Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Amidst the COVID-19 pandemic, the shift to remote working has increased exponentially, as have security vulnerabilities. TechRepublic reports that this shift has left many businesses more exposed to cybersecurity threats, with nearly half saying they’ve encountered at least one scare. Reporter Owen Hughes covers a recent study by Barracuda Networks that indicated that 46% had experienced at least one security incident since the start of the COVID-19 lockdown, with 51% recording an increase in the number of email phishing attacks. Furthermore, 49% said they anticipated a data breach or similar cybersecurity incident within the next month. Many believe their workforce is not adequately educated in the security risks associated with working from home. Fleming Shi, CTO of Barracuda Networks, says, “Inevitably, the switch to a complete remote-working model in such a short space of time brings with it a myriad of security challenges, particularly with many employees using personal devices to exchange and share data.”

One of the simpler protection steps individuals can implement – and organizations can enforce – is multi-factor authentication. Here’s a quick walkthrough of how to set up two-factor authentication for Gmail in Outlook.

Cyber workforce shortage: critical condition

In a Security Magazine article, Kurt John writes that human strategy is the best cyber defense to combat COVID-19, “Before the pandemic, recruiting for cyber jobs was a critical challenge for many companies. Fast-forward to where we are now and the need for a highly-skilled cyber workforce is even more paramount.” John reinforces the need to tap into our best defenses: the human strategy. He reiterates that security is central to every business strategy, and that while digital analytics might detect something strange, the human expert is essential to decide if there’s really a cybersecurity problem. “People will always be central to cybersecurity and will need organizational support and investment. In a post-COVID world, our workforce will be dramatically different. So, as we emerge as a changed society and workforce, it is critical that we focus on meeting the needs of the challenges and priorities of today, by cultivating a highly-skilled cyber workforce, ready and able to secure a modern, remote and digital world,” states John.

Web skimming hack, China espionage campaign brought to light

The latest hacking campaign is one of the most complex and innovative hacking campaigns detected to date. ZDNet reports that a hacker group created a fake icons hosting website in order to disguise malicious code meant to steal payment card data from hacked websites. This is called a web skimming, e-skimming, or a Magecart attack, in which “hackers breach websites and then hide malicious code on its pages, code that records and steals payment card details as they’re entered in checkout forms,” according to the article.

Meanwhile, hackers in China have been carrying out a five-year cyber espionage campaign against governments in the Asia Pacific region, according to a CNBC news report. The group, called Naikon, “targets ministries of foreign affairs, science and technology, as well as government-owned companies with the aim of gathering geo-political intelligence.” The group used spear-phishing techniques to elicit information – such as contacts and documents – to attack other departments within the government, according the report.

“What drives them is their desire to gather intelligence and spy on countries, and they have spent the past five years quietly developing their skills and introducing a new cyber-weapon with the Aria-body backdoor,” said Lotem Finkelsteen, manager of threat intelligence at Check Point.

The cybersecurity sinkhole quandary

In unrelated news – or maybe related news – the U.S. Department of Defense issued a bulletin about a Chinese-linked hacking group responsible for suspicious activity aimed at defense contractors in the U.S. According to CyberScoop, the bulletin highlights concerning activity coming from a “sinkhole.” The article explains that sinkholes are used by researchers to capture bad internet traffic, mostly coming from botnets, and block infected machines from carrying out their orders. “While the sinkhole’s stated purpose is to conduct security research, the actual traffic going through the sinkhole and emanating from it is likely malicious in nature. Data may be leaking, not only outside the company, but outside the country,” the article reports.

Many cybersecurity experts are speculating on possible causes of the sinkhole leaking information, possible hacks, and origins of the bulletin. In the meantime, a National Security Agency official stated that users should continue to patch and be running two-factor authentication.

Partner blog of interest: PKI Solutions: Our Advanced PKI Training Course is Now Online