Ransomware Operations Double Down on Data Leak Sites

Mathew J. Schwartz • December 3, 2021

Many ransomware-wielding attackers continue to rely on initial access brokers to easily gain deep access to victims' systems, allowing them to steal data and attempt to pressure victims into paying via data leak sites. Researchers say that the number of victims being listed on such sites has surged.

Endpoint Security

Ransomware: Best Practices for Negotiating a Ransom Payment

Latest

Account Takeover Fraud

ISMG Editors: Are We Close to Cracking Cybercrime Ecosystem?

Anna Delaney • December 3, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how the FBI has seized bitcoins from an alleged REvil ransomware affiliate, how to mitigate risks from BIN attacks and the latest COVID-19 trends globally.

Business Continuity Management / Disaster Recovery

Need to Negotiate a Ransomware Payoff? Newbies: Start Here

Anna Delaney • December 3, 2021

The latest edition of the ISMG Security Report features an analysis of best practices for negotiating a ransom payment. Also featured: Busting Zero Trust myths and the dangers of mythologizing defenders.

Critical Infrastructure Security

Cyber Officials Outline Critical Infrastructure Protections

Dan Gunderman • December 2, 2021

Several cybersecurity officials charged with safeguarding U.S. critical infrastructure on Thursday outlined both current progress and the complexity of today's network defense. Oversight officials also testifying before the House discussed top-line items that remain outstanding among major agencies.

Cybercrime

Report: Aberebot-2.0 Hits Banking Apps and Crypto Wallets

Soumik Ghosh • December 1, 2021

A new variant of the Aberebot banking Trojan has been discovered by Cyble's researchers. Christened Aberebot-2.0, the latest malware version not only uses more advanced spying capabilities, it also has increased its target list to 213 banking apps and nine crypto wallets in 22 countries.

Cybercrime

Identifying and Countering BIN Attacks

Suparna Goswami • December 1, 2021

In order to identify BIN attacks, it is important for payment card brands to leverage AI and automated systems for monitoring transaction data to look for unusual patterns, says Keri Crane, advisory technical product manager with Jack Henry & Associates. She also discusses mitigation tips.

Access Management

The ROI of Shift-Left Automated Testing

Information Security Media Group • December 1, 2021

Forrester evaluates the benefits of automated testing for the mainframe.

Access Management

The Evolution of Privileged User Monitoring for Mainframes

Information Security Media Group • December 1, 2021

Learn how the latest advances in privileged user monitoring can close windows of opportunity for attackers and keep business-critical data safe from credential theft, lateral attack movement, ransomware, and other threats.

Cyberwarfare / Nation-State Attacks

How to Stop a Potential Ransomware Attack Before it Happens

Information Security Media Group • December 1, 2021

In this on-demand webinar, you’ll learn how you can get out in front of the ransomware threat to stop hackers from locking down your data in the first place.

Fraud Management & Cybercrime

Why Today's Security Rhetoric is Harmful and Must Change

Anna Delaney • November 30, 2021

In her latest book, "Rhetoric of InSecurity: The Language of Danger, Fear and Safety in National and International Contexts," academic Victoria Baines questions the imagery and rhetoric we use to communicate safety and security issues, and details their unwelcome impact on the workforce.

3rd Party Risk Management

Japanese Electronics Giant Panasonic Discloses Data Breach

Dan Gunderman • November 30, 2021

Japanese multinational conglomerate Panasonic has disclosed a security breach that it says involved unnamed threat actors accessing servers on its network. The company says it detected the breach on Nov. 11. It was determined that some data on a file server had been accessed during the intrusion.

Governance & Risk Management

Securing Your Hybrid Workforce Using a SASE Approach

Geetha Nandikotkur • November 30, 2021

SASE adoption is being driven by numerous factors, including the opportunity to address the challenges with unmanaged applications and devices, providing greater visibility into various tasks, and ensuring consolidation of investments in the networking infrastructure to bring down the administrative cost, according to...

Cybercrime

The Best Gift for the Holidays? An Incident Response Plan

Anna Delaney • November 26, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why security teams are still unprepared for cyberattacks over weekends and holidays, which experts warn is when attackers love to strike.