Buyers' and sellers' listings on darknet forums for access to organizations' networks (Source: Positive Technologies)

9 Ransomware Enablers - And Tactics for Combating Them

Mathew J. Schwartz • July 29, 2021

Ransomware operations continue to thrive thanks to a vibrant cybercrime-as-a-service ecosystem designed to support all manner of online attacks. Given that attackers first need remote access to victims' systems, robust patch management and remote desktop protocol security remain obvious must-have defenses.

Critical Infrastructure Security

World Leaders Included on Alleged Spyware Targeting List

Latest

Critical Infrastructure Security

What Can Be Done to Enhance Electrical Grid Security?

Dan Gunderman • July 29, 2021

The lack of adequate security features in critical electric grid equipment that's made in other nations poses a serious U.S. cybersecurity threat, federal officials said this week. Supply chain attacks could take down the grid and result in a lengthy recovery period, they told Congress.

Cyberwarfare / Nation-State Attacks

Senate Bill Proposes Further Restrictions on Huawei, ZTE

Scott Ferguson • July 29, 2021

Two U.S. senators are looking to place additional restrictions on the use of telecom equipment from Chinese equipment manufacturers Huawei and ZTE by prohibiting using funds from the $1.9 trillion American Rescue Plan stimulus package to buy such equipment.

Cybercrime

Insurer: Size of Claims Paid for Ransomware Attacks Declines

Doug Olenick • July 29, 2021

Cyber insurance provider Coalition Inc. says its clients' average claims for losses when they were hit by a ransomware attack totaled $184,000 in the first half of this year, down 45% compared to the second half of 2020. Negotiating lower ransoms and more efficient recovery were key factors.

Cyberwarfare / Nation-State Attacks

Israeli Government Visits NSO Group Amid Spyware Claims

Jeremy Kirk • July 29, 2021

The Israeli government paid a visit on Wednesday to NSO Group, the company whose spyware is alleged to have been covertly installed on the mobile devices of journalists and activists. The visit comes as Israel faces growing pressure to see if NSO Group's spyware, called Pegasus, has been misused.

Critical Infrastructure Security

Biden Calls for Critical Infrastructure Security Standards

Scott Ferguson • July 28, 2021

President Joe Biden signed an executive national security memorandum on Wednesday calling for the development of new critical infrastructure cybersecurity standards for various industries. CISA and NIST will develop the standards, and compliance will be voluntary - at least initially.

Recruitment & Reskilling Strategy

Tips on Recruiting, Retaining Cybersecurity Staff

Anna Delaney • July 28, 2021

To recruit and retain cybersecurity specialists, organizations must "stop expecting people just to be sort of 'focused monkeys' and doing one particular task and turning the handle," says Keith Martin, professor of information security at Royal Holloway University in the U.K.

Business Continuity Management / Disaster Recovery

Kaseya's Unitrends Technology Has Zero-Day Flaws

Prajeet Nair • July 28, 2021

Researchers are warning of three zero-day vulnerabilities in Kaseya's Unitrends cloud-based enterprise backup and disaster recovery technology. The news comes after a July 2 ransomware attack exploiting flaws in Kaseya's VSA software had a major impact.

Business Continuity Management / Disaster Recovery

Measuring Success of 'No More Ransom' Project

Rashmi Ramesh • July 28, 2021

Europol says the "No More Ransom" project, a portal launched five years ago, so far has helped more than 6 million ransomware victims worldwide recover their files for free so they could avoid paying almost 1 billion euros ($1.2 billion) in ransoms.

Fraud Management & Cybercrime

Congress Urged to Update Federal Laws to Combat Ransomware

Scott Ferguson • July 27, 2021

Congress needs to update and expand federal laws to combat the surge in ransomware attacks, federal cybersecurity experts told a Senate committee at a Tuesday hearing.

Critical Infrastructure Security

Experts Testify on Pipeline Cybersecurity Measures

Dan Gunderman • July 27, 2021

At a Senate hearing on pipeline cybersecurity, leaders from several federal agencies briefed lawmakers on the roles regulators can play in the aftermath of the Colonial Pipeline attack. Lawmakers urged the agencies to "flatten the bureaucracy" to improve relationships with companies that support pipelines.

Governance & Risk Management

M&A Update: Deloitte and Sophos Make Acquisitions

Doug Olenick • July 27, 2021

Brisk M&A activity in the cybersecurity sector continues. Among the latest moves: Deloitte and Sophos each have announced two acquisitions.

COVID-19

SASE: Building a Migration Strategy

Geetha Nandikotkur • July 27, 2021

Security experts offer an analysis of Gartner's new strategic road map for SASE adoption that emphasizes the need for a detailed migration plan and offer tips for a successful rollout.