Cyber News Roundup: Cryptojacking takes the lead

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Is it surprising that five new security threats popped up every second in Q1 of 2018, according to research from McAfee? Perhaps we’ve all become numb to startling statistics about the volume of cyberthreats that we see each week. What’s new about the research from McAfee is that an alarming number of the cyberthreats focus on cryptojacking.

As noted in TechRepublic, “Of particular note was the rapid expansion of cryptojacking and other cryptocurrency mining attacks, in which criminals hijack victim’s browsers or infect their systems to mine for cryptocurrencies like Bitcoin—often without their knowledge. Coin miner malware grew a whopping 629% this year, growing from about 400,000 total known samples in Q4 2017 to more than 2.9 million in Q1 2018.”

One of the reasons for the large uptick in cryptojacking is that the cyberthieves have seen that they don’t need to rely on a third party, such as a municipal government or corporation, in order to achieve their goals. It’s easier to attack a user’s system and collect the ransom directly.

“Cybercriminals will gravitate to criminal activity that maximizes their profit,” Steve Grobman, CTO at McAfee, said in the release. “In recent quarters we have seen a shift to ransomware from data-theft, as ransomware is a more efficient crime. With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts.”

Suggestions for securing corporate and personal data include downloading the minerBlock extension for Chrome and Firefox, daily backup of files, and employee education regarding what suspicious signs to look for such as phishing attacks.

Neighborhood watch needed for cybersecurity

With all due respect to government spending on military, infrastructure and building walls to secure our borders, citizens are very concerned about their government’s ability to protect their local communities. According to a survey by SecurityFirst, a cybersecurity software firm, 64 percent of citizens noted cyberattacks, like ransomware, could have a potentially negative and long-term impact on their community. Most are concerned (60 percent) it can impact their local government’s ability to provide critical services including first responders (77 percent), municipal utilities (74 percent), courts (68 percent) and public schools (68 percent).

“Cybercriminals are finding local government agencies to be prime targets for cyberattacks. The City of Atlanta is a recent example, where a ransomware attack is costing the city millions of dollars, after knocking out critical services and erasing years of sensitive data,” said Jim Varner, CEO and president of SecurityFirst. “This incident shows how, without data, our communities cease to function in any sort of fashion today’s citizens find acceptable. Data protection needs to be top of mind no matter the size of the community or agency.”

As noted in Venture Beat’s America to Local Governments: Protect Our Community, Spend Now on Cybersecurity and Data Protection Before an Attack, citizens are concerned not just about the loss of personal data, but about attacks on systems that support first responders and other emergency and health services. Suggestions for how to combat these threats include citizen’s support for politicians that prioritize data privacy, additional government spending on data privacy, and having local governments plan for data outages.

When it comes to cybersecurity, focus on blocking and tackling

With all the scary headlines and reports of massive security breaches that expose personal data, it’s important to remember that, when it comes to cybersecurity, IT professionals need to tackle the basics.

As discussed in CTOvision.com’s Good Cybersecurity is Not Glamorous, “Addressing the most common security problems facing any enterprise does not require floor-to-ceiling displays showing maps of the world and stoplight charts and data flows from country to country. It doesn’t require a lot of software or hardware or subscriptions or licenses or feeds. The biggest problems are the most common ones that don’t necessarily require advanced skills or technology to resolve.”

Company leaders need to realize that there rarely is tangible ROI when it comes to protecting against cyberthreats. Technology costs money, IT professionals who specialize in cybersecurity cost money, and security breaches may still occur. The smart companies are the ones that understand the importance of implementing security practices and spend the time and money to do whatever they can to protect themselves, their employees, partners and customers.

Cyber Oregon partner blog posts of interest

• Fortinet: How to Have a Safe Cyber Summer
• Splunk: Leveraging HADES for Advanced Threat Intelligence
• Sword & Shield: Two-Factor Authentication (2FA): Secure or Not?