Business Network Security News: June 15th-31st, 2020

The pandemic hasn’t slowed down cyber crime attacks – in fact, it’s made them more prevalent than ever.  That’s because businesses are more reliant on their networks than ever with so many of their employees working from home.  Here are some of the best articles on  threats facing small and mid-size businesses right now.

Criminals Using Fake Employee Medical Forms to Spread Malware

Malicious .xls files with file names indicating they are individuals’ CVs were sent via email with subjects such as “applying for a job” or “regarding job”.  When opening the attached file, victims were asked to “enable content” (see image below) and when they did, a malicious macro started running, downloading the final payload. Once a device was infected, threat actors could use the malware to carry out financial transactions on the device. [Learn more at Checkpoint.]

Eight Signs Your Smartphone Has Been Hacked

Cyber criminals use a wide variety of mobile malware families, which CrowdStrike breaks down into five categories: remote access tools (RATs), which are the most comprehensive threat to mobile devices, along with banking Trojans, mobile ransomware, cryptomining malware, and advertising click fraud.  One of the most common ways attackers get malware onto smartphones is via backdoored app stores and mobile apps, which has become “a very prevalent threat vector,” Meyers says.  [Learn more at Dark Reading.]

Sharp Spike in Ransomware in US as Pandemic Inspires Attackers

According to SonicWall’s 2020 Cyber Threat Report ransomware attacks are up, particularly in the U.S., where they have more than doubled year-over-year (up 109 percent). Meanwhile, malware targeting IoT devices has risen to 20.2 million, up 50 percent from this time last year – as cybercriminals target the massive influx of employees working from home.  [Learn more at Threatpost]

As Businesses Move to the Cloud, Cyber Criminals Follow Close Behind

While we have seen hackers target the cloud for activities like cryptomining and ransomware, data theft is by far the top tactic we see attackers taking once they’ve breached cloud systems. The cloud is ideal for hosting large amounts of information, and this data can be stolen by threat actors and quickly sold on underground marketplaces.  [Learn more at Dark Reading]