Security News > 2020 > October

Ransomware continues to run rampant this week, with well-known organizations getting hit with massive ransomware attacks. The biggest news this week is the Clop ransomware attack against Software AG, where the attackers are demanding a $23 million ransom.

Join us for the first episode in the brand new Series 3 of our Naked Security Podcast. This week we wonder whether Cybersecurity Awareness Month is a waste of time, explain the concept of "Linkless phishing", ask if it's ever OK to pay a ransomware demand, and advise what to do when the CEO won't stop looking at naughty sites.

A fresh variant of a sophisticated Android ransomware known as MalLocker locks up mobile devices - surfacing its ransom note when a user hits the Home button. MalLocker is different though: It uses the "Call" notification, among several categories of notifications that Android supports, which requires immediate user attention.

Software AG has seemingly been hit by ransomware, with the German IT giant itself telling the Euro nation's stock market it had been "Affected by a malware attack." In a notification to the German stock market published earlier this week, Software AG said: "The IT infrastructure of Software AG is affected by a malware attack since the evening of 3 October 2020.".

The coronavirus pandemic brought a new slew of cyber threats, feeding on how "Anxiety and desperation can make it easy to let one's guard down when it comes to online threats," Forcepoint principal security analyst Carl Leonard told TechRepublic in March. Briefly, the 411 on the current cyber threat situation revolves around: Personal devices used for work can be hacked in a multitude of ways; the vast majority of hacks don't use malware; unemotional and undaunted by a lack of feeling, AI is a great tool to use, and won't be jeopardized by human error, and now is the time for companies to adopt and integrate much-needed security measures, supported by great company/employee communication, trainings, etc.

Carnival Corporation, the world's largest cruise line operator, has confirmed that the personal information of customers, employees, and ship crews was stolen during an August ransomware attack. The ransomware attack Carnival refers to took place on August 15, 2020, and it was disclosed via an 8-K form filed with the Securities and Exchange Commission two days later, on August 17.

Commentary: Open source has never been more popular, which means it's time to figure out how to effectively secure the open source you use. The world is made of software, and upwards of 99% of any software you use-open source or proprietary-includes open source components.

Network security company Illusive Networks this week announced that it has raised $24 million in a Series B1 funding round. Illusive Networks offers solutions designed to help organizations prevent and detect attacks, and respond to incidents.

A Crown Prosecution Service lawyer is on trial accused of unlawfully accessing information about his judge wife's new lover after their marriage broke down. Scott Ainge, 47, was accused by estranged wife Kate of mounting "a relentless, determined and continual campaign of harassment" that culminated in him abusing his access to CPS computer systems to look up the criminal past of her new lover.

Microsoft Linux is the next evolution of the Microsoft desktop operating system, argues Jack Wallen. It makes sense, especially given how hard Microsoft is working on Windows Subsystem for Linux, but from everything I've witnessed over the last few years, I think there's a conclusion to be drawn that makes even more sense for Microsoft.