[r In the News

Security is a shared responsibility between MSSPs and their clients. Yes, the provider was hired to do a job – be it SOC operations, threat intelligence or offensive security – but part of the job is also to consult and communicate with the client to help them gain some degree of cyber self-sufficiency. This discussion will reveal how providers can teach their clients how to develop a secure corporate culture, how to share responsibility and accountability for security matters, and how to broaden their security awareness through partnerships with professional development organizations and information sharing groups.

The shift in the operating model comes as a result of Avast’s release of a decryption tool that allowed a victim of the BianLian ransomware gang to decrypt and recover their files without paying the ransom.

A ransomware(opens in new tab) group known as BianLian has decided to part ways with its encryptor and focus solely on data theft and extortion instead, experts are reporting. A new report from cybersecurity researchers Redacted spotted BianLian attempting to extort businesses for money - without encrypting their endpoints first.

BleepingComputer reports that the BianLian ransomware gang has transitioned to pure data extortion and ditched data encryption efforts in its most recent attacks following the emergence of a free ransomware decryptor in January.

The BianLian gang is ditching the encrypting-files-and-demanding-ransom route and instead is going for full-on extortion.

Financial Scams, Microsoft, BianLian, Leihigh Medical, CISA, Vile, and More on this episode of the Security Weekly News!

A DC health insurance service breach has compromised information of Capitol Hill members and staffers. What could a breach impacting lawmakers mean for the outlook on national cybersecurity?

Google has announced plans to reduce the maximum lifespan of a TLS certificate from the current value of 398 days to only 90 in a move that is going to send shockwaves across several IT industries.

The personal data of millions of Australians may be at risk after cyber criminals stole a reported 1TB of data from Parques Reunidos, a Spanish theme park operator whose multinational portfolio of properties includes Sydney’s popular Raging Waters park.

The ransomware group has already claimed 116 victim organizations so far on its site, and it continues to mature as a thriving cybercriminal business, researchers said.

The Ukraine war has inspired a defensive cyber effort that government officials and technology executives describe as unprecedented.

New York’s Suffolk County began restoring online services and reconnecting its systems to the internet this month, according to CBS News. It comes five months after being taken offline due to a ransomware attack. The time it took to restore services speaks to how prepared both the government and the private sector should be to respond to ransomware attacks, as well as the need to bring tangible consequences to the threat actors who steal critical data.

Tallahassee Hospital in Florida was forced to cancel all non-emergency surgical and outpatient appointments, diverted some EMS patients and began accepting only the most serious trauma patients following a cyber incident. [redacted] VP of Intelligence Adam Flatley tells Jeffrey Burlew at the Tallahassee Democrat that the incident is “definitely following the pattern of what looks like a ransomware attack.”

Adam Flatley, director of threat intelligence at cybersecurity firm Redacted said cyber-threat actors attack healthcare organizations on a regular basis because they know the “emotional impact” will help force an extortion payment.

[redacted] VP of Threat Intelligence Adam Flatley spoke with Sam Sabin of Axios on the recent HIVE ransomware takedown by US-German law enforcement. According to Adam, despite warnings from threat groups, organizations should be urged to contact federal authorities saying, “While many ransomware gangs threaten victims to not call the feds, the Hive operation shows the FBI is capable of discreetly helping victims.”

ChatGPT took the world by storm after OpenAI opened it for testing on Nov. 30, 2022. For an industry calloused by years of largely unsatisfying AI and machine learning “innovations,” the reactions have been quite telling.

Last week, officials announced that US-German law enforcement took down the notorious Hive ransomware gang, thwarting $130 million in demands for payment from more than 1,500 victims around the world, which included hospitals, schools, financial firms and critical infrastructure. [redacted] VP of Intelligence Adam Flatley says to The Record’s Jonathan Greig that the most likely scenario is that the group will suffer a short-term disruption in operations due to the loss of infrastructure, conduct an internal security review to assess damage and update security practices, and then get back to business as soon as possible because there is just too much money to be made in ransomware.

U.K.’s Royal Mail service was hit by an alleged ransomware attack. The organization is now urging customers to refrain from sending packages overseas. [redacted]’s VP of Intelligence Adam Flatley tells InformationWeek’s Carrie Pallardy that “The biggest lesson is that we can’t continue to try to solve the cybersecurity problem with a purely defensive mindset. We need to move forward with an approach that blends together the approaches of preventing what is preventable, responding quickly and effectively to what is not preventable, and actively hunting down malicious cyber actors.

The country of Vanuatu is the latest victim in a string of crippling ransomware attacks on small countries this year. Experts say various motives underlie these incidents but disagree on whether this trend reflects a shift in threat actors away from well-resourced Western nations.

The second meeting of the U.S. Joint Ransomware Task Force held on Wednesday assessed measures and efforts to address the impact and prevalence of ransomware attacks.

