A couple of security related stories today.
Garmin paid a multi-million dollar ransom to criminals who broke in their systems and deployed ransomware, allowing the company to recover its data. Sources believe the attack was linked to Evil Corp, a cyber crime group based in Russia.
Meanwhile, the Chinese government is leveraging TAIDOOR malware for remote access trojan attacks, per warnings from DHS’s Cybersecurity and Infrastructure Security Agency, the FBI and the DOD.
And, a California resident has filed a class action lawsuit claiming that a Rhode Island legal services provider hit by a ransomware attack has violated the state’s data privacy law by exposing the personal data of 50,000 of its citizens. The assertation is that Epiq Systems failed to comply with California’s Consumer Privacy Act. The total damages would exceed $5M.
Why do we care?
I didn’t have to rewrite the Garmin story – it used these words, as did the DHS advisory. Changing the words used I think matters, personifying the criminals so that customers understand the threat actors (which is another example of a horrible term to make the concept understandable).
Armed gangs are breaking into business, holding them hostage, and demanding payment. It speaks much more clearly to the need, and removes the vague nature of the threat. Change your language.