eLearnSecurity Cyber Security News Roundup: May 28
Malware and Web Application Security and Phishing OH MY!
eLearnSecurity Launches Malware Analysis Professional Course
eLearnSecurity officially launched our latest cyber security training course, Malware Analysis Professional (MAP) on May 19. As malware continues to plague modern industry, many organizations struggle to comprehend the effects of an attack, where the vulnerability started and the consequences of such a breach.
MAP trains cyber security professionals in the intricacies of malware dissection, including how to implement dynamic and static analysis to better understand malware. Students learn the essential tools necessary to evaluate malware and how to avoid detection while studying malicious software.
Verizon Data Breach Incident Report Sheds Light on Web Application Vulnerabilities
Verizon’s Data Breach Incident Report (DBIR) is one of the most comprehensive reports in the cyber security industry. The telecommunications giant sifts through thousands of incidents and breaches to build a clear vision of how cyber criminals deployed various attack methods throughout the year.
The 2020 report shows an increasing concern over web application vulnerabilities in particular. While some attack methods declined in popularity last year, web application attacks saw a two-fold increase, with more than 40 percent of breaches coming via web apps.
Web Application expert and eLearnSecurity course creator Lukasz Mikula explains why web apps are an alluring target for criminals:
“Web applications help modern organizations achieve the online presence they need to remain competitive. However, the more complex the application, the more attack surfaces and potential vulnerabilities criminals can exploit.
“In the same way a mansion can attract burglars, a large, multifunctional application used by thousands of customers and employees is an interesting target for bad actors. Criminals understand that large scale web applications contain valuable and abundant data rife for the taking. It’s essential that organizations pair their online presence with an extended effort to build and continuously test robust web application security.”
Virtual Meeting-Related Attacks Continue to Rise
Zoom, the virtual meeting company, faced a media and customer backlash at the beginning of the COVID-19 pandemic when cyber criminals began exploiting security weaknesses in the application. While the organization has worked diligently to address vulnerabilities, cyber criminals are now creating URLs to mirror Zoom, Microsoft Teams, and Google Meet for large-scale phishing campaigns against companies that have moved most of their operations online.
The human factor of cyber security is still one of the most vulnerable exploit points for companies, as many employees are either unable to spot phishing emails or too busy to stop and question the validity of emails. Cyber security protocols such as multi-factor authentication can head off many phishing related attacks, and threat hunters will need to remain diligent when searching networks for malicious threats.
Unfortunately, working during a pandemic leaves organizations vulnerable to phishing campaigns that exploit the novel nature of a near total online workforce. Defensive cyber security tactics such as digital forensics and incident handling and response should be top priority for IT teams concerned with new attack vectors.