Ireland continues to target Conti ransomware group infrastructure, says Craig Jones, director of cybercrime at Interpol.

'We're Hitting Ransomware Groups,' US and Allies Confirm

Mathew J. Schwartz • December 7, 2021

It's no surprise that as some ransomware-wielding criminals have been hitting healthcare, pipelines and other sectors that provide critical services, governments have been recasting the risk posed by ransomware not just as a business threat but as an urgent national security concern.

Blockchain & Cryptocurrency

Darknet Markets Advertise Fake COVID-19 Vaccine Passports

Latest

Governance & Risk Management

Hacking the US Government -- Legally

Jeremy Kirk • December 8, 2021

Most federal executive branch agencies in the U.S. now have vulnerability disclosure policies. John Jackson and Jackson Henry of the security research group Sakura Samurai say those policies ensure they don't get into legal trouble for helping improve cybersecurity.

Breach Notification

Incident Response: Best Practices in the Age of Ransomware

Mathew J. Schwartz • December 6, 2021

Good news on the breach prevention and incident response front: More businesses are getting more mature practices in place, although as attackers continue to improve their efforts, so too must defenders, says incident response expert Rocco Grillo of consultancy Alvarez & Marsal.

Cyberwarfare / Nation-State Attacks

Mandiant: SolarWinds Attackers Continue to Innovate

Prajeet Nair • December 6, 2021

A suspected Russian group blamed for the SolarWinds compromise in 2020 is continuing to innovate and is infiltrating technology services and resellers, according to a new report from Mandiant. Mandiant says the group, which it calls UNC2452 and Microsoft calls Nobelium, practices "top-notch operational security."

Access Management

Missouri Governor's Hack Accusation Loses Steam

Jeremy Kirk • December 6, 2021

In October, Missouri's governor accused a journalist of hacking after he alerted the state to exposed personal information on a state education website. Now, emails reveal that state planned on thanking him before it chose to pursue prosecution and that the FBI immediately dismissed the incident.

3rd Party Risk Management

Alert: 'Cuba' Ransomware Slams Critical Sector Organizations

Prajeet Nair • December 4, 2021

The FBI warns that the "Cuba" ransomware-wielding attackers have extorted $43.9 million in ransom payments from victims after compromising at least 49 organizations across five critical infrastructure sectors - financial services, government, healthcare, manufacturing and IT - since early November.

Account Takeover Fraud

ISMG Editors: Are We Close to Cracking Cybercrime Ecosystem?

Anna Delaney • December 3, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how the FBI has seized bitcoins from an alleged REvil ransomware affiliate, how to mitigate risks from BIN attacks and the latest COVID-19 trends globally.

Business Continuity Management / Disaster Recovery

Need to Negotiate a Ransomware Payoff? Newbies: Start Here

Anna Delaney • December 3, 2021

The latest edition of the ISMG Security Report features an analysis of best practices for negotiating a ransom payment. Also featured: Busting Zero Trust myths and the dangers of mythologizing defenders.

Critical Infrastructure Security

Cyber Officials Outline Critical Infrastructure Protections

Dan Gunderman • December 2, 2021

Several cybersecurity officials charged with safeguarding U.S. critical infrastructure on Thursday outlined both current progress and the complexity of today's network defense. Oversight officials also testifying before the House discussed top-line items that remain outstanding among major agencies.

Cybercrime

Report: Aberebot-2.0 Hits Banking Apps and Crypto Wallets

Soumik Ghosh • December 1, 2021

A new variant of the Aberebot banking Trojan has been discovered by Cyble's researchers. Christened Aberebot-2.0, the latest malware version not only uses more advanced spying capabilities, it also has increased its target list to 213 banking apps and nine crypto wallets in 22 countries.

Cybercrime

Banish Sequential Numbering: How to Combat 'BIN Attacks'

Suparna Goswami • December 1, 2021

In order to identify BIN attacks, it is important for payment card brands to leverage AI and automated systems for monitoring transaction data to look for unusual patterns, says Keri Crane, advisory technical product manager with Jack Henry & Associates. She also discusses mitigation tips.

Access Management

The ROI of Shift-Left Automated Testing

Information Security Media Group • December 1, 2021

Forrester evaluates the benefits of automated testing for the mainframe.

Access Management

The Evolution of Privileged User Monitoring for Mainframes

Information Security Media Group • December 1, 2021

Learn how the latest advances in privileged user monitoring can close windows of opportunity for attackers and keep business-critical data safe from credential theft, lateral attack movement, ransomware, and other threats.