In a quickly deleted post to its data leak site on Feb. 25, 2022, the Conti group declared its support for Russia's invasion of Ukraine (Source: Advanced Intelligence)

Conti Ransomware Group Retires Name After Creating Spinoffs

Mathew J. Schwartz • May 20, 2022

The Russian-language criminal syndicate behind the notorious Conti ransomware has retired that brand name, after having already launched multiple spinoffs to make future operations more difficult to track or disrupt, threat intelligence firm Advanced Intelligence reports.

Endpoint Detection & Response (EDR)

Five Eyes Alliance Warns MSPs About Targeted Cyberattacks

Latest

Application Security

Pathlock-Appsian Deal Combines App Governance, ERP Security

Michael Novinson • May 20, 2022

Pathlock has merged with Appsian to form a 500-person vendor that secures users and data across SAP and Oracle's ERP apps. Bringing Pathlock, Appsian and Security Weaver together will allow the firm to take a larger bite out of the $110 billion market focused on compliance testing for business apps.

Anti-Money Laundering (AML)

What Is Behind the Increase in Crypto Fraud?

Suparna Goswami • May 20, 2022

There has been a rise in crypto fraud, and a substantial portion of it can be attributed to stimulus funding and paycheck protection programs, says David Britton, vice president of strategy, global ID and fraud at Experian. He discusses new authentication methods and stricter regulations.

Business Continuity Management / Disaster Recovery

ISMG Editors: The Case of the 'Dr. Evil' of Ransomware

Anna Delaney • May 20, 2022

In the latest update, four ISMG editors discuss the alarming, bizarre case of a cardiologist in Venezuela charged with developing malware and recruiting affiliates, recent ransomware and data leak incidents in healthcare and how the economy is causing mature cybersecurity startups to slow hiring.

3rd Party Risk Management

Ransomware: What's Changed Since Colonial Pipeline Got Hit?

Mathew J. Schwartz • May 20, 2022

When Colonial Pipeline suffered an outage in May 2021 as a result of an attack by the DarkSide crime syndicate, numerous governments changed their approach to ransomware and began treating it as a national security threat, says Rapid7's Jen Ellis. She details what needs to happen next.

Critical Infrastructure Security

Feds Warn Health Sector of Top Russia-Backed APT Groups

Marianne Kolbasuk McGee • May 20, 2022

Federal authorities are alerting healthcare sector entities of threats posed by Russian state-sponsored cyber groups, including some linked to attacks on pharmaceutical and related firms. Meanwhile, other ransomware gangs continue their assaults on a variety of U.S. medical facilities.

Fraud Management & Cybercrime

DOJ Revises Policy for Good-Faith Security Researchers

Mihir Bagwe • May 20, 2022

The U.S. Department of Justice has revised its policy on who it charges with violations under the Computer Fraud and Abuse Act. The DOJ now specifies that good-faith security research and researchers cannot be charged under the CFAA because they help improve cybersecurity standards.

3rd Party Risk Management

Canada Bans Huawei, ZTE to Secure Telecom Systems

Prajeet Nair • May 20, 2022

Canada says it will no longer allow the use of products and services from China's Huawei Technologies and ZTE Corp. in its telecommunications systems. The government says its decision is based on reviews by independent security agencies and was made in consultation with its "closest allies."

3rd Party Risk Management

CISA Advises Federal Agencies to Patch VMware Flaws

Mihir Bagwe • May 19, 2022

An emergency directive from the U.S. Cybersecurity and Infrastructure Security Agency advises all federal agencies in the country to immediately patch and address two vulnerabilities - one with a critical CVSS score and the other with a high score - that affect at least five VMware products.

Critical Infrastructure Security

Ransomware Ecosystem: Big Changes Since Colonial Pipeline

Anna Delaney • May 19, 2022

The latest edition of the ISMG Security Report analyzes the changes in the ransomware landscape one year after the attack on Colonial Pipeline. It also revisits the Ryuk ransomware attack on a school district in Illinois and examines common culprits hindering effective Zero Trust adoption.

Access Management

Five Eyes Alliance Advises on Top 10 Initial Attack Vectors

Mihir Bagwe • May 18, 2022

Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.

Critical Infrastructure Security

CISA: Majority of US Government Will Get EDR Later in 2022

Michael Novinson • May 17, 2022

EDR deployments will be underway at more than half of federal civilian agencies by the end of September, according to federal officials. CISA is currently in the process of deploying EDR across 26 federal civilian agencies and expects to have work underway at 53 agencies by Sept. 30, 2022.

Business Continuity Management / Disaster Recovery

Conti Claims It Has 'Insiders' in Costa Rican Government

Mihir Bagwe • May 17, 2022

Ransomware group Conti, which has been holding to ransom crypto-locked Costa Rican government systems since April, has claimed on its leak site Conti News that it has "insiders" in the country's government, and that they are working toward the compromise of "other systems."