Citing Orange’s
Security Navigator 2021 report, Charl van der Walt, head of security research at Orange Cyberdefense, began by outlining some unexpected trends in regards to incidents detected in the early stages of the crisis. Comparing two countries that took differing approaches to dealing with COVID-19 infections, in the tightly locked down France, there was a decrease in confirmed cyber-incidents of 18%, whereas in Sweden, where there was a much lighter approach to social distancing taken, the number of incidents remained similar. This “inverse” effect may be explained by the reduction in economic activity in these early months. “There were fewer people busy, connected to the network, fewer computers online and less interaction,” noted van der Walt. Therefore, the predicted surge in attacks did not occur over this time.
The cyber-risks associated with connected operational technology (OT) systems were laid bare on Monday after an unknown online assailant tried to remotely poison the water supply of a Florida city.
The attacker accessed the water treatment system for Oldsmar city in Pinellas County and tried to increase the amount of sodium hydroxide (lye) in the water almost 100-fold, officials said yesterday.
Also known as caustic soda, sodium hydroxide could cause vomiting, diarrhoea and damage to internal organs if swallowed.
An operator at the plant monitoring the system saw what he assumed to be his boss remotely accessing it at around 8am on Friday morning. Around five-and-a-half hours later the same worker was left bemused as their mouse suddenly started to move while a remote user tried to ramp up the lye levels in the water.
Google has warned security researchers they are being targeted by an ongoing government-backed hacking campaign based in North Korea.
The tech giant said it uncovered several false social media profiles on platforms including Twitter and LinkedIn, where bad actors would lure targets to a fake blog featuring “guest” posts from unwitting legitimate security researchers.
According to Google’s Threat Analysis Group, attackers would then start talking to potential targets, asking if they would like to work together on cyber vulnerability research and use collaboration tools with hidden malware.
These actors have used multiple platforms to communicate with potential targets, including Twitter, LinkedIn, Telegram, Discord, Keybase and email. We are providing a list of known accounts and IOCs in the blog post.
Google has warned security researchers they are being targeted by an ongoing government-backed hacking campaign based in North Korea.
The tech giant said it uncovered several false social media profiles on platforms including Twitter and LinkedIn, where bad actors would lure targets to a fake blog featuring “guest” posts from unwitting legitimate security researchers.
According to Google’s Threat Analysis Group, attackers would then start talking to potential targets, asking if they would like to work together on cyber vulnerability research and use collaboration tools with hidden malware.
These actors have used multiple platforms to communicate with potential targets, including Twitter, LinkedIn, Telegram, Discord, Keybase and email. We are providing a list of known accounts and IOCs in the blog post.
Sepa data leaks as agency resists ransom demands
The Scottish Environment Protection Agency is resisting extortion demands from a ransomware gang, but has suffered a data leak in retaliation
Share this item with your network: By Published: 22 Jan 2021 12:01
The Conti ransomware gang has published a number of files stolen from the Scottish Environment Protection Agency (Sepa) in an attack on Christmas Eve, as the agency continues to resist its demands to pay.
The attack saw the theft of 1.2GB of data contained in about 4,000 files. The material in question includes business information including regulated site permits, authorisations, enforcement notices, corporate planning and change programmes; procurement information such as publicly available procurement awards; project information relating to Sepa’s commercial work; and personal information on its staff.