Security News > 2020 > December
That machine-to-machine communication, right? As you speed that up, and you speed up that attacker machine-to-machine communication, you really can start to up-level the ability to conduct these denial of service attacks. While they may be not have been necessarily as in fashion, we're seeing that the ransomware trends, and some of those more, you will probably see a resurgence or DDoS attacks is there, but you crank into, and leverage the increased speed, and the increased dependency on IoT devices in a way that we maybe haven't seen them as monetized in the past, connectivity, ransom against connectivity, rather than ransomware files.
Expert sees improvement in attacks as well as defense technologies. He reminds businesses that all companies are potential targets.
State-sponsored hackers who exploited a security hole in a SolarWinds monitoring tool to infiltrate government and business networks have apparently left a long line of victims in their wake. Asserting that this threat "Poses a grave risk" to the federal, state, and local governments as well as to critical infrastructure providers and the private sector, CISA sees the removal of the attackers from compromised networks as a highly complex and challenging endeavor.
An analysis of the infrastructure and the malware involved in the attack targeting SolarWinds indicates that the Texas-based IT management and monitoring company was hacked at least one year prior to the discovery of the breach. An analysis of the threat actor's infrastructure conducted by threat intelligence company DomainTools, which specializes in DNS and domain analysis, suggests that SolarWinds was breached at some point in 2019.
VMware released a software update to plug the security hole on Dec. 3, and said it learned about the flaw from the NSA. The NSA advisory came less than 24 hours before cyber incident response firm FireEye said it discovered attackers had broken into its networks and stolen more than 300 proprietary software tools the company developed to help customers secure their networks. On Dec. 13, FireEye disclosed that the incident was the result of the SolarWinds compromise, which involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for users of its Orion network management software as far back as March 2020.
Security researchers at IBM Corp. and Dragos Inc. are warning that the industrial control systems that power manufacturing plants and utilities are prime targets for ransomware attackers. In a report issued this week, the researchers noted that ransomware attacks against industrial entities jumped more than 500 percent over the last two years.
TechRepublic spoke with email security firm Tessian's CEO Tim Sadler, who tells us how to avoid being phished or scammed during the search for perfect presents. Because of the flurry of e-commerce activity, email inboxes are filled with offers and notifications from retailers.
The United States on Friday announced it has imposed export controls on 77 Chinese companies including the country's biggest chipmaker, SMIC, restricting its access to US technology over its alleged ties to China's military. The announcement in the final weeks of President Donald Trump's term comes after relations between Washington and Beijing soured under his administration, which saw the US start a trade war with China and expand its list of sanctioned entities to a few hundred Chinese companies and subsidiaries.
The SolarWinds supply chain attack has dominated this week's cybersecurity news, but there was still plenty of ransomware news this week. Michael Gillespie found a new STOP Ransomware variant that appends the.
The ongoing, growing campaign is "Effectively an attack on the United States and its government and other critical institutions," Microsoft warned. There are six known federal entities that have been impacted by the attack: The Pentagon, the Department of Energy, the Department of Homeland Security, the National Institute of Health, the Department of Treasury and the Department of Commerce.