Cybercriminals reportedly used Trojan malware to infect at least 110,000 Facebook (FB) users in just two days last week.

And as a result, the social network tops this week’s list of IT security newsmakers, followed by Akamai Technologies (AKAM), UMass Memorial Medical Group and Kaspersky Lab.

What can managed service providers (MSPs) and their customers learn from this week’s IT security newsmakers? Check out the IT security stories to watch for the first week of February to find out:

1. Facebook malware puts users at risk

Trojan malware that reportedly can manipulate keystrokes and mouse controls is wreaking havoc on Facebook.

Security researcher Mohammad Reza Faghani first reported details about the malware last Thursday, noting that this Trojan was different from others that were used to launch social network attacks in the past.

“In the new technique … the malware gets more visibility to the potential victims as it tags the friends of the victim in a the malicious post. In this case, the tag may be seen by friends of the victim’s friends as well, which leads to a larger number of potential victims. This will speed up the malware propagation,” Faghani wrote in a disclosure last week.

Facebook last week confirmed that it has identified the malware and is trying to stop it from spreading: “We use a number of automated systems to identify potentially harmful links and stop them from spreading,” a Facebook spokesperson told Threatpost. “In this case, we’re aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites. We are blocking links to these scams, offering cleanup options and pursuing additional measures to ensure that people continue to have a safe experience on Facebook.”

2. Akamai: Number of DDoS attacks has nearly doubled over the past year

Can most organizations stop distributed denial-of-service (DDoS) attacks? A new Akamai study revealed many organizations are struggling to prevent these attacks.

Akamai’s “Q4 2014 State of the Internet – Security Report” showed that there was a 52 percent increase in average peak bandwidth of DDoS attacks compared to Q4 2013. Also, the cloud services provider (CSP) found that there was a 90 percent increase in the number of DDoS attacks between the third and fourth quarters of last year.

“An incredible number of DDoS attacks occurred in the fourth quarter,” John Summers, vice president of Akamai’s cloud security business unit, said in a prepared statement. “Denial of service is a common and active threat to a wide range of enterprises. The DDoS attack traffic was not limited to a single industry, such as online entertainment that made headlines in December. Instead, attacks were spread among a wide variety of industries.”

3. UMass Memorial Medical Group gets breached

UMass Memorial Medical Group, one of the largest multi-specialty group medical practices on the East Coast, was recently breached.

Worcester Telegram & Gazette reported that group officials last week said they were working with law enforcement agencies after a former employee allegedly accessed thousands of patient billing records that contained credit card and debit card information, social security numbers, dates of birth and medical record numbers.

The breach could affect approximately 14,000 UMass Memorial Medical Group patients.

4. How much does a DDoS attack really cost?

A new Kaspersky Lab and B2B International study revealed an average DDoS attack can cost a company between $52,000 and $444,000, depending on the business’ size.

Study researchers found that a DDoS attack can damage a company’s reputation due to loss of access to online resources for partners and customers, too.

“Customers can’t rely on protecting themselves anymore given the volume and complexity of modern DDoS attacks,” Eugene Vigovsky, head of Kaspersky DDoS protection, told MSPmentor. “In a DDoS attack, people are fighting with people in real-time.”

What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at [email protected].