Security News > 2020 > September

A Düsseldorf woman died when a ransomware attack against a hospital forced her to be taken to a different hospital in another city. I think this is the first documented case of a cyberattack causing a fatality.

Threat actors are expected to launch disinformation campaigns targeting the results of the 2020 elections in the United States, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency said in an alert this week. Spreading disinformation on the results of the elections represents a threat to the credibility of the electoral process, meant to undermine confidence in the democratic institutions in the United States, the alert reads.

Facebook said Tuesday it derailed a network of fakes accounts out of China that had recently taken aim at the US presidential race. The takedown came as part of the social networks fight against "Coordinated inauthentic behavior" and marked the first time Facebook had seen such a campaign based in China targeting US politics, according to head of security policy Nathaniel Gleicher.

The British Airline Pilots' Association has told American aviation regulators that the Boeing 737 Max needs better fixes for its infamous MCAS software, warning that a plane crash which killed 149 people could happen again. Airlines, in contrast, are broadly happy with proposed changes to the Boeing 737 Max, even as trade unions bellow at the US Federal Aviation Administration that more needs to be done.

A cybersecurity enthusiast learned recently that Airbnb accounts can be easily hijacked by creating a new account on the home-rental service with a phone number that in the past belonged to another Airbnb customer. A SecurityWeek reader named Maya contacted us recently after her husband was accidentally signed into another user's account when trying to create an Airbnb account.

Parents are turning to their kids for tech support rather than the company IT department while working from home, we're told. The "Social media advice" kids were giving out to their parents was valued at £519, or £16.22 per hour on the freelance market.

A nine-month international operation spearheaded by the FBI has led to the arrest of 179 people across the world for selling drugs on the dark web. Operation DisrupTor, announced on Tuesday, also resulted in the seizure of $6.5m in cash and cryptocurrency as well as a 500kg haul of illegal drugs and 63 guns.

FireEye found that there is usually three days of dwell time between these early warning signs and detonation of ransomware. How does a security team find these weak but important early warning signals? Somewhat surprisingly perhaps, the network provides a unique vantage point to spot the pre-encryption activity of ransomware actors such as those behind Maze.

68 percent of respondents report investing their own free time, outside working hours to improve their cyber skills. 46 percent of organizations do not confirm new hire skills for specific roles and 40 percent rarely or never assess the skills of newly onboarded team members.

Attackers shifted tactics in Q2 2020, with a 570% increase in bit-and-piece DDoS attacks compared to the same period last year, according to Nexusguard. Perpetrators used bit-and-piece attacks to launch various amplification and elaborate UDP-based attacks to flood target networks with traffic.