Image: Shutterstock

Targets of Opportunity: How Ransomware Groups Find Victims

Mathew J. Schwartz • January 27, 2023

As ransomware continues to pummel numerous sectors, and lately especially the manufacturing industry, how does any given organization end up becoming a target or victim? Cybercrime watchers say the answer involves initial access brokers, botnets, targets of opportunity and, above all, profit.

Critical Infrastructure Security

T-Mobile Says Hackers Stole Data of 37 Million Customers

Latest

Cyberwarfare / Nation-State Attacks

Ukraine Links Media Center Attack to Russian Intelligence

Mihir Bagwe , Prajeet Nair • January 28, 2023

Ukraine traced a cyberattack that delayed a press briefing by the nation's information protection agency Tuesday to Russian Sandworm hackers. The group accused of using wiper malware to disrupt the Ukrainian national Media Center has close ties with the Russian GRU, investigators say.

Biometrics

Payments Rules Bring Customer Authentication to Forefront

Michael Novinson • January 27, 2023

Payment regulations in Europe have forced retailers to implement strong authentication that's phishing-resistant and facilitates more customer understanding, says FIDO Alliance's Christina Hulka. This has spurred a push for clients to confirm what they're purchasing and how much they wish to spend.

Fraud Management & Cybercrime

ISMG Editors: Why Are Ransomware Profits Dipping?

Anna Delaney • January 27, 2023

In the latest weekly update, four ISMG editors discuss why it pays off to have well-practiced incident response plans, whether ChatGPT is a blessing or a curse for penetration testers and bug bounty hunters, and how Microsoft has reason to be cheerful as security sales hit $20 billion.

Healthcare

Entity Will Pay $4.3 Million Settlement in 2nd Big Hack Case

Marianne Kolbasuk McGee • January 27, 2023

A Montana healthcare entity has agreed to pay $4.3 million to settle a proposed class action lawsuit filed in the wake of a 2021 hacking incident affecting 214,000 individuals. The deal is the entity's second multimillion-dollar lawsuit settlement in the last four years involving a major breach.

Identity & Access Management

OneSpan to Buy ProvenDB to Securely Store, Vault Documents

Michael Novinson • January 26, 2023

OneSpan plans to purchase an Australian startup founded by a longtime Quest Software executive to securely store and vault documents based on blockchain technology. Melbourne, Victoria-based ProvenDB uses blockchain to deliver security that prevents data tampering and document alteration.

Fraud Management & Cybercrime

2 Hacks Involving Mental Health Data Affected Nearly 400,000

Marianne Kolbasuk McGee • January 26, 2023

Two hacking breaches - one at a non-profit provider of foster care, mental health and substance treatment services, and the other at a provider of behavioral health services - have affected sensitive information of nearly 400,000 individuals.

Fraud Management & Cybercrime

Facebook, Instagram Blasted for 'Lame' Security Practices

Anna Delaney , Cal Harrison • January 26, 2023

Meta's popular social media platforms are increasingly being targeted by cybercriminals, and account takeover complaints rose over 1,000% last year. This social threat is spilling over into banks and government agencies, and experts criticize Meta for moving too slowly to address security issues.

Cyberwarfare / Nation-State Attacks

Ukraine's Critical Sectors Targeted in Phishing Attack Surge

Mathew J. Schwartz • January 26, 2023

While Russian military forces and allied groups continue to pummel Ukrainian targets with online attacks, security experts tracked a phishing and malware surge at the end of 2022, even as U.S. intelligence said the war was running at a "reduced tempo."

Governance & Risk Management

ISACA Survey: Privacy in Practice 2023 Highlights

Anna Delaney • January 26, 2023

ISACA's recently published Privacy in Practice 2023 survey report shares new research related to the privacy workforce, privacy skills, privacy by design and the future of privacy. Expert Safia Kazi shares ways organizations can align privacy goals with business objectives.

Next-Generation Technologies & Secure Development

Venture Capitalist: Now Is an Ideal Time to Invest in Cyber

Tom Field • January 26, 2023

Valuations are down, some companies have left the market altogether, and some even have announced deep rounds of layoffs. Yet, Alberto Yépez of Forgepoint Capital retains optimism for the cybersecurity marketplace in 2023 and says now is the ideal time to be ramping up investments in innovation.

Privileged Access Management

Delinea Snags David Castignola as CRO to Push Beyond Banking

Michael Novinson • January 25, 2023

Privileged access management vendor Delinea has hired longtime RSA sales leader David Castignola to expand beyond North America as well as in nonregulated industries. Delinea hopes to increase sales beyond verticals such as financial services, banking, healthcare, insurance and the public sector.

Governance & Risk Management

Clinic Reports Tracking Pixel Breach Involving 3rd Party

Marianne Kolbasuk McGee • January 25, 2023

A Midwest specialty medical care clinic has reported to regulators a health data breach affecting 134,000 patients involving one of its critical partners' previous use of Meta Pixel and Google tracking codes embedded in its websites and patient portals.