A Review of the Best News of the Week on Cybersecurity Management & Strategy
Delaware County Pays $500,000 Ransom After Outages (Infosecurity Magazine, Nov 30 2020)
Cyber insurance reported to cover the costs
Bomb Threat, DDoS Purveyor Gets Eight Years (Krebs on Security, Dec 01 2020)
A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, launching distributed denial-of-service (DDoS) attacks…
Inside North Korea’s Rapid Evolution to Cyber Superpower (Dark Reading, Dec 01 2020)
Researchers examine North Korea’s rapid evolution from destructive campaigns to complex and efficient cyber operations.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Former NSS Labs CEO Launches New Security Testing Organization (Dark Reading, Dec 01 2020)
Member-based CyberRatings.org to offer free to tiered paid access to tested security product and services ratings.
Report Claims CIA Controlled Second Swiss Encryption Firm (SecurityWeek, Nov 30 2020)
Swiss politicians have voiced outrage and demanded an investigation after revelations that a second Swiss encryption company was allegedly used by the CIA and its German counterpart to spy on governments worldwide.
Demand for private network deployments will be driven by heavy industry verticals (Help Net Security, Dec 01 2020)
With enterprise 5G maturing, the importance of private networks for the enterprise domain will continue to grow. According to ABI Research, the demand for private network deployments will be driven primarily by heavy industry verticals. Industrial manufacturing, energy production (including mining, oil and gas, and logistics) alone will generate private network revenues of $32.38 billion by 2030, representing half of the $64 Billion overall private network revenues.
A Broken Piece of Internet Backbone Might Finally Get Fixed (Wired, Dec 02 2020)
Efforts to secure the Border Gateway Protocol have picked up critical momentum, including a big assist from Google.
MasterChef Producer Hit by Double Extortion Ransomware (Infosecurity Magazine, Nov 30 2020)
French multinational Banijay reveals “cyber-incident”
Media Production Giant Banijay Hit by Ransomware (SecurityWeek, Nov 30 2020)
Banijay, one of the world’s largest media production and distribution companies, last week disclosed a cybersecurity incident that resulted in the theft of sensitive information.
Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers (Dark Reading, Nov 30 2020)
The Premier League English football (soccer) club team is reportedly being held to ransom by cyberattackers. Manchester United may face a difficult decision: whether to pay a ransom for release of its stolen data.
Denmark News Agency Refuses to Pay Hacker’s Ransom (Infosecurity Magazine, Nov 30 2020)
Cyber-attackers hoping to extort krone from Denmark’s biggest news agency hit a brick wall
Claims of ties between ransomware groups met with skepticism among threat researchers (SC Media, Dec 01 2020)
Just as some question the validity of supposed ties between the groups, or association with Russia’s Federal Counterintelligence Service, some see the claims as a potential red herring.
Tens of Dormant North American Networks Suspiciously Resurrected at Once (SecurityWeek, Nov 30 2020)
More than fifty networks in the North American region suddenly burst to life after being dormant for a long period of time, Spamhaus reveals.
The Supreme Court will finally rule on controversial US hacking law (Ars Technica, Nov 30 2020)
The government’s new reading of the CFAA surprised legal scholars.
Can’t Afford a Full-time CISO? Try the Virtual Version (Dark Reading, Dec 01 2020)
A vCISO can align a company’s information security program to business strategy and budgeting guidance to senior management.
Retail CISOs and the areas they must focus on (Help Net Security, Dec 01 2020)
In this interview, Matt Cooke, cybersecurity strategist, EMEA at Proofpoint, discusses the cybersecurity challenges for retail organizations and the main areas CISOs need to focus on. Generally, are retailers paying enough attention to security hygiene?
The three stages of security risk reprioritization (Help Net Security, Dec 02 2020)
What began as a two-week remote working environment, due to COVID-19 has now stretched past the nine-month mark for many. The impact of telework on organizations can be felt across departments, including IT and security, which drove the almost overnight digital transformation that swept across the globe.
How to effectively manage Shadow IT in the WFH era (SC Media, Dec 01 2020)
There’s really no perfect marriage between convenience and security. And to the dismay of security teams, employees will always do whatever they find convenient. In fact, there’s even a common name for it: Shadow IT.
Account Hijacking Site OGUsers Hacked, Again (Krebs on Security, Dec 02 2020)
For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked.
Hacker Who Stole Information From Nintendo Sentenced (SecurityWeek, Dec 03 2020)
A computer hacker who stole information from Nintendo and was also caught with child pornography on his computer was sentenced Tuesday to three years in prison.