Security News for the Week Ending August 28, 2020
Ransomware is an Equal Opportunity Business
As American businesses deal with ever increasing ransomware attacks, larger ransom demands and ransom and extortion wrapped up together, we are not alone. Not that the fact that we are not alone should make us feel better. A new Iranian hacker group is using Dharma ransomware to go after businesses in Russia, Japan, China and India. According to the researchers who discovered this, the hackers aren’t apparently quite sure what to do once they get in. Credit: Group-IB
New Zealand Stock Exchange Attacked
The New Zealand stock exchange was down for the third time in two attacks after hackers attacked with with a volumetric attack (I think that is a fancy word for big). Basically, they crushed the exchange’s servers with a lot of useless data. You have to assume that a stock exchange has a lot of security in place and has certainly considered that someone might want to use it to make a point, so the fact that they went down three times and then halted trading says that (a) they made their point and (b) the exchange’s preparations were not sufficient. Do you care if your online systems are taken down by hackers? Are you prepared in case they try? Credit: News.com
Insider Threat Is a Real Problem
A Russian national inside the U.S. offered to pay an employee of an unnamed company $500,000 to plant malware in the company’s network. When the employee didn’t go for the plan, the Russian upped the offer to a million dollars. The Russian told him that the company would pay millions to not have their data posted on the web. The employee, instead, went to the FBI and the Russian national is now in custody. Credit: Security Week
UPDATE: It turns out the unidentified company is Tesla.
Homeland Security Releases 5G Strategy
Homeland Security’s CISA released a strategy document for the migration of the country to 5G. While those trying to sell 5G gear are pretending that the country is ready for 5G, the reality is that 5G that lives up to the 5G hype is years away except for small pockets.
The strategy document calls for 5G policy and standards emphasizing security and resilience, expanding awareness of 5G supply chain risk (code for beware of HUAWEI and China), encourage other companies to get into the 5G game and identifying risk based on potential 5G uses.
All of this is good, but unless this is more than a press release, it will not make any difference. Credit: SC Magazine