It Doesn't Pay to Pay: Study Finds Eighty Percent of Ransomware Victims Attacked Again
It doesn't pay to pay. This advice on ransomware payment is often given, but rarely enumerated. Now it has been. A new study finds that 80% of companies that paid a ransom were hit a second time, with 40% paying again. Seventy percent of these paid a higher amount the second time round. These figures come from an April 2022 Cybereason study that queried 1,456 cybersecurity professionals from organizations with 700 or more employees. READ MORE...
Experts, NSA cyber director say ransomware could threaten campaigns in 2022
With the 2022 election season around the corner, campaigns of all sizes need to be prepared for a widened set of potential cybersecurity risks, experts and a top intelligence official said."The worry in all of election security is trust and confidence - that we've delivered a safe and secure election," National Security Agency cyber director Rob Joyce told CyberScoop at a media roundtable at the 2022 RSA Conference on Wednesday. READ MORE...
Massive Facebook Messenger phishing operation generates millions
Researchers have uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements. The campaign operators used these stolen accounts to send further phishing messages to their friends, generating significant revenue via online advertising commissions. READ MORE...
The most common exploit paths enterprises leave open for attackers
Exposed version control repositories, leaked secrets in public code repositories, a subdomain vulnerable to takeover, exposed Amazon S3 buckets, and Microsoft Exchange Server servers vulnerable to CVE-2021-42321 exploitation are the most common exploit paths medium to large enterprises left open for attackers in Q1 2022, according to Mandiant. The firm has based the list on the most common issues discovered by continuously scanning the external attack surface of its customers from January 1, 2022 to March 31, 2022. READ MORE...
Chinese hacking group Aoqin Dragon quietly spied orgs for a decade
A previously unknown Chinese-speaking threat actor has been discovered by threat analysts SentinelLabs who were able to link it to malicious activity going as far back as 2013. Named Aoqin Dragon, the hacking group is focused on cyber-espionage, targeting government, education, and telecommunication organizations based in Singapore, Hong Kong, Vietnam, Cambodia, and Australia. READ MORE...
Supply chain attacks will get worse: Microsoft Security Response Center boss
Major supply-chain attacks of recent years - we're talking about SolarWinds, Kaseya and Log4j to name a few - are "just the tip of the iceberg at this point," according to Aanchal Gupta, who leads Microsoft's Security Response Center. "All of those have been big," she said, in an interview with The Register at RSA Conference. "But I feel they will continue and there will be more. And there's a reason I think that." READ MORE...
Healthcare is most likely to pay the ransom
Sophos has published a sectoral survey report which reveals a 94% increase in ransomware attacks on the organizations surveyed in the healthcare sector. In 2021, 66% of healthcare organizations were hit, 34% were hit the previous year. The silver lining, however, is that healthcare organizations are getting better at dealing with the aftermath of ransomware attacks, according to the survey data. READ MORE...
- ...in 1915, Lester Polsfuss AKA Les Paul, the pioneering guitarist and engineer who designed one of the earliest solid-body electric guitars, is born in Waukesha, WI.
- ...in 1934, Donald Duck makes his onscreen debut in the Disney short "The Wise Little Hen".
- ...in 1964, the Central Intelligence Agency (CIA) submits a memo that effectively challenges the "domino theory" backbone of the Johnson administration policies
- ...in 1973, Secretariat wins the coveted Triple Crown.
