Mac McMillan, co-founder and CEO emeritus, CynergisTek

Why Healthcare Needs to Shift Its Cybersecurity Focus

Marianne Kolbasuk McGee • September 16, 2019

Despite progress in improving cybersecurity, the healthcare sector still needs to change its focus from compliance to risk, says Mac McMillan, co-founder and CEO emeritus of security consulting firm CynergisTek.

Cybercrime

Health Data Breach Tally Spikes; AMCA Breach Reports Added

Latest

Anti-Money Laundering (AML)

Report: Encrypted Smartphone Takedown Outed Canadian Mole

Mathew J. Schwartz • September 17, 2019

The Canadian government has arrested a senior intelligence official on charges of working as a mole. He was reportedly unmasked after investigators found someone had pitched stolen secrets to the CEO of Phantom Secure, a secure smartphone service marketed to criminals that authorities shuttered last year.

Cybercrime as-a-service

US Sanctions 3 North Korean Hacking Groups

Jeremy Kirk • September 16, 2019

As part of the U.S. government's continuing efforts to highlight the North Korean government's cyberattacks, the U.S. Treasury Department has sanctioned three alleged North Korean hacking groups that have been blamed for the WannaCry ransomware, online bank heists and destructive malware attacks.

Governance

Life After Snowden: US Still Lacks Whistleblowing Rules

Mathew J. Schwartz • September 16, 2019

Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.

Cybercrime

Credit Card Theft Ringleader Pleads Guilty

Scott Ferguson • September 13, 2019

One of the three Ukrainian men charged with leading the notorious Fin7 hacking group, which prosecutors say stole 15 million payment cards, has pleaded guilty to two federal charges.

Fraud Management & Cybercrime

Ransomware Gangs Practice Customer Relationship Management

Mathew J. Schwartz • September 13, 2019

Ransomware-wielding attackers treat infecting endpoints as a business and put customer relationship management principles to work, says Bill Siegel, CEO of ransomware incident response firm Coveware. He notes criminals "go after the low-hanging fruit because it's cheap and the conversion rate is high."

Governance

Tips on Countering Insider Threat Risks

Jeremy Kirk • September 13, 2019

Insider threats are difficult to counter. What happens when an employee goes rogue, and how do you catch them? Charles Carmakal of Mandiant, who says his firm is dealing with more insider threat investigations, shares tips for better defenses.

Account Takeover

Analysis: The Impact of Business Email Compromise Attacks

Nick Holland • September 13, 2019

This week's ISMG Security Report analyzes the cost of business email compromise attacks and the recent arrest of dozens of suspects. Also featured: updates on the easy availability of low-cost hacking tools and the latest payment card fraud trends.

Cybercrime

Attacks Targeting IoT Devices and Windows SMB Surge

Mathew J. Schwartz • September 12, 2019

Two years after WannaCry wreaked havoc via flaws in SMB_v1 and three years after Mirai infected internet of things devices en masse via default credentials, attackers are increasingly targeting the same flaws, security experts warn.

Cybercrime

Iranian Hacking Group Continues Targeting Universities

Scott Ferguson • September 12, 2019

"Cobalt Dickens," a threat group with suspected ties to Iran, is continuing its attempts to steal intellectual property from schools and universities, according to an analysis by SecureWorks. The group's work continues even though several alleged members have been indicted by the Justice Department.

Governance

Microsoft Patches 2 Windows Flaws Already Being Exploited

Scott Ferguson • September 11, 2019

As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild. Security experts are urging IT teams to quickly patch these flaws.

Account Takeover

Business Email Compromise Crackdown: 281 Suspects Busted

Jeremy Kirk • September 11, 2019

A global law enforcement operation has resulted in the arrest of 281 suspects allegedly involved in business email compromise scams. The announcement comes on the same day as the FBI's Internet Crime Complaint Center says that losses from BEC scams have hit $26 billion and are continuing to rise.

Cyberwarfare / Nation-State Attacks

US Government Ban on Kaspersky Formalized

Scott Ferguson • September 10, 2019

A final rule published in the Federal Register Tuesday officially bans U.S. government agencies and their contractors from buying or supporting Kaspersky security products.