Percent of organizations - all prior victims of a ransomware attack - reporting they have required incident response plans and policies in place. (Source: Cybereason)

Essential Preparations for the Holiday Season Attack Surge

Anna Delaney • November 26, 2021

The latest edition of the ISMG Security Report features an analysis of how organizations can reduce risk especially over holidays and weekends, when attackers are most likely to strike. Also featured: Highlights from Ireland's IRISSCON 2021 cybercrime conference; what's ahead for COVID-19 and the workplace?

►

Cybercrime

CISA Leader: 'We've Not Seen a Change' in Ransomware Attacks

Latest

Cybercrime

The Best Gift for the Holidays? An Incident Response Plan

Anna Delaney • November 26, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why security teams are still unprepared for cyberattacks over weekends and holidays, which experts warn is when attackers love to strike.

Endpoint Security

Medical Data Exposed in Breach at True Health New Mexico

Jeremy Kirk • November 26, 2021

A health insurer in New Mexico is warning of a data breach that exposed customers' personal and medical information. True Health New Mexico reports that nearly 63,000 individuals' personal details were exposed in the "early October" incident. It's offering all victims prepaid credit monitoring services.

Cybercrime

Ukraine's Secret Service Busts 5 Alleged 'Phoenix' Hackers

Mihir Bagwe • November 25, 2021

The Secret Service of Ukraine has arrested five Ukrainian citizens on suspicion of being part of a cybercrime group called Phoenix, which it says has been tied to hacking hundreds of mobile devices, stealing personal data and also selling "hacking as a service" to others.

Fraud Management & Cybercrime

Synthetic ID Fraud: What to Look Forward to in 2022

Suparna Goswami • November 24, 2021

Automation, a good criminal network and the ability to use accounts as an alias are some of the factors contributing to synthetic ID fraud, says a panel of three experts.

Blockchain & Cryptocurrency

Cryptocrimes Proliferate: Ransomware, New Threat Campaigns

Prajeet Nair • November 24, 2021

Cryptocurrency exchange BTC-Alpha faces a ransomware attack; Morphisec researchers investigate malware that targets cryptocurrency, NFT communities on Discord; and RiskIQ researchers uncover fresh Aggah campaign that deploys clipboard hijacking code to swap a victim's cryptocurrency address.

Cybercrime

Report: China to Target Encrypted Data as Quantum Advances

Dan Gunderman • November 23, 2021

Chinese threat actors may increasingly look to steal sensitive, encrypted data in hopes of decrypting it with quantum computing technology in the years ahead, according to a new report. Researchers say Chinese threat actors may target government, business and academic data with long-term value.

Geo Focus: Asia

Profiles in Leadership: Steven Sim Kok Leong

Geetha Nandikotkur • November 23, 2021

CISOs need to be open to ideas and suggestions from their peers and other functions and exhibit thought leadership to establish collective defense thinking in fighting threats, says Steven Sim Kok Leong, president of ISACA, Singapore chapter and chair of OT-ISAC Executive Committee.

Business Continuity Management / Disaster Recovery

COVID and the Holidays: What You Need to Know

Tom Field • November 23, 2021

COVID-19 deaths are down in some parts of the U.S., but infection rates are up. What does this mean as the nation kicks off its holiday season with Thanksgiving? Pandemic expert Regina Phelps shares insight on how to approach the holidays and what it will take to attain an endemic state.

3rd Party Risk Management

'The Shared Responsibility That Cyberspace Is'

Anna Delaney • November 23, 2021

A new report by Huawei Technologies USA and Reuters calls for greater international collaboration around transparency and cyber accountability. "Just having requirements isn't good enough. There needs to be an ability to tell whether or not the requirements are being met," says CSO Andy Purdy.

Application Security

Update: GoDaddy Breach Hits Managed WordPress Customers

Mihir Bagwe • November 23, 2021

Web hosting giant GoDaddy confirms that a data breach which affected about 1.2 million of its active and inactive Managed WordPress customers, has also hit Managed WordPress users tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe.

Cybercrime

Cybersecurity Unplugged: Start on the Zero Trust Journey

Steve King • November 23, 2021

Drawing on his deep background in technology, government and law, cybersecurity adviser Tony Scott delves into many pressing issues in cybersecurity today - including zero trust. In this episode of "Cybersecurity Unplugged," he says organizations should get started on the journey now.

Blockchain & Cryptocurrency

Youth in $37 Million Crypto Heist; BitConnect Ponzi Payout

Prajeet Nair • November 20, 2021

A Canadian teenager is under arrest after allegedly stealing C$46 million ($37 million) in the latest cryptocurrency SIM swap scam. Meanwhile in the U.S., the Department of Justice is going to sell off $57 million worth of cryptocurrency seized from the BitConnect Ponzi scheme.