COVID-19 Resource Center: Latest News and Insights on the Novel Coronavirus and Cybersecurity Response

The COVID-19 pandemic has changed how we all live and work, creating the largest remote workforce in history. Never have topics such as identity and access management, device security and business resiliency been more critical. Use this COVID-19 Resource Center for the latest updates and opinions on the virus, its influence on the threat landscape and how global organisations can improve response.

Photo: US Capital via Flickr/CC

Lawmakers Demand Details on Fighting China-Linked Hacking

Akshaya Asokan • May 26, 2020

A bipartisan group of U.S lawmakers is requesting more information from the FBI and CISA about efforts to crack down on hacking groups linked to China's government that are targeting American facilities conducting COVID-19 research.

Governance & Risk Management

The Urgency of Re-Examining Security Practices During Pandemic

Latest

Governance & Risk Management

Why an Information Asset Register Plays Important Role

Anna Delaney • May 26, 2020

Security practitioners need to know what data their organization has and where it is kept so they can ensure it's protected. That inventory process that can be simplified by creating an information asset register, says Bilal Ghafoor, a data protection consultant.

Endpoint Security

Using Monitoring to Tackle Shadow IT Issues

Suparna Goswami • May 26, 2020

Shadow IT is a growing concerns during the work-from-home shift because endpoint security is not as well developed as network security, says Vikram Mehta, an information security specialist at MakeMyTrip, who offers risk mitigation insights.

Fraud Management & Cybercrime

Microsoft Warns of COVID-19 Phishing Emails Spreading RAT

Akshaya Asokan • May 22, 2020

Microsoft is warning Windows users about an ongoing "massive" COVID-19-themed phishing campaign that is attempting to install the NetSupport Manager on devices. Attackers can turn NetSupport into a remote access Trojan, or RAT.

Fraud Management & Cybercrime

Phishing Campaign Leverages Google to Harvest Credentials

Ishita Chigilli Palli • May 22, 2020

Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible.

Fraud Management & Cybercrime

Analysis: The Long-Term Implications of 'Work From Home'

Nick Holland • May 22, 2020

The latest edition of the ISMG Security Report features Retired General Keith Alexander, former NSA director, discussing the long-term security implications of the shift to working from home. Also: an update on ransomware gangs leaking data and an analysis of using open source code for app development.

Governance & Risk Management

Bank of America: COVID-19 Loan Data May Have Leaked

Doug Olenick • May 21, 2020

Bank of America disclosed this week that some customers' data may have been exposed during the uploading of loan applications related to the Paycheck Protection Program - a U.S. government initiative created to provide business loans during the COVID-19 pandemic.

Fraud Management & Cybercrime

Verizon: Breaches Targeting Cloud-Based Data Doubled in 2019

Doug Olenick • May 19, 2020

Attacks targeting cloud-based data nearly doubled in 2019 as companies shifted more of their valuable information off-premises and misconfigurations and other issues made it more vulnerable, according to the 2020 Verizon Data Breach Investigations Report. Observers expect the trend to continue this year.

Fraud Management & Cybercrime

EasyJet Data Breach Exposes 9 Million Customers' Details

Mathew J. Schwartz • May 19, 2020

European budget airline EasyJet says it suffered a data breach that exposed 9 million customers' personal details. While no passport details were exposed, the company's ongoing investigation has also found that attackers "accessed" a small number - just 2,208 - of customers' payment card details.

Governance & Risk Management

Mphasis: Adjusting Risk Management for a Remote Work Force

Geetha Nandikotkur • May 19, 2020

Mphasis, the IT service management company, has made many adjustments to its risk management strategy - including wider use of multifactor authentication - as a result of more staff members working from home, says Sethu S. Raman, senior vice president and chief risk officer.

Fraud Management & Cybercrime

Crypto-Lock and Tell: Ransomware Gangs Double Down on Leaks

Mathew J. Schwartz • May 15, 2020

More ransomware-wielding gangs are not just crypto-locking victims' systems, but also stealing and threatening to leak data unless they get their demanded bitcoin ransom payoff. A growing number of security experts believe the strategy is leading more victims to pay.

Endpoint Security

Backing Up Data: How to Prepare for Disaster

Jeremy Kirk • May 15, 2020

If an organization fails to stop a ransomware attack, how does it recover the data? Backups, of course, are essential. But Peter Marelas of Dell Technologies says organizations should have a well-developed strategy for backups because attackers are increasingly targeting those systems as well.

Fraud Management & Cybercrime

Fresh Twist for Pandemic-Related Phishing Campaigns

Ishita Chigilli Palli • May 14, 2020

Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report.