Business Cybersecurity News: Late August, 2020

A cybersecurity training company gets educated.  Most employees don’t get cybersecurity education.  And over a hundred companies mined cryptocurrency for cybercriminals on their Amazon cloud servers .  Here’s what’s happening in cybersecurity in the last couple of weeks.

Cybersecurity Training Company SANS Hit by Cyberattack; 28,000 Items Stolen
Major cybersecurity training company SANS was hit by a phishing attack.  The attacker gained access to the company’s data directly from Microsoft, without ever knowing the user’s password.

An employee clicked on a fake link that pretended to be from Microsoft SharePoint.  It took them to a page on which Microsoft requested permission to share account data with a malicious app. They gave Microsoft permission to share the data, and 28,000 items of Personally Identifiable Information were stolen from SANS.  [Read about the breach at ComputerWeekly.com, and more about attack technique at BleepingComputer.com.]

Freepik User Email Addresses and Passwords Stolen and Leaked
If anyone in your office has signed up for a Freepik account (to use their pictures in emails or newsletters, for instance) that login information may soon be floating around on the dark web.  This is an especially big problem for companies whose employees used their work email address and the same password they use to login into your business network – because those credentials will soon be in the wrong hands. [Read more at CISO Magazine]

Most Businesses Don’t Provide Modern Cybersecurity Training to Staff
A recent study found that only 33% of companies had ever provided employees with basic cybersecurity training.  With employees at many companies working from home exclusively, this is a dangerous time for employees to not know what emails are probably legitimate and which ones will give attackers access to the company’s internal network. [Read more at Cyber Readiness Institute]

Are You in the Cryptocurrency Mining Business?
You might be, whether you know it or not.  Cyberattacks are targeting poorly configured Amazon cloud servers and installing cryptocurrency mining software on them.   They get the cryptocurrency, and you get the bill.  [Read More at Threatpost.com]