Resources
IT Security Trends that Accelerated in 2024
There are a number of trends that impact IT security that accelerated through 2024 and are promising to grow as threats in 2025. Some of these trends are enabled or accelerated by emerging technologies like widespread AI and others are so old that their recent uptick is surprising. AI-enabled Scams/Social Engineering The rise of AI-enabled scams and fraud is predictable, in many cases just creating a more believable layer to classic romance or kidnapping scams through AI voice mimicking. The real concern for organizations is that AI...
read moreWatchdog Report: HHS OCR Should Beef-Up HIPAA Audit Program
HHS OIG: Current Audit Program Is Not Pushing Entities Enough to Improve Cyber The Department of Health and Human Services Office of the Inspector General just finished a report making a series of suggestions to the Office for Civil Rights regarding the focus and implementation of HIPAA audits in the near future. The audit program has been dormant since 2020, but the HHS is restarting the program and toughening the scope of its audits. The HHS Office of Inspector General recently issued a report that says that HHS OCR fulfilled its...
read moreIranian Hackers Threaten Critical Sectors Using Brute Force
Advisory Warns of Iranian Threat Actors Iranian cyber actors are using brute force techniques like password spraying and multifactor authentication “push bombing” to attack global critical infrastructure sectors, according to a recent joint advisory. The U.S. Cybersecurity and Infrastructure Security Agency published a cybersecurity advisory with the FBI, NSA and cyber authorities in Canada and Australia warning of an increasing threat posed by Iranian state-sponsored hackers. They have been targeting critical sectors with brute force...
read moreCDK and Crowdstrike: Are your vendors putting you at risk?
What do you do when a service or platform that your organization relies on goes down? The recent chaos caused by problems with CDK and Crowdstrike highlights the need to be mindful of risks caused by 3rd party vendors. It’s also a reminder as to why having a contingency plan in place before an outage or attack occurs is key to any organization’s response. Both issues stemmed from different root causes. In CDK’s case, a ransomware attack left dealers that account for around 70% of the U.S. car market scrambling to do deals with nothing more...
read moreWindows 10 Is Nearing End of Support. Is Your Organization Prepared?
Microsoft announced in December that Windows 10 will reach end of support in October 2025. Those who rely on the operating system will no longer receive essential security updates, bug fixes or technical support unless they migrate to Windows 11 and they sign up for escalating maintenance fees. The Extended Security Update program for devices running Windows 10 enables enterprises to continue receiving monthly security updates by paying $61 per device for one year after the end-of-support date. “The price will double every consecutive...
read moreRussian Sandworm Hacking Team Expands Reach
Russian Cyber Sabotage Unit Sandworm Adopting Advanced Techniques Mandiant newly designated the Russian military intelligence hacking team known as Sandworm as APT44. Russia’s preeminent cyber sabotage unit presents “one of the widest and high severity cyber threats globally” due to its advanced capabilities and successes in disrupting global critical infrastructure sectors, a new report warns. Sandworm is the cyberwarfare division of Russia’s military intelligence service. It’s a “flexible instrument of power...
read moreHHS OCR Plans to Resurrect Random HIPAA Audits
As U.S. federal regulators fine-tune a strategy to push the healthcare sector into strengthening its cybersecurity posture, they are revisiting a HIPAA compliance audit program that’s been dormant since 2017. A new round of HIPAA audits for regulated entities is in the works. The Department of Health and Human Services recently published a notice saying that its Office for Civil Rights would be pulling the trigger soon on a study to assess its HIPAA compliance audit program, last used in 2017. HHS OCR officials on Wednesday confirmed that...
read moreBanking Trojan Harvests Facial Biometrics for AI Deepfakes
GoldPickaxe Malware Can Record User’s Face, Gather Video Used in Deepfake Crimes A Chinese-speaking cybercrime group, identified as GoldFactory, is expanding the functionality and reach of its advanced banking Trojans. These Trojans are now collecting and stealing biometric data. Cybersecurity firm Group-IB recently released a report saying that GoldFactory has developed a new Trojan, dubbed GoldPickaxe, that comes in Android and iOS variants designed to harvest personal information, including biometric face profiles, from mobile devices....
read moreHHS Details New Cyber Performance Goals for Health Sector
‘Essential’ and ‘Enhanced’ Best Practices Will Influence Upcoming Rule-Making The Department of Health and Human Services has released guidance that spells out voluntary cybersecurity performance goals for the healthcare sector. The new 13-page Cybersecurity Performance Goals document, recently released by HHS’ Administration for Strategic Preparedness and Response, details both essential goals “to outline minimum foundational practices” for cybersecurity performance and enhanced goals “to...
read more2023 Saw a Number of High-Profile Breaches
We hope that you had a successful 2023. Looking back, 2023 saw a number of high-profile breaches as criminals and nation-state-supported hackers both created new methods of attacking and took advantage of existing vulnerabilities. Looking to 2024, here are a few things that we think are worth keeping an eye on moving forward. Phishing NOW WITH AI Phishing continues to be a persistent and lucrative attack vector for criminals and state- sanctioned hackers. The rise in generative AI makes it easier and cheaper to iterate messages and tactics in...
read more