X-Industry

Democratic lawmakers on the House Committee on Financial Services on 27 January 2022 outlined nine (9) provisions of the proposed America COMPETES Act of 2022 one of which has been criticized by the cryptocurrency community for potential privacy and due process concerns.

Committee Chairwoman Maxine Waters, D-Calif., says the America Creating Opportunities for Manufacturing Pre-Eminence in Technology and Economic Strength or COMPETES Act will "strengthen the competitiveness of the US economy and

The US government has urged organizations to shore up defenses "now" in response to website defacements and destructive malware targeting Ukraine government websites and IT systems this week.

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new 'CISA Insights' document aimed at all US organizations, not just critical infrastructure operators.  The checklist of actions is CISA's response to this week's cyberattacks on Ukraine's systems and websites, which the country

Conti ransomware was first discovered in December of 2019 and has become one of the most prominent ransomware platforms to date. The Conti Ransomware as a Service (RaaS) platform gained international attention in May of 2021 when it was used to shutdown Ireland’s Health Service Executive (HSE).  The group has shown no signs of slowing down with notable attacks reported in the United States, Australia, United Kingdom, Taiwan, and Indonesia in the past two and a half months.

The most recent attack

Considering the sensitive information it holds, it is no wonder that the financial services industry continues to be one of the most targeted critical infrastructure sectors by current cyber-criminals.  Recent societal and technological changes during 2021 have made matters worse.

The ongoing COVID-19 pandemic has created a ripe target field for cyberthreats as industries and individuals alike became vulnerable as they wrestled with remote working practices, mass digital disruption, and widening

Cyber security investigators have reported that replicable attacks and a low barrier to entry will ensure the rate of supply chain attacks increases in 2022.  The supply chain is a consistent attack vector for threat actors today. By compromising a centralized service, platform, or software, attackers can then either conduct widespread infiltration of the customers and clients of the original singular victim or may choose to cherry-pick from the most valuable potential targets.  This can save cy

Ransomware is now a primary threat for businesses, and with the past year or so considered the "golden era" for operators, cybersecurity experts believe this criminal enterprise will reach new heights in the future.  These are only a handful of 2021's high-profile victims of threat groups including DarkSide, REvil, and BlackMatter.  According to Kela's analysis of dark web forum activity, the "perfect" prospective ransomware victim in the US will have a minimum annual revenue of $100 million and

Preventing a cyberattack is more cost-effective than reacting to one and we have seen that many boardrooms still are not willing to assign the needed budget.  Too many organizations still are not willing to spend money on preventive cybersecurity because they view it as an unnecessary additional expense.  Later, find they have to spend much more budget dollars recovering from a cyber incident after they get hacked.

Cyberattacks like ransomware, business email compromise (BEC) scams, and data bre

The new ransomware operation, which debuted in November 2021, has the potential to be the most sophisticated ransomware of the year, with a highly adjustable feature set that allows for assaults on a wide range of corporate setups. Details have emerged about what is the first Rust language based ransomware strain identified that has already amassed "some victims from different countries" since its launch last month.

The ransomware, now named BlackCat, was disclosed by MalwareHunterTeam  https://

In the US Great Depression, there was a song called, ‘Brother, can you spare a Dime.”  Now it is $25.00.  In 2021, there has been a surge in cyber criminals selling access to compromised corporate networks as hackers look to cash in on the demand for vulnerable networks from gangs looking to initiate ransomware attacks.  Some access has been offered at only $25.00.  How would you feel if your organization’s network access was on the “Bargain Rack?”

Researchers at cybersecurity company Group-IB a

It is never easy to negotiate with criminals, especially in the cyber-world we live in.  Organizations that fall victim to a ransomware attack should never let the cyber criminals know they have cyber insurance, because if the attackers know that their victim holds an insurance policy, they are more likely to outright demand the ransom payment in full.  Criminals are smart and cunning.

Cybersecurity researchers recently examined over 700 negotiations between ransomware attackers and ransomware v

In today’s business world, mergers and acquisitions are commonplace as businesses combine, acquire, and enter various partnerships.  Mergers and Acquisitions (M&A) are filled with often very complicated and complex processes to merge business processes, management, and a whole slew of other aspects of combining two businesses into a single logical entity.  There have been cyber-attacks on companies during M&As, yet there is a growing concern with M&A activities and cyber security.

