Bill Toulas reports: The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware. This trend became apparent in mid-2021 when the payment rate dropped to 46% after previously being 85% at the start of 2019. According to Coveware, the…
Category: Of Note
HHS Releases New Voluntary Performance Goals to Enhance Cybersecurity Across the Health Sector and Gateway for Cybersecurity Resources
January 24 Today, the U.S. Department of Health and Human Services (HHS), through the Administration for Strategic Preparedness and Response (ASPR), is releasing voluntary health care specific cybersecurity performance goals (CPGs) and a new gateway website to help Health Care and Public Health (HPH) sector organizations implement these high-impact cybersecurity practices and ease access to the…
Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions
Alexander Boyd , Colin H. Black of Polsinelli PC write: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal information of at least 500 consumers. These covered organizations can include a wide variety of companies that engage…
Zero-day, supply-chain attacks drove data breach high for 2023
CSO reports: Zero-day exploits, supply chain attacks fuel 72% increase over previous record for incidents of compromise. Another increase is expected for 2024. A new record for data breaches reported to the Identity Theft Resource Center (ITRC) was set in 2023, spurred by zero-day and supply chain attacks, according to the organization’s annual data breach report released Thursday. The report…
University of Twente Maps Decision-Making Process for Ransomware Victims
The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his colleagues analyzed 481 ransomware attacks, data from the Dutch police and a Dutch incident response party. Organizations with recoverable backups in particular were often better able to avoid paying ransoms. Data exfiltration led…
CISA pushes federal agencies to patch Citrix RCE within a week
Sergiu Gatlan reports: Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. The cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying that such vulnerabilities are “frequent attack…