The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Friday Five: 12/6 Edition

by Amanda Brown on Friday December 6, 2019

Contact Us
Free Demo
Chat

A new data breach report highlights risks for 2020, a website selling spying tools taken down, and more - catch up on the week's news with the Friday Five.

1. New Experian Data Breach Trends Report Highlights New Risks For 2020 by Nicole Lindsey

With the new decade right around the corner, both consumers and businesses should be aware of the latest security threats that could compromise their sensitive information. Hackers are ever-evolving and becoming smarter and more sophisticated in their efforts to penetrate personal devices and business operating systems. Experian, one of the big three consumer credit reporting companies, has released its seventh annual Data Breach Industry Forecast which predicts the top five security threats for the upcoming year. The list ranges from text phishing campaigns, to hacking free public Wi-Fi systems, to hacking point-of-sale platforms used to process transactions. The report also includes new ways hackers are using common technology to steal information and the industries that will likely be targets of attacks.

Read more

2. Spying Tools Website Taken Down After UK Raids by BBC News

This news, from the UK regarding a website selling hacking tools, seems to be consistent with the growing trend of organized crime gangs switching their attention to cybercrime, or “crime as a service.” Authorities, led by Australian Federal police, conducted an international operation to takedown a website selling malware. Fortunately, the operation was successful – the website was shut down and the cyber-stalking tools subsequently stopped working. The company, Imminent Methods, was selling a tool known as the Imminent Monitor Remote Access Trojan which gave its customers full access to a device. Attackers used the software to steal data, monitor victim's activities, and even access their webcam. The international investigation led to 14 arrests of both sellers and users, and gave authorities access to the website’s customer information. The UK’s National Crime Agency is now working on unmasking the 14,500 customers that bought the malware.

Read more

3. CallerSpy Spyware: Possibly the First Phase of a Targeted Attack by Doug Olenick

Another threat that consumers and businesses alike should be aware of: a new cyberespionage tool in the form of an app designed to steal information. This spyware was initially spotted in May and advertised as a chat app called Chatrious. It used a misspelled google name as its URL (http://gooogle[.]press/) and fake Google copyright details to attract victims to the page. The site went silent but reappeared in October under the name Apex App. Oddly enough, the threat actors are not trying to disguise the app’s true malicious nature by building in the advertised capability – its only ability is to steal information. Once downloaded, the spyware contacts one of the command and control servers to receive information stealing assignments such as taking screenshots and collecting call logs, SMSs, contacts, and files. The app’s abilities are limited to Android devices despite advertising to Mac and Windows on the website. Although the app developer’s intentions are unknown,  researchers with Trend Micro who discovered it believes this could be the first step in a larger campaign that has yet to be launched.

Read more

4. Google Co-Founders Step Aside as Antitrust Scrutiny Heats Up by Rachel Lerman

Arguably the biggest news story of the week, and perhaps even the month: Google co-founders, Larry Page and Sergey Brin are stepping down as CEO and President of Alphabet, Google’s parent company. Sundar Pichai, who has been Google’s CEO since 2015 and a long-foreshadowed successor to Page and Brin, is stepping into Alphabet’s CEO position. Some find the timing of Page and Brin’s departure suspiciously convenient, as the company is facing an increasing amount of antitrust inquiries from the Department of Justice, Congress, and state and federal regulators. American and European authorities are taking a keen interest in Google’s privacy policies and the nature of its multi-faceted business. The company is facing scrutiny about its collection and use of personal information to target advertising, and its alleged abuse of dominance to push out rivals in the search and online advertising industry. In their press release on Tuesday, Page and Brin said, “if the company was a person, it would be a young adult of 21 and it would be time to leave the roost”. Their rationale for leaving is that the company has evolved and matured, and it is time for them to do the same. Brin and Page will still hold a majority of the voting shares of Alphabet. Members of Congress, such as Elizabeth Warren, have been sure to remind the two men that this move will not exempt them from accountability, and government officials still expect them to testify before Congress.

Read more

5. Ransomware Attack Hits Major US Data Center Provider by Catalin Cimpanu

It seems as if we cannot go one week without seeing news of a ransomware attack. A version of the REvil (Sodinokibi) ransomware, that had hit several managed service providers, over 20 Texas local governments, and over 400 U.S. dentist offices during the summer, has led a targeted attack against the network of CyrusOne, one of the biggest data center providers in the United States. Although they have yet to publicly disclose the incident, according to ZDNet, CyrusOne is currently working with law enforcement and forensic firms to investigate the attack as the point of entry is still unknown. FIA Tech, a financial and brokerage firm and customer of CyrusOne, informed their customers that “the attack was focused on disrupting operations in an attempt to obtain a ransom from our data center provider." ZDNet reports that CyrusOne is not planning on paying the ransom but working with their customers to restore lost data, which is sure to be a difficult and lengthy process.

Read more

Tags: Data Breaches, Mobile Security, Ransomware

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Guest Contributor

Get unique perspectives on a range of infosec topics from our guest contributors.