Cyber Connections News Roundup: March 9

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

March 9

Women Lag Behind Men in Cybersecurity Salaries

The recent Exabeam 2020 Cybersecurity Professionals Salary Skills and Stress survey, which focuses on a variety of key topics affecting people across the sector, reveals some alarming salary disparities between men and women. In the U.S., according to the survey, on average male respondents made $91K vs. $62K for female respondents. In New York, for example, a man and a woman, each with 4-5 years’ experience and the same job title (information security director), are receiving very different salaries. While the female makes $33-46K, her male counterpart is making $98-130K — a huge difference and totally at odds with objectives relating to gender equality. Read more.

Latest Microsoft Hack Turning into a Global Crisis

According to a recent report on www.bloomberg.com, an attack on Microsoft’s business email software started by a Chinese government-backed hacking group has so far claimed at least 60,000 known victims globally. The European Banking Authority became one of the latest victims. Other victims include banks and electricity providers, as well as senior citizen homes. The Chinese hacking group, which Microsoft calls Hafnium, appears to have been breaking into private and government computer networks through the company’s popular Exchange email software for a number of months, initially targeting only a small number of victims. The result is a second cybersecurity crisis coming just months after suspected Russian hackers breached nine federal agencies and at least 100 companies through tampered updates from IT management software maker SolarWinds LLC. Read more.

Army Warns of QR Code Cyber Scams

Quick response codes, or QR codes, according to an article on www.cyberscoop.com, offer convenience, but may also help cyber criminals use them to connect phones to run scams. When smart phones scan a QR code, which is made up of black and white dots arranged in a square, the code will typically open up a browser or enable a payment to a business. Users should also be wary of criminals who try to use them to steal money, according to the Army Criminal Investigation Command’s Major Cybercrime Unit, which issued an alert last week. Scams could also include connecting devices that scan QR codes to a malicious network and sending texts or making calls to users’ contacts or adding malicious contacts to the contact list, the Army alert warned. Read more.

CIS Launches Free Ransomware Protection for U.S. Hospitals

According to a recent report on www.washingtpost.com, the nonprofit group Center for Internet Security (CIS) recently launched a free ransomware protection service for private U.S. hospitals. CIS is providing the service to help combat the dramatic escalation of ransomware attacks against hospitals during the pandemic. Specifically, the Malicious Domain Blocking and Reporting Service (MDBR) uses security services from Akamai to proactively look for traffic from domains associated with malicious activity, including ransomware attacks. If it detects a malicious domain trying to connect with hospital networks, the software blocks the connection. The free software program is targeted at underfunded hospitals in the U.S. that lack their own basic cybersecurity services. Read more.

Organizations Are Increasing Adoption of AI in Cybersecurity

According to a recently released report by Capgemini Research Institute, nearly three-quarters of firms (73%) said they were testing use cases for AI for cybersecurity in some way. Currently, 28% are using security products with AI embedded, with 30% using proprietary AI algorithms. The remainder, 42%, currently either use (or plan to use by next year) both proprietary solutions and embedded products. The number one application was for network security, followed by data security and endpoint security. However, half of the executives surveyed said that they qualified cybersecurity experts who are capable of improving the logic underpinning AI algorithms to detect threats efficiently. Those surveyed also expressed the need for a governance mechanism that would ensure the ethical and transparent use of AI algorithms. Read more.