Security News
Excellent New Yorker article on North Korea’s offensive cyber capabilities.
"Early in the pandemic, restaurants were using QR codes as menus or payment options, but as the pandemic continued throughout 2020, consumers used QR codes more frequently for practical things like visiting a doctor's office or picking up a prescription," according to Ivanti's report, issued on Wednesday. "Meanwhile, social activities like dining out or enjoying a drink at a bar saw QR code usage decrease in that six-month period. Even offices and places of work saw an increase in usage going from 11 percent to 14 percent, emphasizing the shift in how QR codes have been used during the pandemic."
Tokyo police are investigating cyberattacks on about 200 Japanese companies and research organizations, including the country's space agency, by a hacking group believed to be linked to the Chinese military, the government said Tuesday. A suspect in the JAXA case, a Chinese systems engineer based in Japan, allegedly gained access to a rental server by registering himself under a false identity to launch the cyberattacks, Kato said, citing the police investigation.
The Biden administration is taking steps to protect the country's electric system from cyberattacks through a new 100-day initiative combining federal government agencies and the private industry. The initiative, announced Tuesday by the Energy Department, encourages owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks.
McAfee released its new report, examining cybercriminal activity related to malware and the evolution of cyber threats in the third and fourth quarters of 2020. In Q4, there was an average of 648 threats per minute, an increase of 60 threats per minute over Q3. The two quarters also saw COVID-19-related cyber-attack detections increase by 240% in Q3 and 114% in Q4, while Powershell threats again surged 208% due to continued increases in Donoff malware activity.
According to the U.S. National Security Agency, which issued an alert Thursday, the advanced persistent threat group known as APT29 is conducting "Widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access." The five bugs under active attack are known, fixed security holes in platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware that organizations should patch immediately, researchers warned.
"Russia's pattern of malign behaviour around the world - whether in cyberspace, in election interference or in the aggressive operations of their intelligence services - demonstrates that Russia remains the most acute threat to the U.K.'s national and collective security," the U.K. government said in a statement. To that effect, the U.S. Department of the Treasury has imposed sweeping sanctions against Russia for "Undermining the conduct of free and fair elections and democratic institutions" in the U.S. and for its role in facilitating the sprawling SolarWinds hack, while also barring six technology companies in the country that provide support to the cyber program run by Russian Intelligence Services.
Federal Reserve chairman Jerome Powell said he was more worried about the risk of a large-scale cyberattack than another financial crisis like that of 2008. The risks of a 2008-like crisis with a need for government bailouts of banks were "Very, very low," the head of the US central bank said during an interview aired Sunday on CBS's "60 minutes."
An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology.
Belden has disclosed that additional data was accessed and copied during their November 2020 cyberattack related to employees' healthcare benefits and family members covered under their plan. In November 2020, Belden disclosed they had suffered a cyberattack where threat actors gained access and copied "Some current and former employee data, as well as limited company information regarding some business partners."