Latin America sees an average 3,7 million malware attacks a day and about 1 billion occurrences a year, according to a report by Kaspersky Lab. The numbers mean a 14,5 percent increase in malware attacks in the region between November 2017 and November 2018, says the research.
Latin countries that have been targeted the most are Argentina, where there has been a 62 percent rise in malware attacks, followed by Peru with 39 percent and Mexico with 35 percent. Phishing attacks are also on the rise in the region, according to the security firm, with 192,000 attacks a day, up 115 percent compared to the period between November 2016 and the same month in 2017.
Read more about the findings of the Kaspersky Lab report on ZDNet.
Amnesty International this week released a report detailing how hackers can automatically bypass multifactor authentication (MFA) when the second factor is a text message, and they’re using this tactic to break into Gmail and Yahoo accounts at scale.
MFA is generally recommended; however, its security varies depending on the chosen factor. Consumers prefer second-factor codes sent via text messages because they’re easy to access. Unfortunately for some, cybercriminals like them for the same reason.
Read more about the findings of the report on DarkReading.
In September this year, cybersecurity firm FireEye disclosed that Click2Gov, a payment portal system used by many US cities, had been breached by hackers. Security research firm Gemini Advisory has now released a report examining the after-effects of the attack, in which it is believed 294,929 payment records have been compromised across at least 46 cities in the US, as well as one in Canada.
The report findings suggest that less than 50 percent of cities which have lost customer data either know or have publicly disclosed data breaches occurring at their sites. The company said that by selling this information in the Dark Web, the threat actors have earned themselves at least $1.7 million.
Read more about the findings of the new report on ZDNet.
McAfee released its McAfee Labs Threats Report: December 2018, examining activity in the cybercriminal underground and the evolution of cyber threats in Q3 2018. McAfee Labs saw an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices.
“Cybercriminals are eager to weaponize vulnerabilities both new and old, and the number of services now available on underground markets has dramatically increased their effectiveness,” said Christiaan Beek, lead scientist at McAfee.
The cryptocurrency craze of 2018 helped drive a 1,500 percent increase in coinmining malware when compared to 2017, according to eSentire.
Coinmining malware mines cryptocurrency (typically Monero) directly on infected endpoint devices (CoinMiner) or in web browsers (Coinhive) when a user visits a website running malicious code. Once infected, the coinmining malware silently mines cryptocurrency while consuming a significant amount of processor cycles. With the recent decline in the value of cryptocurrencies, the computing, power and cooling costs to legitimately mine cryptocurrencies now exceeds their value on the open market. Monero-based malware does not face these same economic challenges as all of the mining costs are absorbed by the device owner.
Sophisticated fraud campaigns are beginning to outwit machine learning solutions especially the ones that only detect known fraud patterns based on historic loss experience, according to DataVisor.
As bad actors begin using modern technologies in their attacks, enterprises must bolster detection efforts with a complete solution that can also detect new and emerging fraud patterns and detect them early, or risk being overtaken by fraudsters’ increasingly superior tech prowess. The Q3 2018 DataVisor Fraud Index Report is a quarterly assessment of trending types and methods of online fraud in commerce and across the Internet.
Impulse online shopping, downloading music and compulsive email use are all signs of a certain personality trait that make you a target for malware attacks. New research from Michigan State University examines the behaviors — both obvious and subtle — that lead someone to fall victim to cybercrime involving Trojans, viruses, and malware.
“People who show signs of low self-control are the ones we found more susceptible to malware attacks,” said Tomas Holt, professor of criminal justice and lead author of the research. “An individual’s characteristics are critical in studying how cybercrime perseveres, particularly the person’s impulsiveness and the activities that they engage in while online that have the greatest impact on their risk.”
Read more about the findings of the academic study on ScienceDaily.
Large companies are leaving easy-to-exploit systems exposed on the public Internet, raising the risk of a serious future compromise, according to data from two cybersecurity firms.
Rapid7 found that the average Fortune 500 firm had approximately 500 servers and devices connected to the Internet, with five- to 10 systems exposing Windows file-sharing or Telnet services. Fifteen out of the 21 industry sectors on which Rapid7 collected data had at lease one member allowing public access to a Windows file-sharing service. Both Rapid7’s report and an earlier report by security monitoring firm BitSight found that larger firms were likely to have self-inflicted holes in their defenses.
Read more about the findings of the two reports on DarkReading.
“With every new service or connected entity, a new attack vector is born,” said Oded Yarkoni, Head of Marketing at Upstream Security. “These attacks can be triggered from anywhere placing both drivers and passengers at risk. Issues range from safety critical vehicle systems, to data center hacks on back-end servers, to identity theft in car sharing, and even privacy issues. The risk is immense.”
No data encryption, no antivirus programs, no multifactor authentication mechanisms, and 28-year-old unpatched vulnerabilities are just some of the cyber-security failings described in a security audit of the US’ ballistic missile system released on Friday by the US Department of Defense Inspector General (DOD IG).
The report [PDF] was put together earlier this year, in April, after DOD IG officials inspected five random locations where the Missile Defense Agency (MDA) had placed ballistic missiles part of the Ballistic Missile Defense System (BMDS) –a DOD program developed to protect US territories by launching ballistic missiles to intercept enemy nuclear rockets.
Read more about the highly worrisome findings of the report on ZDNet.