Average ransom payments daily, in blue, versus median payments, in red (Source: Coveware)

Ryuk and Sodinokibi Surge as Ransom Payments Double

Mathew J. Schwartz • January 28, 2020

Bad news on the ransomware front: Victims that choose to pay attackers' ransom demands - in return for the promise of a decryption tool - last quarter paid an average of $84,116, according to Coveware. But gangs wielding Ryuk and Sodinokibi - aka REvil - often demanded much more.

Governance

Report: Apple Scuttled Encryption Plans for iCloud Backups

Latest

Cyberwarfare / Nation-State Attacks

UK Approves 'Limited' Role for Huawei in 5G Networks

Ishita Chigilli Palli • January 28, 2020

The United Kingdom will allow "limited" use of equipment from China's Huawei for the nation's emerging 5G networks. After the Tuesday announcement, the White House and some U.S. lawmakers again expressed concerns about the global security threat posed by the use of the Chinese firm's gear.

Electronic Healthcare Records

Why Was Electronic Health Records Vendor Fined $145 Million?

Marianne Kolbasuk McGee • January 28, 2020

Federal prosecutors say Practice Fusion - a unit of Allscripts - will pay $145 million to settle civil and criminal investigations related to its electronic health records system. The case includes a kickback scheme involving opioids as well as false claims regarding HITECH Act certification compliance.

Business Continuity Management / Disaster Recovery

Ryuk's Latest Victim: Tampa Bay Times

Akshaya Asokan • January 27, 2020

The Tampa Bay Times is the latest U.S. news organization hit with the Ryuk ransomware strain. The publication's parent company refused to pay the ransom and is continuing a recovery effort.

Breach Notification

Health Data Breach Not Reported for Seven Months

Marianne Kolbasuk McGee • January 27, 2020

A California healthcare provider took nearly seven months to report to regulators a phishing incident that exposed information on 200,000 patients. Security experts are analyzing whether the delay could be justifiable.

Cybercrime

US Agency Hit With N. Korean-Themed Phishing: Report

Akshaya Asokan • January 27, 2020

A spear-phishing campaign targeted a U.S. government agency for several months last year using emails with content about North Korea geopolitics as a lure, according to an analysis from Palo Alto Networks' Unit 42.

Application Security

Dave DeWalt on Securing Business-Critical Applications

Tom Field • January 27, 2020

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of Onapsis, a vendor focused on securing business-critical applications. In this exclusive interview, DeWalt opens up on application vulnerabilities, the evolution of the nation-state threat and technologies to watch in 2020.

Cybercrime

Stolen Payment Card Trafficking Mastermind Pleads Guilty

Scott Ferguson • January 24, 2020

Aleksey Burkov, who was extradited from Israel to the U.S. in November, plead guilty this week to several federal charges related to his site "Cardplanet," which trafficked in stolen payment card data.

Cybercrime

Hackers Target European Energy Firm: Researchers

Scott Ferguson • January 24, 2020

Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm Recorded Future.

Endpoint Security

Vulnerabilities Found in Some GE Healthcare Devices

Marianne Kolbasuk McGee • January 24, 2020

Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear. The company is working on patches.

Cyberwarfare / Nation-State Attacks

Analysis: New Details on the Hacking of Jeff Bezos' iPhone

Nick Holland • January 24, 2020

The latest edition of the ISMG Security Report offers an analysis of fresh details on the hacking of Amazon CEO Jeff Bezos' iPhone. Also featured: an update on Microsoft's exposure of customer service records; a hacker's take on key areas of cyber hygiene.

Cybercrime

Treasury Wants to Collect More Cyber Risk Details From Banks

Ishita Chigilli Palli • January 23, 2020

The U.S. Treasury Department is proposing to collect more information from banks and financial markets about the cybersecurity risks they face to help ensure the security of financial infrastructure.

Cybercrime

FBI Warns: Beware of Spoofed Job Application Portals

Akshaya Asokan • January 23, 2020

The FBI's Internet Crime Complaint Center has issued an alert warning that fraudsters are using spoofed job application portals and websites to steal personal information, including payment card details, from would-be applicants.