News Desk

Curated cyber security news and updates from Critical Insight™.

Get your cyber security briefing, curated by Mike Hamilton.

Mike Hamilton, founder and CISO of Critical Insight, has decades of experience in the Information Security industry. In that time, he has developed a keen eye for IT news that affects how security professionals approach their jobs and the news that will have meaningful impacts on daily life.

Every weekday, Mike curates the top news stories in cyber security, including the latest breaches, security alerts, and industry developments. Readers describe the news blast as their go-to morning source for the latest in InfoSec.

Sign up for the Daily Blast and get it delivered early weekday mornings, just in time for your first cup of coffee.

Get curated cyber security news delivered to your inbox.




Latest Cyber Security News Blast

Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 9-18-2020

DDoS Attacks Skyrocket as Pandemic Bites

Neustar’s Security Operations Center (SOC) saw a 151 percent increase in DDoS activity in the period, including one of the largest and longest attacks that Neustar has ever mitigated – that attack came in at 1.17 terabits-per-second (Tbps), and lasted five days and 18 hours. “These figures are representative of the growing number, volume and intensity of network-type cyberattacks as organizations shifted to remote operations and workers’ reliance on the internet increased[.]”

https://threatpost.com/ddos-attacks-skyrocket-pandemic/159301/

 

The CISO Survival Guide to Local Government Security

Threat actors single you out for disruption and extortion through ransomware. Events in your jurisdiction may bring attention from activists. You’re plagued by public disclosure requests for information that should clearly not be disclosed. Your agencies handle health records, cardholder data, and criminal justice data — all regulated. You’re an ever-increasing target for threat actors at the same time that many in senior management and elected positions may not understand the true potential of impact.

https://medium.com/@ci.security/the-ciso-survival-guide-to-local-government-security-bf1d962e7c1b

 

Fatality After Hospital Hacked

Attackers struck the Düsseldorf University Clinic (DUC) last Thursday, causing IT systems at the major hospital to fail. Because of the attack, a woman seeking emergency treatment at the hospital on Friday night died after she had to be transported to a hospital in another city for treatment. Treatment of the deceased woman was delayed by an hour as she had to travel an additional 20 miles to a hospital in Wuppertal.

https://www.infosecurity-magazine.com/news/fatality-after-hospital-hacked/

 

Fewer than half of healthcare institutions met national cybersecurity standards last year

Looking at historical client data, CynergisTek found declines in four of the five core functions outlined in the National Institute of Standards and Technology's framework for companies to protect themselves against cyber attacks: identify, protect, respond and recover. The last core function, detect, remained flat across three years.

https://www.healthcaredive.com/news/CynergisTek-healthcare-cybersecurity-compliance-2019/585442/

 

The state of zero trust: A new normal for cybersecurity

Organizations are increasingly being driven to zero trust by the stress the pandemic is putting on their infrastructure, particularly on virtual private networks[.] [...] "It's a significant change that could be a multiyear effort that can take a lot of focus, a lot of commitment, and the necessary budget to enforce and support the transformational effort," said Andrew Rafla, cyber-risk leader at consultancy Deloitte.

https://techbeacon.com/security/state-zero-trust-new-normal-cybersecurity

 

Treasury Needs to Improve Tracking of Financial Sector Cybersecurity Risk Mitigation Efforts

The Treasury Department and other federal agencies are taking steps to reduce risks and bolster the sector's efforts to improve its cybersecurity. We recommended that the Treasury work with other federal agencies and sector partners to better measure progress and to prioritize efforts in line with sector cybersecurity goals.

https://www.gao.gov/products/GAO-20-631

 

Cyber Risk In A New Era: Remedy First, Prevent Second

·       Cybersecurity is a key risk that S&P Global Ratings embeds, as relevant, in its overall assessment of an entity's creditworthiness.

·       The increasing frequency of attacks and the potential for rapid deterioration in credit profiles after an attack are risk factors that are relevant for our rating assessments now.

https://www.spglobal.com/ratings/en/research/articles/200917-cyber-risk-in-a-new-era-remedy-first-prevent-second-11623659

 

Do's and Don'ts for SMB Cybersecurity Safety

The survey revealed that as businesses consider more permanent plans for their employees, 56 percent will continue to have some employees work from home permanently. Another finding shows 38 percent of SMBs allocate US$1,000 or less annually to their IT budget. [...] The survey revealed that as businesses consider more permanent plans for their employees, 56 percent will continue to have some employees work from home permanently. Another finding shows 38 percent of SMBs allocate US$1,000 or less annually to their IT budget.

https://www.technewsworld.com/story/86850.html

 

Have hackers, cybercrims worked their way into your corporate net while you’ve been working from home?

