Ransomware has been on a dramatic upswing over the last couple of years. The proliferation of Ransomware As A Service (RAAS), the subsequent lowering of barriers for both criminal groups and state actors, as well as the payment of ransoms have helped drive this dramatic increase. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), most ransomware attacks start through phishing, exploitation of remote desktop...

Memo to businesses: Ransomware attacks are worse than ever, and unless you prepare, don’t be surprised if you or your business is the next victim, warn government cybersecurity czars. Joint advisory cybersecurity authorities in the United States, Australia, and the United Kingdom observed a marked increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally throughout 2021. They expect...

The Ripple Effects that Extend Outward from a Breach According to the Verizon 2020 Data Breach report, 22% of all security incidents are perpetuated by insiders. In addition, the costs of insider breaches – caused either by human error or bad actors have – risen by 47% over the past two years. As an organization, a certain amount of trust is required to ensure that business runs smoothly. But, given the inherent risks involved, that trust...

There are several trends emerging in the cyber insurance industry that are worrying for mid-size and local entities. These trends are largely a response to the havoc ransomware has caused across industries in the last 18 months. The emerging trends can be summed up as: Prices are increasing, in many cases in the range of 2x-4x Renewal and acceptance rates for policies are going down, in many cases, by 40%-60% compared to previous years Entities...

Law enforcement and intelligence agencies in the U.S, the U.K. and Australia have issued a joint advisory on unidentified Iran government-backed advanced persistent threat (APT) actors exploiting Fortinet and Microsoft Exchange ProxyShell vulnerabilities to attack organizations in their respective countries. Attributing the attacks to a specific APT group is inherently challenging, but a senior cyber threat intelligence analyst has pointed out...

The FBI has issued a warning about Hive ransomware after the crime group took down IT systems at Memorial Health System in Ohio The alert details indicators of compromise and tactics, techniques and procedures—or TTPs—associated with ransomware attacks by the apparent ransomware-as-a-service operation. The full release can be found here:  https://www.ic3.gov/Media/News/2021/210825.pdf In addition to the details of the attack, the FBI has issued...

Over the last week, more than a thousand companies, many of them small businesses, were dealing with the fallout from the Kaseya mass ransomware incident. In the wake of the devastating compromise of Kaseya’s popular IT management tool, researchers and security professionals are warning that the debacle isn’t a one-off event but part of a larger trend. Hackers are increasingly targeting the entire class of tools that administrators...

Criminals targeting business people with malware-laden documents SolarMarker backdoor malware operators are using “SEO poisoning” techniques to deploy the remote access Trojan to steal sensitive information, Microsoft reports. SEO poisoning attacks use PDFs stuffed with links to malware that is used to steal data and credentials from browsers. Attack Analysis In April, cybersecurity firm eSentire found that hackers had flooded the...

Oil pipelines and Apple among most recent targets Seemingly every week, there’s a new disruption caused by ransomware. Some of them are more noteworthy than others, with the recent pipeline disruption getting the most coverage followed by a $50M ransom demanded from Apple a few weeks ago. It’s all part of a trend of escalating criminal activity centered around ransomware. Trends While the high-profile demands and disruptions are generating...

The Treasury Department’s OCC, Federal Reserve Board and the FDIC are proposing rule changes that would dramatically increase the reporting requirements for banks that experience a “computer security incident”. While the time for public comment has passed and the rule changes are not final yet, here is the sum-mary of what is being proposed. “The OCC, Board, and FDIC (together, the agencies) invite comment on a notice of proposed rule-making...