Gareth Corfield comments: UK authorities could lawfully copy the FBI and forcibly remove web shells from compromised Microsoft Exchange server deployments – but some members of the British infosec industry are remarkably quiet about whether this would be a good thing. In the middle of last week the American authorities made waves after deleting web shells…
Category: Commentaries and Analyses
Ransomware ‘bull’s eye’ grows, clouding telehealth’s rise in long-term care
Kimberly Mersalas reports: Even as COVID-19 and its emphasis on telehealth have opened providers to greater cybersecurity risks, insurance policies that offer potential protection are becoming more expensive, and in some cases, harder to get. Insurers are issuing 25% to 50% premium increases this year, reflecting a large number of ransomware payouts over the last…
The Incredible Rise of North Korea’s Hacking Army
Ed Caesar reports: Shimomura was a member of the Yamaguchi-gumi, the largest yakuza crime family in Japan. When one of his superiors asked him if he wanted to make a pile of fast money, he naturally said yes. It was May 14, 2016, and Shimomura was living in the city of Nagoya. Thirty-two years old and…
Bank Groups Object to Proposed Breach Notification Regulation
Doug Olenick reports: The American Bankers Association and three other groups have voiced objections to provisions in a cyber incident notification regulation for banks proposed by three federal agencies. For example, they say that the definition of a reportable “computer security incident” is too broad and would result in the reporting of insignificant events. The…
NY State Comptroller DiNapoli Releases School District Audits
New York State Comptroller Thomas P. DiNapoli announced school district audits this week. Here are the summaries with links to the audit reports: Hudson City School District – Information Technology (Columbia County) District officials did not adequately secure and protect its information technology (IT) systems against unauthorized use, access and loss. The board and district…
Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021
Vitali Kremez, Al Calleo, and Yelisey Boguslavskiy report: This report illustrates some of the new and existing Tactics, Techniques, and Procedures (TTPs) of the Ryuk ransomware variants that Advintel has witnessed throughout their investigations in 2021. Initial Attack Vector: RDP Brute Force / Other Means of Initial Attack Vector Ryuk operators gain initial access to…