Latest

Business Continuity Management / Disaster Recovery

Paying a Ransom: Does It Really Encourage More Attacks?

Doug Olenick  •  May 14, 2021

Some cybersecurity experts question the contentions of Speaker of the House Nancy Pelosi and another member of Congress, who say a $5 million ransom reportedly paid by Colonial Pipeline Co. after being hit by DarkSide ransomware would serve as a catalyst for attacks on other critical infrastructure providers.

►

Cybercrime

ISMG Editors’ Panel: Analysis of Colonial Pipeline Attack

Anna Delaney  •  May 14, 2021

Four editors at Information Security Media Group discuss the Colonial Pipeline attack, providing insights on the DarkSide ransomware gang and securing critical infrastructure.

Endpoint Security

Patched Wi-Fi Vulnerabilities Posed Risks to All Users

Prajeet Nair  •  May 14, 2021

A Belgian security researcher says he uncovered vulnerabilities that affect all modern Wi-Fi security protocols and most wirelessly connected devices, including smartphones, routers and IoT devices. Many tech companies have fixed the flaws to avoid leaks of user data.

Critical Infrastructure Security

Teardown: Inside the Colonial Pipeline Ransomware Attack

Anna Delaney  •  May 14, 2021

Diving into the Colonial Pipeline ransomware attack - culprits, impact, recovery, and the increasing political firestorm it’s triggered - is the focus of the latest edition of the ISMG Security Report. Security leaders weigh in on the attack's significance and potential long-term ramifications.

Fraud Management & Cybercrime

Biden: Russian Government Not Behind Colonial Pipeline Attack

Doug Olenick  •  May 13, 2021

President Joe Biden says the Russian government was not behind the ransomware attack that struck Colonial Pipeline Co. May 7, but he said attackers living in Russia were involved.

►

3rd Party Risk Management

Colonial Pipeline Attack: 'We're Simply Unprepared'

Tom Field  •  May 13, 2021

As former CISO of Pacific Gas & Electric, Bernie Cowens knows plenty about cyber securing the nation's critical infrastructure. He shares his informed opinion on the Colonial Pipeline ransomware attack and what public and private sector entities must do to shore up key defenses.

Fraud Management & Cybercrime

Android Trojan Targets European Bank Customers

Akshaya Asokan  •  May 13, 2021

A newly uncovered Android Trojan called TeaBot is targeting bank customers in Europe to steal sensitive credentials and SMS texts for financial fraud, a report by security firm Cleafy notes.

3rd Party Risk Management

Biden Signs Sweeping Executive Order on Cybersecurity

Doug Olenick  •  May 12, 2021

President Joe Biden signed an extensive executive order Wednesday that describes the government's plan to increase cybersecurity protection across the public and private sectors as well as secure the nation's infrastructure against the type of attack that targeted SolarWinds and its customers.

Breach Notification

Colonial Pipeline Attack Leads to Calls for Cyber Regs

Scott Ferguson  •  May 12, 2021

The ransomware attack against Colonial Pipeline, which has disrupted the flow of gasoline and other petroleum products throughout the eastern U.S. since Friday, is prompting members of Congress to call for new cybersecurity regulations and ask probing questions about regulators' scrutiny of security measures.

►

Critical Infrastructure Security

Colonial Pipeline Attack: 'All Monsters Are Human'

Tom Field  •  May 12, 2021

In April, Cybereason published a blog describing its research into the DarkSide ransomware strain that infected Colonial Pipeline this past week. Sam Curry, CSO of Cybereason, shares insights on DarkSide and the tactics behind the new breed of ransomware attacks.

►

Critical Infrastructure Security

Colonial Pipeline: 'A Global Day of Reckoning'

Tom Field  •  May 11, 2021

Gregory Touhill, the retired Air Force general and former federal CISO under President Obama, minces no words when he describes the Colonial Pipeline ransomware attack as a "global day of reckoning" for critical infrastructure protection.

Business Continuity Management / Disaster Recovery

Assessing Whether a Nation-State Had a Role in Pipeline Attack

Steve King  •  May 11, 2021

Tom Kellerman of VMware Carbon Black shares his opinions about whether a nation-state was behind the recent ransomware attack on Colonial Pipeline and what the U.S. government should do to prevent other cyberattacks.