Security News > 2020 > August

As we move toward a post-pandemic world with remote and in-office work blending, what should organizations be considering in giving the best user experience maintaining their privacy and ensuring business applications and data remain secure? A good experience is rewarding for users and will make them more loyal to the applications they use.

A malware analysis report published on Monday by the U.S. Department of Defense, the Cybersecurity and Infrastructure Security Agency, and the FBI officially attributes a piece of malware named Taidoor to threat actors sponsored by the Chinese government. In 2013, FireEye published a report on Taidoor being used in cyber espionage campaigns aimed at government agencies, think tanks and companies, particularly ones with an interest in Taiwan.

A Chinese state-backed hacking crew named Taidoor is deploying a custom remote access trojan against Western organisations, according to US authorities. Taidoor is said by the Americans to be sponsored by the Chinese government, with their aim being "To maintain a presence on victim networks and to further network exploitation".

Global police body Interpol warned Monday of an "Alarming" rate of cybercrime during the coronavirus pandemic, with criminals taking advantage of people working from home to target major institutions. "Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19," said Interpol Secretary General Juergen Stock.

Along with the independence remote work affords employees comes the use of shadow IT and poor password practices, according to a new survey by 1Password. For employees and IT staff, the swift pandemic-response transition to working-from-home made daily security challenges even more relevant.

An Accurics study said cloud breaches will likely increase in velocity and scale as more enterprises move to the cloud. The study found that misconfigured cloud storage services were increasingly commonplace in 93% of cloud deployments that were analyzed.

Researchers at the Polytechnic University of Milan and cybersecurity firm Trend Micro have analyzed some of the most popular industrial programming languages and showed how they can open the door to attacks against robots and other programmable manufacturing machines. The researchers analyzed programming languages from ABB, Comau, Denso, Fanuc, Kawasaki, Kuka, Mitsubishi, and Universal Robots, which can be used to create custom applications that enable industrial robots to carry out complex automation routines.

Google and Amazon overtook Apple in the second quarter of 2020 as the brand most spoofed by attackers to lure people into falling for phishing attacks. While the number of so-called brand-phishing attacks remained stable from the first quarter of 2020 to the second, there was a major shift in position for the companies that threat actors think people are most likely to trust - or whose pages they will most likely click on, according to Check Point Research's Brand Phishing Report for Q2. Brand phishing is a type of attack in which a threat actor imitates an official website of a known brand by using a similar domain or URL in an attack, as well as in some cases a copycat web page similar or identical to the actual company's original website in look and feel.

Rew Ginter, VP Industrial Security at Waterfall Security Solutions, talks about the differing priorities between IT and OT security teams as industrial control systems become connected. Information technology and operational technology may have many of the same objectives - but too often they don't see eye-to-eye when it comes to top priorities, said Andrew Ginter, VP Industrial Security at Waterfall Security Solutions.

Law enforcement in Belarus has announced the arrest of a 31-year-old man who is alleged to have extorted more than 1000 victims with the infamous GandCrab ransomware in 2017 and 2018. Used GandCrab malware variants to conduct ransomware attacks.