GandCrab Ransomware: Cat-and-Mouse Game Continues

Mathew J. Schwartz • November 16, 2018

A new, free decryptor has been released for "aggressive" crypto-locking ransomware called GandCrab. Researchers say GandCrab has come to dominate the ransomware-as-a-service market, earning its development team an estimated $120,000 per month.

Data Breach

Cracking Down on Criminals' Use of Encrypted Communications

Latest

3rd Party Risk Management

China's Hack Attacks: An Economic Espionage Campaign

Nick Holland • November 16, 2018

An analysis of China's surging hack attacks as part of an economic espionage campaign leads the latest edition of the ISMG Security Report. Also: Choosing the right MSSP, plus an analysis of the recent hijacking of Google traffic.

Cybercrime

Romanian Hacker 'Guccifer' Extradited to US

Mathew J. Schwartz • November 15, 2018

The notorious Romanian hacker known as Guccifer, who revealed the existence of Hillary Clinton's private email server and admitted to hacking numerous email and social media accounts, has been extradited from Romania to begin serving his 52-month U.S. prison sentence.

Critical Infrastructure Security

Congress Approves New DHS Cybersecurity Agency

Howard Anderson • November 14, 2018

The United States will soon officially have a single agency that takes the lead role for cybersecurity. Congress has passed legislation to establish the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security. The measure awaits President Trump's signature.

Next-Generation Technologies & Secure Development

Threat Intelligence: Less Is More

Mathew J. Schwartz • November 13, 2018

Less can be more when it comes to gathering, consuming and acting on threat intelligence, says Bryn Norton, director of solutions architecture and security at telecommunications giant CenturyLink.

Business Email Compromise (BEC)

French Cinema Chain Fires Dutch Executives Over 'CEO Fraud'

Mathew J. Schwartz • November 13, 2018

French film production and distribution company Pathe fired the two senior managers overseeing its Dutch operations after they fell victim to a business email compromise scam and approved $21 million in transfers to fraudsters. Many organizations remain at high risk from such scams.

Cyberwarfare / Nation-state attacks

Chinese Cyber Threat: NSA Confirms Attacks Have Escalated

Mathew J. Schwartz • November 12, 2018

With cyber espionage attacks from China escalating over the past year, the NSA's Rob Joyce says the U.S. government is responding in multiple ways via a process of "defending forward" and "continuous engagement" that includes dumping foreign APT hackers' malware toolkits online for all to see.

Governance

CISO Job Mandate: Be a 'Jack or Jill' of All Trades

Mathew J. Schwartz • November 12, 2018

The days of effective CISOs being pure-play technologists are long gone. Instead, CISO Paul Swarbrick says the role demands someone who is expert "in people, and management and risk," and who is skilled at bringing to bear the right experts for every strategic challenge they identify.

3rd Party Risk Management

Tips for Getting the Most From an MSSP

Marianne Kolbasuk McGee • November 12, 2018

How can organizations get the most out of partnering with managed security services providers and avoid common pitfalls? Cybersecurity consultant Vito Sardanopoli, an experienced CISO, offers top tips.

Endpoint Security

Priority: Frictionless Transactions Over Fraud Prevention

Mathew J. Schwartz • November 9, 2018

As the pace of technology innovation continues to quicken - including the ability to make payments via everything from Alexa to Facebook Messenger - risk-based security is imperative to maintain a frictionless customer experience, says Tim Ayling of Kaspersky Lab.

Cyberwarfare / Nation-state attacks

Election Hacking Probe Gets New Boss After Sessions Quits

Jeremy Kirk • November 8, 2018

U.S. Attorney General Jeff Sessions resigned on Thursday at the request of President Donald Trump. While long expected, the move raises questions about the fate of an ongoing investigation into Russia's election hacking.

Cybercrime

Dutch Police Bust 'Cryptophone' Operation

Mathew J. Schwartz • November 8, 2018

Once again, a supposedly secure service allegedly marketed to criminals has proven to have limits. Dutch police have busted a "cryptophone" operation, allowing them to decrypt more than 258,000 encrypted chat messages, leading to a drug lab bust, 14 arrests and the seizure of cash, drugs and weapons.

General Data Protection Regulation (GDPR)

How Cyber Insurance Is Changing in the GDPR Era

Mathew J. Schwartz • November 7, 2018

Although the EU's General Data Protection Regulation only went into full effect on May 25, its mandatory privacy breach notifications are already having an effect on the cyber insurance marketplace, says Thomas Clayton of Zurich Insurance.