This week included the reporting of Q-Bot malware's revival, Symantec 2015's report was released putting the emphasis on the existence of cyber security and ITRC has also published a report on how important it is to prevent exfiltration to protect innocent victim's information from being used in identity theft.  

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


Malware

Q-Bot malware has made a major comeback since its first appearance in 2009.  The new strain of malware has infected more than 54,000 PC's - 85% are located in the U.S.

    why is this signficant

 

  • According to researchers, Q-Bot's new version has been integrated with polymorphic code, which means every time the malware is issued, the servers controlling the Q-Bot tacks on additional content to the code, creating what looks to be a completely different software that is even more cumbersome to track.  Q-Bot consists of automated updates, including new encrypted versions every few hours and modify the destination of the stolen data every time.
  • Qbot is stealing data and harvests credentials, while using Rig Exploit Kit to infect PC's.  It looks to be that Q-Bot creators are targeting mainly U.S.-based academic institutions as well as healthcare facilities.
  • Looks as though Qbot may be issuing ransomware as well.

/**enSilo protects out-of-the-box against QBot**/

Read the full story on The Register

Exfiltration Reports

1. The new Symantec report disclosed 2015 data evaluation information on vulnerabilities, breaches and personal data.

    why is this signficant
  • In 2015, on average there a was one new zero-day discovered every week,  twice the rate of 2014.
  • The report disclosed a record of nine major breaches and 0.5 billion personal records were lost/stolen in 2015.  Crypto-ransomware increased by 35%; and 191 million U.S. voter records were stolen making for the largest single data breach ever reported.
  • The number of companies that choose not to report the number of records breached significantly increased by 85%.  If this trend continues, the ability to scale the breaches will exceed to a point where it is not scalable. As a result, the victims of the breach will not even be notified that their information was stolen which will most likely increase the number of identity thefts.

Read the full press release here

2. Identity Theft Resource Center (ITRC) began tracking breaches in 2005 and since then their reports show that there have been 5,810 breaches with nearly 848 million records.

    why is this signficant
  • ITRC's latest report shows there have been 227 reported data breaches so far reported in 2016, which is an increase by nearly 10% compared to this time last year.
  • It is reported that in 2015, there were more than 169 million records exposed.
  • In 2016, it looks as though the increase of data breaches is growing and has not reached a controlled number that is manageable.  All sectors are at risk of being the next breach, with the business sector topping the charts with a reported 1.9 million exposed records in 104 incidents so far.  The second highest is the healthcare sector that has reported nearly 3.9 million records exposed.

Read the full story on 24/7 Wall St.