Latest

►

Governance & Risk Management

Editors' Panel: What Impact Will Cisco's Splunk Acquisition Have on Industry?

Anna Delaney  •  September 29, 2023

In our latest weekly update, ISMG editors discuss key takeaways from a forum on developing a strategy for OT security, guidance issued by the U.S. Food and Drug Administration on cybersecurity in medical devices, and how the acquisition of Splunk by Cisco might impact the cybersecurity industry.

Multi-factor & Risk-based Authentication

CISA Urges Americans to Apply MFA, 'Think Before They Click'

Michael Novinson  •  September 26, 2023

CISA Director Jen Easterly urged citizens to boost their defenses by choosing strong passwords, opting for multifactor authentication, reporting phishing and enabling automatic software updates. Easterly said users should choose passwords that are complex and unique to each sensitive account.

Cybersecurity Spending

US Federal Shutdown 'Dangerous and Irresponsible'

Marianne Kolbasuk McGee  •  September 26, 2023

A U.S. federal government shutdown would have "immeasurable" damaging effects on the federal government's ability to fight cyberthreats, a top official said Tuesday amid forewarnings that the country should start preparing now for potential cyber interference in the 2024 presidential election.

Cybersecurity Spending

Cyber Experts Urge House Committee to Avoid Federal Shutdown

Marianne Kolbasuk McGee  •  September 19, 2023

Cybersecurity experts urged Congress to avoid a government shutdown on Oct. 1 - the start of the new federal fiscal year - telling a House panel that a lapse would damage efforts to keep the nation secure. Congress has yet to approve funding bills necessary to keep most federal agencies operational.

Cybercrime

LokiBot Information Stealer Packs Fresh Infection Strategies

Mathew J. Schwartz  •  September 14, 2023

In Norse mythology, Loki is a cowardly trickster god who can change age, shape and sex. The malware incarnation is more prosaic, tending to focus on stealing Microsoft users' data, at times by using an ancient vulnerability in Microsoft Office that continues to be widespread.

Account Takeover Fraud

Netcraft Buys FraudWatch to Boost Cybercrime Takedown Skills

Michael Novinson  •  September 12, 2023

Netcraft purchased an online brand protection vendor to incorporate security analysts into the company's highly automated cybercrime takedown process. The deal will expedite the takedown of fraudulent websites by capitalizing on their joint knowledge of the global infrastructure provider landscape.

Fraud Management & Cybercrime

Ransomware: It Takes A Village, Says NCSC

Akshaya Asokan  •  September 11, 2023

Stopping the ransomware epidemic is less about tackling individual crypto-locking malware variants and more about combating the entire ecosystem of bad actors underpinning digital extortion, the British government said Monday. Tackling variants "is akin to treating the symptoms of an illness."

Cyberwarfare / Nation-State Attacks

Trail of Errors Led to Chinese Hack of Microsoft Cloud Email

Mihir Bagwe  •  September 7, 2023

Chinese hackers were able to access the email accounts of senior U.S. officials after Microsoft included an active digital signing key in a snapshot of data taken to analyze a crash of its consumer signing system in April 2021. Inclusion of the key in the crash dump was just one of many mishaps.

Artificial Intelligence & Machine Learning

UK Cyber Agency Warns of Prompt Injection Attacks in AI

Rashmi Ramesh  •  September 1, 2023

Threat actors are manipulating the technology behind large language model chatbots to access confidential information, generate offensive content and "trigger unintended consequences," warns the U.K. National Cyber Security Center. Prompt injection attacks are "extremely difficult" to mitigate.

Fraud Management & Cybercrime

Ransomware Attack Specialist Tied to Citrix NetScaler Hacks

Mathew J. Schwartz  •  August 29, 2023

Citrix NetScaler defenders are being warned to not just patch a critical flaw but also review logs from before mid-July for signs of compromise, since attackers - including "a known threat actor specializing in ransomware attacks" - have been dropping web shells that survive patching and rebooting.

Cybercrime

Operation 'Duck Hunt' Dismantles Qakbot

Michael Novinson , David Perera  •  August 29, 2023

U.S. authorities Tuesday said they permanently dismantled the notorious Qakbot botnet in an international operation that seized 52 servers and nearly $9 million worth of cryptocurrency. Law enforcement identified more than 700,000 computers infected with the Qakbot malware.

Cybercrime

Cyber Review: Teens Caused Chaos With Low-Complexity Attacks

Mathew J. Schwartz  •  August 11, 2023

In an after-action report on how the Lapsus$ crime group hacked "dozens of well-defended companies with low-complexity attacks," the U.S. Cyber Safety Review Board urges organizations to implement more robust two-factor authentication systems, plus regulations to combat SIM swapping.