New Healthcare Email Attack Trends Research Reveals Critical Condition Year Over Year

Posted in Commentary with tags on October 8, 2024 by itnerd

Abnormal Security has published its latest research about the year-over-year uptick in email threats targeting the healthcare industry. The study analyzed emails between August 2023 and August 2024, finding that vendor email compromise (VEC) attacks consistently trended upward, with a 60% increase, and the number of phishing attacks on healthcare organizations increased by 37%.

Mike Britton, CISO of Abnormal Security, can discuss healthcare industry attack trends, including: 

  • What makes healthcare an appealing target for cybercrime?
  • Why do VEC and phishing attacks targeting the healthcare industry continue to grow?
  • How do we protect health organizations from sophisticated email attacks?

You can read the blog post here.

Leave a comment »

Rembrand Redefines Video Editing Landscape with Integration of Major Video Editing Platforms into Rembrand AI Studio

Posted in Commentary with tags on October 8, 2024 by itnerd

Rembrand, a leader in cutting-edge Spatially-Aware AI™ technology for content creation, monetization, and advertising, is proud to announce the launch of groundbreaking integrations for its Rembrand AI Studio. These innovations offer seamless support for the industry’s top video editing platforms, revolutionizing how the video industry leverages In-Scene Media for more immersive and impactful content.  As a result of these integrations, content creators are able to control and manage monetization of their own video content without interruptive forms of advertising. 

Traditionally, content is king, but there’s a “tax” on video content for outdated forms of interruptive advertising. Streamers lose their audience because of linear ad interruptions. Streamers and Creators are forced to either monetize with downstream tools, or use manual product placement that doesn’t scale. Rembrand is different. This release brings monetization upstream and puts it in the hands of the creators and owners.  Using Regenerative Fusion AI™ and Spatially-Aware AI™, Rembrand can automatically embed monetization directly inside the content creation stack, scaling infinitely and immediately. As a result, Creators and Owners have more control and higher margins. This milestone marks a significant stride towards making high-impact, In-Scene Media accessible to the video content production industry.

By bridging the gap between Rembrand’s cutting-edge AI capabilities and the diverse array of video editing platforms prevalent in the industry, these integrations also remove barriers to entry and amplify creative possibilities. Creators can seamlessly import their footage into Rembrand AI Studio and export it, along with their In-Scene Media assets, to Adobe Premiere Pro, Final Cut Pro, DaVinci Resolve, Sony Vegas, CapCut, and numerous other popular editing platforms.

This suite of integrations gives creators a more scalable way to monetize their video content like never before and with more control. With Rembrand’s platform now seamlessly interoperable across editing software, creators can now effortlessly incorporate 3-dimensional objects, animated characters, and holograms into their videos with a few simple clicks. This newfound flexibility promises to revolutionize the way brands engage with their audiences, offering unparalleled opportunities for storytelling and brand immersion.

Join Rembrand in redefining the future of video editing and advertising. Experience the power of seamless integration with the top video editing platforms and unlock a world of creative possibilities with Rembrand AI Studio.

For more information about Rembrand and the new AI Studio integrations, visit www.Rembrand.com.

Leave a comment »

White House Official Calls For Insurance Companies To Stop Covering Ransomware Payments 

Posted in Commentary with tags on October 7, 2024 by itnerd

This past Friday, Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies, wrote an opinion piece for the Financial Times warning that ransomware was “wreaking havoc around the world,” and insurance companies must stop issuing policies that incentivize extortion payments in ransomware attacks.

The initial call for the practice to end was made at the end of the 4th annual International Counter Ransomware Initiative summit in the US last week, where the 68 members discussed tackling the problem.

“Some insurance company policies — for example covering reimbursement of ransomware payments — incentivize payment of ransoms that fuel cyber crime ecosystems. This is a troubling practice that must end,” Neuberger wrote.

The insurance industry could play a “constructive role” by “requiring and verifying implementation of effective cyber security measures as a condition of underwriting its policies, akin to the way fire alarm systems are required for home insurance,” Neuberger continued. 

Attempts to engage with the insurance industry have not yet delivered any promises or formal agreements.

Earlier this year, the UK’s NCSC announced that it would agree on guidance that expressed a joint view of how businesses should handle ransomware attacks. Furthermore, during the CRI summit, just 39 members and 8 insurance industry bodies from around the world endorsed a similar guidance encouraging “organizations to carefully consider their options instead of rushing to make payments.”

