Risk Radar Free Cyber Newsletter – Feb 7, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

Ransomware evolution: Locky and Sage combine in phishing
Ransomware is continuing to improve in 2017, a new malware called Sage is using the proven infrastructure of Locky ransomware. Both malware are sharing the infrastructure, the attack for both is through phishing emails.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

ICS, SCADA Security Woes Linger On
A troubling vulnerability in Honeywell software is worrisome for the overall ICS and SCADA security. The main issue with the problem in the Honeywell building automation system is allowing physical access to secure buildings. The attack can be done remotely, there is a theoretical possibility to jump from the Honeywell system to the corporate network.

Shopping for W2s, Tax Data on the Dark Web
Brian Krebs gives a good breakdown of some things to watch out for while doing your 2016 taxes. Be very cautious about requests from the IRS asking for information. These requests could be phishing attempt to get your personal tax data.

Kaspersky: DDoS attacks growing stronger with unsecured IoT
The potential for bigger DDoS attacks in 2017 are likely, mainly due to insecure internet of things (IoT) devices. Kaspersky is seeing a drop in the amplification-type DDoS attacks and an increase in the DDoS attacks using WordPress Pingback and IoT. DDoS attacks will need to be accounted for in business’ security planning.
Banks Show a Woeful Lack of Data Security
Bank customers seem to think their banks are more secure than they are. As little as 3% of consumers believe their bank has been breached, in reality one in four banks have had a breach. The banks seem to have a more realistic view of banking security than the banking consumers do.
Anti-Fake News Drive Gains Pace Ahead of French Elections
A push to spot fake news has begun in regards to the upcoming French elections. There is an initiative between traditional journalism and online news sites called CrossCheck. CrossCheck is trying to debunk false claims in a timely manner. Newsrooms in France will be working together to verify content also.