This edition of the ISMG Security Report features an analysis of CISA's finding that agencies could have prevented follow-on attacks after the SolarWinds supply chain attack by properly configuring firewalls. Also featured: Congressman discusses deterring nation-state attacks; insider threat mitigation tips.
The FBI is requesting $40 million in additional funding for its fiscal 2022 budget to help combat and counter ransomware attacks and other cyberthreats. The bureau is also requesting $15 million to help strengthen its internal security infrastructure as well as address network vulnerabilities.
Wolfe Eye Clinic, which operates diagnostic and surgical centers in 40 Iowa communities, is notifying 500,000 current and former patients that their data may have been inappropriately accessed during a recent ransomware attack. But the organization refused to pay a ransom.
Two cybercrime ecosystem cornerstones today are high-end bulletproof hosting services and ransomware, says Mark Arena, CEO of Intel 471. He notes that ransomware-as-a-service operations don't function like gangs or the Mafia, but rather as individuals collaborating "based on a culture of mistrust."
Colonial Pipeline Co. now faces at least two lawsuits seeking class action status in the aftermath of a ransomware attack in May that led the firm to shut down the operations of a 5,500-mile pipeline for nearly a week.
The European Commission has proposed creating a Joint Cyber Unit to help EU member states respond to and prevent cyberattacks, especially those involving ransomware. The goal is for the unit to begin operations by the end of next year.
How do criminal affiliates of ransomware-as-a-service operations think? Craig Williams and Matt Olney of Cisco Talos describe insights shared - accidentally and otherwise - by "Aleks," a Russian affiliate of the LockBit ransomware-as-a-service operation.
Republican and Democratic lawmakers have recently introduced several cybersecurity-related bills seeking to address issues ranging from imposing tougher penalties for cybercriminals to improving protection of school districts.
The U.S. Senate has unanimously approved Chris Inglis as national cyber director. He assumes the role as the country is still reeling from a series of ransomware attacks and the SolarWinds supply chain attack. Meanwhile, confirmation of a new CISA director is on hold.
In the latest weekly update, a panel of Information Security Media Group editors discusses key topics, including NATO's new cyber defense policy, the outlook for congressional regulatory action to address the ransomware threat, and cybersecurity comments by U.S. Rep. Jim Langevin.
Bitcoin has enabled fast payments to cybercriminals pushing ransomware. How to deal with bitcoin is the subject of a spirited debate, with some arguing to restrict it. But bitcoin doesn't always favor cybercriminals, and it may actually be more of an ally than a foe by revealing webs of criminality.
The Department of Homeland Security unit that's responsible for the safety of the nation's interstate pipelines is preparing new cybersecurity requirements for oil and gas companies in the wake of the Colonial Pipeline Co. ransomware attack.