As the Russia-Ukraine war continues, many commentators continue to highlight the lack of Russian cyberattacks. But The Chertoff Group's Chad Sweet says Russian cyberattacks remain fast and furious, although Moscow continues to publicly downplay both the attacks and their relative failure.
The discovery and subsequent exploitation of a critical zero-day vulnerability in Apache's Log4j open-source library has highlighted the importance of code security in today's threat landscape, says Steve Wilson, security chief product officer at Contrast.
Threat watch: The ongoing Russia-Ukraine war continues to pose both direct and indirect risks to enterprise networks, says Michael Baker, vice president and IT CISO of IT services and consulting firm DXC Technology. He also discusses recruiting and retaining new talent.
The public-private Ransomware Task Force last year issued numerous recommendations for battling ransomware, and task force member Marc Rogers of Okta says that while the problem persists, better mechanisms are helping to blunt such criminal activity.
Ransomware continues to pummel organizations, with the average ransom payment reaching $925,000 so far this year, but the aggregate financial impact of business email compromise attacks is even worse, says Wendi Whitmore, head of Unit 42 at Palo Alto Networks.
Cloudflare says it detected and mitigated "the largest HTTPS DDoS attack on record." The 26 million requests per second DDoS attack likely originated from hacked virtual machines and servers kept by cloud computing hosts and was likely exacerbated by computationally intensive encrypted web traffic.
Ransomware groups such as Conti are beginning to move away from encrypting systems. Instead, they are stealing data, especially from public companies, and threatening to leak it publicly to extort ransom payments, says cybercrime expert Vitali Kremez, CEO of AdvIntel.
As Russia's invasion of Ukraine continues, it's notable that Ukraine's government - and much of the country - has remained connected to the internet. That's happening despite fierce Russian cyberattacks, says cybersecurity expert Mikko Hypponen, who highlights Ukraine's defensive mojo.
Organizations are struggling to implement all the security technology they've purchased and ensure they are protected across the most important areas of risk and posture, according to Amol Kulkarni, chief product and engineering officer at CrowdStrike.
The latest edition of the ISMG Security Report includes highlights and observations from RSA Conference 2022, including a key message from RSA CEO Rohit Ghai. It also discusses the value of automation and the Cybersecurity and Infrastructure Security Agency's mission to grow cyber talent.
Several major email breaches reported by healthcare entities in recent days and weeks have affected the health data of nearly 300,000 individuals. Experts say the incidents highlight the ongoing challenges many organization face involving phishing attacks and similar email compromises.
Personal data allegedly obtained during a cyberattack using BlackCat ransomware was published on a typosquatted open internet website. This new extortion technique shows an escalation by ransomware groups in their willingness to use personal data to bludgeon victims into paying extortion money.
CISO Eric Sanchez of Kyowa Kirin North America discusses the nuances and challenges of building a security program at an international company. He shares strategies for managing the people, operations and technology and explains why strong interpersonal and crisis management skills are a must.
As ransomware attacks continue to pummel organizations, Rapid7 Chief Scientist Raj Samani says victims must identify how the attacker broke in and if they've given themselves persistent ways to regain access. Otherwise, he says, "They'll hit you again and again."
The disruption of the Netwalker ransomware group in January 2021 by U.S. and Bulgarian authorities highlights how blockchain can be an Achilles' heel for cryptocurrency-using criminals, says Jackie Burns Koven, cyberthreat intelligence lead at Chainalysis.