Despite the fact that the hackers behind Maze ransomware previously promised not to hit medical organizations during the coronavirus pandemic, it recently attacked a British medical lab that is slated to test COVID-19 vaccines during the pandemic. The Maze hackers previously said publicly that it would “stop all activity versus all kinds of medical organizations … Continue Reading
Evil doers know that the best time to attack is during a crisis or a time of vulnerability. As the United States, and specifically, the Department of Health and Human Services (HHS) attempts to respond to and get ahead of the COVID-19 pandemic in the U.S., hackers, likely from a foreign enemy nation state, ramped … Continue Reading
Another city—Durham, North Carolina—has become the victim of a ransomware attack stemming from a Russian hacker group following a successful phishing scheme. After falling victim to the ransomware attack last weekend, the city shut down its network, including disabling access to the network by the Durham Police Department, the Sheriff’s Office and the communications center. … Continue Reading
Two Las Vegas casinos’ networks were down over the past week, with posted signs saying “Cash Only” throughout the casinos after a suspected ransomware attack. Electronic slot machines were silent as the casinos reacted to the security incident. The Nevada State Gaming Control Board was aware of the situation and disclosed that it is monitoring … Continue Reading
The Department of Homeland Security (DHS) announced this week that a ransomware attack shut down a natural gas compressor facility for two days. While in the network, the attacker deployed software trying to “identify critical assets” before setting off the ransomware and in the process, may have also disabled detection processes in place to identify … Continue Reading
Criminal minds are creative, and new ransomware strains show just how creative cyber-attackers can be. A new strain of ransomware, dubbed Ransomwared, requests a different kind of payment from the victim than the typical bitcoin request. Instead of paying for the decryption of data, or to prevent cyber-attackers from releasing private photos they have obtained … Continue Reading
Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in 2019. That figure is based on historical cybercrime figures. It is estimated that the cost of ransomware to businesses will … Continue Reading
The Ponemon Institute recently issued its 2020 Cost of Insider Threats Global Report (Report), which finds that the frequency and cost of insider threats continues to increase. Sponsored by ObserveIT and IBM, the 2020 Report is the third consecutive one to study insider threats and their impact on businesses in terms of frequency, cost, and … Continue Reading
The Ponemon Institute recently issued its 2020 Cost of insider Threats Global Report, which finds that the frequency and cost of insider threats is continued to increase. Sponsored by ObserveIT and IBM, the 2020 report is the third consecutive report that studies insider threats and their impact on businesses in terms of frequency, cost and … Continue Reading
Researchers at Sentinel One and Dragos have detected malicious code, called EKANS or Snake, that has been designed specifically to target industrial control systems (ICS), including those of oil refineries, manufacturing sites, and electrical and power grids. Although there have been a few successful attacks against ICS in the past, including the destruction of a … Continue Reading
Concern over the spreading coronavirus from China is legitimate and real. The World Health Organization (WHO) has declared the coronavirus a global health emergency, and the United States and other countries are limiting travel of individuals from the affected areas in China. As we have seen with other public concerns, cyber criminals and threat actors … Continue Reading
A new report published by Coveware concludes that companies hit with ransomware attacks spend an average of 16 days recovering from the attack. Think about being offline and unable to do business for 16 business days. It is extremely disruptive and costly. It takes larger organizations longer to recover than smaller ones, and larger organizations … Continue Reading
It’s getting difficult to keep up with the jargon of all of the new digital scams. The SaaSes in the beginning became regular business terms, such as Software-as-a-Service (SaaS), and Business Processes-as-a-Service (BPaaS). But then the criminal enterprises came up with Malware-as-a-Service (MaaS), Ransomware-as-a-Service (RaaS) and now Crime-as-a-Service (CaaS). A new Crime-as-a-Service offering is targeting … Continue Reading
The National Institute of Standards and Technology (NIST) released its first privacy framework tool (the Privacy Framework) on January 16, 2020. In the Executive Summary, NIST states that with the unprecedented flow of data of individuals through a complex digital ecosystem, individuals may not be able to understand the potential consequences for their privacy as they … Continue Reading
The Federal Bureau of Investigation (FBI) is warning of a heightened likelihood of Iranian cyber-attacks following the escalation of tension between the U.S. and Iran. This follows the warning last week by the Department of Homeland Security (DHS). The FBI and DHS issued a bulletin to law enforcement groups warning of potential physical and cyber-attacks … Continue Reading
Following the escalation of tensions between the United States and Iran in the past week, the Health Information Sharing and Analysis Center (H-ISAC) is warning hospitals and health systems that Iran could attack health organizations, which are considered critical infrastructure, and that they make sure their systems are being updated with patches. H-ISAC further recommended … Continue Reading
After the killing of Qassem Soleimani on January 3, 2020, by the U.S. government, the cybersecurity news industry has been abuzz about whether Iran will engage in cyber terrorism, and if so, to what degree, as part of its pledge to strike back at the U.S. On January 5, Forbes reported that the first instance … Continue Reading
The Department of Homeland Security (DHS) issued a grave warning to U.S. businesses and critical infrastructure operators on January 6, 2020, alerting the public that Iran poses a cyber terrorism threat to the United States following the death of Iranian Quds Force commander Gen. Qassem Soleimani. The bulletin explains that Iran’s previous plots against the … Continue Reading
In view of Iran’s vows to retaliate against the United States for the death of Quassem Soleimani, the NYDFS has issued an industry letter to all regulated entities regarding the need for heightened cybersecurity precautions. The letter notes that it “is particularly concerning that Iran has a history of launching cyber-attacks against the U.S. and … Continue Reading
It is being reported that LifeLabs, a Canadian lab company that is the largest provider of laboratory diagnostics and lab testing services in Canada, recently paid an undisclosed ransom to hackers who compromised its computer system that housed patient lab data. The hackers apparently compromised the system, exfiltrated data and demanded that the company pay … Continue Reading
Approximately 3,000 customers of the Fort Worth Water Department were notified recently that their credit card information may have been compromised as a result of a data breach suffered by its vendor, Click2Gov [view related post]. Customers who pay their bill by phone or in person were not affected, nor were customers who have automatic … Continue Reading
Just hours after the shooting incident at the Pensacola Air Station last week, city officials in Pensacola discovered that the city was the victim of a ransomware attack. Many of the city’s computer systems were affected and were disconnected from the internet. City officials reported that all offices were open and that emergency services, including … Continue Reading
The predictions set forth in Experian’s Seventh Annual Data Breach Industry Forecast make sense and are worth a read. We are starting to see these types of intrusions and scams, and our experience is that once these types of attacks work, they increase exponentially. Hackers continue to get more sophisticated and seem to always be … Continue Reading
Louisiana Governor John Bel Edwards activated the State’s cybersecurity team recently after several State offices’ computers started acting strangely. The IT team identified an intrusion of Ryuk ransomware and which programs were affected, and shut down computers to avoid spread of the infection. During the outage, some state offices had no access to email, internet … Continue Reading
