The U.S. needs to devise ways to counter Chinese cyber activity - including the theft of intellectual property and cyberattacks on government networks and critical infrastructure - that poses a direct threat to national security, according to those who testified at a Senate hearing this week.
The new BlackMatter ransomware operation claimed to have incorporated "the best features of DarkSide, REvil and LockBit." Now, a security expert who obtained a BlackMatter decryptor reports that code similarities suggest "that we are dealing with a Darkside rebrand here."
Nearly three weeks ago, Iran's state railway company was hit with a cyberattack that was disruptive and - somewhat unusually - also playful. Security firm SentinelOne says analyzing the wiper malware involved offers tantalizing clues about the attackers' skills, but no clear attribution.
The latest edition of the ISMG Security Report features an analysis of the disappearance of ransomware-as-a-service groups, such as REvil and Darkside, and how that impacts the wider cybercrime ecosystem. Also featured: ransomware recovery tips; regulating cyber surveillance tools.
The lack of adequate security features in critical electric grid equipment that's made in other nations poses a serious U.S. cybersecurity threat, federal officials said this week. Supply chain attacks could take down the grid and result in a lengthy recovery period, they told Congress.
President Joe Biden signed an executive national security memorandum on Wednesday calling for the development of new critical infrastructure cybersecurity standards for various industries. CISA and NIST will develop the standards, and compliance will be voluntary - at least initially.
A new ransomware group called BlackMatter has debuted, claiming to offer the best features of REvil and DarkSide - both apparently defunct - as well as LockBit. A new attack using REvil's code has also been spotted, but a security expert says it's likely the work of a former affiliate.
At a Senate hearing on pipeline cybersecurity, leaders from several federal agencies briefed lawmakers on the roles regulators can play in the aftermath of the Colonial Pipeline attack. Lawmakers urged the agencies to "flatten the bureaucracy" to improve relationships with companies that support pipelines.
As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery.
The U.S. Transportation Security Administration issued a directive Tuesday requiring owners and operators of oil and natural gas pipelines to implement several cybersecurity controls. Earlier, the TSA had issued new incident reporting requirements for these companies.
The Department of Commerce is restricting trade with four Russian IT and cybersecurity firms, along with two other entities, over concerns that these organizations pose a threat to U.S. national security.
A greater level of cooperation is needed between the DOD and DHS to ensure that U.S. critical infrastructure is protected against various cyberthreats, according to an inspector general's report. The SolarWinds attack showed the need for more coordination between the two departments.
This edition of the ISMG Security Report features an analysis of comments from the former head of Britain's GCHQ intelligence agency, Robert Hannigan, on the changing nature of ransomware attacks. Also featured: Disrupting the ransomware-as-a-service business model; supply chain security management tips.
The world is now focused on ransomware, perhaps more so than any previous cybersecurity threat in history. But if the viability of ransomware as a criminal business model should decline, expect those attackers to quickly embrace something else, such as illicitly mining for cryptocurrency.