Ransomware attacks have already well outstripped the number for 2018. In addition to targeting large organisations, new strain of ‘ransomware as a service’ dubbed ‘PureLocker’ has emerged, which attacks PureBasic systems, and also has a Linux variant. ASP.NET host, used by 440,000 users, was taken offline by ransomware. Microsoft has denied that Dopplepaymer ransomware is spreading through its Teams and Bluekeep. The latest US state government to be attacked is Louisiana, although no ransom has been paid. This was similar to attacks on organisations across the US. Following attacks on two Florida cities, both paid $1.1M ransoms, a practice widely condemned in the industry. State hackers’ attacks continue, and while targets have typically been government and military, their focus is changing to healthcare, financial services, education and entertainment. Facebook reports that it has fixed an iOS bug that enabled phone cameras to operate without permission, However, Google now reports that vulnerabilities affecting Samsung phones could allow hackers to spy on user’s camera and speakers, even when phone is locked and screen turned off, according to Checkmark. Amnesty International reports that data harvesting by the big five companies is violating people’s right to privacy and freedom of expression. Despite this, Interpol supports the breaking of end-to-end encryption, because it frustrates criminal investigation. Researchers at Onapsis report that severe Oracle EBS flaws could leave 21,000 organisations at risk of financial theft and fraud. In the UK, a report has concluded that another TSB meltdown affecting 5M customer records resulted from an internal migration problem, rather than malware attack. Google has partnered with Ascension to access health records in the US. The UK ICO has expressed deep concerns that data from cookies embedded in health websites are transmitted to advertising platforms such as Amazon and Facebook, raising serious GDPR concerns.
Written by David Palmer OBE