Ransomware is becoming more pervasive and sophisticated. Is this the new normal?
The big news this past week was about the many facets of ransomware. The approaches are becoming more sophisticated, and the economic impact is becoming more widespread and deeper. Will this become a new normal for our IT infrastructure?
The technologies used are becoming more sophisticated and complex to deal with:
And with it’s broad spread, it’s even used to disguise other malware: This massive phishing campaign delivers password-stealing malware disguised as ransomware
The economic impact is has become substantial:
The Targets are hitting closer to home:
Other security and privacy news
There are plenty of other hacks out there,
Many new vulnerabilities were reported as well:
With unusual candidness, Apple exec Craig Federighi calls the state of Mac malware 'not acceptable' To prove the point, Malware was caught using a macOS zero-day to secretly take screenshots which Apple claimed to have fixed. On the other hand, an Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model
Android users are experiencing new exposures as well: These four Android flaws are now under attack warns Google after finding out that Android apps exposed data of millions of users through cloud authentication failures
While it requires that the attacker is within Bluetooth range, this still presents a risk: Bluetooth bugs open the door for attackers to impersonate devices
Combining malware with social engineering, This phishing attack is using a call centre to trick people into installing malware on their Windows PC
New insights shows that even basic memory cannot be secuired: This weird memory chip vulnerability is even worse than we realised
Two new reports show the pervasiveness and the breadth of risk
However, One year after Amazon, Microsoft and IBM ended facial recognition sales to police, smaller players fill void, in particular US towns are buying Chinese surveillance tech tied to Uighur abuses. So it’s good to see that Washington DC dismantles its secretive facial recognition system
Overseas, China says TikTok's creator and LinkedIn are violating data privacy laws and in the UK,
If you are concerned about the use of dark patterns, The Dark Patterns Tipline Wants to Hear How Sites Manipulate You
After the spectacular Colonial hack, DHS confirms new cybersecurity rules for pipeline companies. However, why should those rules not also be applied to the electrical grid, to the health care systems, and to other fundamental infrastructure systems? Simple finger wagging Biden Administration to Security Companies: Do Better will not be effective. In the UK, to handle supply chain attacks, Supply chain hacking attacks: Government eyes new rules to tighten security
In the US Senate, Mandatory opt-out, data breach notification part of new privacy bill
And in Europe, privacy and antitrust activities are ramping up significantly.
The data US / EU data exchange continues to be challenged, as the European Parliament amps up pressure on EU-US data flows and GDPR enforcement withthe EU privacy watchdog probing the use of AWS and Azure cloud services, and with the Irish data regulator still probing Facebook data transfer policy
Antitrust issues are being raised on several fronts:
The direction of future regulation is clear: Mass surveillance must have meaningful safeguards, says ECHR and an EU lawmaker calls for stronger privacy rights as part of new tech rules