Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
Cyber espionage campaigns against the mining industry are largely geared towards ensuring interest groups have access to the latest technical knowledge and intelligence so they can maintain competitive advantage and thrive in the global commodities market.
Staple product offerings like online banking Trojans and tutorials for aspiring cybercriminals are still being peddled in the Brazilian underground market. While old crimeware remain the same, we observed that these young and brazen cybercriminals have switched communication platforms.
Ransomware behavior has been the talk of the town. We have seen oddly long ransom payment deadlines, password stealing capabilities, chat support and all these are just incidents discovered this June. But among these, we came across a unique behavior in MIRCOP crypto-ransomware that places the blame on users and does not give victims instructions on how to pay the ransom.
Apart from understanding the ransomware tactics and techniques beyond encryption, it is equally important to understand how they arrive in the environment. Our recent analysis reveals that majority of ransomware families can be stopped at the exposure layer—web and email.
Every year, our Chief Technology Officer (CTO), Raimund Genes sits down with our researchers and experts around the world and develops his predictions for the coming year. And this year, we decided to ask people how prepared they were to meet this year’s predictions.
Two days after reporting that 655,000 healthcare records were found for sale on the dark web, the site DeepDotWeb said today that another insurance database with at least 9.3 million patient records is being shopped around by an anonymous hacker.
Some cybersecurity experts are skeptical of new Senate legislation to address concerns that hackers are looking to ramp up attacks against the U.S. energy infrastructure. “This is a shortsighted bill that misses the bigger picture,” says one cybersecurity expert.
In April, Circle Sport-Leavine Family Racing fell victim to an online data attack, with three of the company’s computers infected by TeslaCrypt ransomware. In the case of CSLFR, the data taken hostage contained detailed setup information and notes from crew chief Dave Winston, car part lists, and custom high-profile simulation set-ups valued at $2 million.
A British teenager has admitted taking part in cyber-attacks against Florida’s SeaWorld theme park and Devon and Cornwall Police. Specifically, he admitted to three counts of launching denial of service attacks, contrary to Section 3 of the Computer Misuse Act. The third victim was a Japanese town that hosts an annual dolphin hunt, the Plymouth Herald reported.
Pentagon leaders are still working to determine when, exactly, a cyberattack against the United States would constitute an act of war, and when, exactly, the Defense Department would respond to a cyberattack on civilian infrastructure, a senior Defense Department official told lawmakers on Wednesday.
On Monday, Hard Rock Hotel & Casino in Las Vegas disclosed data breach, after malware was discovered on their card processing system. This is the second time the casino has had to report such an incident. In a statement, Hard Rock said that on May 13, the resort started an investigation after receiving reports of fraudulent activity on cards used at their Las Vegas location.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.