Cyber Insurer Sees Remote Access, Cloud Databases Under Fire

Mathew J. Schwartz • February 3, 2023

Criminals lately have been prioritizing two types of attacks: exploiting Remote Desktop Protocol and penetrating cloud databases. So warns cyber insurer Coalition, based on analyzing in-the-wild attacks seen in 2022 via underwriting and claims data, scans of IP addresses and honeypots.

►

Healthcare

Russian Sandworm APT Adds New Wiper to Its Arsenal

Will Hive Stay Kaput After FBI Busts Infrastructure?

Cybercrime

HHS, AHA Warn of Surge in Russian DDoS Attacks on Hospitals

Latest

Fraud Management & Cybercrime

Massive Ransomware Campaign Targets VMware ESXi Servers

Prajeet Nair • February 4, 2023

A massive automated ransomware campaign is targeting VMware ESXi hypervisors worldwide, warns CERT-FR, the French government's computer emergency readiness team that's part of the National Cybersecurity Agency of France. VMware is advising customers to patch affected servers and scan for malware.

Attack Surface Management

CrowdStrike CEO on Why It's Tough to Defend Sensitive Assets

Michael Novinson • February 3, 2023

Organizations today struggle with both new attack surface challenges such as cloud configuration and exposed buckets and long-standing ones around vulnerable ports and infrastructure. CEO George Kurtz says CrowdStrike's recent purchase of Reposify will help customers defend their priority assets.

Cyberwarfare / Nation-State Attacks

Hackers Posing as Ukrainian Ministry Deploy Info Stealers

Mihir Bagwe • February 3, 2023

Ukrainian and Polish cyber defenders are warning against a slew of phishing websites that mimic official sites, in particular a page that mimics the Ministry of Foreign Affairs of Ukraine. A hacking group likely comprised of Russian speakers uses the pages to lure users into downloading software.

Attack Surface Management

IBM Security GM on Seeing a Target Through the Hacker's Eyes

Michael Novinson • February 3, 2023

Companies can be blinded by their inside-out view and often benefit from another set of eyes that see their business the same way an attacker would, says IBM's Mary O'Brien. IBM's acquisition of attack surface management firm Randori gives clients another view of areas that need to be remediated.

Network Firewalls, Network Access Control

Jeetu Patel on Having a Consistent Design at Cisco Security

Michael Novinson • February 3, 2023

Cisco plans to debut a common design language across its network and security offerings so that products such as Cisco Meraki and Umbrella will no longer look or feel different from one another, says Jeetu Patel, executive vice president and general manager for security and collaboration at Cisco.

Governance & Risk Management

CEO Faitelson on How Varonis' SaaS Migration Helps Customers

Michael Novinson • February 3, 2023

Varonis has dedicated most of its engineering resources to SaaS since the onset of COVID-19 to provide more automation to customers, says CEO Yaki Faitelson. The company has focused on delivering robust data protection to customers without them having to dedicate hardware or personnel to the task.

Fraud Management & Cybercrime

Cyberattack Wave on Healthcare Reaches Florida and Maryland

Marianne Kolbasuk McGee • February 3, 2023

A Florida healthcare system says it is diverting emergency patients and is only accepting certain Level 1 trauma cases while it deals with an "IT security incident." Meanwhile, a Maryland hospital is responding to its own ransomware incident.

Network Detection & Response

Proofpoint CEO on Thwarting Post-Compromise Lateral Movement

Michael Novinson • February 3, 2023

Proofpoint has focused on preventing cyberattacks, but customers have increasingly asked for help with blocking lateral movement from compromised identities, says CEO Ashan Willy. Acquiring Illusive in December will help Proofpoint block identity attack paths when a user is compromised.

Cloud Security

Wiz CEO on the Need to Consolidate Cloud Security Technology

Michael Novinson • February 3, 2023

The cloud security landscape has long been fragmented, and different vendors attempt to separately address containers, serverless and vulnerabilities, says Wiz CEO Assaf Rappaport. Consolidating detection, vulnerability and misconfiguration data in a single place reduces the noise for clients.

Leadership & Executive Communication

World Economic Forum's Cybersecurity Outlook 2023 Highlights

Anna Delaney • February 3, 2023

According to the World Economic Forum, geopolitical instability has helped to close the perception gap between business and cyber leaders' views on the importance of cyber risk management, and "91% of all respondents" believe that "a far-reaching, catastrophic cyber event" is on the horizon.

Fraud Management & Cybercrime

ISMG Editors: Does US Takedown Mark Hive Group's Demise?

Anna Delaney • February 3, 2023

In the latest weekly update, ISMG editors discuss the lasting effects of the takedown of the Hive ransomware group, why the U.S. government is warning of a surge in Russian DDoS attacks on hospitals, and why the lack of transparency in U.S. breach notices is creating more risk for consumers.

Artificial Intelligence & Machine Learning

Scottish Schools' Use of Facial Recognition Violated GDPR

Akshaya Asokan • February 2, 2023

A Scottish school system decided not to use facial recognition in its secondary school cafeterias after international outcry. The U.K. Information Commissioner's Office said Tuesday that the North Ayrshire Council failed to obtain freely given consent for the system.