraudsters are increasingly using free Google services to create more realistic phishing emails and malicious domains that circumvent security filters, the security firm Armorblox reports.

Cloud Security

AWS Flaw Allows Attackers to Find Users' Access Codes

Chinmay Rautmare • November 20, 2020

A recently uncovered vulnerability in a class of Amazon Web Service APIs can be exploited to leak AWS identity and access management user and arbitrary accounts, according to Palo Alto Networks' Unit 42.

Cyberwarfare / Nation-State Attacks

UK Forms National Cyber Force

Tony Morbin • November 20, 2020

U.K. Prime Minister Boris Johnson announced Thursday the creation of a National Cyber Force designed to strengthen Britain's cybersecurity posture and give the country new defensive and offensive capabilities. Some security experts, however, are raising concerns about recruiting enough qualified staff members.

Account Takeover Fraud

Global Financial Industry Facing Fresh Round of Cyberthreats

Prajeet Nair • November 20, 2020

Although the global financial industry has made strides in protecting its data from malware, including Trojans, cyberthreats such as network intrusion, ransomware and criminal gang cooperation are presenting fresh challenges, according to the Carnegie Endowment for International Peace.

Cybercrime as-a-service

2 Arrested for Operating Malware Encryption Service

Doug Olenick • November 20, 2020

Europol has arrested two Romanians for allegedly selling services - including malware encryption - that helped cybercriminals circumvent antivirus tools.

Business Continuity Management / Disaster Recovery

Christopher Krebs Describes Accomplishments

Anna Delaney • November 20, 2020

This edition of the ISMG Security Report features a discussion with Christopher Krebs, the recently fired director of the Cybersecurity Infrastructure Security Agency, on his accomplishments at the agency. Also featured are updates on ransomware gangs recruiting affiliates and healthcare supply chain risks.