“Land and expand” was dangerous enough when it was used as a sales strategy.  Now, it’s increasingly being deployed by cybercriminals to maximize their profits.  Here’s what’s happening this month in cybersecurity news.

Microsoft Office is a Top Target for Cyberattacks

With so many people working from home, Office365 has become one of the most popular targets for cybercriminals.  That’s because it has more than 250 million users, plenty of sensitive documents, and can be used to burrow deeper into corporate networks.  [Learn more at Threatpost]

Hanging Around for a While

According to a new report by Verizon, around 25% of all network breaches aren’t discovered until more than a month after they happen.  That’s plenty of time for those perpetrating the breach to learn how to damage their targets in a wide range of different ways.  [Read the report here]

 Too Much Work:  Ransomware Organizations Hiring Contractors

In the early days of ransomware, if you were unlucky enough to open the wrong attachment, your files would be locked up and the ransomware would demand a set fee – often as low as a few hundred dollars.  That’s because the cybercriminals didn’t examine every infected network to see how valuable the data was worth.  If the ransom was set too high, most people wouldn’t pay it.

These days, criminals spend weeks in every infected network, trying to broaden their access and determine how much the person or company might pay to avoid losing their files or having them leaked online.  How do they have time for that?  They don’t – so they hire contractors to do it for them. [Read more at Krebs on Security]

 Q-Bot: The Newest Threat Posing as Security Warning

Windows Defender joins KnowBe4 as the latest security platform to be spoofed by malware, thanks to a new email attachment.  When opened, the attachment launches in Excel and claims to be “encrypted by corporative firewall”, and directs the user to click on the ‘enable content’ button (always a major red flag).  Once clicked, a macro runs that installs malware on the PC, enabling cybercriminals to view files and install ransomware.  [Read more at Bleeping Computer]