Security News
SEE: Security Response Policy The report, "The Global State of Industrial Cybersecurity," which includes responses from full-time IT pros in the US, UK, Germany, France, and Australia, found that business security leaders in the US are more concerned about the security of their industrial OT systems than are leaders in other nations. The data also showed that global IT security professionals have a more positive overall outlook about their OT network security compared with their counterparts in the US. About 62% of the global IT respondents said they believe that industrial OT networks are properly safeguarded, compared to only 49% of US respondents.
The attack appeared to be aimed at achieving a foothold at the agency rather than being an end unto itself: "The targeting infrastructure seems to focus on certain types of healthcare and humanitarian organizations that are uncommon for cybercriminals," Costin Raiu, researcher at Kaspersky, told Threatpost. As for the "Why" of the attack, which was thwarted, Raiu said that information about remediation for coronavirus - such as cures, tests or vaccines - would be invaluable to any nation-state's intelligence officials.
Authorities in the United States and Europe have issued warnings of increased malicious cyber-activity related to the ongoing COVID-19 pandemic. The attacks, FBI says, may come in the form of fake Centers for Disease Control and Prevention emails, phishing emails asking for personal information to receive money or encouraging people to donate for various causes, and offers for counterfeit treatments.
At the same time, a full 40 percent of those companies reported seeing increased cyberattacks as they enable remote working. Further, 13 percent said they are only ready to move a minority of workforce/students to online platforms; and 5 percent said they're not prepared at all.
At the same time, a full 40 percent of those companies reported seeing increased cyberattacks as they enable remote working. Further, 13 percent said they are only ready to move a minority of workforce/students to online platforms; and 5 percent said they're not prepared at all.
Researchers from Cybereason Nocturnus have been tracking the rise and variety of such attacks, which now include phishing, fake apps and ransomware. Beyond phishing, criminals have targeted home workers with fake apps offering coronavirus information, and false VPNs taking advantage of corporate advice to stay home and use VPNs. Reason Labs' Shai Alfasi found a fake 'coronavirus map' offering information on the spread of the pandemic, but hiding an AZORult-related infostealer.
The abrupt move of millions of people to working remotely has sparked an unprecedented volume of attacks to trick people into giving up credentials to attackers, according to security researchers. The pandemic has created a perfect storm for cyberattacks, with millions of people working in unfamiliar, less secure circumstances and eager for information about the virus and new organizational policies being implemented.
A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer code was first inserted on the website of the blender retailer on Feb. 20, specifically targeting the website's checkout page, where customers input their payment information.
The U.S Department of Health and Human Services was the victim of a cyberattack on Sunday as the federal government attempts to deal with the coronavirus crisis, according to a report from Bloomberg. "The U.S. Health & Human Services fell victim to a Distributed Denial of Service attack yesterday when several endpoints controlled by a nation-state attacked their networks," Stephen Boyce, principal consultant at risk management and digital forensics firm Crypsis Group, said.
There is a big difference between the promise of 5G low latency, higher bandwidth, and speed for businesses versus the security of 5G. While many are excited about Gartner's prediction of $4.2 billion being invested in global 5G wireless network infrastructure in 2020, few discuss the business costs of its unheralded security holes. 5G is poised to drive IoT, industrial IoT, cloud services, network virtualization, and edge computing, which multiplies the endpoint security complications.