A press release from Corvus Insurance has some statistics worth mulling over: Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., today released its Q3 2024 Cyber Threat Report, The Ransomware Ecosystem is Increasingly Distributed, which showed that attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of…
Category: Commentaries and Analyses
Hibernation is Over? Akira Ransomware: Published Over 30 New Victims on their DLS (updated)
Adi Bleih reports: The Akira ransomware group has been active since March 2023, targeting diverse industries across North America, the UK, and Australia. Operating as a Ransomware-as-a-Service (RaaS) model, Akira employs a double-extortion strategy by stealing sensitive data before encrypting it. According to their leak site, the group claims to have compromised over 350 organizations….
Thames Water’s IT ‘falling apart’ and is hit by cyber-attacks, sources claim
Anna Isaac reports: “The software we use is older than me, and some of the hardware is older than my dad,” says Siddharth*. He is one of a team fighting a daily battle to sustain ancient IT infrastructure at Thames Water. Sometimes the defences are breached. Thames, the UK’s largest water and waste treatment company,…
Top White House cyber official urges Trump to focus on ransomware, China
Jonathan Grieg reports: Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies, spoke at Columbia University on Wednesday and was asked about what pressing cyber challenges the new administration should tackle in its first 100 days. “I’m going to put them into three bins. China, criminal groups like ransomware actors, and…
Idaho man who hacked medical entities and made vile threats sentenced to 10 years in prison (1)
An Idaho man who worked as an Information Technology Specialist for Ada County by day has been sentenced to prison for hacking medical offices and threatening his victims if they didn’t pay his ransom demands. Background of the Case In July 2017, DataBreaches reported a hacking incident with a ransom demand where the description of…
NIST publishes guide on due diligence for cyber supply chain risk management
Add this to the list of things I missed last week. Nathan Salminen and Ryan Campbell write: Last week, the National Institute of Standards and Technology (NIST) released a “quick-start guide” to facilitate due diligence assessments from a cyber supply chain risk management perspective. The guide helps companies navigate due diligence under the agency’s Special…