Written By David Palmer OBE
INCREASE IN RANSOMWARE AND PHISHING ATTACKS CONTINUES
Ransomware attacks continue to increase. Latest victims include Mattel, Capcom, Compal (laptops), and Manchester United (football club), all demanding 7-figure payments. Although the latter is a UK club, it is US-owned and subject to new US legislation preventing it from paying a ransom, with the threat of a fine of 15M. Datto’s Ransomware report states that ransomware is also the top cyber security risk for SMB, with average downtime resulting now 94% greater than 2019, and costs increased 6 times compared to 2018. Attacks were blamed on remote working due to COVID-19 (59%) and shifting client workload to cloud 52%. UK NCSC reports that a quarter of incidents reported in the last year were COVID-19 related. MS reports that companies developing vaccines are being attacked by state-backed hackers Strontium (Russia), Zinc (N Korea) using spear-phishing, and Cerium (N Korea) spear- phishing and masquerading as WHO representatives. CDN report that web application attacks to steal or modify data or obtain privileges increase 9 times compared to 2019, with 4.2Bn attacks reported, 1Bn in the public sector. DDoS attacks increased 147% in 2020, and bot attacks nearly doubled. Hackers stole 8.3M user records from stock photo website 123RF.Digital Defence reports that 2FA by-pass law on cPanel threatens security of 70M domains. Adobe warns of critical Acrobat flaws on Windows and macOS. Sophos warns of potential data leak – its second major incident in 2020. UK NCSC warns firms about MobileIron vulnerability to attack, with healthcare, logistics, legal and local government as targets. Zoom has new security features to defeat ‘zoom-bombing’ by ejecting unwanted guests.