Ransomware is becoming more pervasive and sophisticated. Is this the new normal?
The big news this past week was about the many facets of ransomware. The approaches are becoming more sophisticated, and the economic impact is becoming more widespread and deeper. Will this become a new normal for our IT infrastructure?
The technologies used are becoming more sophisticated and complex to deal with:
This is how long hackers will hide in your network before deploying ransomware or being spotted
Iranian hacking group Agrius pretends to encrypt files for a ransom, destroys them instead
Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data
And with it’s broad spread, it’s even used to disguise other malware: This massive phishing campaign delivers password-stealing malware disguised as ransomware
The economic impact is has become substantial:
Ransomware: Dramatic increase in attacks is causing harm on a significant scale
More than 290 enterprises hit by 6 ransomware groups in 2021
Ransomware: Patient data could be 'abused' after health service attack, warns Irish government
The Targets are hitting closer to home:
FBI: Conti Ransomware Gang Behind Ireland Attack Also Hit 16 U.S. Health and Emergency Networks
Ransomware attack on Bose exposes employee SSNs and financial information
Other security and privacy news
There are plenty of other hacks out there,
Microsoft reveals new phishing campaign by SolarWinds hackers
FBI issues warning about Fortinet vulnerabilities after APT group hacks local gov’t office
This is how the Cobalt Strike penetration testing tool is being abused by cybercriminals
Air India passenger data breach reveals SITA hack worse than first thought
Here’s Anker’s apology after 712 Eufy customers had camera feeds exposed to strangers
Many new vulnerabilities were reported as well:
With unusual candidness, Apple exec Craig Federighi calls the state of Mac malware 'not acceptable' To prove the point, Malware was caught using a macOS zero-day to secretly take screenshots which Apple claimed to have fixed. On the other hand, an Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model
Android users are experiencing new exposures as well: These four Android flaws are now under attack warns Google after finding out that Android apps exposed data of millions of users through cloud authentication failures
While it requires that the attacker is within Bluetooth range, this still presents a risk: Bluetooth bugs open the door for attackers to impersonate devices
Combining malware with social engineering, This phishing attack is using a call centre to trick people into installing malware on their Windows PC
New insights shows that even basic memory cannot be secuired: This weird memory chip vulnerability is even worse than we realised
Two new reports show the pervasiveness and the breadth of risk
Verizon details cloud cybercrime roots in data breach report
Not as complex as we thought: Cyberattacks on operational technology are on the rise
Privacy
With Pressure mounting for Congress to pass facial recognition regulations, Amazon extends ban on police using Rekognition facial recognition technology, no end in sight
However, One year after Amazon, Microsoft and IBM ended facial recognition sales to police, smaller players fill void, in particular US towns are buying Chinese surveillance tech tied to Uighur abuses. So it’s good to see that Washington DC dismantles its secretive facial recognition system
Overseas, China says TikTok's creator and LinkedIn are violating data privacy laws and in the UK,
Court finds GCHQ breached citizen's privacy with its bulk surveillance regime In Europe,
Clearview AI hit with sweeping legal complaints over controversial face scraping
If you are concerned about the use of dark patterns, The Dark Patterns Tipline Wants to Hear How Sites Manipulate You
Regulation
After the spectacular Colonial hack, DHS confirms new cybersecurity rules for pipeline companies. However, why should those rules not also be applied to the electrical grid, to the health care systems, and to other fundamental infrastructure systems? Simple finger wagging Biden Administration to Security Companies: Do Better will not be effective. In the UK, to handle supply chain attacks, Supply chain hacking attacks: Government eyes new rules to tighten security
In the US Senate, Mandatory opt-out, data breach notification part of new privacy bill
And in Europe, privacy and antitrust activities are ramping up significantly.
The data US / EU data exchange continues to be challenged, as the European Parliament amps up pressure on EU-US data flows and GDPR enforcement withthe EU privacy watchdog probing the use of AWS and Azure cloud services, and with the Irish data regulator still probing Facebook data transfer policy
Antitrust issues are being raised on several fronts:
European Commission may soon open an antitrust investigation into Facebook
Amazon’s market power to be tested in Germany in push for ‘early action’ over antitrust risks
Google’s data terms are now in Germany’s competition crosshairs
The direction of future regulation is clear: Mass surveillance must have meaningful safeguards, says ECHR and an EU lawmaker calls for stronger privacy rights as part of new tech rules