Despite the availability of other guidance on best practices in ransomware responses, attacks targeting victims in the UK and the US have roughly doubled over the past two years.

Steve Hahn, EVP Sales US, BullWall:

  “The global ransomware market has seen a 200% increase in successful cyber attacks in the last two years. They know global ransomware payments exceeded a billion dollars for the first time last year. This increase in money for the criminals gives them all the incentive they need to continue innovating their attack techniques. It’s clear many companies are seeing these events as inevitable, which is true, but relying on insurance to pay their way out of it. Unfortunately, even if they pay the ransom, their infrastructure was down for days or weeks and they are unlikely to recover more than 78% of their data even if they pay the ransom. 

United Healthcare paid at least $22 million in ransom payments, but that didn’t stop billions of dollars of downstream economic loss, including multiple healthcare companies that were forced out of business because of this event. Paying the ransom increases activity, increases funding, and throws gasoline on what is already a raging fire. Yes, these events are inevitable, but companies must focus on containing these events quickly, segmenting their environments, limiting the blast radius, and focusing on how to recover quickly from immutable backups. These strategies will ensure a quick recovery from the inevitable without lining the bloated coffers of the criminal underground.”

Ted Miracco, CEO, Approov:

  “Paying ransoms only fuels the ransomware economy, emboldening attackers, and encouraging future attacks. Businesses must focus on bolstering their fundamental cybersecurity practices— not adding more insurance coverage, as insurance is a reactive measure and often only provides temporary relief, while the underlying vulnerabilities remain unaddressed. Insurers should play a constructive role by mandating stricter cybersecurity practices as a prerequisite for coverage, much like requiring fire alarms in homes. This would help elevate overall security standards and reduce the attractiveness of ransomware as a profitable venture.”

I’ve said it before and I will say it again. These sorts of attacks are out of control. Everyone needs to do better when it comes to responding to attacks. And that includes not paying the ransom. Ever.

Leave a comment »

Truth Social Is A Target Rich Environment For Scammers…. Why Am I Not Surprised?

Posted in Commentary with tags on October 7, 2024 by itnerd

I have to admit that what I read in this Gizmodo story wasn’t on my BINGO card for today. But here I am talking about it. Though perhaps I shouldn’t be shocked by this.

Gizmodo submitted a Freedom of Information Act (FOIA) request with the FTC for consumer complaints about Truth Social filed in the past two years. The complaints to the federal agency include some stories from people who’ve been banned from the site (unjustly, they claim) and others who say they got signed up for mailing lists they never wanted to be on in the first place. But the complaints about scams are the most shocking, if only because there are such large sums of money involved. And we’re publishing a sample of the full, unedited complaints below.

One person who says they lost $170,000 explained they were initially scammed on a different site but met someone on Truth Social who claimed they could help get their money back. That turned out to be a scam as well. But more often, the victims are first contacted on Truth Social before being told to take the conversation somewhere else, like WhatsApp. Truth Social seems to be a target-rich environment for people who are easy to con.

Another thing that sticks out about the complaints filed with the FTC is that they seem to involve plenty of elderly fans of Donald Trump. One 72-year-old man who reported chatting with a “beautiful” woman on the site was scammed out of $21,000. His complaint ends with, “I haven’t told my wife about this blunder. She still doesn’t know about it.” Another person in their 60s said they lost $500,000 to scammers on Truth Social and seemed to think there might be a way they could get their money back, telling the FTC, “After I pay this they promise there will be no more fees and I will receive my assets.”

I encourage you to read the scams that are listed in this article. Now some of this is the stuff that I see when I get called in to help with the aftermath of someone being scammed. But the dollar amounts that are being highlighted here are mind blowing. The most expensive scam that was successful that I’ve come across was about $4000 CDN. The biggest dollar amount that a threat actor tried to get from a client of mine was about $50000 CDN. This article has examples well north of $100000 USD which is insane.

So you might be wondering, what is Truth Social doing to stop this. Here’s what they said:

Gizmodo tried to contact representatives from Truth Social on Thursday, but after sending an email to the address listed for media organizations on the social media platform’s website, it bounced back as undeliverable. After finally getting a hold of someone at something called the MZ Group, which works for Trump Media & Technology Group, the owner of Truth Social, the representative said they have “a robust team that actively searches for scams and bots on the platform and bans them as soon as they’re found.” Follow-up questions did not receive a response.

