Security News > 2021 > November

Wind turbine maker Vestas says "Almost all" of its IT systems are finally up and running 10 days after a security attack by criminals, confirming that it had indeed fallen victim to ransomware. "We have been through some tough days since we discovered the cyber incident, and executive management and the board of directors are thus very pleased that the incident didn't impact wind turbine operations and almost all of our IT systems are running again."

North Korean state hacking group APT37 targets South Korean journalists, defectors, and human rights activists in watering hole, spear-phishing emails, and smishing attacks delivering malware dubbed Chinotto capable of infecting Windows and Android devices. Chinotto, the malware deployed in their most recent campaign discovered by Kaspersky security researchers, allows the hacking group to control compromised devices, spy on their users via screenshots, deploy additional payloads, harvest data of interest, and upload it to attacker-controlled servers.

Amid the severe and ongoing cyber skills shortages, both cybersecurity firms and in-house IT and cybersecurity departments are struggling to hire enough talented and qualified individuals. The ISSA survey showed that 62% of cybersecurity employees face a heavier workload due to their organizations not being able to hire enough workers, and 38% say they feel burnt out.

The way the behavioral aspect complements biometrics could cater for safer, more reliable, and faster identification. In contrast to traditional biometrics, behavioral biometric approaches are "Younger" and less standardized.

In this Help Net Security interview, Cindy Blake, Senior Security Evangelist at GitLab, talks about the importance of integrating security in DevSecOps and how to overcome the complexity of such integration. The good news is many organizations have shifted security left, or at least started on their journey, in an effort to improve development velocity while also managing security risks - in fact, the survey also found that 35.9% develop software using DevSecOps, as compared to only 27% in 2020.

The ENISA report takes a look into data gathered by the Cybersecurity Higher Education Database - CyberHEAD in order to make a prediction on the future trends. Increase enrolments and eventually graduates in cybersecurity programmes through the diversification of curriculum, education format and the provision of scholarships in Higher Education Institutions.

Russian cybersecurity firm Kaspersky attributed the infiltrations to a North Korean hacker group tracked as ScarCruft, also known as APT37, Reaper Group, InkySquid, and Ricochet Chollima. "The actor utilized three types of malware with similar functionalities: versions implemented in PowerShell, Windows executables and Android applications," the company's Global Research and Analysis Team said in a new report published today.

The UK's mid-market IT leadership expects to see a shortfall in IT spend in 2022, a Node4 report reveals. The report indicates that increasing and strengthening security is by far the most important IT objective for mid-market IT decision-makers, with 32% planning to prioritise IT security in 2022.

An APWG's report reveals that it saw 260,642 phishing attacks in July 2021 - the highest monthly total observed since APWG began its reporting program in 2004. Overall, the number of phishing attacks has doubled from early 2020.

LzLabs announced the results of its latest global survey, conducted by Vanson Bourne, revealing that the desire to migrate, modernize and embrace cloud for critical mainframe applications is rapidly increasing amongst global IT decision makers. The survey of 650 IT leaders globally has confirmed that the trend of new IT modernization options being performed off the mainframe is continuing, with organizations seeking to reduce system breaks between applications on legacy platforms and those on open systems and the cloud.