A Review of the Best News of the Week on Cybersecurity Management & Strategy
The FBI’s Anom Stunt Rattles the Encryption Debate (Wired, Jun 11 2021)
The agency spent years running a secure phone network for criminals. So much for “going dark.”
Most Ransomware Victims Are Hit Again After Paying (Infosecurity Magazine, Jun 16 2021)
In half of cases, victim organizations were attacked by the same group
VPNs and Trust (Schneier on Security, Jun 16 2021)
TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices…
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
COO Charged in Georgia Hospital Cyber-attack (Infosecurity Magazine, Jun 11 2021)
Federal grand jury indicts security startup COO over 2018 attack on Gwinnett Medical Center
How Does One Get Hired by a Top Cybercrime Gang? (Krebs on Security, Jun 15 2021)
The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware.
Trickbot Investigation Shows Details of Massive Cybercrime Effort (Dark Reading, Jun 11 2021)
Nearly a score of cybercriminals allegedly worked together to create the Trickbot malware and deploy it against more than a million users, an unsealed indictment claims.
McDonald’s Data Breach Exposed Business & Customer Data (Dark Reading, Jun 11 2021)
An investigation has revealed company data has been breached in the United States, South Korea, and Taiwan.
Biden Opposes Conditional Handover of Cyber-criminals (Infosecurity Magazine, Jun 14 2021)
Biden snuffs out Putin’s proposal to agree to conditional handover of cyber-criminals between Russia and US
Texas to Publish Data Breach Notifications (Infosecurity Magazine, Jun 10 2021)
New law requires data breaches affecting 250 or more Texas residents to be posted online
Wray: FBI Frowns on Ransomware Payments Despite Recent Trend (SecurityWeek, Jun 11 2021)
The FBI’s director told lawmakers Thursday that the bureau discourages ransomware payments to hacking groups even as major companies in the past month have participated in multimillion-dollar transactions aimed at getting their systems back online.
REvil Claims Responsibility for Invenergy Hack (Infosecurity Magazine, Jun 14 2021)
Ransomware group that attacked JBS says it also hacked Chicago-based clean energy company
NATO Warns it Will Consider a Military Response to Cyber-Attacks (Infosecurity Magazine, Jun 15 2021)
NATO has issued a communique stating it will consider invoking Article 5 in response to cyber-attacks on a case by case basis
Reality Winner, NSA Contractor in Leak Case, Out of Prison (SecurityWeek, Jun 15 2021)
A former government contractor who was given the longest federal prison sentence imposed for leaks to the news media has been released from prison to home confinement, a person familiar with the matter told The Associated Press on Monday.
Andrew Appel on New Hampshire’s Election Audit (Schneier on Security, Jun 15 2021)
Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire.
IKEA Fined $1.2m for Spying on Employees (Infosecurity Magazine, Jun 15 2021)
French court fines Swedish furnishing giant and hands former IKEA France boss suspended prison sentence
C-suites adapt to ransomware as a cost of doing business (SC Media, Jun 15 2021)
Tangible impacts to corporate earnings, combined with the multi-million dollar ransom payouts by Colonial Pipeline and JBS, demonstrate a reality that more and more in the cybersecurity community are beginning to acknowledge: Ransomware is emerging as a cost of doing business, grabbing the attention not just of security leaders, but the entire C-suite, boards, and even Wall Street investors.
Google Releases Open Source Tools and Libraries for Fully Homomorphic Encryption (SecurityWeek, Jun 16 2021)
Google this week announced that it has released open source tools and libraries that can be used by developers to implement fully homomorphic encryption (FHE).
How to Create a Post-Pandemic Data Security RFP (SecurityWeek, Jun 16 2021)
Even before the pandemic, the last couple of years has seen a series of seismic shifts in data privacy and security for companies. In 2021, there’s no denying things have changed. Some offices are opening up, but for many of us in the data security trenches, we’re still in the middle of a pandemic. Many of us are still firmly embedded in a protocol that’s been in place for more than a year now.
Police Bust Major Ransomware Gang Cl0p (VICE, Jun 16 2021)
Police in Ukraine announced it arrested members of the ransomware gang that called itself Cl0p, seizing computers and cash in a major international operation.
Inside the Market for Cookies That Lets Hackers Pretend to Be You (VICE, Jun 16 2021)
A representative for the hackers who breached EA said they bought the cookie from a site called Genesis Market.