Research News, Articles and Updates

WannaCry and Hollywood hospital ransomware attacks crossed a line for some cybercriminals

The ransomware infection that disrupted Hollywood Presbyterian Medical Center and the worldwide WannaCry attack in 2017 caused an ethical and philosophical rift among members of the Russian and Eastern European cybercriminal community.

Attackers can pull data from air-gapped networks' surveillance cameras

Researchers have demonstrated a way for remote attackers to exfiltrate data from and send malicious commands to air-gapped networks, using surveillance cameras.

Skating on thin ice: Avril Lavigne is most dangerous celebrity to search online

According to McAfee's 11th annual Most Dangerous Celebrities study, online searchers for the Canadian singer result in more malicious websites than searchers for any other famous personality.

Report: Without safeguards, Internet and IoT may create surveillance states in near future

A catastrophic worldwide cyberattack and the emergence of an IoT-enabled surveillance state were among the chief security and privacy fears expressed by experts polled for a new report about the internet and its future impact.

Malicious replacement touchscreens could completely compromise phones, researchers demonstrate

Mobile users who substitute their damaged phone touchscreens or other hardware components with third-party replacements could be infecting their phones with malicious components that could allow attackers to completely compromise the device.

Dating apps that collect personal details may attract scammers, researchers warn

Users of online dating apps could end up the target of spear phishing and social engineering scams, especially when these services make one's personal information accessible to virtually anyone, Trend Micro researchers have warned.

Hackers will weaponize AI, survey says

Of 100 infosecurity professionals surveyed, 34 percent fingered Russia as the biggest threat to cybersecurity in the U.S., followed closely by organized crime at 33 percent, according to a Cylance blog post.

Researchers deliberately get phished, learn that account exploitation often takes more than 24 hours

Researchers at Imperva recently set up fake online accounts and intentionally allowed themselves to be phished by scammers in order to observe how behavior cybercriminals act after they come into possession of a victim's credentials.

Survey: Infosec professionals work long shifts, yet feel rewarded

In a recent survey of 360 infosec professionals, 57 percent of respondents said that they work on weekends, while 29 percent said they work at least ten hours a day.

Majority of surveyed execs have inherited cybersecurity problems after acquiring a software company

In a recent M&A survey focused on the software industry, 52 out of 100 senior global executives confirmed that their companies inherited cybersecurity problems from a software business that they either merged with or acquired.

Dark web services getting attacked too, as Tor sites become less hidden

Despite their anonymity, sites and services hidden on the dark web are not immune to cyberattacks, as recently demonstrated by a group of researchers who coaxed cybercriminals into attacking fake Tor sites in order to study their behavior.

Survey: U.S. execs bearish on 2018 cybersecurity spending, despite increase in threats

Only 49 percent of surveyed U.S. executives expect to spend more on cybersecurity in a year's time, despite a 56-percent majority expecting the number of data breach attempts to rise in 2018, according to a new research study.

Paid in the USA: Americans more likely to pony up when infected with ransomware

The U.S. suffered 34 percent of global ransomware infections last year - and it's no wonder why, with 64 percent of Americans willing to pay to retrieve their encrypted files, compared to 34 percent of victims worldwide, according to Symantec.

Side-channel attack technique steals PINs by analyzing smart device sensor readings

Researchers in the UK have uncovered a technique for malicious websites to spy on smart device owners and even decipher their screen touches and PIN number entries by secretly monitoring their devices' sensor data.

Survey: Americans overwhelmingly disapprove of ISPs sharing data without consent

In a recent poll of more than 1,200 Americans, 92 percent agreed that Internet providers should not be allowed to monitor their activity online and sell that data to third parties without consent -- a strong indictment of Senate Joint Resolution 34, which lifted FCC restrictions that would have prevented ISPs from engaging in this practice.

Are West Africa's 'Yahoo boys' and BEC scammers creating the next cybercrime hotbed?

West Africa may be on the verge of developing its own fully realized underground cybercrime market, buoyed by a combination of traditional 419 advance-fee fraudsters and more sophisticated actors that prefer business email compromise and tax scams.

Analysis: Election hackers used many of the same techniques as Carbanak gang

An analysis of two DHS reports focusing on Russia's reputed interference in the 2016 U.S. election revealed common bonds between the infamous hacking campaign, dubbed Grizzly Steppe, and activity by the Carbanak cyber gang. However, an expert with ESET doesn't think the overlap is significant.

Survey explores the minds of hackers: 81% claim they can compromise target in under 12 hours

Eighty-eight percent of hackers surveyed at the 2016 DEF CON conference claimed they can compromise a target in less than 12 hours, while 81 percent said they can identify and exfiltrate a target's data in the same amount of time.

Kaspersky: Banking malware attacks up 30.6% in 2016; finance sector phishing also more prevalent

The number of cyberattacks targeting financial institutions and their customers soared to new heights in 2016, according to Kaspersky Lab, which observed nearly 1.09 million banking trojan attacks on users in 2016.

Malware targeting banks contains apparent false flags designed to frame Russians

Malware samples recovered from watering hole attacks recently targeting banks across the globe contain false flags that fraudulently suggest Russian actors are behind the campaign, even though the most likely culprit is the Lazarus Group.

Downeks and Quasar malware combine in attack linked to Gaza Cybergang

A recent spate of attempted malware attacks intended to infect government entities in the Middle East with a customized version of the Quasar remote access trojan appears to be linked to the Hamas-linked Gaza Cybergang.

Video: 300 billion passwords by 2020, report predicts

A new report predicts that the number of passwords used among humans and machines worldwide will grow to 300 billion by 2020 - all of which will require cyber protection.

Survey: Organizations deploying emerging tech without ensuring data security first

In a classic case of putting the cart before the horse, too many organizations are deploying emerging technologies before they can shore up appropriate levels of data security, according to a new report from Thales e-Security and 451 Research.

Terdot Zloader/Zbot combo abuses certificate app to pull off MITM browser attacks

The downloader Terdot Zloader and its accompanying Zbot banking trojan payload abuse a legitimate certificate application to spy on users and modify web content via man-in-the-middle attacks against browsers, an in-depth code analysis shows.

SC Media Exclusive: Rootnik Android malware variant designed to frustrate researchers

A newly identified version of the Android malware "Rootnik" features anti-debugging and anti-hooking capabilities designed to hinder analysts' efforts to reverse engineer it.