Stay in the know with “The week in cybersecurity news,” a weekly report on all the industry headlines released every Friday. Sign up to get the report in your inbox every week.

Report: Crypto mining attacks up 956% in the first half of 2018

According to Trend Micro’s Midyear Security Roundup, crypto mining attacks jumped 956% in the first half of this year versus the same time period in 2017.

The report found that over 787,000 crypto mining infections were detected in the first six months of 2018, while the first half of 2017 had just 74,500 infections. Researchers found 47 new cryptocurrency mining families too, indicating that bad actors are developing new malware as opposed to simply reusing the same program.

Crypto mining malware operates by putting code into a website or application to harness the computing power of the victim’s device for mining cryptocurrency. By design, it often goes undetected by anti-virus software and individual victims.

For organizations, the risks of this type of malware include slow computer and network performance, hardware damage, and shorter lifespan for infected devices.

Read the full story here.

How to foster a culture of cybersecurity at your organization

A Forbes article this week highlighted how to create a cybersecurity culture within an organization. The story included the following six suggestions for fostering enthusiasm for cybersecurity:

  • Connect cybersecurity to people

    • Understand that employees often don’t view cybersecurity as their top priority. To generate interest in cybersecurity, connect best practices to other goals. For example, point out that spam filtering prevents phishing attacks and keeps employees’ inboxes cleaner.

  • Understand your organization’s current cybersecurity position

    • Take a look at your current cybersecurity program and identify your organization’s known and unknown risks. From there, the path forward for developing your program will start with resolving known risks and then digging deeper to gain a grasp of unknown threats.

  • Have a vision and key priorities

    • Setting a larger strategy for protecting your organization’s digital assets moves your organization out of reactive mode and onto a path to achieve a stronger cybersecurity posture long-term through purposeful, incremental changes.

  • Celebrate progress

    • To keep your team engaged in cybersecurity, positively encourage employees for cybersecurity successes and avoid being overly critical after mistakes.

  • Incorporate ideas from your team

    • Bringing other employees to the table to discuss challenges and potential answers gives the team a sense of ownership over their organization’s cybersecurity and yields more effective solutions.

  • Review and measure progress

    • Set aside time to review quantitative data to analyze the progress of your cybersecurity program and refine your organization’s practices.

Read the  full story here.

Threat Alert: New malware hijacks web browsing sessions

In recent months, researchers have discovered new malware — a rootkit called CEIDPageLock — which hijacks users’ web browsers and redirects them to fake websites.

This malware’s main functionality puts victims at risk of inadvertently disclosing login credentials on fake websites. Additionally, the malware makes it possible for the victim’s browsing activity to be monitored.

The malware, which is a modified version of the RIG exploit kit, appears to target Microsoft Window systems in China. Researchers say only 40 infections have been recorded so far in the United States.

Read the full story on CEIDPageLock here.

BYOD Risk: Android vulnerability could lead to user tracking and data leaks

Researchers from Nightwatch Cybersecurity announced this week that a vulnerability in the Android operating system could allow hackers to capture data and track users.

According to ZDNet, by exploiting bug CVE-2018-9489, bad actors could gain access to information that an Android device broadcasts to applications running on the system, including “wi-fi network names, BSSID, local IP addresses, DNS server data, and MAC addresses.”

Millions of users are thought to be affected. This means employees working on Android devices could be targeted and have sensitive organizational data captured by attackers.

Google patched the vulnerability in the latest version of its operating system, 9 Pie, or Android P. To protect your organization, advise employees to upgrade to Android 9 if possible on their devices.

Read the full story here.

Air Canada mobile app breach impacts 20,000 fliers

Air Canada announced this week that personal information for over 20,000 fliers may have been compromised due to a breach within its mobile app.

Information leaked included passport numbers, birthdates, user names, emails, and phone numbers. The airline discovered the breach after noticing unusual login activity between the 22nd and 24th of August.

In a model for rapid response, Air Canada locked down the app’s 1.7 million accounts, and advised customers to change their password in order to restore access to their information.

Read the full story here.