COVID-19 opened up a new opportunity for global threat actors. They have increased their use of old vulnerabilities, used COVID-19 lures to catch out the unwary and increased their weaponisation of IoT. They are all subjects the security division of NTT Ltd has been tracking and reporting on in its monthly bulletins.
Two weeks ago, NTT Ltd released its yearly Global Threat Intelligence Report (GTIR) 2020 (registration required). Mark Thomas, Global Head of Threat Intelligence at NTT Ltd, talked to Enterprise Times about the findings and the challenges that security teams face.
Thomas talked about the weaponisation of IoT saying: “We’ve seen the re-emergence of the likes of Mirai and derivatives, which are targeting businesses right across the globe.” Threat actors are using botnets to launch DDoS attacks. For technology companies, that is a serious concern. As Thomas pointed out: “The technology sector actually has the most diverse application footprint. It also has the highest number of serious vulnerabilities per site.”
Exploiting the vulnerabilities inside technology companies means a single attack can disrupt a lot of businesses and individuals. For customers of Zoom, for example, the threat of Zoom Bombing has become very real.
CMS like Drupal, WordPress and Joomla! are also under attack. Thomas talks about how attackers are using hastily written and insecure systems to steal data, install malware that infects visitors and launch attacks.
To hear more of what Thomas had to say, listen to the podcast.
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
use the Enterprise Times page on Podchaser
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there