A week in security (April 02 – April 08)

A week in security (April 27 – May 3)

Last week on Malwarebytes Labs, we looked at how secure the cloud is, understood why unexpected demand can influence an organization to consider their “just in time” (JIT) system, speculated on why the threat actors behind the Troldesh ransomware suddenly released thousands of decryption keys, preached the good news about VPN being mainstream, touched on the relationship between cybercrime and a challenged economy, and identified what users can do if they received an extortion email.

Other cybersecurity news

  • The season of threat actors banking on coronavirus continues as fake news sites spring up to promote a “pandemic survival book.” (Source: Avast Blog)
  • Cybersecurity experts warned small- to medium-sized businesses about an increase in targeted attacks, thanks to the pandemic (Source: TechRadar)
  • While internet users are using VPN all the more, experts have seen attacks on something probably no one has thought about protecting: the router. (Source: InfoSecurity)
  • Phishers targeted Zoom users yet again with spoofed meeting notifications that would likely cause them to panic and click the phishing link. (Source: Source: Bleeping Computer)
  • Payment card details owned by US and South Korean citizens were reportedly sold underground for $2M USD. (Source: Group-IB)
  • While governments have renewed interest into using contact tracing apps to help contain COVID-19, the interest in using Bluetooth attacks may naturally follow. (Source: ZDNet)
  • Israel’s National Cyber Directorate published an alert about attacks on supervisory control and data acquisition (SCADA) systems. (Source: Security Week)
  • Parking meter vendor CivicSmart was attacked by ransomware and had their data stolen. (Source: StateScoop)
  • Some ransomware gangs opted out of targeting hospitals. For some, it’s business as usual. Colorado hospital shut down by ransomware. (Source: Health IT Security)
  • OceanLotus APT is suspected to be behind an espionage campaign dubbed PhantomLance, which targeted specific victims in Southeast Asia. (Source: Threatpost)

Stay safe everyone!