• Martin Kienzle

Ransomware is becoming more pervasive and sophisticated. Is this the new normal?

The big news this past week was about the many facets of ransomware. The approaches are becoming more sophisticated, and the economic impact is becoming more widespread and deeper. Will this become a new normal for our IT infrastructure?


The technologies used are becoming more sophisticated and complex to deal with:

And with it’s broad spread, it’s even used to disguise other malware: This massive phishing campaign delivers password-stealing malware disguised as ransomware


The economic impact is has become substantial:


The Targets are hitting closer to home:


Other security and privacy news

There are plenty of other hacks out there,


Many new vulnerabilities were reported as well:



Two new reports show the pervasiveness and the breadth of risk

Privacy


With Pressure mounting for Congress to pass facial recognition regulations, Amazon extends ban on police using Rekognition facial recognition technology, no end in sight

However, One year after Amazon, Microsoft and IBM ended facial recognition sales to police, smaller players fill void, in particular US towns are buying Chinese surveillance tech tied to Uighur abuses. So it’s good to see that Washington DC dismantles its secretive facial recognition system

Overseas, China says TikTok's creator and LinkedIn are violating data privacy laws and in the UK,

Court finds GCHQ breached citizen's privacy with its bulk surveillance regime In Europe,

Clearview AI hit with sweeping legal complaints over controversial face scraping


If you are concerned about the use of dark patterns, The Dark Patterns Tipline Wants to Hear How Sites Manipulate You


Regulation


After the spectacular Colonial hack, DHS confirms new cybersecurity rules for pipeline companies. However, why should those rules not also be applied to the electrical grid, to the health care systems, and to other fundamental infrastructure systems? Simple finger wagging Biden Administration to Security Companies: Do Better will not be effective. In the UK, to handle supply chain attacks, Supply chain hacking attacks: Government eyes new rules to tighten security

In the US Senate, Mandatory opt-out, data breach notification part of new privacy bill

And in Europe, privacy and antitrust activities are ramping up significantly.


The data US / EU data exchange continues to be challenged, as the European Parliament amps up pressure on EU-US data flows and GDPR enforcement withthe EU privacy watchdog probing the use of AWS and Azure cloud services, and with the Irish data regulator still probing Facebook data transfer policy


Antitrust issues are being raised on several fronts:


The direction of future regulation is clear: Mass surveillance must have meaningful safeguards, says ECHR and an EU lawmaker calls for stronger privacy rights as part of new tech rules