Security News > 2020 > September

Popular plane-tracking website Flight Radar 24 has been the victim of multiple DDoS attacks over the past few days - and though the site's operators haven't attributed blame, some have wondered if a regional conflict may have been the cause. Attacks on our systems continue and while we were able to bring services back for a short time, significant instability due to the sustained attacks has forced us to refocus our efforts to mitigate them.

In developing its ICS ATT&CK matrix, MITRE stressed that it is necessary to understand both Enterprise ATT&CK and ICS ATT&CK to accurately track threat actor behaviors across OT incidents. "Over the past 5 to 10 years," Nathan Brubaker, senior manager at Mandiant Threat Intelligence told SecurityWeek, "Every sophisticated ICS attack instance we have observed has passed through these intermediary systems on their way to impacting ICS. This includes malware like Stuxnet, Triton and most others. Ninety to ninety-five percent of threat actor activity occurs on these intermediary systems." So that's the most likely place you're going to find ICS attackers, and the best opportunity to stop them.

A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses. Microsoft announced last week that it had started observing active exploitation in the wild: "We have observed attacks where public exploits have been incorporated into attacker playbooks," the firm tweeted on Wednesday.

In a way, the corporate network perimeter has extended to the home - and that is not a good thing. Some organizations are deploying small firewalls directly into the homes of their "Super users" to create a secure enclave, protecting an organization's critical data from the home network.

Privacy-focused search engine DuckDuckGo will no longer appear on Google's European search preference menu for Android in most countries, despite being the most popular choice after Google. In 2019 Google agreed to provide Android users a prompt for selecting the default search provider, in response to a July 2018 decision by the European Commission that Google has been abusing its dominant position by tying the Google search app with the Play Store.

Privacy-focused search engine DuckDuckGo will no longer appear on Google's European search preference menu for Android in most countries, despite being the most popular choice after Google. In 2019 Google agreed to provide Android users a prompt for selecting the default search provider, in response to a July 2018 decision by the European Commission that Google has been abusing its dominant position by tying the Google search app with the Play Store.

Personal information for students in the Clark County School District, which includes Las Vegas, has reportedly turned up on an underground forum, following a ransomware attack that researchers say was carried out by the Maze gang. In early September, the Associated Press reported that the district was crippled during its first week of school thanks to a ransomware attack, potentially exposing personal information of employees, including names and Social Security numbers.

SEE: How to work from home: IT pro's guidebook to telecommuting and remote work. Based on a survey of 250 IT decision makers and 2,000 working professionals, Tessian's report "Securing the Future of Hybrid Working," found that 75% of the IT leaders believe that the future of work will be remote or hybrid.

VMware on Tuesday announced Carbon Black Cloud Workload, a new security solution designed to help organizations protect workloads running in private, virtualized and hybrid cloud environments. The solution can be used by infrastructure and security teams to secure new and existing cloud workloads throughout the security lifecycle.

The China-linked BlackTech cyber-spies have adopted new malicious tools in recent attacks, and they have started targeting the United States, Symantec security researchers revealed on Tuesday. Despite the use of undocumented malware, other artefacts observed in these attacks, including the use of previously employed infrastructure, suggest that the BlackTech threat actor is behind them.