Catch up on the past week’s cybersecurity news.

Russian hacking of the 2016 U.S. presidential election was front and center in the news this week, with the (rather simple) email tactics used by the attackers playing a central role. In a related piece of news, officials are worried about attacks that could happen in this year’s election and are taking steps to prepare.

Elsewhere in this week’s roundup, there’s some good news about efforts to blunt email and supply chain attacks by organizations and a surprising revelation about a new ransomware technique that uses your actual passwords against you.

  1. Malware, bitcoin and phishing: US indicts 12 Russian spies in 2016 election hack, via SiliconANGLE
    • A U.S. grand jury returned indictments against 12 officers in the Russian military accusing them of accessing information stolen from the Democratic National Committee and Democratic Congressional Campaign Committee in 2016.
  2. The public tools Russia allegedly used to hack America’s election, via Fifth Domain
    • The Justice Department’s indictment explores how these Russian intelligence officials hacked the Clinton campaign. It offers a cautionary tale for organizations that do not take cybersecurity seriously, in part, because the Russians’ campaign was anything but technically-sophisticated. Instead, they relied on spear-phishing and open-source tools to steal documents and emails.
  3. Elections officials have a lot of security work to do before November, state and federal officials tell Congress, via CyberScoop
    • Russian hackers might not be as active in interfering with U.S. voting systems this year as they were in 2016, but that doesn’t mean states don’t have plenty of work to do to secure future elections, state and federal officials told members of the House of Representatives Wednesday.
  4. Cyrillic characters are favorites for IDN homograph attacks, via Bleeping Computer
    • Cyrillic (Russian alphabet) characters are the most common characters used in internationalized domain name (IDN) homograph attacks, according to research published last month by Farsight Security. IDNs domains had been introduced in 2010, but they have started to catch on only in recent years, as more website owners realized they could own a domain spelled in their native language.
  5. Identity theft: Banking has changed, criminals haven't — here’s how to protect your money, via USA Today
    • In 2008, identity theft was the top complaint logged by the Federal Trade Commission. Today, the number of complaints is 20% higher. Many of today’s fraud and identity theft breaches involve mobile devices. It’s easier to keep up with your bank accounts, but it could also be easier to get scammed.
  6. Amid corporate fraud risks, execs blunting email, supply chain attacks, via PYMTS
    • Amid all the headlines detailing the successful data breaches, and vulnerabilities of companies across any number of verticals, we don’t hear much about the successful efforts to blunt those attacks. It turns out companies are having some success in the everlasting battle against corporate fraud — in B2B, email phishing scams and supply chain attacks in particular.
  7. Ransomware technique uses your real passwords to trick you, via TechCrunch
    • A few folks have reported a new ransomware technique that preys upon corporate inability to keep passwords safe. The notes – which are usually aimed at instilling fear – are simple: the hacker says, “I know that your password is X. Give me a bitcoin and I won’t blackmail you.”
  8. Seven ride-sharing scams to watch out for, via TechRepublic
    • In the wake of a serious data breach that Uber experienced involving more than 50 million customers, some of these customers may have received phishing emails purportedly from Uber that asked them to reset a password via a provided link.
  9. Healthcare data breach costs remain highest among industries, via Health IT Security
    • In their 2018 Cost of a Data Breach Report, IBM and the Ponemon Institute found that healthcare data breach costs average $408 per record, the highest of any industry for the eighth straight year and nearly three times higher than the cross-industry average of $148 per record.
  10. Unknown and unsecure domains bother businesses, via InfoSecurity Magazine
    • In Q1 of 2018, RiskIQ found 26,671 phishing domains impersonating 299 unique brands. Regarding cryptomining, an average of 495 new hosts were running miners each week in Q1, while 11 instances of cryptomining were found on FTSE30 websites.
  11. New email scam tied to speed traps, via Media Post
    • Indiana residents have been advised about an email phishing scam tied to local speed traps. The emails inform citizens that they have been hit with a $535.99 fine, according to local news reports. The email comes with a case number.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Blocking Impersonation, Phishing and Malware Attacks with DMARC

Combine DMARC Analyzer’s email channel v…

Combine DMARC Analyzer’s email channel visibility and report… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Jul 11, 2018

Email-Borne Attacks Have Evolved – Has Your Security?

Email continues to be the number one thr…

Email continues to be the number one threat to organizations… Read More >

Bob Adams

by Bob Adams

Product Marketing Manager - Security

Posted Apr 18, 2018

Stop Email Threats in Healthcare IT

Breaches in Healthcare: Lessons Learned …

Breaches in Healthcare: Lessons Learned From HIMSS18 It’s h… Read More >

David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Mar 16, 2018