Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.
Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems. But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta.
Data breaches are tricky to cover, and we want to report on them in an ethical way. That requires picking what should be reported for informed public discourse but avoiding topics that may encourage attackers' efforts to shame victims into paying a ransom and anything resembling data dump voyeurism.
After the collapse of the FTX cryptocurrency exchange, I received a small postcard from Japan. The sender was Mt. Gox. Here's how I bought a bitcoin for $12 and had a painful front-row seat for the first big cryptocurrency exchange collapse, plus some thoughts about cryptocurrency.
A decade ago, ransomware was one of the internet's petty street crimes, but it has now evolved into a major threat. Tech reporter Renee Dudley, the co-author of a new book titled "The Ransomware Hunting Team," says the FBI lost ground early on in the fight against ransomware.
The arrest of a Ukrainian national long wanted on cybercrime charges in the U.S. shows that with much patience, law enforcement can nab suspects. A key member of the JabberZeus gang, which stole tens of millions of dollars, was arrested in Geneva.
The stark consequences of ransomware became painfully clear in Australia this week as attackers began releasing data from health insurer Medibank, one of the country's largest health insurers. Also, leaked chat logs reveal how the attackers accessed Medibank's systems.
Who is attempting to extort Australian health insurer Medibank? Why did Medibank tell its attackers it wouldn't pay a ransom? Will this deter future cyber extortionists? Here are a few thoughts on the high cybercrime drama playing out.
Should Australia's Medibank health insurer pay extortionists to prevent the release of sensitive medical documents related to millions of Australians? There's no easy answer to remedying what is the most severe cybercriminal incident in Australian history.
Is Australia's data breach wave a coincidence, bad luck or intentional targeting? Maybe all three. But the security weaknesses that have led to the incidents are not exotic. And the people behind these attacks are most likely workaday cybercriminals, not top-level nation-state attackers.
Australia's data breach debacle expanded on Thursday. Cyber extortionists who attacked Australian health insurer Medibank provided proof of their hack of medical data. Also, stolen data from Australian wine retailer Vinomofo was put up for sale on a Russian-language forum.
Personal data from MyDeal, a marketplace owned by Australia's Woolworths Group grocery chain, has appeared for sale on a data leak forum. It comes as wine retailer Vinomofo disclosed a breach and as the Optus telecommunications breach continues to fuel data security concerns in Australia.
What if you were hired for an office job but ended up negotiating with cybercriminals? There aren’t many rules around ransomware, but this is a story about one rule that was definitely broken. By the end, the path to the truth led to a place on the other side of the world where no one wanted to be.
The person who stole nearly 10 million customer records from Australian telco Optus withdrew their AU$1.5 million extortion attempt after suddenly releasing 10,000 customer records. Also, Optus says it has not paid a ransom as it grapples with one of the largest data breaches in the country.
Australia's Optus telco is facing a $1 million extortion demand to prevent the release of up to 11.2 million sensitive customer records. The data appears to be legitimate. The attacker tells Information Security Media Group an unauthenticated API led to the breach.
A criminal investigation is underway into a breach at Optus, Australia’s second-largest telecommunications company. Optus' CEO says the company will notify those affected. It's unknown so far who perpetrated the attack, and the data has not appeared on the dark web.