Malwarebytes Labs Cybercrime Tactics and Techniques Report states that after a sleepy first two quarters of the year, cybercriminals shook out the cobwebs and revved up their engines in Q3 2018. With cryptominers and exploit kits maturing, ransomware ramping up with steady, sophisticated attacks, and banking Trojans experiencing a renaissance, we’re having one heck of a season. Attack vectors were at their most creative—and most difficult to remediate—especially for businesses.
In fact, businesses saw far more action this quarter than consumers—their total detections trended upwards by 55 per cent, while consumer detections increased only by four per cent quarter over quarter. It looks like threat actors are searching for more bang for their buck, and business targets are returning more value for their efforts.
Banking Trojans and ransomware, traditionally aimed at both businesses and consumers, leaned much harder into their business targets this quarter. Even malware that’s generally favoured consumers, such as cryptominers and adware, seems to have graduated to a more professional prey.
Consumers didn’t get away from Q3 unscathed, however. They saw a whole lot of scam action this quarter, especially the ever-classic sexploitation technique, but this time it came with a twist—scammers used stale personally identifiable information (PII) likely pulled from breaches of old to scare users into action. And although the bad guys were up to no good, we at Malwarebytes had a field day taking a bunch of them down
The full report can be read here.
BA, Marriott Face Massive Fines For Data Loss
If proof was needed that poor data protection is bad for the corporate wallet, two examples have demonstrated that substantial fines face those organisations that have lax data security.read more
Cumbria First Police Force To Utilise NMC Tools
Cumbria Constabulary has become the first police force to use the National Management Centre (NMC) for cybersecurity set up under the National Police Chiefs’ Council (NPCC).read more
Phishing Attacks Bypassing 2-Factor Authentication
Penetration testers and attackers have a new tool in their arsenal that can be used to automate phishing attacks in a way that defeats two-factor authentication (2FA) and is not easy to detect and block, reports CSO Magazine.read more
Third of Breaches Caused By Unpatched Vulnerabilities
IT security professionals have admitted that a third of cybersecurity breaches are the result of vulnerabilities that they should have patched.read more