Business Cybersecurity News: Early September, 2020

Since COVID-19 started, 20% of companies have already been hit with a cyberattack.  New types of attacks are hitting companies more quickly, avoiding detection from antivirus software.  And a recent phishing campaign uses your own website against you.  Here’s the latest cybersecurity news.

Malwarebytes Survey: 20% of Businesses Hit with Cyberattack Due to Work-From-Home Employee
A recent Malwarebytes survey found that one in five companies have had work-from-home employees hit by a cyberattack.  Out of those who were attacked, one in four companies had to pay unexpected costs to have someone assist the company with recovering from the cyberattack.  Read more at Malwarebytes’ Blog

AI Sometimes the Only Reliable Way to Detect Early Attacks
Once malware becomes widespread, antivirus or antimalware software can be trained to detect it.  But if you’re dealing with brand new attacks that are deployed rapidly across the globe, AI-based software is often the only way to detect it.  This story (and the linked blog post within) detail how an AI-based software was able to detect a brand new attack at multiple companies before security experts even know how the attack was happening. Read More at ComputerWeekly

Six Ways to Screw Up Multifactor Authentication
Multifactor Authentication is one of the best ways to reduce the likelihood of a successful attack on your organization.  But if it isn’t deployed in a comprehensive manner, it can lead to a false sense of security.  Here are six ways that a MFA deployment can leave security holes in a network.  Read More at Dark Reading

Homepage Overlay Screen – a Novel Attack Method
A recent successful cyberattack campaign used a phishing email claiming that a potentially important email had been quarantined – a common phishing trick.  What was unusual was the next step – when an employee clicked on the link, the website loaded their employer’s real webpage in the background, with an overlay box asking the user to re-enter their credentials.  This made the request look more legitimate.  Read more at Threatpost