Verizon said ransomware attacks are "a key cybersecurity threat," citing a highlight of its 2018 Data Breach Investigation Report. "Ransomware is the most common type of malware, found in 39 percent of malware-related data breaches -- double that of last year’s DBIR -- and accounts for over 700 incidents," said a Verizon release Tuesday. "What’s more, Verizon’s analysis show that attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests." The report "also flags a shift in how social attacks, such as financial pretexting and phishing, are used," Verizon said. "Attacks such as these, which continue to infiltrate organizations via employees, are now increasingly a departmental issue. Analysis shows that Human Resource (HR) departments across multiple verticals are now being targeted in a bid to extract employee wage and tax data, so criminals can commit tax fraud and divert tax rebates." George Fischer, Verizon Enterprise Solutions president, said, “Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies.”

DOJ filed a federal indictment against Backpage.com owners, executives and employees on Monday, which drew praise from Sen. Rob Portman, R-Ohio, author of recently passed anti-sex trafficking legislation. DOJ’s seizure of Backpage is proof that the legislation is needed, lawmakers said last week, while one critic argued it proves current law is working. The Senate passed the SESTA-FOSTA (the Stop Enabling Sex Traffickers-Allow States and Victims to Fight Online Sex Trafficking) package last month (see 1803210064), and Portman expects President Donald Trump to sign the legislation this week. “This bipartisan measure will make it easier to hold online sex traffickers accountable,” Portman said, calling DOJ’s seizure good news for victims and survivors of online sex trafficking. Co-sponsor Sen. Claire McCaskill, D-Mo., said police “need this bill to enable them to take swift action against websites that knowingly facilitate sex trafficking of children online.” Meanwhile, TechFreedom argued that the seizure of Backpage proves law enforcement already has plenty of legal tools to pursue action against illicit actors and just needed to make it a priority. “Sex trafficking was exploited as an emotional pretext to chip away Section 230 immunity,” TechFreedom President Berin Szoka said, referring to a portion of the Communications Decency Act. Missouri Attorney General Josh Hawley (R) said law enforcement will continue to find human sex traffickers and bring them to justice. Backpage unsuccessfully sued Hawley to block an investigation of the website.

YouTube's data collection policies are in direct violation of the Children's Online Privacy Protection Act (COPPA) for young users of the video sharing service, consumer and other groups said in a FTC complaint filed Monday against the Google-run service. They said YouTube knows children use the service, portions of YouTube are directed at children and YouTube uses information collected from users such as geolocation and unique device identifiers to target advertising without giving parents notice or obtaining advanced verifiable parental consent as COPPA requires. The groups said YouTube can't use the "age gate" exception under COPPA since it requires registration only to post videos, not to watch them. They asked the FTC to enjoin Google from further COPPA violations and to assess "substantial" civil penalties of "tens of billions of dollars." Signing the complaint were 23 groups, including Campaign for a Commercial-Free Childhood, the Consumer Federation of America, Consumers Union, the Electronic Privacy Information Center, the Parents Television Council and the Privacy Rights Clearinghouse. A YouTube spokesman emailed that the company is reviewing the complaint and will evaluate if there are ways to improve. The spokesman also said protection of children has been a top priority and pointed to creation of the YouTube Kids app offering a children-focused alternative to the service. The spokesman said its Terms of Service Section 12 makes clear the service isn't for users under 13, and its advertising policies restrict advertisers from targeting personalized ads at or collecting personally identifiable information from children under 13.

Customs and Border Protection is seeking input through the Commercial Customs Operations Advisory Committee about what new statutes or regulations are needed to get CBP more authority over e-commerce issues, two COAC members told us. The request relates to recent testimony from Brenda Smith, executive assistant commissioner in the CBP Office of Trade, who was pressed by lawmakers to describe next steps for gaining such authority (see 1803070009). The agency didn't comment.

The FTC won't oppose Splunk buying cybersecurity firm Phantom Cyber, the agency announced Wednesday. The deal is valued at about $350 million.

The most common form of security breaches are SQL injections (23 percent), domain name system attacks (21 percent), pirated content (20 percent) and distributed denial of services attacks (17 percent), said a recent Akamai survey of 200 U.S. tech groups the company released Wednesday.

More than 95 percent of the Executive Office of the President’s email domains are at risk of widespread phishing attacks, the Global Cyber Alliance reported Wednesday. The report claims 18 of 26 EOP-managed email domains lack Domain Message Authentication Reporting and Conformance (DMARC) protocol, which the Department of Homeland Security requires for all federal civilian agencies. Another seven domains have deployed DMARC protocol at a substandard level, the firm said. The White House didn't comment right away.

One in five U.S. parents lives in a home with virtual-reality electronics, though 65 percent say they aren't planning to buy a VR device, children’s nonprofit Common Sense reported. The group canvassed 4,000 parents online in late December and reported 62 percent said VR will “provide educational experiences for their children." Eighty-four percent of parents whose children use VR said that. And 60 percent of parents are at least "somewhat concerned" their kids will experience “negative health effects while using VR,” it wrote Wednesday. “Some parents report that kids are already experiencing health issues,” including 13 percent who have bumped into something while using a device, 11 percent who have experienced dizziness, 10 percent who have had headaches and 8 percent who have had eyestrain, it said. “VR is likely to have powerful effects on children because it can provoke a response to virtual experiences similar to a response to actual experiences,” said the group. “Characters in VR may be especially influential on young children, even more so than characters on TV or computers. This can be good or bad depending on the influence.”

Law enforcement made eight arrests and linked 19 drug overdose deaths of interest to an investigation into online sales of opioids and cocaine, Attorney General Jeff Sessions announced Tuesday. Conducted March 27-30, the Joint Criminal Opioid Darknet Enforcement team’s first operation involved officials from the FBI, the Postal Inspection Service, the IRS Criminal Investigation unit and local law enforcement. A report said officials completed more than 160 interviews with people who bought or sold drugs online, which led to the seizure of weapons, drugs, counterfeit currency and computer equipment.

Concerns over data privacy extend to the headphone market, Technavio reported, saying future headphones are expected to have features that capture bodies’ vital signs and other medical data. Headphones’ ability to collect large amounts of data and create recordings could violate users' privacy, the researcher said Tuesday, suggesting addressing privacy concerns of headphone users as prerequisite to the mass commercialization of smart headphones. The non-smart headphone segment had nearly 65 percent of the market last year but is forecast to drop to 9 percent by 2022, Technavio said. Smart headphones are the fastest growing segment and will have nearly 44 percent of the headphone market during the period, it said.