We’re all looking for presents online right now, but the bad guys are looking for presence on your network. Here’s what’s happening in the world of cybersecurity in early December.
Years ago, when cyberthieves gained access to your network, they would immediately encrypt your files and ask for payment. More recently, they’ve been spending months hiding out on networks while they gain access to as much data as possible. Then, they threaten to publicly release that data unless you pay them.
The latest news is the worst of both worlds. Hackers are getting better at quickly gaining full access to networks – data that used to take weeks to steal is taking days or hours. This leaves a narrow window to discover their presence and kick them off your network before they threaten to release your employees’ and customers’ most sensitive data. Read more at ZDNet.
Security threats have increased for businesses of all sizes in 2020, and hardware vendors are coming up with new ways to address threats. Microsoft’s Pluton processor adds hardware-level encryption within a computer that’s so locked-down that the encryption key never leaves that specific chip. Dell is soon launching a number of new services, including one that helps users ensure that their hardware hasn’t been modified as it traveled from the Dell plant to the customer’s unloading zone. Read More at Microsoft and Dell
Over 200 million Microsoft 365 subscribers received an email from “Microsoft Outlook” (from the Microsoft.com domain) asking them to follow a link to undelete an email which was accidentally marked as spam. The link in the email, of course, isn’t to their email, but to a fake Microsoft login form, which steals their credentials. It’s just a slightly new spin on the very-old “click the bogus link” trick; there’s no need for cybercriminals to fix something that already works so well. Read more at Threatpost