Friday Five: 7/19 Edition
Microsoft's new phishing detection feature, an increase in cybersecurity spend, and more - catch up on the week's news with this round up.
1. Microsoft Adds Automatic Phishing Detection to Microsoft Forms by Sergiu Gatlan
Microsoft announced this week that its implementing a new safety precaution within its Microsoft Forms app that can detect potential phishing attacks. Enabling automatic phishing detection can prevent hackers from creating landing pages that ask for username and password information. This is welcome news after there was a reported 250% increase in phishing incidents in 2018 alone. Microsoft, a target for phishing campaigns itself, has taken additional steps to help users protect their sensitive data from these attacks. By creating a “Report Abuse” option below the “Submit” button on forms, users can notify the company of any suspicious activity they come across while using the Forms app. Moving forward, Microsoft hopes to increase protection and supply users with other resources, like the “Office 365 Security Roadmap,” to better protect themselves.
2. Organizations expect to boost their cybersecurity investments by 34% by HelpNetSecurity
A worldwide study of over 450 companies across multiple industries suggests there will be significant reallocation of funds towards cybersecurity spending in the coming years. ESI ThoughtLab, a research and consultancy firm, in collaboration with Willis Towers Watson, a risk management and insurance brokerage, created “The Cybersecurity Imperative,” a study exploring the upward trend in the number of cybersecurity incidents and the increase in spending across all major industries. According to the findings, annual losses are averaging $4.7 million as a result of cybersecurity attacks and companies are expected to increase spending on multi-layered defenses with an emphasis on new technology. Although there is a focus on technological advances, their research shows that the biggest threat to a company’s private data is inexperienced general staff, who require necessary training to avoid potential cybercriminal attacks. Cybersecurity attacks are clearly on the rise and companies are starting to realize that investing in employee training and security solutions are going to be key to protecting important digital assets.
3. Ransomware Attackers Demand $2 Million From NYC College by Michael Kan
On July 10, hackers infected Monroe College computers with ransomware and asked for $2 million in bitcoin to restore the computers. Currently, Monroe College’s website and email system are down. Unfortunately, this attack means that, in the meantime, Monroe College’s 8,000 students will go to class without access to the online systems that they are used to. Cybersecurity professionals and the FBI urge organizations not to pay attackers a ransom, as one cannot be certain that hackers will release infected computers. Security experts recommend that ransomware victims research if there’s a free decryption mechanism that they can use to restore their devices. Several initiatives, like nomoreransom.org, exist to help ransomware victims.
4. Hacker steals data of millions of Bulgarians, emails it to local media by Catalin Cimpanu
A hacker, who claimed that he was Russian and had access to Bulgaria’s National Revenue Agency (NRA) network for more than 11 years, stole 110 NRA databases, and shared 57 of these databases with the local media. Leaked information was as old as 2007 and included people's names, personal identifiable information numbers (PINs), home addresses, and incomes. Not only was NRA-specific information leaked, but also information from the Department Civil Registration and Administration Services (GRAO), the Bulgarian Excise Centralized Information System (BECIS), the National Health Insurance Fund (NZOK), and the Bulgarian Employment Agency (AZ) was leaked. What’s shocking about the news is that more than five million Bulgarians were affected, yet Bulgaria’s total population is only seven million.
5. Hacker gets $30,000 for reporting hack Instagram account flaw by Waqas
Laxman Muthiyah, an IT security researcher and bug bounty hunter, noticed a vulnerability in the password reset tool in Instagram’s mobile version. Muthiyah realized that attackers could have used a brute force attack to guess the six-digit passcode Instagram sends users when they forget their password. Since these passcodes remain active for ten minutes, attackers could have at least ten minutes to hack the account. Muthiyah told Instagram about this vulnerability, and Instagram patched it and awarded him $30,000. Using strong passwords and two-factor authentication can help users better protect their Instagram accounts from such attacks.