BlackByte ransom note with victim's key highlighted (Source: Trustwave)

BlackByte: Free Decryptor Released for Ransomware Strain

Mathew J. Schwartz • October 15, 2021

A free decryptor for BlackByte ransomware has been released by security researchers at Trustwave who cracked the crypto-locking malware's encryption. But they say that unfortunately, the underlying encryption problem is likely in the process of already being fixed by the malware's developer.

►

Governance & Risk Management

Applying Zero Trust Architecture in Energy, Military Sectors

Neiman Marcus Says 4.6 Million Affected by Data Breach

Latest

3rd Party Risk Management

ISMG Editors' Panel: Are Our Systems Too Complex to Secure?

Anna Delaney • October 15, 2021

In this update, four editors discuss key cybersecurity issues, including addressing the complexity of security, the rising number of victims targeted by double extortion ransomware and the Information Commissioner's Office's recent consultation on creating an international data transfer agreement.

Access Management

Missouri Refers Coordinated Bug Disclosure to Prosecutors

Jeremy Kirk • October 15, 2021

A newspaper reporter in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor. The governor alleged the publication of the vulnerability after it was fixed was part of a "political vendetta."

Account Takeover Fraud

Teenage Cybercrime: Giving Young Hackers A Second Chance

Anna Delaney • October 15, 2021

The latest edition of the ISMG Security Report features an analysis of attempts made by European law enforcement to encourage young cybercriminals to channel their skills in more ethical ways. Also featured: Fraud detection and response; inspiring behavioral change.

Endpoint Security

Australia Plans Ransomware Attack Reporting Requirement

Jeremy Kirk • October 14, 2021

Australia plans to require businesses with more than $10 million in revenue to report ransomware attacks to the government, part of a comprehensive strategy to fight the attacks that also includes new criminal penalties and assistance to victims. The plan would need to be passed by Parliament.

3rd Party Risk Management

To Repel Supply Chain Attacks, Better Incentives Needed

Mathew J. Schwartz • October 14, 2021

The breach of text message routing giant Syniverse revealed yet another supply chain attack involving a key supplier, exacerbated by outdated communications protocols desperately in need of a security revamp and better incentives for improvement, says mobile telephony security expert Karsten Nohl.

Critical Infrastructure Security

Ransomware: No Decline in Victims Posted to Data Leak Sites

Mathew J. Schwartz • October 12, 2021

One measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators' dedicated data leak sites, as part of their so-called double extortion tactics. Unfortunately, the number of victims doesn't appear to be declining.

Application Security & Online Fraud

Fraud Transformation: Balancing Business and Customer Needs

Tom Field • October 11, 2021

More than two-thirds of survey respondents say they take a balanced approach - business, customers and compliance - investing in fraud prevention technology. So, why do they also report customer friction among their top challenges? BioCatch's Raj Dasgupta analyzes the results of the new Fraud Transformation Survey.

Blockchain & Cryptocurrency

Democratic Lawmakers Urge Agencies to Act on Ransomware

Dan Gunderman • October 11, 2021

A congressional letter sent to the heads of four federal agencies expressed an urgent need for the Biden administration to continue combating ransomware. This includes a particular focus on the cryptocurrency infrastructure that is enabling these cyberattacks, four Democratic lawmakers say.

Advanced SOC Operations / CSOC

Profiles in Leadership: Peter Van Lierde, CISO, Sibelga

Mathew J. Schwartz • October 11, 2021

Criminal hackers don't break for lunches, weekends or holidays. Of course, that's just one of many challenges facing information security teams, as they attempt to maximize visibility and minimize complexity while protecting their business around the clock, says Peter Van Lierde, the CISO of energy firm Sibelga.

Access Management

Using 'Zero Trust' to Secure Your Identities

Geetha Nandikotkur • October 11, 2021

Organizations should take a "zero trust" approach to secure their identities, as being able to authenticate and authorize every resource access will minimize risk, says Ivan Lai, solution strategy architect - access for Asia-Pacific and Japan at CyberArk.

Cybercrime

Google Says Russian APT Targeting Journalists, Politicians

Dan Gunderman • October 8, 2021

Some 14,000 Google users were warned of being suspected targets of Russian government-backed threat actors on Thursday. The next day, the tech giant announced cybersecurity updates - particularly for email accounts of high-profile users, including politicians and journalists.

3rd Party Risk Management

Data Breach Reports Rise as Supply Chain Attacks Surge

Mathew J. Schwartz • October 8, 2021

The number of breach reports filed by U.S. organizations looks set to break records, as breaches tied to phishing, ransomware and supply chain attacks keep surging, the Identity Theft Resource Center warns. It says that there's also been a rise in tardy breach notifications containing little detail.