Grant Schneider of Venable and three ISMG editors discuss preparedness, response and resilience in light of the Ukraine-Russia crisis; the White House and allies’ efforts to counter ransomware; and future guidance to expect from the Biden administration's cybersecurity executive order.
As fresh wiper malware attacks target Ukrainian government and financial services organizations and contractors, security experts are urging organizations outside the country to avoid catastrophizing and stay focused on maintaining basic, essential cybersecurity defenses.
Russia-linked threat actor Sandworm aka Voodoo Bear has been found using a new malware, dubbed Cyclops Blink. Law enforcement and intelligence agencies in the U.S. and the U.K. have shared details of the malware, as well as the threat group's TTPs and indicators of compromise.
Technology giant ASUS subsidiary Asustor, which specializes in network-attached storage devices, on Friday issued updated guidelines on eliminating the Deadbolt ransomware strain from its NAS devices.
What's the price of a ransomware hit that disrupts a nation's critical infrastructure? Beyond months of patient disruption, Ireland's Health Service Executive says the May 2021 Conti ransomware attack against it could lead to $110 million in cleanup costs, plus more to revamp its IT infrastructure.
NBC News reports that President Joe Biden has been given a menu of options for conducting offensive cyber strikes again Russia. But the White House's press secretary says the report is "off base and does not reflect what is actually being discussed in any shape or form."
As Russia's military invasion and cyberattacks on Ukraine escalate, critical infrastructure entities, including those in the health sector of the U.S. and other countries condemning Russia's actions, must also be on high alert for potentially disruptive cyber assaults, some experts warn.
The ISMG Security Report analyzes the latest updates on the Ukraine-Russia crisis and offers cyber resiliency tips for organizations. It also describes how the Conti ransomware group has hired TrickBot malware developers and revisits one of the largest ransomware attacks ever in the U.S.
On this week's "Sound Off," attorney Lisa Sotto demonstrates how Colonial Pipeline did "a lot right" in its response to the DarkSide ransomware attack that led the firm to shut down operations for nearly a week last May. She shares best practices for enterprises to improve incident response plans.
The Conti ransomware group has a new trick up its sleeve: hiring "multiple elite developers and managers" to essentially acquire the venerable TrickBot malware operation, which it has been using for the past year to better distribute its ransomware, says threat intelligence firm Advanced Intelligence.
In 2021, there was a spike in cybercrime, and the focus changed for threat actors from several countries, particularly Russia and China. Cybersecurity firm CrowdStrike provides an overview of the changes, analyzes the takedown of Russian threat actor REvil and adds to its list of adversaries.
Botnet attacks have affected multiple organizations recently, resulting in web scraping as well as theft of financial information. They include a massive bot attack to scrape data from a job listing site and a TrickBot malware attack targeting 60 high-profile companies.
Are data breaches getting worse? So far for 2021, the number of records that were reportedly exposed declined slightly, while the total number of reported data breaches increased both in the U.S. and globally.
In the latest weekly update, four ISMG editors discuss how ransomware attacks got worse in 2021, the backlash from privacy experts sparked by the IRS' decision - now changed - to use facial recognition technology on American taxpayers, and why cybersecurity fosters competitive advantage.
Things are not always what they seem, says incident response expert Joseph Carson, pointing to a case involving ransomware that infected a company in Ukraine, but for which there was no external attack path. Ultimately, his investigation found that ransomware had been used to hide internal fraud.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.