A hacking group linked to the Chinese government is alleged to have stolen more than $20 million in COVID relief benefits, including U.S. Small Business Administration loans and unemployment funds in more than a dozen states.

Industry weighs in on proposed rules for how critical infrastructure organizations should report hacks to the government, and state attorneys general reach a settlement with Google over location tracking.

Speedy, practiced response is key to prevent, mitigate and recover from cyberattacks, say federal regulators amid an uptick in ransomware incidents affecting the healthcare industry.

In this episode of Healthcare is Hard, Tim Kosiba, CEO bracket F and former senior government official whose career spans three decades in the Department of Defense, the U.S. Department of the Navy, and the Federal Bureau of Investigation (FBI), shares some of his insider knowledge with Keith Figlioli on topics of growing urgency for everyone in the healthcare industry – from providers, payers and life science companies, to the innovative startups transforming healthcare.

Healthcare organizations should consider how they plan for natural disasters such as hurricanes as they prepare for disruptive cybersecurity events such as ransomware attacks, says Paige Peterson Sconzo, director of healthcare services at security firm Redacted Inc.

BianLian is a relatively new threat actor that targets a wide range of industries. As they are likely financially motivated, they will continue their efforts to exploit systems and networks they gain access to.

Patient care continues to be disrupted at the U.S.’s fourth-largest hospital system as its response to a cyber incident enters a second week.

A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since. [redacted] responds.

Cyber defense training for businesses is evolving to create immersive scenarios putting board members and C-level executives in the crosshairs of simulated attacks. Researchers at cybersecurity firm Redacted said in a report Thursday that the BianLian ransomware gang tripled its known operational infrastructure in August, indicating that more attacks from the gang could be coming soon.

The threat actors behind the BianLian Ransomware are rapidly expanding infrastructure, and it has been observed targeting manufacturing organizations.

Newly identified ransomware group BianLian has bolstered its command-and-control infrastructure, indicating increasing activity, The Hacker News reports. Fifteen organizations have already been impacted by BianLian ransomware since its emergence in mid-July, according to a report from cybersecurity firm [redacted].

A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since. [redacted] responds.

BianLian, written within the Go programming language, was first found in mid-July 2022 and has claimed 15 sufferer organizations as of September 1, cybersecurity agency [redacted] stated in a report shared with The Hacker News.

The operators of the emerging cross-platform ransomware BianLian increased their command and control infrastructure this month, indicating an acceleration in their operational pace.

The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group’s operational tempo.

Federal authorities are sounding the alarm for the healthcare industry over Russian cybercrime gang Evil Corp, warning that the group has a wide set of highly capable tools at its disposal for taking healthcare data hostage.

Whether a business uses technology to manage operations, builds tech tools for other businesses or consumers, or both, it faces the risk of a cybersecurity breach on a daily basis. A successful hack can potentially expose a company’s sensitive data, damage its reputation or even shut down its operations altogether. A top priority for any company working with technology and data must be a robust incident response plan.

The Department of Justice is investigating a data breach of U.S. court records dating back to 2020, raising concerns that federal investigations could be compromised.

Ukraine claims to have taken down a massive Russian bot farm. Were Russian cyber operations premature? Adam Flatley from [redacted] with a look back at NotPetya.

The US authorities have managed to return half a million dollars to several corporate victims, including healthcare providers forced to pay up after being infected by a new ransomware strain. Tim Kosiba, [redacted] bracket f CEO, urges healthcare providers to stay alert.

Companies should be wise to assume that a second Cold War is upon us and that they—depending on their company’s size, industry and partnerships—are among the prime targets.

Redacted gains CEO who has threat response, phishing cyberattack prevention and SOAR expertise from Mandiant, Cofense and Swimlane.

The FBI has identified a state-sponsored ransomware campaign targeting critical services in the US and has warned organizations to be prepared. Adam Flatley, director of Threat Intelligence at [redacted], responds.

[TIDE] is a binary analysis platform built by security practitioners for security practitioners. As an integrated piece of [redacted]’s cloud-native platform, [RIP//TIDE], which scales delivery of its layered defense services, [TIDE] automates the technical analysis of all files and immediately shares results with clients. By now opening the platform for public access, [redacted] is creating a modular ecosystem that greatly expands the volume of binary files available to search and explore.

It is with excitement and gratitude that IST announces new funding support and acknowledges the key financial supporters of the Ransomware Task Force at the beginning of its second year.

“[redacted] (the company’s actual name is [redacted], Inc.), a cyber defense company, has just appointed a former Deputy Director of the National Security Agency to the company’s board. William Crowell has been active in the field of public and private information security for decades”

Companies hit by hackers typically limit themselves to playing defense to comply with a federal law against invading someone’s computer. But some specialist cybersecurity firms say they can pursue criminals without launching their own attacks. Most cybercrimes in the U.S. fall under the Computer Fraud and Abuse Act, a 1986 law that prohibits unauthorized access of computer systems. The law effectively places offensive cybersecurity actions solely in the hands of the federal government.

