Expecting retaliation for the U.S. assassination of Iranian Gen. Qasem Soleimani, the Cybersecurity and Infrastructure Security Agency (CISA), which is a branch of the Department of Homeland Security, has dispatched a notice informing businesses across America about the looming threat of both cyber and physical attacks. Among the potential risks, CISA lists cyberattacks against the finance, energy, and telecommunications industries, cyber-enabled espionage and intellectual property theft, disinformation campaigns, and physical attacks using explosives and unmanned aircrafts. CISA urges all organizations to fortify their cyber and physical defenses, providing protection-forward checklists on how they can do so in the notice. Heightened awareness and increased vigilance rank as the first immediate steps, along with creating an offline data backup.
This week’s stat
14,000: The number of parking meters across New York that must be updated one by one due to a “Y2K2X software glitch.”
Microsoft phishing scam plays on Iranian cyberattack scare
Spammers have jumped on the widespread awareness of a potential Iranian cyberattack by customizing a phishing campaign to look like an official notice from Microsoft. The phishing emails claim that Microsoft locked up the users’ data and emails as a protective response, and that users must re-enter their credentials to unlock the files. More on Bleeping Computer.
TikTok bugs confirmed, fixed
Researchers have confirmed that the social media app TikTok had security holes that allowed for account takeovers and personal data theft. They brought their findings to the Chinese-owned parent company ByteDance and the flaws were fixed within three weeks, reported Dark Reading. Both the U.S. Army and U.S. Navy consider TikTok a security threat, forbidding its use in any military situation or setting.
This week’s quote
“Ultimately, it’s about serving, not selling.” – Amanda Holmes, CEO of Chet Holmes International. Learn how to understand your customers’ changing tech needs.
Travelex hit with $6M ransomware attack
Foreign currency exchange giant Travelex was struck by a ransomware attack on New Year’s Eve which caused the company to take down their websites and online services across thirty countries. The attackers told the BBC that the ransom demand was $6 million. Additionally, attackers say they are in possession of 5GB of sensitive customer data, which they will sell on the dark web if Travelex does not pay. Travelex maintains that customer data has not been leaked.
Snake Ransomware enables large-scale strikes
A new ransomware strain threatening enterprise-sized computer networks was discovered and analyzed by researchers who deemed it sophisticated and as-of-yet uncrackable. Upon initial infection, Snake Ransomware preps the targeted network for attack by deactivating many of the data control tools. It then encrypts the files in select folders and generates a ransom note with the file name Fix-Your-Files.txt. Bleeping Computer has more.
This week’s ‘must-read’ on The Avast Blog
The geopolitical cyberwar between Iran, China, North Korea, Russia and the liberal democracies is about to get very sophisticated. Read more about the cyberthreats ahead in 2020.
The return of Y2K
As New Year’s Day 2000 drew near, companies around the globe took measures to prevent the Y2K bug – the risk that computer software would go haywire mistaking the first day of 2000 as the first day of 1900. Some companies invested time and money into eliminating the risk, while others enacted a quicker fix – postponing the disaster to 2020. Now the threat has come home to roost for several of those organizations, including New York’s Department of Transportation. More on ZDNet.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.