Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn how false advertisers use spam browser notifications to gain ad revenue. Also, read about the results from Trend Micro’s first half 2021 biannual Cyber Risk Index report.
Read on:
Browser Notification Spam Tricks Clicks for Ad Revenue
False advertisers are taking advantage of browser notifications in a unique case of click fraud that takes advantage of more people being stuck at home and searching for streaming content. Trend Micro noticed an increase in this type of spam beginning in late February. Upon further investigation, researchers found something interesting and unique about this browser notification scheme. Instead of leading to anything malicious, the pop-up takes engaged users to legitimate security software websites.
Survey of 3,600 businesses worldwide calls cloud computing an ‘elevated risk’
Trend Micro released a study that said cloud computing was among the top two infrastructure risks for businesses. The other was organizational misalignment and complexity. The biannual Cyber Risk Index (CRI) gave cloud computing a 6.77, ranking it as an “elevated risk” on the CRI’s 10-point scale. Many survey respondents say they spend "considerable resources" managing third-party risks like cloud providers.
Homeland Security Releases New Cybersecurity Rules
The Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) released its second security directive, requiring the owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other threats to IT and OT systems. It also requires owners and operators to develop and implement a cybersecurity contingency and recovery plan as well as to conduct a cybersecurity architecture design review.
Your Facebook Account Was Hacked. Getting Help May Take Weeks — Or $299
Users lately have grown frustrated with their Facebook accounts getting hacked and the company not responding to requests for getting accounts back. Victims desperate to get access back go as far as buying an Oculus VR set for $299 in attempt to reach customer service through the Facebook owned VR company.
The First Half of 2021 Cyber Risk Index
This week, Trend Micro released its biannual Cyber Risk Index (CRI). The survey now includes North America, Europe, Asia-Pacific and South America, bringing a truly global view of the cyber risk organizations are dealing with today. The CRI is a collaborative effort between Trend Micro and the Ponemon Institute surveying businesses of all sizes and in many industries. The CRI looks to identify the cyber risk level organizations have based on two areas: cyber preparedness and cyber threats.
14 Top Cybersecurity Trends to Expect at Black Hat Conference
As Black Hat Conference 2021 kicks off amid vendor cancellations and a surge in COVID-19 cases in Las Vegas, CRN speaks with 14 prominent executives to see what cybersecurity trends they expect to be the talk of this year’s event. I shared my thoughts on living-off-the-land attacks with CRN for this article.
Supply Chain Attacks from a Managed Detection and Response Perspective
Many organizations now use tools and IT solutions that allow centralized management of endpoints, making it possible to update, troubleshoot, and deploy applications from a remote location. However, this convenience comes at a price — malicious actors can target the primary hub and gain access to the whole system. Even more concerning, cybercriminals can bypass security measures by focusing on their target’s supply chain. This blog entry looks at two examples of recent supply chain attacks.
Ransomware Attackers Eying 'Pure Data-Leakage Model'
In this video interview, Bob McArdle, director of cybercrime research at Trend Micro, discusses how some threat actors are moving to a pure data-leakage model; the move to ban or restrict ransomware discussions and recruitment on some leading Russian-language cybercrime forums; how ransomware operations are continuing to refine their business model to target bigger organizations; why banning payments to ransomware groups would do little more than "revictimize victims."
US Government Agencies Are Failing to Meet Even Basic Cybersecurity Standards
The cyber defenses of key US federal agencies remain woefully inadequate, according to a Senate oversight report. Thanks to a string of recent high-profile hacks, the agencies likely have a narrow window in which to act while the bureaucracy’s leadership is motivated enough to modernize cyber defenses. William Malik, VP of infrastructure strategies at Trend Micro, said surveys have shown most organizations don’t patch their IT vulnerabilities until there’s a serious attack or near-miss.
What are your thoughts on our Cyber Risk Index results? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.