CIO

The week in security: A Parliament of howls as nation-state, BEC attacks fly thick and fast

The cyber attack on Australia’s Parliament House was all over the mainstream news, with the government careful not to rush to attribute the incident to China despite whispers to that effect.

The attack is just one in a never-ending series of breaches that saw over 5 billion data records exposed last year.

Users aren’t helping, with horrendous password habits persisting but one analysis of mobile app logins suggesting that single sign-on and other security apps are gaining in popularity as users try to do the right thing.

There were reminders about the risks of collecting biometric data en masse, and reminders about the risks of man-in-the-middle attacks that can cause all kinds of problems for your business and employees.

If you’re struggling to get your employees to be more careful with their email, make sure they read this story – about a woman who is being sued by her employer to recover a sizeable loss to business email compromise (BEC) fraudsters.

BEC attacks are exploding in frequency thanks to their success against such targets, and by one count have surpassed ransomware.

Also surging in February are romance-related scams and malware, with the usual warnings out and dating site CoffeeMeetsBagel warning of a data breach.

Google’s Chrome 74 is now blocking drive-by downloads and malvertizing, helping users fight back against an insidious and persistent security threat.

Microsoft found that more bugs are being exploited as zero-days than patches, while the company’s App Store was under fire as attackers loaded it with crypto-jacking apps.