Get the latest cybersecurity news.

In this week's news, we look at email attacks against a Minnesota government health system and a Texas school district. There's a continued focus on election security and some alarming information about voter information being spread around the Dark web. And there's another update on the US governments usage (or lack thereof) of Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy.

  1. Two phishing attacks on Minnesota DHS breach 21,000 patient records, via Healthcare IT News
    • The first email compromise began on June 28, the second on July 9, but officials said the IT department did not discover the hack until August. The subsequent investigation could not determine whether the hackers were able to access or copy the emails.
  2. Threat announcement: Phishing sites detected on Emoji domains, via Security Boulevard
    • Right now, this tactic is just that — A new technique being tested by phishers to see whether it will increase the efficacy of their campaigns. Just like emoji domains themselves, it’s difficult to know whether emoji phish will become an established trend, or die out altogether.
  3. Literary-minded phishers are trying to pilfer publishers’ manuscripts, via Naked Security
    • A scammer has been trying to steal manuscripts by spoofing their email address to make it look like messages are coming from literary agent Catherine Eccles, owner of the international scouting agency Eccles Fisher. The scammer is targeting literary agencies, asking for manuscripts, authors’ details and other confidential material.
  4. CIA, NSA and the Pentagon still aren’t using a basic email security feature, via TechCrunch
    • Some of the most sensitive US government departments and agencies still aren’t using a basic email security feature that would significantly cut down on incoming spam or phishing emails. Fifteen percent of all U.S. government domains still aren’t employing DMARC policies on their domains, which email systems use to verify the identity that the sender of an email is not an impersonator.
  5. BEC attack scams Texas school district out of $600,000, via SC Magazine
    • The Henderson, Texas school district was hit with a business email compromise (BEC) attack resulting in a $600,000 loss for the district. On Sept. 26 the district issued an electronic payment of $609,615.24 to RPR Construction Company Inc., which is overseeing work done on several district facilities.
  6. 35 million voter records from 19 states found for sale on Dark Web, via SC Magazine
    • More than 35 million voter records have been found for sale in a Dark Web forum containing information on voters from 19 states with prices ranging from $150 to $12,500. The records contain voter data including full name, phone numbers, physical addresses, voting history, and other unspecified voting data.
  7. Construction and marketing businesses most susceptible to phishing attacks, report says, via Small Business Trends
    • According to a new threat report, there’s been an 782x increase in the number of phishing cyberattacks in Q2 2018 alone.  eSentire Threat Intelligence also reports that two industries with a strong small business presence (marketing and construction) were in the top five most affected.
  8. NCSC report says phishing on the decline as nation state attacks take over, major UK cyber attack inevitable, via Information Security Buzz
    • This morning, the National Cyber Security Centre (NCSC) published its two-year review, detailing findings from its second year of operations. The report found that there is “little doubt” that a major cyberattack will happen soon and whilst the NCSC has cut the UK’s share of phishing attacks targeting the UK in half.
  9. Anthem to pay record $16M for 2015 data breach, via SC Magazine
    • Anthem will pay a record $16 million to settle potential privacy violations stemming from its massive data breach 2015 data breach which compromised the data of nearly 80 million current and former patients. The settlement amount is reportedly three times larger than the previous record amount paid to the governments in privacy cases. 
  10. Email use shows boards don’t practice what they preach on cyber, via Big Law Business
    • More than half of directors communicate on board matters using their personal email, a habit that’s putting sensitive corporate information at risk of cyberattacks, breaches, and data leaks, according to Diligent Corp.
  11. Phishing maintains new high during second quarter of 2018, via Business Wire
    • According to the APWG’s new Phishing Activity Trends Report, phishing attacks spiked in March and April 2018. The total number of phish detected in 2Q 2018 was down slightly from 1Q 2018, but remained far higher during the quarter than the rates seen during the same period in 2017.
  12. Who gets spear phished, and why?, via Help Net Security
    • The story of nearly every notable data breach in recent memory begins in pretty much the same way: “Once upon a time, someone got spear-phished…” Whether it’s a government agency or a Fortune 500 company, spear phishing is a serious threat, with losses topping $675 million in 2017 in the US alone. The phishing attacks that incite data breaches take diverse forms.
  13. Google security official on election threats, spearphishing, via POLITICO
    • Morning Cybersecurity talked with Mark Risher, director of product management at Google with an emphasis on security and privacy. Election security threats are broader than one country or one group of people, Risher said. “One of the headlines that shows up often is the focus on Russia and Democrats in 2016.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Blocking Impersonation, Phishing and Malware Attacks with DMARC

Combine DMARC Analyzer’s email channel v…

Combine DMARC Analyzer’s email channel visibility and report… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Jul 11, 2018

No One Wants to Deal with Data Leaks…No One

With Cybersecurity Awareness Month here,…

With Cybersecurity Awareness Month here, we’re ready to help… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Oct 02, 2018

'PhishPoint': How to Tackle the Latest Office 365 Threat

There’s a new phishing attack targeting …

There’s a new phishing attack targeting Office 365/SharePoin… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Sep 19, 2018