Microsoft has now joined Intel in confirming a newly reported security vulnerability with Thunderbolt ports, one that enables an attacker with physical access to a PC to modify the port’s controller firmware, disabling its security. As I reported last week, almost all Windows PCs with Thunderbolt ports are vulnerable, except a few from last year that shipped with Kernel DMA protection enabled.
Police in Europe have swooped on a cybercrime gang they suspect of planning ransomware attacks using COVID-19 lures against hospitals. The four-man “Pentaguard” group was formed at the start of the year, according to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT). It amassed tools including ransomware, remote access trojans (RATs), and SQL injection tools to launch attacks against public and private sector organizations with the aim of stealing data, defacing websites and encrypting key systems.
The FBI has issued a security alert earlier this month about a new ransomware strain named ProLock that has been deployed in intrusions at healthcare organizations, government entities, financial institutions, and retail organizations. First spotted in March 2020, ProLock is part of the category of “human-operated ransomware.” These are ransomware strains that are installed manually on the networks of hacked companies. Hacker gangs breach or rent access to a hacked network, take manual control of the infected host, spread laterally through the network, and then deploy the ransomware after they’ve maximized their access.
Money Heist: COVID-19 and Cyberattacks. The global pandemic due to COVID-19 has resulted in a 238% surge in cyberattacks against financial institutions, from the beginning of February to the end of April. Ransomware campaigns against banks witnessed a nine-fold increase during this period.
As cyber threats and remote working challenges linked to COVID-19 continue to rise, IT teams are increasingly pressured to keep organizations’ security posture intact. When it comes to remote working, one of the major issues facing enterprises is shadow IT. End users eager to adopt the newest cloud applications to support their remote work are bypassing IT administrators and in doing so, unknowingly opening both themselves and their organization up to new threats.