“Middle-market organizations have been resilient in maintaining their day-to-day operations during the pandemic and, in turn, their employees are more available to be targeted,” said Kimberly Horn, Beazley’s global claims lead for cyber and tech. “Additionally, cyber criminals are executing more sophisticated attacks and middle-market organizations provide richer targets.

https://www.insurancebusinessmag.com/us/news/cyber/beazley-reveals-which-types-of-cyberattacks-are-spiking-during-the-pandemic-233796.aspx

 

Treasury Dept. sanctions Iranian government-backed hackers

The Treasury Department on Thursday announced sanctions against a prolific Iranian hacking group, 45 individuals and a front group allegedly used by the Iranian government to target Iranian dissidents and other groups. The 45 Iranian individuals were sanctioned for assisting in Iranian government-linked efforts to target dissidents, journalists, international organizations and other foreign governments through conducting computer intrusion and malware campaigns.

https://thehill.com/policy/cybersecurity/516900-treasury-dept-sanctions-iranian-government-backed-hackers

 

FBI chief says Russia is trying to interfere in election to undermine Biden

“I think in many ways what concerns me the most is the steady drumbeat of misinformation and amplification of smaller cyber intrusions that contribute over time — I worry they will contribute over time to a lack of confidence of American voters and citizens in the validity of their vote,” Wray said. He emphasized that concerns over the security of the election system this year would be a “perception, not a reality.”

https://thehill.com/policy/cybersecurity/516912-fbi-director-wray-warns-russia-is-interfering-in-election-to-undermine

 

Hyping the cyberthreat sabotages policymaking, ex-British intelligence official says [Subscription]

American analysts have been making a similar argument. “It’s easier to imagine a catastrophe than to produce it.” James A. Lewis, a cybersecurity policy expert at the Center for Strategic and International Studies, wrote last month. The California wildfires are a catastrophe and so is covid 19, especially in countries with inadequate responses, Lewis wrote. To achieve mass effect, he argued, either a few central targets — such as an electric grid — need to be hit, or multiple targets would have to be hit simultaneously, which is an operational challenge.

https://www.washingtonpost.com/national-security/cyber-threat-hype-sabotages-policy/2020/09/17/fcaf1ccc-f7bd-11ea-89e3-4b9efa36dc64_story.html

 

Cyber Claim Trends Outlined in Coalition Report

According to the report, after analyzing thousands of reported incidents, it found that “the majority of losses” fell under breach response coverage, cyber extortion costs coverage, and funds transfer fraud coverage. According to the report, “[T]hese three loss types accounted for 87 percent of reported incidents and 84 percent of claims payouts.”

https://www.jdsupra.com/legalnews/cyber-claim-trends-outlined-in-57048/

 

Senators Demand Amazon Stop Spying on Workers

On Wednesday Senators Sherrod Brown and Ron Wyden demanded Amazon stop spying on workers' social media posts, as well as workers who may be trying to unionize. [...] "The magnitude of this surveillance, the lengths to which Amazon went to keep it hidden from your own workers, and its admitted purpose are extremely disturbing and are indicative of just how much of a threat Amazon perceives its own workers to be," the senators wrote in a letter to Amazon CEO Jeff Bezos.

https://www.vice.com/en_us/article/bv8emz/senators-demand-amazon-stop-spying-on-workers-flex-drivers

 

Blackbaud at Fault for Cyber Attack on Nonprofit Data, Suit Says

Blackbaud Inc., a cloud services provider, faces a potential class action for allegedly failing to stop a ransomware attack that exposed nonprofit membership data. [...] The suit shows the legal risks companies face after they disclose cyber attacks. Plaintiffs will need to show harm from the data breach to successfully move the action[.]

https://news.bloomberglaw.com/privacy-and-data-security/blackbaud-at-fault-for-cyber-attack-on-nonprofit-data-suit-says

 

[Podcast] Maintaining a safe vote-by-mail system

Politicians, and many voters, have been fretting over whether large scale voting by mail can be done in a trustworthy manner. Former CISO for the city of Seattle, now with CI Security, Michael Hamilton joined Federal Drive with Tom Temin to debunk the myths surrounding mail-in voter fraud. "But I’ll point out on this cyber side, it would take a lot of resources to really change a vote count, there would need to be a great deal of planning, logistical coordination, and a good deal of funding to go along with.

https://federalnewsnetwork.com/agency-oversight/2020/09/maintaining-a-safe-vote-by-mail-system/

 

This ransomware has borrowed a sneaky trick for delivering malware to its victims

What makes Maze so dangerous is that as well as demanding a six-figure – or higher – sum of bitcoin in exchange for the decryption key, they threaten to publish stolen internal data if their extortion demands aren't met. The group is already skilled at infiltrating the networks of organisations but now they've adopted a new tactic which makes it even harder for victims to detect that there are outsiders on the network by using virtual machines to distribute the ransomware payload.

https://www.zdnet.com/article/this-ransomware-has-borrowed-a-sneaky-trick-for-delivering-malware-to-its-victims/

 

Founder of Anti Cyber Fraud Company Charged With Fraud

The former CEO of a Las Vegas-based anti-cyberfraud company has been charged with defrauding investors of $17 million. According to a complaint filed in federal court today, Adam Rogas, co-founder and former CEO, CFO, and board member of NS8, which bills itself as a “fraud prevention and detection platform,” personally defrauded investors after raising $123 million in a round of financing for the company, using faked financial statements.

https://www.vice.com/en_us/article/3az9dw/founder-of-anti-cyber-fraud-company-charged-with-fraud

 

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


Add this Email to Your Address Book





unsubscribe

Real people hunt for threats, investigate events, and respond with incident action plans.

Contact us Request a demo