The BBC reports that some laptops Her Majesty’s Government had issued to support children being schooled at home during the pandemic have been found to come pre-equipped with malware. A school in Bradford noticed the problem when some of the devices were observed to be quacking to a server in Russia. Computing says the malware is a version of the Gamarue worm, crimeware that’s been in action since 2011 at least.
DomainTools notes that Solorigate and the tactics its operators used conclusively demonstrate the limitations of “indicator-centric” defenses. The Solorigate campaign was too quiet, too cagey, too Protean, to betray itself by simple indicators, especially when potential indicators appeared only once.
The Reserve Bank of New Zealand, afflicted by a data breach it suffered by illegal access of a third-party file-sharing service, has decided to delay regularly scheduled release of statistical data while it continues to investigate the breach. Part of the issue is data collection, some of which was done via the compromised service. Reuters reports that the central bank says it’s making progress in that investigation.
Lumen researchers report a “disturbing” rise in extortion by threatened distributed denial-of-service, "ransom DDoS," in the second half of 2020. One of the more active criminal groups in the field represents itself as being a nation-state’s intelligence service, using such services’ now familiar nicknames, including the Armada Collective, Lazarus Group, Fancy Bear, and Cozy Bear. It’s none of those, but it’s been successful enough to inspire underworld imitators. Lumen advises against paying.