Sumo Logic CSO George Gerchow shares his thoughts on the challenges he faces in these difficult times.

• On the biggest security threats: "The number one threat is phishing...The sophistication of phishing attacks has really increased in multiple ways. "
• On the COVID-19 pandemic: "The pandemic did change the nature of my role in a way that I really never expected. Once it started hitting in March, my role shifted outside of cybersecurity and physical security into the health and well-being of our employees."
• On the evolving role of the CISO/CSO: "In the past typically the CSO or CISO would report to the CIO. I don't see that much anymore....IT is now starting to report more to security, and I don't think that's going to stop."
• Click here to upgrade to premium and read the full interview!

Apple has mistakenly given approval to new malware variants, according to Intego researchers. Apple notarized six variants of the OSX/MacOffers adware. Apple scans macOS software to identify malicious code and notarizes apps that pass the scan. The adware had a 0% detection rate on VirusTotal, which enabled it to fool the Apple scan.

More:

• In August, Apple notarized more than 40 malware samples, according to Intego.
• Notarization of an app means it is much easier for users to run it on macOS devices.
• Apple stressed that notarization is not a formal App Review, but an automated scan of the app to check for malicious content.

CYBER BREACH MONDAY:

Every Monday, I summarize the most important breaches, so you stay up-to-date on the latest cybersecurity incidents. In today's issue:

Pfizer (New York, N.Y.): hundreds of breach victims; records of calls between patients and Pfizer customer support about drug use were exposed on a misconfigured Google Cloud storage bucket.

Greenwich Hospital (Conn.): 95,000 breach victims; network server hacking/IT incident.

The Treasury Department has sanctioned a Russian government research lab for developing the Triton malware designed to manipulate safety systems at critical infrastructure facilities. Treasury has frozen the lab's assets in the United States and prohibited U.S. persons from engaging in transactions with it. 

More from Treasury:

• Treasury said the lab, the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), was behind a 2017 attack on a petrochemical facility in the Middle East.
• TsNIIKhm launched a phishing attack against the petrochemical facility, which successfully deployed the malware onto its systems.
• During the attack, the facility shut down after several of the industrial control systems entered into a fail-safe state, preventing the malware’s full functionality from being deployed.
• The Triton attackers were also reported to be scanning and probing at least 20 electric utilities in the U.S. for vulnerabilities.

A ransomware attack has reportedly disabled a Georgia county election database used to verify voter signatures to authenticate absentee ballots. AP reported that this is the first case of a ransomware attack impacting an election system this year. The early October attack against Hall County's systems also brought down a voting precinct map and interrupted phone service. 

More:

• Registration Coordinator Kay Wimpye said employees can still verify voter signatures by manually pulling hard copies of voter registration cards or using a state database that has been unaffected by the outages. 
• U.S. officials have expressed concern that a well-timed ransomware attack poses the gravest threat to the November election.
• State and local governments have been a favorite target of ransomware attackers. 

Hector Navarro, a former employee of Century 21's Manhattan department store, has been charged with breaching the company's network to steal and alter data, the Manhattan district attorney announced. According to court documents, Navarro, who worked as a systems administrator and manager at the company, set up a "superuser" account on the company's network, which enabled him to access the network after he left the company in October 2019.

More:

• With his "superuser" account, Navarro tampered with user accounts, deleted data related to consultants hired to replace him, and made changes to the company's holiday payroll policy. 
• New York-based Century 21 Department Stores is a chain of department stores with 13 locations in the northeastern United States.
• Close to one-third of data breaches are caused by insider threats, such as disgruntled former employees, according to Verizon's latest Data Breach Investigations Report.

The WastedLocker ransomware group has shut down portions of Boyne Resorts' network, including its company-wide reservation system, reported Bleeping Computer. The reservation system for Boyne Resorts was still down at Inside Security's deadline. Boyne Resorts did not respond to Bleeping Computer's request to confirm the attack or provide additional information.

More:

• Boyne Resorts is an owner and operator of golf courses and ski resorts, including Big Sky Resort in Montana, Sugarloaf in Maine, and Loon Mountain in New Hampshire. The company employs over 11,000 people.
• WastedLocker ransomware is attributed to Russia-based Evil Corp.
• Garmin was hit by a WastedLocker ransomware attack earlier this year.

The Press Trust of India was hit by a LockBit ransomware attack that disrupted its servers and the delivery of news across India for several hours on Saturday. The ransomware encrypted all data and applications. The news agency was able to restore operations on Sunday without paying the ransom. 

More:

• The Press Trust of India is the largest news agency in India. It is a nonprofit cooperative involving more than 500 Indian newspapers and has about 500 full-time employees.
• LockBit ransomware operates on a ransomware-as-a-service model in which third-parties use the framework to attack targets and then split the profits with the LockBit developer team.
• Ransomware attackers in India jumped 200% quarter-over-quarter in Q2 2020, according to security firm Segrite.

The Trump administration is continuing its efforts to ban TikTok from the U.S. market because of national security concerns. In a federal court filing Friday, the administration argued that the president has the authority to ban the TikTok app because the Chinese owner, ByteDance, has links with the Chinese government, a charge that ByteDance denies. In October, a judge agreed to a temporary injunction stopping the administration from removing the app from app stores.

More:

• The Trump administration has set a Nov. 12 deadline for the sale of TikTok's U.S. operations to U.S. firms Oracle and Walmart. 
• Oracle and Walmart have agreed to take a 20% stake in a new company called TikTok Global. ByteDance said it would retain an 80% stake, which President Trump said is not acceptable.
• ByteDance is reportedly in talks with investment bankers about taking some of its divisions public. 

QUICK HITS:

• Hewlett Packard Enterprise has patched two critical, remotely exploitable bugs in its StoreServ Management Consol and BlueData EPIC Software Platform and Ezmeral Container Platform.
• French enterprise IT services company Sopra Steria has confirmed reports that it was hit by a Ryuk ransomware attack.
• Palo Alto Networks is threatening legal action against Orca Security after Orca published a video comparing the security products of the two companies.
• Officials in Indian River County, Fla., have launched a probe into a cybersecurity incident that shut down employee emails, VoIP phones, and the county’s website.
• Learn how to revamp your remote work strategy in this webinar: How to Build a Better Remote Work Experience With Less Software.*

* This is a sponsored link.