Twitch is breached. A newly discovered Iranian threat group is described. A Chinese cyberespionage campaign in India proceeds by phishing. SafeMoon alt-coin is trendy phishbait in criminal circles. As the US prepares to convene an anti-ransomware conference, Russian gangs show no signs of slacking off. Betsy Carmelite from BAH on AI/ ML in cyber defensive operations. Our guest is Adam Flatley of [redacted] with recommendations from the Ransomware Task Force. And observations on what counts as compromising material.

Ransomware extracted $18 billion in payments last year, and it’s expected there will be an attack every 11 seconds by this year’s end, a problem that some security experts and academic researchers say is exacerbated by the system meant to protect against cybercrime: the insurance industry. Organizations with cyberinsurance are more than twice as likely to pay ransoms as those without, according to a global survey commissioned by U.K.-based cybersecurity and software firm Sophos of 1,823 companies, governments, health systems,…

Organizations with cyberinsurance are more than twice as likely to pay ransoms as those without, according to a global survey commissioned by U.K.-based cybersecurity and software firm Sophos of 1,823 companies, governments, health systems, and other organizations that had been hit by ransomware. This is one of the first times such data have been gathered that show the extent of the relationship between cyberinsurance and ransomware payments. Critics say that relationship helps fuel a ransomware economy that the federal government estimates causes $445 billion in damages to the global economy every year.

If your data center’s ransomware recovery plan is to pay off the hackers with cryptocurrency, it’s time to rethink your strategy as regulators crack down. Today, every data center manager should be aware of the dangers of ransomware and have a disaster recovery plan that doesn’t involve paying hackers’ ransomware demands.

The US Treasury has added a Russian cryptocurrency exchange to its sanctions list after claiming the firm helped facilitate ransomware payments for countless groups. SUEX is incorporated in the Czech Republic but reportedly operates out of Russia. The Treasury estimated that 40% of its transaction history is associated with “illicit actors.”

Infamous ransomware gang REvil has returned to the dark web, the shady corner of the internet reachable with special software, after disappearing in July amid pressure from the U.S. government on Russia to act on ransomware groups operating in the country. REvil, also known as Sodinokibi, was before its disappearance a prolific ransomware group linked to dozens of attacks. Its most high-profile attack before going dark involved targeting companies using information technology management software from Kaseya Ltd.

Nations have to stop sheltering bad actors in order to stop them, expert says. TechRepublic’s Karen Roby spoke with Adam Flatley, director of threat intelligence for [redacted], a cybersecurity company, about the future of cybersecurity. The following is an edited transcript of their conversation.

Paying ransom should be your last resort, cybersecurity expert says Some organizations can get by without paying in a ransomware attack, but others really have no choice, he says.

Tonya Hall talks to Adam Flatley, director of threat intelligence at Redacted Inc.,about what has been missing in anti-ransomware plans.

Tonya Hall interviews Adam Flatley, director of threat intelligence at Redacted Inc., about the options businesses have when facing a ransomware attack

Three federal agencies released a 31-page Joint Cybersecurity Advisory Monday that describes 50 tactics, techniques and procedures that Chinese state-sponsored cyberattackers are using to target organizations in the U.S. and allied nations. The Chinese attack techniques outlined in the report include exploiting well-known vulnerabilities in widely used applications, such as Pulse Secure, Apache, F5 Big-IP and Microsoft products.

The State Department announced a $10 million reward for any information about hackers working for foreign governments. The measure is aimed squarely at those participating in “malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act.” Officials said in a release that this included ransomware attacks targeting “critical infrastructure.”

Yesterday’s noisy raid of the Clop ransomware gang in Ukraine was a major win according to most experts throughout the cybersecurity community, who said the moment marks a shift in the international war on ransomware. The raid, according to Ukrainian reports translated by eSpire analysts, included the arrests of six people in Kiev, the seizure of $185,000 in cash, a Tesla, a Mercedes and their computer equipment. Those arrested face up to eight years in prison, the records s

President Biden and his team have warned the Putin administration of 16 critical infrastructure entities that are off-limits for threat actors operating from Russia. The news came as the two leaders sat down in Geneva for a summit which Biden said was designed to ensure a “stable and predictable” relationship between countries following the turmoil of the Trump years.

Former Facebook CSO, NSA and CIA Operatives Team Up to Level the Playing Field for Organizations against Attackers

Today a startup called [redacted] is coming out of stealth with a different approach to tackling malicious activity — it applies threat intelligence, and then proactively goes after the hackers to recover data loss and disrupt their activities

San Francisco-based cybersecurity provider [redacted] officially emerged from stealth with a $35 million Series B to help small and medium-sized businesses be more secure.