Polish army Leopard 2A tanks just before multinational training exercises in Eastern Europe on May 14, 2022 (Image: U.S. Army Capt. Tobias Cukale/DOD)

Russian Nuisance Hacking Group KillNet Targets Germany

Mihir Bagwe • January 27, 2023

A pro-Kremlin hacking group with a history of launching distributed denial-of-service attacks took its annoyance tactics to Germany following Berlin's announcement that it will ship Leopard 2 battle tanks to Ukraine's front lines. A German government spokesperson said the attacks had minimal effect.

Critical Infrastructure Security

What Federal Charges Against Bitzlato Mean for Cybercrime

Latest

Endpoint Security

European IoT Manufacturers Lag in Vulnerability Disclosure

Akshaya Asokan • January 27, 2023

A review of internet of things manufacturers by Copper House shows that European companies fared the worst in having vulnerability disclosure policies. The European Commission has proposed legislation known as the Cyber Resilience Act that would make vulnerability disclosure policies mandatory.

Biometrics

Payments Rules Bring Customer Authentication to Forefront

Michael Novinson • January 27, 2023

Payment regulations in Europe have forced retailers to implement strong authentication that's phishing-resistant and facilitates more customer understanding, says FIDO Alliance's Christina Hulka. This has spurred a push for clients to confirm what they're purchasing and how much they wish to spend.

Fraud Management & Cybercrime

ISMG Editors: Why Are Ransomware Profits Dipping?

Anna Delaney • January 27, 2023

In the latest weekly update, four ISMG editors discuss why it pays off to have well-practiced incident response plans, whether Chat GPT is a blessing or a curse for penetration testers and bug bounty hunters, and how Microsoft has reason to be cheerful as security sales hit $20 billion.

Fraud Management & Cybercrime

Targets of Opportunity: How Ransomware Groups Find Victims

Mathew J. Schwartz • January 27, 2023

As ransomware continues to pummel numerous sectors, and lately especially the manufacturing industry, how does any given organization end up becoming a target or victim? Cybercrime watchers say the answer involves initial access brokers, botnets, targets of opportunity and, above all, profit.

Geo Focus: The United Kingdom

UK Insurers Mostly Withstand Cyber Stress Test

David Perera • January 26, 2023

A periodic stress test assessment of U.K. insurers by the Bank of England found underwriters mostly withstood extreme cyber events. Still, underwriters may not be operating from the same set of assumptions when it comes to the likelihood of having to manage an actual extreme cyber event.

Cyberwarfare / Nation-State Attacks

UK Warns of Surge in Russian, Iranian APT Phishing Threats

Akshaya Asokan • January 26, 2023

Russian and Iranian state-sponsored hackers are using advanced social engineering tactics to target journalists, defense organizations and academic and civil society organizations in the U.K. for cyberespionage campaigns, the British National Cyber Security Center warns.

Fraud Management & Cybercrime

Facebook, Instagram Blasted for 'Lame' Security Practices

Anna Delaney , Cal Harrison • January 26, 2023

Meta's popular social media platforms are increasingly being targeted by cybercriminals, and account takeover complaints rose over 1,000% last year. This social threat is spilling over into banks and government agencies, and experts criticize Meta for moving too slowly to address security issues.

Next-Generation Technologies & Secure Development

Venture Capitalist: Now Is an Ideal Time to Invest in Cyber

Tom Field • January 26, 2023

Valuations are down, some companies have left the market altogether, and some even have announced deep rounds of layoffs. Yet, Alberto Yépez of Forgepoint Capital retains optimism for the cybersecurity marketplace in 2023 and says now is the ideal time to be ramping up investments in innovation.

Cybercrime

Reported Data Breaches in US Reach Near-Record Highs

Mathew J. Schwartz • January 25, 2023

Data breaches in 2022 hit near-record levels as U.S. organizations issued 1,802 data breach notifications and more than 400 million individuals were affected. But only 34% of breach notifications included actionable information for consumers whose information was exposed.

Cloud Security

Microsoft 365 Cloud Service Outage Disrupts Users Worldwide

Mathew J. Schwartz • January 25, 2023

Microsoft blamed an internal network configuration change for outages that disrupted access to Microsoft 365 services, including Microsoft Teams and Outlook, for users around the world. The change has been rolled back and additional infrastructure added to speed restoration, it says.

Cybercrime

North Korean Crypto Hackers Keep Nose to the Grindstone

Mihir Bagwe • January 25, 2023

A North Korean hacking group tracked by cybersecurity firm Proofpoint as TA444 in December unleashed a torrent of spam in a bid to harvest credentials - evidence of a hacking group that mirrors "startup culture in its devotion to the dollar and to the grind."

Government

VA: Contractors Have 1 Hour to Report a Security Incident

Marianne Kolbasuk McGee • January 24, 2023

An update to acquisition regulations within the Department of Veterans Affairs says that contractors have one hour to report a security and privacy incident. The clock starts ticking after the incident has been discovered. The department says the rule change only codifies an existing requirement.