Criminals leveraging shift to remote work to develop targeted attacks

Helpnetsecurity.com reported on recent shift of cybercrime focus on remote workers.

Malwarebytes announced the findings of its report which explores how the global pandemic forced many employees to quickly become a remote workforce and confined consumers to their homes.

In the wake of this change, cybercriminals ditched many of their old tactics, placing a new emphasis on gathering intelligence, and exploiting and preying upon fears with targeted and sophisticated attacks. As a result, the report found a notable shift in the devices targeted and strategies deployed by cybercriminals.

Read further on helpnetsecurity.com


Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware

The Threat Post reported on a vulnerability threatening to the billion users of the unpatched application.

An Android app that’s been downloaded more than 1 billion times is riddled with flaws that can let attackers hijack app features or overwrite existing files to execute malicious code, or launch man-in-the-disk (MiTD) attacks on people’s devices, researchers discovered.

The flaws exist in an app called SHAREit, which allows Android app users to share files between friends or devices. They were identified and reported to the app maker three months ago by researchers at Trend Micro. However, the flaws remain unpatched, according to a report posted online Monday. Softonic, a company based in Barcelona, Spain, is the app’s developer and distributor.

Read further on The Threat Post


Cybersecurity Market in 2021

Cybersecurity remains one of the critically important priorities all around the world, especially in view of the fact that there appear more and more threats, emerge new vulnerabilities and frequency of attacks is very unlikely to subside. Based on it, Canalys analysts forecast further growth of investments into cybersecurity. Below are some considerations by Canalys’ experts. 

It is estimated that global cybersecurity spending will grow by 10% in 2021 to surpass $60 billion. According to Canalys this market reached the size of $54 billion in 2020. This amount includes expenses on endpoint security solutions, web and email security, data security, vulnerability analysis as well as identification and access management solutions.

Experts note, that even in the worst case scenario global expenses on cybersecurity will grow by 6,6% in 2021 to reach $57,7. This forecast takes into account the significant and long-lasting economic effect of numerous pandemic limitations as well as proliferation of new virus strains. Canalys analysis shows that despite pandemic, cyber security budgets remain mostly unchanged or even grow. On the other hand, SMB expenses suffered limitations and personnel reduction had an impact on some cyber security contracts, especially in HoReCa, retail and transport. Logistic issues had negative impact on cybersecurity hardware supplies in early 2020 but later the situation normalized. 

Despite growing cybersecurity expenses the number of incidents including personal data leaks and compromise, as well as ransomware attacks reached a record level in 2020.

According to Canalys, more than 12 records personal data entries were leaked в 2020 while the number of ransomware attacks grew by 60% Among main reasons for growing number of cybersecurity incidents there are errors in cloud data bases settings and phishing campaigns launched against remote employees lacking sufficient cybersecurity protection and training. As far as remote work and education go on and digitalization is developing, analysts expect negative trends in cybersecurity to persist in 2021.

 


In the shadow of SolarWinds: Personal reflections

The Security Magazine published an expert's opinion on SolarWinds situation.

As I traversed the globe for four years as the Cylance Ambassador-at-Large and would share with audiences and customers the prowess that AI-powered machine learning was bringing to the battlespace, I was frequently asked what we could anticipate in the way of a reaction from our adversaries. In the shadow of the SolarWinds compromise, my thoughts reverted to those questions. My response at the time was that we should definitely anticipate a retaliation, pivot or adjustment. There was too much at stake, financially and otherwise, for them not to respond.

Read further on the Security Magazine