Over on SuspectFile, Marco A. De Felice has written up an interview with Venus, a relatively new group in the ransomware landscape. You can read the interview here in both English and Italian. I found Venus’s answers to be a bit confusing at times, but some things do become clear from the interview — they…
Category: Commentaries and Analyses
AirAsia victim of ransomware attack, passenger and employee data acquired
AirAsia Group* pledges to be responsible when gathering personal information and to protect privacy “in every possible way.” That’s not a contract, mind you, but just an expression of their commitment. On November 11 and 12, AirAsia Group fell victim to a ransomware attack by Daixin Team. The threat actors, who were the topic of…
Have ransomware-type cyberattacks really decreased in 2022?
Marco A. De Felice writes: According to various reports drawn up by analysts and journalists in the information security sector, ransomware-type attacks would be in sharp decline in 2022. A statement that we find in total disagreement. For SuspectFile, the number of victims in all sectors is instead comparable to those experienced in the previous…
Transparency International blasts Malaysian govt for apathetic reaction to data leaks
MalaysiaKini reports: Transparency International Malaysia (TI-M) has expressed deep concern over the recurring pattern of data leaks from Malaysian government agencies that are empowered and entrusted with personal data. “Media reports last week revealed that data from the voting portal MySPR was publicly on sale on the internet. It was also reported that the caretaker…
Disneyland Malware Team: It’s a Puny World After All
Brian Krebs reports: A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The Disneyland Team uses common misspellings for top bank brands in its domains….
District of Massachusetts Dismisses Data Breach Class Action for Lack of Injury
Melanie A. Conroy of Pierce Atwood LLP writes: On October 18, 2022, in Webb v. Injured Workers Pharmacy, LLC, the District of Massachusetts dismissed a class action complaint brought by former pharmacy patients alleging that their sensitive personal information had been exposed in a data breach affecting more than 75,000 customers. In its analysis, the court determined that…