HHS, AHA Warn of Surge in Russian DDoS Attacks on Hospitals

Marianne Kolbasuk McGee • January 30, 2023

Government authorities and industry groups are warning the healthcare sector of ongoing distributed denial-of-service attacks on hospitals and other medical entities by Russian nuisance hacking group KillNet, whose name comes from a tool used to launch DDoS attacks.

Cyberwarfare / Nation-State Attacks

EU PEGA Committee Hears Call for Policy Overhaul on Spyware

Latest

Governance & Risk Management

Tenable's $25M Venture Capital Fund Seeks Early-Stage Firms

Michael Novinson • January 30, 2023

Tenable has debuted a $25 million corporate investment program to support prevention-focused startups focused on technologies such as cloud, OT and identity. The Baltimore-area exposure management vendor says Tenable Ventures plans to scour Israel and the United States for startups.

Governance & Risk Management

Are We Doomed? Not If We Focus on Cyber Resilience

Steve King • January 30, 2023

In this episode of "Cybersecurity Unplugged," Patricia Muoio, a partner at SineWave Ventures, discusses the need for cyber resilience as security leaders face the inevitable stream of cybercrimes, how to achieve it through a zero trust approach, and how CISOs and the government can help.

Cyberwarfare / Nation-State Attacks

Ukraine Links Media Center Attack to Russian Intelligence

Mihir Bagwe , Prajeet Nair • January 28, 2023

Ukraine traced a cyberattack that delayed a press briefing by the nation's information protection agency Tuesday to Russian Sandworm hackers. The group, which is accused of using wiper malware to disrupt the Ukrainian national Media Center, has close ties to the Russian GRU, investigators say.

Endpoint Security

European IoT Manufacturers Lag in Vulnerability Disclosure

Akshaya Asokan • January 27, 2023

A review of internet of things manufacturers by Copper Horse shows that European companies fared the worst in having vulnerability disclosure policies. The European Commission has proposed legislation known as the Cyber Resilience Act that would make vulnerability disclosure policies mandatory.

Biometrics

Payments Rules Bring Customer Authentication to Forefront

Michael Novinson • January 27, 2023

Payment regulations in Europe have forced retailers to implement strong authentication that's phishing-resistant and facilitates more customer understanding, says FIDO Alliance's Christina Hulka. This has spurred a push for clients to confirm what they're purchasing and how much they wish to spend.

Fraud Management & Cybercrime

ISMG Editors: Why Are Ransomware Profits Dipping?

Anna Delaney • January 27, 2023

In the latest weekly update, four ISMG editors discuss why it pays off to have well-practiced incident response plans, whether ChatGPT is a blessing or a curse for penetration testers and bug bounty hunters, and how Microsoft has reason to be cheerful as security sales hit $20 billion.

Fraud Management & Cybercrime

Targets of Opportunity: How Ransomware Groups Find Victims

Mathew J. Schwartz • January 27, 2023

As ransomware continues to pummel numerous sectors, and lately especially the manufacturing industry, how does any given organization end up becoming a target or victim? Cybercrime watchers say the answer involves initial access brokers, botnets, targets of opportunity and, above all, profit.

Geo Focus: The United Kingdom

UK Insurers Mostly Withstand Cyber Stress Test

David Perera • January 26, 2023

A periodic stress test assessment of U.K. insurers by the Bank of England found underwriters mostly withstood extreme cyber events. Still, underwriters may not be operating from the same set of assumptions when it comes to the likelihood of having to manage an actual extreme cyber event.

Cyberwarfare / Nation-State Attacks

UK Warns of Surge in Russian, Iranian APT Phishing Threats

Akshaya Asokan • January 26, 2023

Russian and Iranian state-sponsored hackers are using advanced social engineering tactics to target journalists, defense organizations and academic and civil society organizations in the U.K. for cyberespionage campaigns, the British National Cyber Security Center warns.

Fraud Management & Cybercrime

Facebook, Instagram Blasted for 'Lame' Security Practices

Anna Delaney , Cal Harrison • January 26, 2023

Meta's popular social media platforms are increasingly being targeted by cybercriminals, and account takeover complaints rose over 1,000% last year. This social threat is spilling over into banks and government agencies, and experts criticize Meta for moving too slowly to address security issues.

Next-Generation Technologies & Secure Development

Venture Capitalist: Now Is an Ideal Time to Invest in Cyber

Tom Field • January 26, 2023

Valuations are down, some companies have left the market altogether, and some even have announced deep rounds of layoffs. Yet, Alberto Yépez of Forgepoint Capital retains optimism for the cybersecurity marketplace in 2023 and says now is the ideal time to be ramping up investments in innovation.

Cybercrime

Reported Data Breaches in US Reach Near-Record Highs

Mathew J. Schwartz • January 25, 2023

Data breaches in 2022 hit near-record levels as U.S. organizations issued 1,802 data breach notifications and more than 400 million individuals were affected. But only 34% of breach notifications included actionable information for consumers whose information was exposed.