Nearly two out of three companies recently surveyed admit to being ransomware attack victims in the last 12 months. That from ThycoticCentrify’s new report, which adds that more than four out of five respondents who were ransomware attack victims felt they had no choice but to pay ransom demands to restore their data. 83% of victims paid.
The top phishing scam is tech support, topping Norton Labs October Consumer Cyber Safety Pulse Report.
There’s a new fingerprint capturing and browser spoofing attack called Gummy Browsers. It’s easy to carry out and severe too. Using the digital fingerprint of a user via a attacker controlled website, the threat actors can then spoof the user to take over accounts or conduct ad fraud. Details in the link to Bleeping Computer.
Kaseya’s CEO spoke at their ConnectIT event this week – stating “Kaseya didn’t pay a dime of ransom. That’s a fact.” He declined to specify how the encryption key was acquired.
Amidst all this, I didn’t want to miss Alphabet CEO Sundar Pichai’s call for federal privacy standards, similar to GDPR in Europe. He called for a “Geneva Convention equivalent” for the cyberworld, and called for more government investment in regulation.
The Commerce Department did setup a new set of rules to block hacking tools being sold to Russia or China. Taking effect in about 90 days, it bars the sale of hacking software and equipment without a license from the Bureau of Industry and Security.
DHS is changing the way they hire cyber security professionals – with salaries beyond that of the Vice President of the US to make salaries competitive.. all the way up to $332,100. The Cyber Talent Management System dispenses with the traditional federal job application system, and brings a new system designed to attract more talent.
Because the message from the Justice Department – “We cannot do this alone”, said Deputy Attorney General Lisa Monaco. “The bottom line is this: I believe it is bad for companies. It’s bad for America and it hurts our efforts to uphold the value that we try to demonstrate as a country if companies are attacked, and don’t partner with law enforcement.”
And… tragedy just before Halloween. Ferrara Candy, who makes Brach’s Candy Corn, was hit by a ransomware attack that disrupted production. The company does not believe this will impact orders for Halloween. So you know, the company makes other things too – including Girl Scout cookies.
Why do we care?
Not the candy corn! I love that stuff! Maybe if the Girl Scout cookies are hit by ransomware we’ll see a difference.
For those outside of federal government circles, it’s a big deal to have a payment system other than the traditional federal employment one. That’s an established, decades old hierarchy, and shows the value this skillset is demanding… and is also now a new competitive hiring factor. A government job of that size without the standard hiring bureaucracy has appeal.
We’re certainly seeing new regulations – those commerce department ones here – as well as clear calls from the government on proper behavior. That will be used by Courts to determine industry best practices too.
Slowly but surely change is happening.
