Following in Facebook’s footsteps, LinkedIn has also succumbed to the latest data scraping attack. Five hundred million user accounts have been compromised, but representatives at the top say that the scraped data was “in the public domain”. They added that no information from private accounts had been scraped, and as yet, are not planning to inform users.
Following a sharp increase in sales of smart devices during the pandemic, the UK has now published plans for new legislation to protect users. The Department for Digital, Culture, Media and Sport states that easy to guess default passwords will now be banned, while tech giants such as Apple must notify users when their devices will stop getting security updates. Figures suggest 49% of UK residents have bought new smart devices during the pandemic.
Investment in cybersecurity is set to exceed $200 billion by the year 2024, according to reports by Bloomberg Intelligence. The trends come from the general switchover to cloud-based security, while remote working was also blamed for the surge in spend. Bloomberg says that security will make up a bigger share of IT budgets as businesses try to fend off reputational and business risks.
On March 2nd, Microsoft announced that four zero-day vulnerabilities in its Exchange email service were being exploited by attackers, leaving hundreds of thousands of companies worldwide under threat. Microsoft released emergency patches and tools for clients to install as soon as possible. There are fears that tens of thousands of businesses, especially small to medium companies without dedicated cybersecurity staff, may not yet have applied the fixes. Attackers have used the ProxyLogon vulnerabilities to gain access to Exchange servers from which they are able to execute commands remotely.
The volume of attacks against Microsoft Exchange servers has increased significantly since the ProxyLogon bugs were made public. With patches now released, attackers may be sensing that it is their last chance to infect systems. According to Check Point Research, “exploit attempts increased sixfold” across the span of a few days following the news. The most targeted sectors were government and military at 27 per cent of attacks. Microsoft also announced that it had detected a new strand of ransomware, known as DearCry, which attackers were attempting to install in infected systems.
President Joe Biden is once again under pressure to tackle cyber threats following the Microsoft Exchange ProxyLogon hack. In January, when the USA was suffering from the SolarWinds hack, Biden allocated $10 billion in his Covid budget to go towards enhancing cyber defences. However, the latest exploit has left systems even more vulnerable. Microsoft announced that a state sponsored Chinese group named Hafnium was responsible for the ProxyLogon attacks. The SolarWinds hack was blamed on a Russian group. With cybersecurity now a question of national security, Biden will be under pressure to act in response.
