This week we take a look at how employees treat sensitive company data, the threat of returning crypto ransomware email campaign TorrentLocker, and more.
1 in 4 UK employees will share sensitive information outside the company
According to SailPoint’s annual Market Pulse Survey, a surprising disconnect exists between employees’ growing concern over the security of their personal information and their attitudes toward data security practices in the workplace.
The survey found that 87 per cent of employees would react negatively if their personal information was breached by a company. Yet these same employees are exposing their employers to the same data breaches through negligence and poor password hygiene.
Additionally, the survey highlights an ongoing challenge for IT and security professionals. 26 per cent of employees admitted to uploading sensitive information to cloud apps with the specific intent to share that data outside the company.
Forcepoint researchers warn users of TorrentLocker threat
Researchers at Forcepoint are warning users to be aware to the threat of returning crypto ransomware email campaign TorrentLocker, after attackers demanded payments of up to $500 from victims in Sweden and Italy.
Unlike some previous TorrentLocker lures, which were set up on newly registered domains, the new threat uses fake websites hosted directly on compromised websites. It uses emails that suggest a notification of a failed delivery from PostNord, a legitimate Nordic logistics company, or Enel, an Italian energy company.
Carl Leonard, principal security analyst at Forcepoint, said: “TorrentLocker remains an ongoing and evolving threat which continues to try and evade detection by using compromised websites and customised e-mail themes. Users struck by this crypto ransomware have faced demands of hefty payments so, as always, it is vital to maintain continuous backups of important files on a separate machine to mitigate the chance of data destruction through the ransomware's encryption algorithm, and to always double check the authenticity of e-mails.
“The return of TorrentLocker emphasises the need for end user education, as this particular attack requires a significant amount of user interaction in order to be successful. It offers multiple opportunities for end users to realise that they have been targeted by a scam and stop interaction. It also highlights the importance of combining telemetry across the web and email attack vectors to remain vigilant in today’s threat landscape.”
"Locky" ransomware attack stopped by ReSec Technologies and IronScales
Locky was stopped in its tracks by ReSec Technologies, developer of the patented Content Disarm & Reconstruction (CDR) cyber protection technology, and IronScales, creator of the patent-pending automated phishing mitigation response system.
The companies’ joint offering successfully blocked an attack on one of Israel’s largest defense companies before an infection could take place.
“This attack was meticulously planned by professionals for some time now. However, once it was flagged by an IronScales user, we disarmed it,” said Dotan Bar Noy, CEO and co-founder of ReSec. “Our client’s preparation and internal security policies, as well as integration between ReSec and IronScales, kept the organization secure and prevented the potential encryption of extremely sensitive information.”
This particular spear phishing attack targeted one of the company's domain administrators. Such an attack, if successful, would have had the potential to cause widespread damage across the company. It was intended to start by encrypting files of a specific individual and go from there.
In other news:
– 60% of security professionals say spend on information security is not keeping pace with growing risk, according to a new IISP survey.
– Former GCHQ head Sir Iain Lobban joins encryption specialists SQR Systems as business advisor to the board.
Company data graphic via Shutterstock