The use of alt

There seems to be a pattern in data breach and other cyber-attack cases.  After a data breach, a company often turns to its insurer for coverage.  Some companies have specialized cyber insurance and sometimes it does not.  Yet, even if businesses have paid for what they believe to be comprehensive cyber security risk insurance, the insurer may refuse to pay the claim.  Insurers often have many reasons for refusing coverage such as a failure to notify in a timely fashion, failure to mitigate cost

Activity Summary - Week Ending on 24 November 2021:

• Red Sky Alliance identified 26,071 connections from new IP’s checking in with our Sinkholes
• Analysts identified 2,849 new IP addresses participating in various Botnets
• DigitalOcean in the Cross-Hairs Again
• Magniber Ransomware
• Ransomware Still #1
• Attack Framework - Left to Right
• Core to the Edge
• Iran Cyber Bullies & Mahan Airlines
• Asia Financial Targets
• CBDC
• Environmentalists Sharing the Brave New World

Link to full report: IR-21-328-001_weekl

Cybersecurity threats, risks and challenges are often different depending on various international locations.  Cyber-attack targets vary based on local resources and means to exploit vulnerabilities.  Cyber criminals and nation-state attackers zero in on specific nations, companies and organizations for varying incentives.   Additionally, the COVID-19 pandemic amplified and intensified cybersecurity threats.  Since 2019, attackers have launch remote work-enabled attacks or social engineering att

Ransomware has been a cyber security issue for the past several years and somewhat hits its peak - with the Colonial Pipeline ransomware attack.  Ransomware is defined as a form of malicious software that is designed to restrict users from accessing their computers or files stored on computers until they pay a ransom to cybercriminals.

Ransomware typically operates via the cryptovirology methods or using cryptography (encryption) to design powerful malicious software.  The software then uses sym

Robinhood was known for “Stealing from the Rich, and Giving to the Poor.”  Not so in the last two years.  For the second time Robinhood Markets Inc. has been attacked by cyber criminals.  Robinhood said personal information of about 7 million people, which is approximately a third of its customers, was compromised in a data breach last week.  The bad actors then demanded a ransom payment.  The intruder obtained email addresses of about 5 million people as well as full names for a separate group

During October 2021, the cyber sector celebrated the 18^th year of the Cybersecurity Awareness Month, which was previously known as National Cybersecurity Awareness Month.  Under the slogan “Do Your Part #BeCyberSmart”, the Cybersecurity and Infrastructure Security Agency (CISA) together with the National Cyber Security Alliance (NCSA) each year encourage individuals and organizations to own their role in protecting cyberspace by emphasizing personal accountability and the importance of taking pr

Cyber threat actors must hate children this year.  Ferrara Candy the company that makes Nerds, Laffy Taffy, Now and Laters, SweetTarts, Jaw Busters, Nips, Runts and Gobstoppers announced that it was hit with a ransomware attack just weeks before it prepares for one of its biggest holidays, Halloween. The Illinois-based company released a statement that on 09 October 2021, they "disrupted a ransomware attack" that encrypted some of their systems. 

"Upon discovery, we immediately responded to secu

When a business, government agency or any other organization gets hit by ransomware and opts to pay a ransom to its attacker in exchange for a decryption key or some other promise, on average it pays $140,000.  This is the average amount disclosed by ransomware incident response firm Coveware, based on thousands of incidents it investigated from July through August 2021.

In a new report detailing Q3 trends, Coveware says that the average ransom payment remained largely steady, compared to Q2, wh

Ukrainian authorities have detain a criminal gang who laundered funds for Russian hacking groups.  Ukraine’s national police detained suspects on 25 October 2021, for stealing funds from cryptocurrency wallets and laundering profits for cybercrime organizations.   

The arrests took place as part of a joint investigation with US authorities, the Ukrainian National Police (NPU) said in a press release.  An undisclosed number of suspects were detained following house searchers across the country.

A