Catch up on the past week’s cybersecurity news.

In this week’s roundup, we examine a few news events from the last week, including a major phishing attack impacting government operations in the state of Oregon. We also take a close look at how some predictions from the beginning of 2018 have panned out in the cybersecurity space and how federal contractors are failing in their approach to stem email spoofing attacks.

For those of us who enjoy working from home, there are some alarming new stats about the correlation of remote employees with an increased chance of data breaches as part of a State of the Industry report from Shred-It. And finally, we explore how simple HTML tricks are proving to be effective phishing scams against Office 365 users. 

  1. City-crippling ransomware, crypto hijackings, and more: our 2018 mid-year cybersecurity update, via MIT Tech Review
    • The article dives into the publication’s 2018 predictions from January, starting with the increase in large-scale data breaches (e.g. MyFitnessPal), cryptomining, damaging ransomware attacks and election hacks, and then comparing them to what’s happened so far this year. The reporter does acknowledge an oversight on his part at the start of the year, pointing to the Meltdown security flaws and the surprise it had on the industry as a whole.
  2. Oregon state employees unable to email the public after computer 'hijacked' by phishing email, via Oregon Live
    • Several private email providers have blacklisted emails coming in from Oregon’s state email domain after an employee clicked on a phishing email that granted a hacker access in to the state’s private email server. As a result, over eight million spam emails were sent from the government email address.
  3. Real cyber hygiene depends on risk assessment, not compliance, via GCN
    • Every Monday, the Department of Homeland Security’s US-CERT sends a Cyber Hygiene report card to 106 federal agencies, based on scans of their internet-facing systems. The report from the National Cybersecurity Assessments and Technical Services color codes the sites based on vulnerability.
  4. Just 5% of federal contractors are fully protecting against email spoofing, via Nextgov
    • Government contractors still lag far behind on implementing an email security tool that’s now mandatory for government agencies, according to industry data released Thursday. Among the top 98 government contractors by dollar value, only 45 have properly installed the tool known as DMARC and only five have set it up to quarantine or reject spoofed or phishing emails.
  5. New phishing scam reels in Netflix users to TLS-certified sites, via Threatpost
    • Researchers are warning of a new Netflix phishing scam that leads victims to sites with valid Transport Layer Security (TLS) certificates. Johannes Ullrich, dean of research at the SANS Technology Institute, said Wednesday that there’s been an uptick in Netflix phishing mails using TLS-certified sites.
  6. Do remote workers increase your chance of a data breach? 86% of CXOs say yes, via TechRepublic
    • 86% of business executives agreed data breaches are more likely to occur when employees are working out of office. While CXOs do have security plans in place for these occurrences, only 35% of SBOs currently have a policy for storing or deleting confidential data remotely, and 54% of SBOs have no policy whatsoever, said the report.
  7. 'Pay up or get WannaCry hit' extortion email spreading, via Dark Reading
    • A widespread new email scam purportedly from the WannaCry hackers attempts to shake down potential victims with threats of the ransomware if they don't pay up-front. But according to Sophos, which spotted the scam, the attackers don't really have the WannaCry malware in hand.
  8. Office 365 users targeted by phishers employing simple HTML tricks, via Help Net Security
    • Phishers are using a simple but effective trick to fool Microsoft’s NLP-based anti-phishing protections and Office 365 users into entering their login credentials into spoofed login pages. The phishing emails landing in targets’ inboxes warn potential victims that their email account has reached a “maximum quota limit” and that they should upgrade their account.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

How Does the GDPR Data Breach Notification Work?

The way you prevented data breaches has …

The way you prevented data breaches has changed forever. The… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jun 06, 2018

Stop Email Threats in Healthcare IT

Breaches in Healthcare: Lessons Learned …

Breaches in Healthcare: Lessons Learned From HIMSS18 It’s h… Read More >

David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Mar 16, 2018

Incumbent Security Systems Missing Millions of Email Threats

April ESRA Report Shows Continued Vulner…

April ESRA Report Shows Continued Vulnerabilities to Email-B… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Apr 18, 2018