Unitrends issued a white paper which stated that “the truth is that all industries are vulnerable to ransomware. Email, databases and business applications run on similar infrastructure and operating systems across all industries.”  The white paper was entitled “Beat Ransomware in 5 Easy Steps, Be Prepared to Fight or Be Prepared to Pay” included these comments about Step 3 to Test, Test and Test Again: Even the FBI agrees that the only truly effective way to combat ransomware is to regularly back up data and verify the integrity of those backups. View Full Post
The New York Times reported that Mecklenburg County, North Carolina (which includes the city of Charlotte) refused to “pay a $23,000 ransom to a group of hackers who seized control of several government computer systems” and the County was operating without “the internet, civil servants were doing their jobs using “paper processes.””  The December 6, 2017 report entitled “North Carolina County Refuses to Pay $23,000 Ransom to Hackers” included these comments: Officials said they believed the hackers had not obtained the personal information of any employees or private citizens. View Full Post
One might conclude it makes a lot sense to insure business data after considering Tableau’s report that included Ponemon’s estimate that the “average total cost of a data breach was estimated at $3.62 million.”  The December 2017 report entitled “2018 Top 10 Business Intelligence Trends” included the #5 Rise of the Chief Data Officer (CDO) The fact that CDO’s and/or CAO’s are being appointed and assigned accountability for business impact and improved outcomes, also demonstrates the strategic value of data and analytics in modern organizations. View Full Post
The New York Times reported that Uber fired it security officer after “two hackers stole data about the company’s riders and drivers — including phone numbers, email addresses and names — from a third-party server and then approached Uber and demanded $100,000 to delete their copy of the data.” The November 21, 2017 report entitled “Uber Hid 2016 Breach, Paying Hackers to Delete Stolen Data” included these details about how Uber reacted to the hackers: The company tracked down the hackers and pushed them to sign nondisclosure agreements, according to the people familiar with the matter. View Full Post
On November 29th the US Supreme Court will consider the case of US v. Carpenter where “police acquired the data from Carpenter’s wireless carriers without a warrant showing probable cause”  which led to Timothy Carpenter’s conviction that he was  “leading a gang of robbers” and the “prosecution produced cellphone-tower data that tracked the whereabouts of Carpenter’s cellphone for more than four months and placed him at or near the sites of a string of armed robberies.” View Full Post
Among a number of recommendations to avoid Spearphishing (aka Business Email Compromise – BEC) the FBI recommends that “employees to use two-factor authentication to access corporate e-mail accounts.” The November 14, 2017 FBI News Report entitled “FBI Tech Tuesday—Digital Defense Against Business E-mail Compromises” included this advice about training employees to: watch for suspicious requests, such as a change in a vendor’s payment location avoid clicking on links or attachments from unknown senders. View Full Post
Darkreading reported that every “business with BYOD and corporate mobile device users across the globe has been exposed to mobile malware.”  The November 17, 2017 report entitled “Mobile Malware Incidents Hit 100% of Businesses” included these comments: …BYOD devices are usually more susceptible to attack than corporate devices because they are not managed by such security measures as an enterprise mobility management platform or mobile threat management platform. View Full Post
In testimony before the US Senate we hear that “Equifax, and not consumers, that owns all the granular data collected about them, and that consumers cannot request to exit the company’s files.”  The Washington Post’s report on November 8, 2017 entitled “Equifax says it owns all its data about you” started with the comment that “personal information it harvests for profit” for Equifax which comes as no surprise.  View Full Post
Darkreading reported that criminals are “using Search Engine Optimization (SEO) to populate search results with malicious links and distribute the Zeus Panda Banking Trojan through a compromised Word document.”  The November 3, 2017 article entitled “Hackers Poison Google Search Results to Deliver Zeus Panda” included these comments: SEO enables hackers to make their links more dominant in search results. View Full Post
Darkreading reported that “mobile messaging apps are rising in favor as the newest Dark Web alternatives that crooks have landed upon to do business with one another.”   The October 26, 2017 report entitled “Dark Web Marketplaces’ New Home: Mobile Messaging Apps”  has the subtitle “Telegram, Discord, Whatsapp grow in popularity as criminals look for more alternatives to fly under the radar” and includes these comments: With all this turmoil, the dark net community is clearly now looking for different platforms to continue promoting their business,… With the promise of end to end encryption and secrecy, the instant messaging platform is flourishing with illegal trade,… Regional and international groups across the world are using the application to spread their merchandise with P2P sales. View Full Post
The New York Times report is about “723 Internet Years Old” (think 4 human years) that a YouTube VP joined a state-backed Russian news channel “RT anchor in a studio, where he praised RT for bonding with viewers by providing “authentic” content instead of “agendas or propaganda.””  The October 23, 2017 report entitled “Russia’s Favored Outlet Is an Online News Giant. View Full Post