Cyber Resilience News June 13, 2018

This week’s news covered the gambit of issues that continue to crop up in the cybersecurity world, no matter how much some try to educate. There are still internet scams people fall for and employees don’t switch things up when it comes to passwords. These types of lapses continue to give attackers the upper hand in the ongoing fight against cybercrime. Also, with the North Korean summit in the news this week, there is word about how the nation allegedly launches its hacking activities. The answer may surprise you.

1. Banks are highly vulnerable to inside attacks, via Security Boulevard
   • Interestingly, successful bank attacks typically begin on the inside. Phishing, for example, is highly successful at banks. Employees at 75% of the tested banks clicked on phishing email messages, and employees at 25% of banks entered their credentials on fake authentication forms.
2. Though ransomware persists in government — often unreported — experts say things are looking up, via StateScoop
   • Last week, it was reported that an official in Shiawassee County, Mich., fell victim to an email-phishing scam, resulting in an inadvertent $50,000 payment to the scammers. The county is small — just 68,000 residents — but it’s the latest among a group of lower-profile victims in an established pattern of cyber vulnerabilities in government.
3. 9 internet scams we're still falling for in 2018, via Yahoo Finance
   • It just never ends. No matter how much publicity these scams get, no matter how many years old the internet is, people still hand over their money to scammers. It doesn’t matter how old you are; last year, in fact, more consumers age 20 to 29 reported losing money to fraud than the over-70 crowd did.
4. GDPR: The biggest data breaches and the shocking fines (that would have been), via Forbes
   • The European Parliament approved the GDPR in 2016 with the intent of consolidating data privacy laws across Europe and to protect EU citizens’ privacy in an increasingly data-driven world. Let’s take a look at some of the largest data breaches that have occurred and use them to illustrate how GDPR would have impacted the companies if it had been in effect at the time.
5. 25 percent of employees use the same password for every account, via TechRepublic
   • Employees may be a company's greatest asset, but they also remain the greatest cybersecurity risk, according to a Monday report from OpenVPN. Despite an increased focus on security training, 25% of the 500 US employees surveyed report that they use the same password for every account, the report found.
6. Perils of healthcare phishing and what you can do about it, via Health IT Security
   • The old stereotype used to be that doctors didn’t work on Wednesday because they were out playing golf or fishing. Today, healthcare phishing is no joke to doctors, many of whom work on Wednesdays and weekends, or for other healthcare professionals. It is a real danger to everyone in healthcare.
7. Yahoo's EU regulator orders privacy changes over data breach, via Reuters
   • Yahoo, most of whose assets were acquired by Verizon Communications, Inc., said in 2016 that at least 500 million of its accounts had been hacked two years earlier by cyber thieves who may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords.
8. Operation Prowli Malware infected 40,000 machines, via Infosecurity Magazine
   • Researchers have discovered a traffic manipulation and cryptocurrency mining campaign infecting organizations across industries from finance to education and government. The Operation Prowli campaign has been spreading malware and malicious code to servers and websites around the world, and more than 40,000 machines reportedly have been infected.
9. North Korea uses Microsoft and Apple technology for cyberattacks, researchers say, via Fortune
   • North Korea has been cited by several governments and organizations for its hacking activities. Now, a new study of network data shows much of the technology North Korea employs for hacking comes from the US. Despite trade sanctions, North Korea’s government has found a way to obtain products from Apple, Microsoft, and Korea-based Samsung to carry out cyberattacks around the world.