A comprehensive study on the means and methods of malicious attacks found that 40% of all dangerous links are found on good or otherwise trusted websites. This makes sense as someone is less likely to click a link on a website that feels unsafe than they are to follow something on a website they “know” to be trustworthy. Following the trend of “comfort equals increased risk profile” trend, users who are at home or somewhere familiar are twice as likely to infect or compromise their devices as users who are not at home. This is understandable as your guard is down when you’re at home, that’s why it’s “home.” The study shows that security training is effective though as incidents fall by 70% or more within a year of users receiving the training. Additionally, devices running the newest version of their OS and kept up-to-date are 50% less likely to suffer an infection and are generally more secure. Enterprise devices should have a forced update feature that automatically installs software updates during downtime or after a certain period of time.
Source: Forty Percent of Malicious URLs Found on Good Domains
Iranian black hat hacker group, IRIDIUM, attacked the Australian government in seeming retaliation for Australia considering removing its support for Iran due to Australia’s ties to Israel. IRIDIUM is a threat group that goes after political targets and largely ignores other potential victims unless it aids them in infiltrating their chosen prey. IRIDIUM routinely goes after the Five Eyes countries (the United States, the United Kingdom, Australia, Canada, and New Zealand) and attempts to steal their data or otherwise impede their operations. IRIDIUM may have been involved with the large-scale cyber operation last year that stole data from over 300 universities, however, their active members shift frequently enough that it makes positively identifying them difficult due to a lack of telltale quirks and idiosyncrasies.
Source: Iridium cyberespionage gang behind Aussie parliament attacks
A database containing an international list of persons linked to high-profile crimes, politically compromised individuals and their associates, as well as government sanctions was found online and unguarded. This list not only had names but intimate details and included federal and state level evidence as well. It had been indexed by search engines and left unprotected, meaning that anyone with a working internet connection could find it. Dow Jones claims that all of its Watchlist data originates from publically available sources, so there was no breach of confidentiality and has since taken down the data. The Dow Jones Watchlist is used to assist in the vetting process for political positions. Despite the claimed public origins of the data, the easily searched and sorted format of the data is what made it a risk. The information could be used to create a profile of someone to steal more damaging information or begin an investigation on how to gain leverage of the compromised individual.
Source: Dow Jones database holding 2.4 million records of politically exposed persons
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.