Intel 471 writes: Both of these things are true: Big data is big business, and cybercriminals love money. So it shouldn’t be a surprise that these two ideas have blended together in some corners of the cybercrime underground. Through Intel 471’s observation and analysis of open source information and behavior on multiple closed forums, we…
Category: Commentaries and Analyses
The Case For and Against Criminalizing Ransomware Payments
Stuart Reed, UK Director, Orange Cyberdefense, writes: … Let’s first look at the reasons why ransomware payments should be made illegal. First, the obvious. Ransomware payments essentially fund cybercrime, and this is why ransomware attacks are becoming more common. There is no doubt that paying out leads to more attacks. […] On the other hand,…
As States Offer Data Breach ‘Safe Harbors,’ Not All Companies Are Receptive
Victoria Hudgins reports: While federal lawmakers might be hesitant to enact national data privacy legislation, some states are quickly moving to define reasonable cybersecurity—and protect those that adhere to them. But even as legislators extend “safe harbor” protections to encourage cybersecurity, lawyers noted some companies might ignore the incentive to avoid burdensome responsibilities. For companies that are already compliant…
Supreme Court holds that monetary relief is unavailable under Section 13(b) of the Federal Trade Commission Act
Brian Wolfman notes: The first paragraph of the Court’s unanimous opinion in AMG Capital Management v. FTC sums it up: Section 13(b) of the Federal Trade Commission Act authorizes the Commission to obtain, “in proper cases,” a “permanent injunction” in federal court against “any person, partnership, or corporation” that it believes “is violating, or is about to…
New Qlocker ransomware is hitting hundreds of QNAP NAS devices per day
Catalin Cimpanu reports: A new ransomware strain named Qlocker is on a rampage and infecting hundreds of QNAP network-attached storage (NAS) devices every day, taking over hard drives, moving users’ files inside password-protected 7zip archives, and asking for a $550 ransom payment. The first cases were reported on Tuesday, April 20, and the number of…
Will Beacon Health Solutions’ incident prompt OCR to start enforcing notification “without undue delay?”
The following is a DataBreaches.net commentary. Beacon Health Solutions issued a press release yesterday about a breach they experienced last year as a business associate. Their press release provides a useful example of why OCR needs to get serious about enforcing the requirement that entities notify patients within 60 days of “discovery.” “Discovery” does not…