A recent report released by the British Ports Association and Astaara, a risk management firm based in the U.K., concludes that since February 2020, the maritime industry has seen a dramatic increase in cyber-attacks. The number of attacks has quadrupled, as companies struggle with COVID-19 and remote work forces. According to the report, in what … Continue Reading
On June 5, 2020, Florence, Alabama’s information technology systems were hit with ransomware by the DoppelPaymer group demanding a ransom payment of $378,000 in bitcoin. Mayor Steve Holt confirmed that the attack shut down the city’s email system, and that the city used an outside firm to negotiate the payment of a lower ransom of … Continue Reading
The Department of Homeland Security (DHS) cybersecurity advisory arm issued a warning on its website that “[M]alicious cyber actors are targeting unpatched systems” with a new exploit code that on unpatched systems could spread to millions of computers. The exploit code, called SMBGhost, attacks a security vulnerability in the server message block (SMB) that Microsoft … Continue Reading
As a litigator, when responding to any security incident, thoughtful consideration is given to the possibility that the security incident may wind up in litigation, and therefore, certain decisions are made in anticipation of that litigation. Without getting into the details of the legal doctrines of attorney-client privileges, work product doctrine, and in anticipation of … Continue Reading
The Office of Court Administration in Texas (OCA) confirmed late last week that it is the victim of a ransomware attack. The OCA stated that it would not pay the ransom. “OCA was able to catch the ransomware and limit its impact, and will not pay any ransom…Work continues to bring all judicial resources and … Continue Reading
Live adult streaming website CAM4 has reportedly not secured 7TB of users’ information, which may be able to be used for blackmail and identity theft purposes, according to researchers from Safety Detectives. According to reports, CAM4 users pay to watch live streamed explicit adult content from consenting amateur performers who film themselves and post the … Continue Reading
In a growing trend, pharmaceutical company ExecuPharm became the victim of a ransomware attack on March 13, 2020, by the CLOP ransomware group, which exfiltrated its data and then posted it on the Internet. Apparently, ExecuPharm didn’t pay the ransom, and then paid the price anyway by having its data compromised and posted by the … Continue Reading
Some good news in the ransomware world, which is so rare these days. The Shade (Troldesh) ransomware group has retired and is shutting down. When do you ever hear that a ransomware group is shutting down? According to reports, Shade has publicly announced that it is retiring (apparently it has made enough money to do … Continue Reading
The hackers behind the Sodinokibi/REvil ransomware have reportedly switched their demands for payment from Bitcoin or Ethereum to Monero cryptocurrency to try to prevent law enforcement from tracking payments. The hackers reportedly advertised the switch in a posting to an online hacker and malware forum, and admitted that the switch from Bitcoin to Monero is … Continue Reading
On April 6, 2020, the Federal Bureau of Investigation (FBI) issued a warning to companies to be aware of an increase in business email compromises (BEC) entitled “FBI Anticipates Rise in Business Email Compromise Schemes Related to the Covid-19 Pandemic.” Although BECs have been around for years, attackers are using the fact that many employees … Continue Reading
Although email seems to be the preferred method of communication during the coronavirus pandemic, an error made by a City of Los Angeles employee is one to learn from and avoid repeat. Unfortunately, when emailing COVID-19 results to multiple individuals, instead of blind copying the recipients with the results, a staff member from the City … Continue Reading
On April 1, 2020, Microsoft issued a specific warning to health care entities alerting them that they are at particular risk during the COVID-19 crisis, as threat actors are using the pandemic to take advantage of vulnerabilities while hospitals are focused on responding to the crisis. According to Microsoft “[D]uring this time of crisis, as … Continue Reading
Despite the fact that the hackers behind Maze ransomware previously promised not to hit medical organizations during the coronavirus pandemic, it recently attacked a British medical lab that is slated to test COVID-19 vaccines during the pandemic. The Maze hackers previously said publicly that it would “stop all activity versus all kinds of medical organizations … Continue Reading
Evil doers know that the best time to attack is during a crisis or a time of vulnerability. As the United States, and specifically, the Department of Health and Human Services (HHS) attempts to respond to and get ahead of the COVID-19 pandemic in the U.S., hackers, likely from a foreign enemy nation state, ramped … Continue Reading
Another city—Durham, North Carolina—has become the victim of a ransomware attack stemming from a Russian hacker group following a successful phishing scheme. After falling victim to the ransomware attack last weekend, the city shut down its network, including disabling access to the network by the Durham Police Department, the Sheriff’s Office and the communications center. … Continue Reading
Two Las Vegas casinos’ networks were down over the past week, with posted signs saying “Cash Only” throughout the casinos after a suspected ransomware attack. Electronic slot machines were silent as the casinos reacted to the security incident. The Nevada State Gaming Control Board was aware of the situation and disclosed that it is monitoring … Continue Reading
The Department of Homeland Security (DHS) announced this week that a ransomware attack shut down a natural gas compressor facility for two days. While in the network, the attacker deployed software trying to “identify critical assets” before setting off the ransomware and in the process, may have also disabled detection processes in place to identify … Continue Reading
Criminal minds are creative, and new ransomware strains show just how creative cyber-attackers can be. A new strain of ransomware, dubbed Ransomwared, requests a different kind of payment from the victim than the typical bitcoin request. Instead of paying for the decryption of data, or to prevent cyber-attackers from releasing private photos they have obtained … Continue Reading
Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in 2019. That figure is based on historical cybercrime figures. It is estimated that the cost of ransomware to businesses will … Continue Reading
The Ponemon Institute recently issued its 2020 Cost of Insider Threats Global Report (Report), which finds that the frequency and cost of insider threats continues to increase. Sponsored by ObserveIT and IBM, the 2020 Report is the third consecutive one to study insider threats and their impact on businesses in terms of frequency, cost, and … Continue Reading
The Ponemon Institute recently issued its 2020 Cost of insider Threats Global Report, which finds that the frequency and cost of insider threats is continued to increase. Sponsored by ObserveIT and IBM, the 2020 report is the third consecutive report that studies insider threats and their impact on businesses in terms of frequency, cost and … Continue Reading
Researchers at Sentinel One and Dragos have detected malicious code, called EKANS or Snake, that has been designed specifically to target industrial control systems (ICS), including those of oil refineries, manufacturing sites, and electrical and power grids. Although there have been a few successful attacks against ICS in the past, including the destruction of a … Continue Reading
Concern over the spreading coronavirus from China is legitimate and real. The World Health Organization (WHO) has declared the coronavirus a global health emergency, and the United States and other countries are limiting travel of individuals from the affected areas in China. As we have seen with other public concerns, cyber criminals and threat actors … Continue Reading
A new report published by Coveware concludes that companies hit with ransomware attacks spend an average of 16 days recovering from the attack. Think about being offline and unable to do business for 16 business days. It is extremely disruptive and costly. It takes larger organizations longer to recover than smaller ones, and larger organizations … Continue Reading
