Hackers will hack, but any attempt to attribute attacks back to an individual, group or state apparatus too often involves political agendas, cybersecurity marketing moves, attempts to deflect blame or outright errors of interpretation.
Hackers have apparently hijacked potentially thousands of vulnerable MongoDB databases and demanded ransoms for the return of critical data, with some victims paying up, according to security researchers.
For the second year in a row, the vast majority of health data breach victims were affected by hacker attacks in 2016, and the trend shows no signs of abating. Experts offer forecasts for breach trends in the year ahead.
The lack of a smoking gun - absolute certainty - has some security experts not entirely convinced that the Russians or their backers hacked Democratic Party computers in an attempt to sway the U.S. presidential election.
Far too many healthcare organizations and their business associates are still neglecting to address some data security basics, says privacy and security expert Rebecca Herold, who recommends they resolve to take three critical steps in the new year.
As the Trump administration begins, expect a ramp-up in cyber espionage as well as more "test attacks" by nation-states, says cybersecurity specialist Brad Medairy of the consultancy Booz Allen Hamilton.
Because cyber threats are becoming increasingly sophisticated, bolstering employee and customer awareness and training about ransomware, phishing and other cyber risks must be a top priority in 2017, says Curt Kwak, CIO of Proliance Surgeons.
With the rise of malware infecting IoT devices, DDoS defenders "have to assume that the attackers have an unlimited supply of machines that they can compromise," says Akamai's Michael Smith. But quarantines, ISP feedback loops and better patch management can bolster defenses.
Unprecedented hack attacks knocked three Ukrainian power providers offline in late 2015, and now a potential repeat hack has surfaced. Security experts recommend all power operators globally hunt carefully for related signs of attack.
This edition of the ISMG Security Report features an analysis of recommendations by a U.S. House Encryption Working Group that Congress should not enact legislation that requires technology companies to help law enforcement authorities bypass encryption on the devices they manufacture.
A variant of malware used to infect U.S. Democratic National Committee systems was also used to infect an Android app used by Ukraine's artillery forces, bolstering attribution of both attacks to Russia, says cybersecurity firm Crowdstrike.
A massive botnet run by a Russian cybercrime gang netted more than $3 million a day by generating fake views of online video advertisements, security firm White Ops warns. Cue new concerns over the prevalence of advertising fraud in the wake of fake news worries.
Memo to would-be cybercriminals: Want to move stolen funds internationally to bank accounts that you control? Need to route the funds to a few money mules to get it laundered? Don't do it from a system tied to an IP address registered to your home.
The County of Los Angeles is notifying 756,000 individuals of a breach stemming from a phishing scheme that tricked more than 100 county employees. Bank account and payment card information, Social Security numbers and health-related information was potentially exposed.