Yonhap reports that a South Korean military intranet has sustained a North-Korean directed malware infestation. Seoul's Ministry of Defense acknowledged finding the malicious code in one of its cyber command networks.
Mirai appears to have a competitor in the distributed denial-of-service market. CloudFlare has reported that a new botnet—what kinds of bots it's composed of remains unclear—began executing attacks on November 23rd. It ran on a predictable schedule: eight hours a day for seven days, beginning at 10:00 AM PST. On the eighth day the attack switched to twenty-four hours, reaching a peak volume of 400 Gbps. (MIrai has hit 620 Gbps.) Attacks seem to have originated with Chinese IP addresses, and to have targeted servers in California. CloudFlare thinks the targets were "gaming and virtual goods sites and services."
Locky ransomware operators have shifted to [dot] osiris extensions in malicious code being spread by bogus Excel invoices. No decryption is yet available, so secure, regular backup is the best preparation for recovery. Globe2 ransomware is implicated in successful attacks on British hospitals that disrupted patient services.
Ransomware exacts opportunity costs from its victims: San Francisco's Muni light rail estimates it lost some $50,000 in fares during its attack. That's $75,000 less than the ransom Muni refused to pay, but it still hurts.
Social media companies and sites continue to grapple with content filtering. Counter-trolling seems unsuccessful. Control of terrorist imagery remains a work in progress, but is proceeding along lines followed to exclude child porn from networks.