Last week in security news, a survey found that data protection regulators have thus far imposed 114 million euros in fines for a variety of General Data Protection Regulation (GDPR) infringements including data breaches. The security community also witnessed established malware families like TrickBot and FTCODE add new functionality to expand the efficacy of their attack efforts. Finally, Microsoft announced its intention to fix an Internet Explorer vulnerability under active exploitation by attackers.

Top Story of the Week: GDPR Infringements Earn Organizations €114M in Penalties

In its GDPR Data Breach Survey, DLA Piper announced that regulators had fined organizations a total of 114 million euros (about $126 million) for violating the standard. France, Germany and Austria accounted for the highest values of fines imposed by regulators at 51 million euros, 24.5 million euros and 18 million euros, respectively. Meanwhile, The Netherlands and Germany topped the rankings of the greatest number of data breaches reported to regulators at 40,647 and 37,636 individual data security events.

DLA Piper’s survey found that data protection regulators had received more than 160,000 data breach notifications between May 25, 2018 and January 2020. Those notices originated from 28 European Union member states along with Norway, Iceland and Liechtenstein.

Source: iStock

Also in Security News

• Multi-Year Cryptomining Campaign Attributed to Vivin Threat Actor: In November 2019, Cisco Talos first began linking malware samples engaged in dropping cryptocurrency miners to the same threat actor. Security researchers further investigated the threat actor, internally tracked as Vivin, and discovered that it had been using cryptomining techniques since 2017.
• UAC Bypass Leveraged by TrickBot to Infect Windows 10 Users: As reported by Bleeping Computer, a security researcher observed a new sample of TrickBot analyzing a machine’s OS upon execution. The malware then used the Fodhelper UAC bypass on a machine running Windows 10, thereby allowing it to proceed with its infection chain without alerting users.
• Some Insurers Considering Changes to Ransomware Coverage: According to Reuters, some digital insurers are considering making changes to the way in which they cover ransomware attacks. Some are planning on raising their rates, for instance, while others are thinking of restructuring their ransomware coverage as coinsurance plans with their customers.
• Microsoft Confirms Attackers Are Exploiting Internet Explorer Flaw: TechCrunch spoke with Microsoft and confirmed that the tech giant is aware of ongoing attacks involving CVE-2020-0674, a security flaw affecting Internet Explorer. Microsoft went on to say that it was working on a fix but that it was unlikely to release it before its February 2020 Patch Tuesday.
• Steganography and Traffic-Filtering Employed by Browser Locker Campaign: In December 2019, Malwarebytes demystified the propagation mechanism employed by a long-elusive browser locker (browlock) campaign. Researchers specifically found that malicious actors had designed their campaign to use targeted traffic-filtering techniques along with steganography.
• FTCODE Ransomware Adds Info-Stealing Functionality: Researchers at Zscaler came across a new sample of FTCODE and observed the ransomware attempting to steal information from several web browsers and email clients. This functionality was unique to the target of FTCODE’s information-stealing efforts.
• Nearly 30 Percent of macOS Malware Detections Attributed to Shlayer Trojan: Between January 2019 and November 2019, one-tenth of the macOS security solutions employed by Kaspersky Lab detected the Shlayer Trojan at least once. That piece of malware also accounted for almost 30 percent of infections spotted by Kaspersky’s tools across the macOS platform.

Security Tip of the Week: Step Up Your Data Protection Efforts

Security professionals can help bolster data protection efforts by investing in artificial intelligence (AI)-driven solutions and automated monitoring tools to gain visibility into their data. They can then use this visibility to monitor for potential access attempts and protect critical information.

These processes should reflect an organization’s data discovery and classification efforts. Infosec personnel can use the location and value of their data assets to prioritize the protection of their organization’s information.