Cybersecurity Digest #2: 13/04/2020 – 24/04/2020

Cybersecurity News  

Cybersecurity Blog Posts

Research & Analytics

  • The report “Financial cyberthreats in 2019” by Kaspersky provides an overview of how the financial threat landscape has evolved over the years. It covers the common phishing threats that users encounter, along with Windows-based and Android-based financial malware. According the report, 35,1% of users attacked with banking malware were corporate users. Users in Russia, Germany, and China were attacked most frequently by banking malware.
  • Lookout researchers have uncovered a long-running surveillance campaign tied to Syrian nation-state actors, which recently started using the novel coronavirus as its newest lure to entice its targets to download malware. This campaign appears to have been active since the start of January 2018, and targets Arabic-speaking users, likely in Syria and the surrounding region.
  • With the coronavirus (Covid-19) pandemic the U.S. federal government is rolling out a $2 trillion package of Economic Impact Payments to help give the economy a shot in the arm and prevent a crash. Hackers and threat actors want to cash in on the rush to get these vital payments by evolving the scam and phishing techniques. Researchers have found that since January, a variety of domains related to coronavirus-related stimulus or relief packages have been registered globally. A total of 4,305 domains relating to new stimulus/relief packages have been registered.
  • Released by Kenna Security, the report Prioritization to Prediction – Volume 5: In Search of Assets at Risk, offers some insight and advice on how to better manage security vulnerabilities and their patches. The report found that Windows computers are the most common asset as around half of firms analyzed for the report have an asset mix of at least 85% Windows-based systems. Some 70% of Windows systems had at least one open vulnerability with known exploits during the period of analysis. A Windows-based asset had an average of 119 vulnerabilities per month.
  • Phishing kit prices skyrocketed in 2019 by 149%. The average price for a phishing kit in 2019 was $304, up from $122 recorded in 2018. Of the 16,200 phishing kits Group-IB identified and tracked in 2019, the company said the most targeted login pages were for Amazon, Google, Instagram, Office 365, and PayPal.

Major Cyber Incidents