One of the most basic cyber-hygiene practices is to keep your software systems and applications, such as the OS, mobile phone apps, updated at all times. It is in these outdated applications, in which threat actors are able to find and exploit vulnerabilities to rob-off the end-users of their financial credentials or other critical details such as social security numbers and other personally identifiable information to launch identity thefts and all kinds of cyber attacks against them. This is why it is of utmost importance today to keep yourself aware of the cyber world’s latest happenings to ensure you don’t end up being a victim of one such cyber attack!

Story Of NurseryCam: Why Not To Ignore Cybersecurity?

NurseryCam is a Guildford-based company helping parents monitor the progress of their children at nursery schools. The webcam system provides services to over 40 nurseries in the UK and recently underwent a breach that compelled it to shut down its servers.

The adversaries exploited a loophole in NurseryCam systems which led to the compromise of parents’ data, including their names, usernames, email addresses, and passwords. Ironically, the person who exploited the vulnerability had no intentions of misusing the data; he merely wanted to get across the message to NurseryCam to adopt robust email security services. While NurseryCam regrets its security negligence, we all know that their apologies do not bring back the data lost to cyber adversaries who seldom have good intentions!

 

Beware Of Fake Bills From Austin Energy

Overdue electricity bill scams are causing much havoc among Austin Energy customers in Texas. The cyber fraud comes after a massive winter storm that brought down the state’s water systems and power grid and continues to do so for 325,000 households till now.

The Texas electric utility advises customers to look for such impersonators who may threaten them of immediate disconnection of utilities if they do not clear overdue bills. Austin Energy has clarified that it is not conducting disconnects since March 2020; therefore, all calls threatening to disconnect utilities if transfers are not immediately made are nothing but scams. People must adopt anti-phishing measures and refrain from making transfers to third parties in gift cards or cryptocurrency.

 

119,000 Cyber-Threats Per Minute In 2020

Trend Micro’s annual cybersecurity report says that there are 119,000 cybersecurity incidents every minute in 2020. This figure marks a 20 percent rise in cyberattacks compared to 2019, taking the total to over 62.6 billion. Phishing remains at the top of the list by being responsible for 91% of all reported attacks. Another astounding figure reported is the 210% increase in cyberattacks on home networks. Over 73% of these attacks on home networks involved brute-forcing logins.

While BEC attacks have come down by 17%, there is a 34% rise in the detection of new ransomware families. The report states that increased cybersecurity risks accompany the global pandemic and the consequent increase in digital technologies.  Organizations should take a hint from these statistics to build upon their cybersecurity strategies.

 

Universities Must Be Prepared For Ransomware

Ever since the spread of the Coronavirus pandemic, IT departments across universities are struggling to ensure that students and teachers have a hassle-free experience at digital education. Because of this full-time occupancy, they haven’t been able to give due attention to cybersecurity issues. The cyber adversaries noted this gap in security and have been targeting universities with ransomware attacks. The ransomware attacks on universities have doubled over the year, and the costs, too, have increased significantly.

The fear of having the sensitive files lost makes schools settle for any ransom demanded, thus encouraging the attackers to increase their demands. The current average ransom demand stands at $447,000. Universities will continue to be vulnerable if they do not quickly adopt effective ransomware protection measures such as multi-factor authentication for all email accounts.

 

Whistle-Blowers Not Welcome: Amazon

Three former Information Security Officers at Amazon reported privacy and compliance issues with the company’s data regulation policy which can lead to data breaches and severe cybersecurity threats. But their warnings received brutal retaliation from the retail giant and were dismissed, sidelined, and pushed out of the organization. While one of these information security employees is EU-based, the other two are from the US. They feared having to deal with this retaliation and hence sought anonymity while reporting the security issues. But now, the EU-based employee is seeking justice from European courts.

The three former employees claim that growth is more important to Amazon than cybersecurity concerns or customers’ privacy. However, the company claims otherwise and states that upholding customer privacy is one of their long-standing priorities. The company further adds that such unsubstantiated claims are not a reflection of the regular audits and commitment of Amazon towards security and privacy policies.

 

Attackers Exploit Google App Script

Hackers exploit the Google App Script domain – script.google.com to steal the credit card details of shoppers by evading malware scan engines and Content Security Policy (CSP) controls. All the Google subdomains get whitelisted because several e-commerce sites trust and use Google’s App Script domain for their online transactions.

The threat actors have tried this exploitation technique previously on Google Forms and Google Sheets. The risks are higher because even protection from untrusted domains isn’t a robust cybersecurity tool for online stores. In the latest Magecart scam, attackers are exploiting the Google Analytics platform used by several web stores for online payments. Compromising the Google Analytics API enables them to sidestep CSP, thus aiding in exfiltrating information. While Content Security Policy should ideally restrict contact with untrusted code, this model has become obsolete because of Google’s trust factor. It is now the store owners’ responsibility to rely on effective email security services that prevent hackers from injecting unauthorized code.

Pin It on Pinterest

Share This