Spammers posing as software vendor Kaseya are waging a malspam campaign to target users of the company's VSA remote IT management software that was hit by a ransomware attack, the security firm Malwarebytes reports.
Acting CISA Director Brandon Wales, Rep. Jim Langevin and many others will discuss the government's top priorities in addressing cybersecurity challenges at ISMG's Virtual Cybersecurity Summit: Government, to be held July 13 and 14.
As ransomware attacks become more prolific, their success is being driven by the increasing use of specialists who can refine every stage of an attack. It's a reminder that the goal of cybercrime remains to maximize illicit profits as easily and quickly as possible.
Cue delays for customers of Kaseya waiting for their software-as-a-service and on-premises software to get emergency fixes and be restored, following the July 4 holiday weekend ransomware attack, which hit about 60 IT managed service provider customers and up to 1,500 of their collective managed service clients.
A bipartisan bill introduced by Sens. Gary Peters and Ron Johnson would create a standardized cybersecurity training program for federal employees who purchase technology services. This bill follows a wave of attacks over the last two months that have targeted U.S. critical infrastructure.
REvil, aka Sodinokibi, is one of today's most notorious - and profitable - ransomware operations, driven by highly skilled affiliates who share profits with the operators. And the operators are constantly improving the malware, including porting it to Linux to target network-attached storage and hypervisors.
Cryptocurrency exchange Binance says it recently assisted police in tracking down individuals accused of laundering money for the Clop ransomware group. The exchange acknowledges that illicit money from cyberattacks circulating on virtual currency exchanges is a big security problem.
The FBI is requesting $40 million in additional funding for its fiscal 2022 budget to help combat and counter ransomware attacks and other cyberthreats. The bureau is also requesting $15 million to help strengthen its internal security infrastructure as well as address network vulnerabilities.
Two cybercrime ecosystem cornerstones today are high-end bulletproof hosting services and ransomware, says Mark Arena, CEO of Intel 471. He notes that ransomware-as-a-service operations don't function like gangs or the Mafia, but rather as individuals collaborating "based on a culture of mistrust."
The European Commission has proposed creating a Joint Cyber Unit to help EU member states respond to and prevent cyberattacks, especially those involving ransomware. The goal is for the unit to begin operations by the end of next year.
In the latest weekly update, a panel of Information Security Media Group editors discusses key topics, including NATO's new cyber defense policy, the outlook for congressional regulatory action to address the ransomware threat, and cybersecurity comments by U.S. Rep. Jim Langevin.
After U.S. President Joe Biden and Russian President Vladimir Putin discussed cybersecurity issues at their Wednesday summit meeting in Geneva, security experts and analysts began sizing up what the next steps might be following what some are calling a "transformational moment."
Just before Wednesday's U.S.-Russia summit, at which cybercrime was high on the agenda, authorities in Ukraine announced they had busted six suspected members of the Clop ransomware operation. Security experts say these apparently were midlevel players, with Clop's main operators likely based in Russia.
With the RSA Conference virtual this year, ISMG replaced its two live on-site studios with a suite of home studios and produced a diverse group of interviews on timely topics with thought leaders who will be solving cybersecurity's most urgent problems.
After hearings in the Senate and House on a spate of ransomware attacks that have put the nation's critical infrastructure in danger, some security experts say Congress may be poised to take action to create greater regulatory oversight of cybersecurity within certain industries.