Cyber Resilience News July 10, 2018

We’re now mid-way through 2018, so as part of this week’s news we take a look at the worst cybersecurity breaches of the year so far via a roundup from Wired. In that same vein, we’ll also look at a significant data breach from a major UK company that took place last month after a third-party supplier was attacked.

There are also some alarming details about how healthcare workers handle data in a new survey reported by Health IT Security, while the US government is working to better protect its smartphones from damaging phishing attacks.

1. Secure healthcare data sharing not a priority for some workers, via Health IT Security
   • A majority of healthcare workers said they do whatever is easiest when it comes to transferring data, documents, or information. Close to three-quarters of respondents who work in healthcare consider email to be a secure form of data, document, or information delivery, and 64% said when it comes to sharing data, email is the easiest tool.
2. The worst cybersecurity breaches of 2018 so far, via Wired
   • Looking back at the first six months of 2018, there haven't been as many government leaks and global ransomware attacks as there were by this time last year, but that's pretty much where the good news ends.
3. New malware strain targets cryptocurrency fans who use Macs, via Dark Reading
   • A new strain of MacOS malware is targeting those who like to discuss their cryptocurrency investing in Slack or Discord groups. It depends on a certain level of naiveté on the part of the victim - a level that resulted in the strain being labeled OSX.Dummy.
4. DHS aims to turn mobile devices into no phishing zones, via Nextgov
   • Phishing attacks remain the bane of information security specialists and missions across government, and as they advance in sophistication, the U.S. Department of Homeland Security is attempting to better protect against them.
5. iOS 12 2FA feature may carry bank fraud risk, via Dark Reading
   • A feature in the upcoming iOS 12 release intended to make two-factor authentication (2FA) easier for users could end up opening some to banking fraud. Researchers say that a human verifying critical information (such as a login attempt) is a critical piece of the 2FA security process; automating the process removes this and could open the user to things like phishing attacks.
6. Nozelesn ransomware reportedly using spam to target Poland, via Bleeping Computer
   • A distribution campaign for a new ransomware called Nozelesn is currently underway that is targeting Poland. This campaign started July 1 and we already have reports from victims in our forums and numerous cases have been spotted on ID Ransomware.
7. Whitbread sounds breach alarm after PageUp incident, via Info Security Magazine
   • Whitbread is the latest big-name company to have been affected by a breach. According to PageUp, the details stolen in a cyberattack revealed last month included name, email address, physical address, telephone number, gender, date of birth and employment details, more than enough to craft convincing follow-on phishing emails.
8. Tech’s ‘dirty secret’: The app developers sifting through your Gmail, via The Wall Street Journal
   • The internet giant continues to let hundreds of outside software developers scan the inboxes of millions of Gmail users who signed up for email-based services offering shopping price comparisons, automated travel-itinerary planners or other tools.