If there is a unifying theme to this week’s harvest of security stories, it is that the threats we face are often more elaborate than we think.   Here are my key takeaways from this week’s roundup of security articles.

Working at Home:  “Spike in Company Compromises Correlates with Lockdowns”, Kevin Townsend, April 21, 2020

We are all aware of how massive the shift to working at home has been, and how it has taxed IT to get it all up and running. Also, we have some idea that all those workstations at home are probably less secure than in the office. But how? Here’s one for you. Finland-based Arctic Security has discovered an increase in potential compromises because of this:

You may know that malware can infect computers on your network, but your firewall thwarts the malware’s attempts to “phone home” by blocking unauthorized traffic from leaving your network. We have found malware like this on scans for advanced persistent threats. But what happens when that infected computer is suddenly based at an employee’s house, outside the firewall? Suddenly the malware can phone home, and the next stage of the exploit takes place. This is particularly severe when the computer is an approved member of a VPN, whereby access to your organizational network is provided.

The full story is at Security Week.

Dangers of the IoT: “Microsoft helped stop a botnet controlled via an LED light console”, Sergiu Gatlan, April 17, 2020

A botnet of more than 400,000 compromised devices has been running phishing campaigns, distributing malware, delivering ransomware payloads and launching distributed denial-of-service (DDoS) attacks. Recently, Microsoft’s Digital Crimes Unit discovered the botnet and helped take it down.

The striking thing about this is the identity of the major command-and-control computer on the botnet. It was a LED light control console in rural northern Taiwan. I never imagined that!

You can find the complete story at Bleeping Computer.

Malicious Actors Love Current Events: “Oil and Gas Firms Targeted With Agent Tesla Spyware”, Lindsey O’Donnell, April 21, 2020

You may have noticed how oil futures prices have been going negative, as oil demand decreases and storage capacity fills up. The hackers have noticed, too. They’ve been sending spear phishing emails to oil company executives, pretending to be legitimate engineering contractors and shipment companies. The emails contained detailed descriptions of real industry events, such as the routes of tankers. The attachments were disguised as requests for quotations.

The malware in the attachments has been Agent Tesla spyware, which does things like capture passwords, log keystrokes, grab forms and acquire other sensitive information. A successful campaign would allow the bad actors to monitor a lot of operations and transactions. The number of malware reports from the energy industry has been increasing substantially this year. Looks as if somebody new may be on the network where it’s all happening, while the market goes up and down.

The detailed account is at Threatpost.