Catch up on the latest cybersecurity news.

How easy it for cybercriminals to get the tools needed to launch their attacks? In this week’s news roundup, we’ve got an article from Hack Read that outlines just how easy—and perhaps more importantly, how inexpensive—it is for these attackers.

There’s also word on the astronomical price tag for this past spring’s ransomware attack on the city of Atlanta, news from hospitals dealing with attacks in the US and how the federal government plans to issue new penalties to deter cyberattacks against infrastructure systems.

  1. US officials push new penalties for hackers of electric grid, via The Wall Street Journal
    • Top officials in the Trump White House are devising new penalties to hit back against state-sponsored hackers of critical infrastructure to deter attacks. The nation’s electricity system and other critical industries have come under threat from actors based in Russia, China, Iran and North Korea.
  2. Senator presses DHS on email security tool, via The Hill
    • The tool, known as the Domain-based Message Authentication, Reporting and Conference (DMARC), allows organizations to report fraudulent emails or, when the strongest settings are enabled, block these messages from reaching recipients entirely.
  3. Hacking tools & ready-made phishing pages being sold on dark web for $2, via Hack Read
    • Seems like anyone can become a hacker now that so much is available at the Dark Web as you can easily find hacking tools at really low rates, where some being sold for just $2 and even less. Phishing pages are available for big brands including Facebook, Apple, PayPal and Netflix.
  4. Missouri hospital sued over medical records breach, via TechTarget
    • A hospital in Missouri faces a lawsuit after a medical records breach occurred as a result of an email phishing scam, something that's difficult to protect against within healthcare organizations, according to a security expert.
  5. Google faces hurdles in China beyond censorship, via Wired
    • China’s internet market is much larger and more lucrative than when Google pulled its desktop search app and withdrew from the country eight years ago after phishing attacks targeted Chinese activists using Gmail.
  6. Vanderbilt issues warning about email spoofing, phishing attacks, via Health Data Management
    • A warning has been issued to the staff at Vanderbilt University Medical Center about email spoofing and phishing attacks. The organization’s enterprise cybersecurity unit detected emails being sent using stolen names of employees to lure their colleagues into engaging in fraudulent activity. It’s become almost a daily occurrence for someone at Vanderbilt to receive a phishing email.
  7. Atlanta's reported ransomware bill: up to $17 million, via Bank Info Security
    • The cost of the city of Atlanta's mitigation and subsequent IT overhaul following a massive SamSam ransomware infection earlier this year could reach $17 million. The March 22 ransomware outbreak left 8,000 city employees unable to use their PCs for several days and led to longer outages for residents who wanted to pay for parking tickets or report potholes online.
  8. Smart city systems are riddled with critical security vulnerabilities, via ZDnet
    • Researchers have uncovered countless zero-day bugs which can be used to kill our critical city systems. According to IBM, connecting all of the vast systems can have devastating effects if something such as a successful cyberattack takes place.
  9. Campaigns and candidates still easy prey for hackers, via Politico
    • Some bathrooms have signs urging people to wash their hands. But at the Democratic National Committee, reminders hanging in the men’s and women’s restrooms address a different kind of hygiene. "Remember: Email is NOT a secure method of communication,” the signs read, “and if you see something odd, say something.”
  10. Phishing attack dupes Hennepin County, Minn., employees, via Government Technology
    • Cyberattackers have infiltrated email accounts for about 20 employees and may have accessed the private information of people who rely on the county's services, county officials revealed Thursday. Using emails disguised as pay-raise notifications, a sophisticated phishing scam duped the employees into giving up their login information.
  11. Cybercriminals get active on spear-phishing attack, via CXOtoday
    • Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters that hit at least 400 industrial organizations in an attempt to earn money for the cybercriminals.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Cyber Awareness Lessons Learned on a Train Ride

Users: here’s how not to handle an email…

Users: here’s how not to handle an email security incident. … Read More >

Bradley Sing

by Bradley Sing

Technical Consultant

Posted Jul 18, 2018

Blocking Impersonation, Phishing and Malware Attacks with DMARC

Combine DMARC Analyzer’s email channel v…

Combine DMARC Analyzer’s email channel visibility and report… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Jul 11, 2018

Mimecast & Solebit: Changing the Malware Protection Game

Mimecast has acquired Solebit. Here’s wh…

Mimecast has acquired Solebit. Here’s why. Just like there … Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Aug 07, 2018