Those of you who are CISOs and have been conducting awareness programs for years realize that ''the devil is in the details" when building a successful program. Initial attempts to get an awareness program started are usually done by trial and error- but this hit-and-miss approach is often ineffective or frustrating....
One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks. But a number of cybercrime markets sell such access, in some cases for as little as 50 cents.
Scotland's Arran Brewery fell victim to a Dharma Bip ransomware attack that infected its Windows domain controller and crypto-locked files and local backups, leading to the loss of three months' worth of sales data. The brewery refused to pay the attackers' two bitcoin ransom demand.
Criminals operating online continue to target cryptocurrencies, leverage phishing and other social engineering attacks, as well as tweak age-old scams - including Nigerian prince emails - for the modern age. So warns Europol in its latest Internet Organized Crime Threat Assessment.
More evidence that running cybercrime schemes remains inexpensive and accessible to anyone with criminal intent: To send spam emails, admitted botnet herder Peter Levashov quoted customers $500 for 1 million emails. And that was just his 2016 pricing.
Russian national Peter Levashov, who was arrested in Spain last year and extradited to the U.S., has admitted to a two-decade crime spree that included running multiple botnets that harvested online credentials while also pumping out spam, banking Trojans and ransomware.
Projections are there will be a ransomware attack on a business every 14 seconds by the end of 2019, according to Cybersecurity Ventures. Attackers are after every type of data they can get their hands on - from business critical data to social media - because data is something we value and are willing to pay a ransom...
U.S. prosecutors have accused a 34-year-old North Korean man of involvement in some of the most destructive and profitable cyberattacks ever seen, including the WannaCry ransomware outbreak, the Sony Pictures Entertainment breach and the theft of $81 million from Bangladesh Bank.
Organizations should be on guard for attacks involving an apparent variant of Hermes ransomware - dubbed Ryuk - that attempts to encrypt network resources. It has already victimized several global organizations in the U.S. and elsewhere, according to a federal alert, which offers mitigation advice.
A recent incident involving a chronic care management company spotlights how paying a ransom to recover decryption keys from ransomware attackers can put sensitive data at additional risk. Security experts offer insights on how to prepare for the many challenges posed by attacks.
Ransomware creators, having already created "themes" for their crypto-locking malware ranging from Pokemon and horror movies to princesses and Donald Trump, have now debuted "Barack Obama" ransomware. In a sign of the times, the ransomware doubles as a monero cryptocurrency miner.
SamSam has taken in nearly $6 million in ransom, and its victims have
been diverse. They haven't all been healthcare and government agencies,
as has been reported in a lot of the media - the majority of the victims were
actually regular private-sector businesses.
The takeaway: Everyone needs to be careful because...
The March SamSam ransomware attack in Atlanta is reported to have cost the city $17 million to resolve. The attackers had asked for a $51,000 bitcoin ransom, which the city refused to pay. But Gartner Research analyst Avivah Litan stresses that paying ransoms has more cons than pros.
Leading the latest edition of the ISMG Security Report: An analysis of why it may be too late to secure the 2018 U.S. midterm elections. Also: A close look at the Anthem breach lawsuit settlement and a report on ransomware recovery lessons learned.