In encryption-less attacks, ransomware gangs steal large volumes of sensitive data, including terabytes of information, without locking up systems. Attackers leverage the value of the stolen data as a means to coerce organizations into paying ransoms to avert data release.
Conventional wisdom recommends to never negotiate with ransomware actors. They can't be trusted. But Mark Lance at GuidePoint Security recently made the case that organizations can gather important information through negotiations, slow down the process and even lower the ransom demand.
Browser security and microsegmentation play critical roles in stemming the bleeding from ransomware attacks, as "almost always the attacks come from a point-based browser vector," said Spencer Tall, managing director, AllegisCyber Capital. He shared two approaches to ensure secure browser adoption.
In the latest weekly update, ISMG editors discuss important cybersecurity and privacy issues including highlights of interviews at Black Hat 2023, lessons learned from the success of the Lapsus$ cybercrime group's attacks and why Check Point is buying startup Perimeter 81 for $490 million.
While consolidating third-party risks into one document is important, it is equally vital to introduce artificial intelligence into various elements of your third-party risk management program, said Jonathan Pineda, CISO and DPO at the Government Service Insurance System in the Philippines.
Keeping your organization secure is top of mind. But to compete, the priorities are innovation, growth, and new initiatives. The former can strategically support both of the latter.
In this whitepaper, uncover how:
Prioritizing cybersecurity can transform your business;
Embracing digital transformations, and...
This week's roundup of digital assets-related cybersecurity incidents includes Argentina's investigation into WorldCoin; hackers' exploitation of Libbitcoin; Zunami and RocketSwap; Curve Finance's compensation plans for hack victims; the FBI's $1.7 million forfeiture; and X's crypto scam problem.
This week, Raccoon Stealer returned, hackers used QR codes, Belarus ISPs were used to spy on diplomats, Geico reported a MOVEit breach, an Israeli hospital dealt with ransomware extortion, Clorox took systems offline after an attack, and researchers found flaws in AudioCodes phones and Zoom's ZTP.
Hackers wielding generative artificial intelligence tools have yet to pose a serious cybersecurity risk, say researchers at Google's threat intelligence group Mandiant, as they sound the alarm instead about a rise in information operations featuring AI-generated fake images and video.
Property listings nationwide are being disrupted due to an apparent ransomware attack against California-based Rapattoni, which hosts Multiple Listing Services used by real estate brokers to list, market and sell properties. Rapattoni said it's not clear when its systems might be back online.
The LockBit ransomware-as-a-service group may have become a victim of its own success, having grown "too fast and too quick," to the point where its infrastructure and ability to handle affiliates' requests is lagging, leading many to desert the operation, says ransomware researcher Jon DiMaggio.
U.S. authorities seized a web-hosting company used by ransomware hackers in a joint operation with Polish authorities that resulted in the arrest of five individuals and the indictment of the site's owner. The site, LolekHosted, now displays a banner showing its seizure by the FBI and the IRS.
Public companies disclosing a cyber incident under the new U.S. reporting requirements should focus on the business impact and stay away from the technical pieces, said Venable's Grant Schneider. The disclosure should examine how the incident will affect revenue, profitability and public perception.
In the latest weekly update, ISMG editors discuss the White House's debut of a $20 million contest to exterminate bugs with AI, a New York man admitting to being behind the Bitfinex hack, and a new malware campaign that is targeting newbie cybercriminals in order to steal sensitive information.
In an after-action report on how the Lapsus$ crime group hacked "dozens of well-defended companies with low-complexity attacks," the U.S. Cyber Safety Review Board urges organizations to implement more robust two-factor authentication systems, plus regulations to combat SIM swapping.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.