Cybersecurity's Inconvenient Truth: The Nation-State Threat

Tom Field • October 20, 2020

Has the nation-state threat become like the weather - something everyone talks about, but no one can do anything about? It's time for a strategic change. A panel of experts offers a frank discussion of nation-state actors, their ongoing intrusions and what "taking off the gloves" might look like.

►

CISO Trainings

Avoiding a 'Checklist' Approach to Privacy

Latest

Endpoint Security

New Online Platform Coordinates IoT Bug Reports

Jeremy Kirk • October 27, 2020

A new online platform called VulnerableThings.com is aiming to become the go-to place for reporting and viewing reports on software flaws in IoT devices. The IoT Security Foundation and Oxford Information Labs say the platform could help vendors comply with new IoT regulations and standards.

Cybercrime

Even in Test Mode, New Mirai Variant Infecting IoT Devices

Doug Olenick • October 26, 2020

A greatly enhanced variant of the powerful Mirai botnet is already infecting IoT devices even though it's operating in a test environment, according to researchers at cybersecurity firm Avira Protection Lab.

COVID-19

Insider Sentenced for Sabotaging PPE Shipments

Marianne Kolbasuk McGee • October 26, 2020

A former vice president of a personal protective equipment packaging firm has been sentenced to prison and ordered to pay restitution for sabotaging the company's electronic shipping records during the COVID-19 pandemic - causing delays in deliveries - after he was terminated from his job.

Blockchain & Cryptocurrency

KashmirBlack Botnet Targets Content Management Systems

Prajeet Nair • October 26, 2020

Security researchers at Imperva have uncovered a botnet that attacks vulnerabilities in websites' underlying content management systems and then uses these compromised servers to mine for cryptocurrency or send spam to more victims.

Blockchain & Cryptocurrency

Police Battle Criminal Abuse of Cryptocurrency, Encryption

Mathew J. Schwartz • October 26, 2020

"Cybercrime is an evolution, not a revolution," says Europol's Philipp Amann, who oversees the EU law enforcement intelligence agency's annual study of the latest cyber-enabled crime trends. Ransomware, social engineering and the criminal abuse of cryptocurrency and encryption are some of the top threats.

Critical Infrastructure Security

US Treasury Sanctions Russian Entity Over Triton Malware

Akshaya Asokan • October 24, 2020

The Treasury Department has issued sanctions against a Russian research institute that U.S. officials now claim helped deploy Triton, destructive malware designed to damage industrial control systems. The announcement follows other economic penalties levied against Iran in the same week.

Business Continuity Management / Disaster Recovery

Ransomware Knocks Out Voter Database in Georgia

Akshaya Asokan • October 23, 2020

An Oct. 7 ransomware attack targeted a database used to verify voter signatures in Georgia, and the database is still not fully functional. The DoppelPaymer gang has taken credit for the attack.

Critical Infrastructure Security

US Officials Blame Data Exfiltration on Russian APT Group

Jeremy Kirk • October 23, 2020

U.S. intelligence officials say a Russia-backed hacking group has compromised some state and local government computer systems since at least September and exfiltrated data. So far, however, the attackers do not appear to have attempted to otherwise interfere with or disrupt those networks.

Fraud Management & Cybercrime

Phishing Campaign Mimics Microsoft Teams Alerts

Chinmay Rautmare • October 23, 2020

Researchers have uncovered a fresh phishing campaign that mimics the automated messages of the popular business communication platform Microsoft Teams in an attempt to harvest users' Office 365 login credentials.

Critical Infrastructure Security

Analysis: The Significance of Russian Hackers' Indictment

Anna Delaney • October 23, 2020

The latest edition of the ISMG Security Report analyzes the U.S. indictment against Russian hackers who were allegedly behind NotPetya. Also featured: A discussion of nation-state adversaries and how they operate; an update on Instagram privacy investigation.

Critical Infrastructure Security

US Alleges Iran Sent Threatening Emails to Democrats

Jeremy Kirk , Mathew J. Schwartz • October 22, 2020

U.S. officials have blamed Iran for sending a barrage of fake emails and videos to American voters with a Democratic Party affiliation as part of a campaign to push misinformation and sow confusion in the days before the presidential election.

Anti-Money Laundering (AML)

The IRS Takes on Cryptocurrency-Funded Terrorists

Nick Holland • October 22, 2020

The IRS Criminal Investigation Cyber Crimes Unit is waging a battle against the use of cryptocurrency for financing terrorists and other money-laundering activities. Agents Chris Janczewski and Jon Gebhart describe recent cryptocurrency-related takedowns.