I think that this translates to they’re doing nothing substantial to stop scams on the platform. But I might be reading that wrong. But what this shows is that Truth Social is a target rich environment for threat actors who can scam with impunity. And that’s not surprising because this was a site that was literally thrown together quickly to give Donald Trump someplace to share his thoughts after he got kicked off Twitter, Facebook and other forms of social media after the January 6th insurrection. It wasn’t designed to stop this sort of thing from happening. Nor do I believe that Truth Social has the will to stop this sort of thing from happening. Now combine that with the sort of person who goes to Truth Social who are far more likely to fall for this sort of stuff and you get this situation. For those two reasons, I believe that you fully expect more people to be scammed on Truth Social for a whole lot of money, and little if anything done by Truth Social to stop it.

Leave a comment »

Action1 Now Available For macOS With First 100 Endpoints Free Forever

Posted in Commentary with tags on October 7, 2024 by itnerd

Action1, a provider of an integrated real-time vulnerability discovery and automated patch management solution, today announced its latest product release. As part of its platform enhancements, Action1 has introduced a new agent for macOS, enabling organizations with diverse IT environments to ensure unified, cross-platform patching automation and integrated software vulnerability management. 

As the world’s #1 easiest-to-use patch management solution, according to G2, Action1 is committed to transforming and simplifying the patching routine for organizations of all sizes. Now becoming cross-platform, Action1 is revolutionizing macOS patching while consolidating multiple patch management approaches for different platforms.

The newly incorporated macOS support feature helps IT teams streamline vulnerability discovery, prioritization, and remediation for both operating systems and applications across their entire fleet. In addition, it offers extended endpoint management capabilities such as software deployment, scripting, and IT asset inventory for macOS devices. Action1 is available at no cost for the first 100 endpoints, without any functional limits for both macOS and Windows — and never expires.

According to the Action1 Software Vulnerability Ratings Report 2024, macOS experienced a 30% increase in exploited vulnerabilities in 2023, making it increasingly susceptible to attacks targeting known vulnerabilities. 

In addition, Action1’s latest release includes multiple enhancements to boost the product’s functionality, security, and usability, including: 

  • Addressing NVD Vulnerability Backlog. Action1 can now detect software vulnerabilities for applications listed in its Software Repository beyond the National Vulnerability Database (NVD) data, providing crucial visibility and automated remediation amid the NVD’s update delays.
  • Software Installation Customization. This enhancement allows customization of built-in and custom software packages without cloning, available for the entire enterprise, per organization, or per endpoint, to ensure continuous patch compliance while preserving future automatic updates.
  • Real-Time Endpoint Attribute Reporting. Action1’s reporting capabilities are now improved by adding endpoint attributes, including username, comment, OS types, IP address, and more, as selectable columns in custom reports.
  • Expanded API. Action1 implements new capabilities and integration options, with code samples, supporting advanced custom integrations to address complex, enterprise-level needs. 
  • Multiple Usability Enhancements. The release introduces several UI improvements, including moving endpoints between groups, reworked endpoint organization controls, and many more – all designed to further simplify the already easiest-to-use patch management solution. 

To learn more about Action1’s latest release, visit www.action1.com

Leave a comment »

23andMe Is Screwed… What Happens To Customer Data?

Posted in Commentary with tags on October 6, 2024 by itnerd

It’s pretty clear based on this that 23andMe is screwed. But the part that should terrify any customer of this DNA testing service is what happens to that data when the company finally dies. That’s a real concern as according to this NPR report:

Anya Prince, a law professor at the University of Iowa’s College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist.

For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm.

“HIPAA does not protect data that’s held by direct-to-consumer companies like 23andMe,” she said.

Although DNA data has no federal safeguards, some states, like California and Florida, do give consumers rights over their genetic information.

“If customers are really worried, they could ask for their samples to be withdrawn from these databases under those laws,” said Prince.

That’s a bit troubling. Fortunately, there’s something that 23andMe customers can do about it. Close their account ASAPunt:

23andMe has a page with instructions on how users can request an account closure. But in your 23andMe account, navigate to Settings, scroll down to the 23andMe Data section at the bottom, and click View on the right. Enter your birthday and then scroll to the bottom of the next page and click Permanently Delete Data.

Once you submit your request, 23andMe will email you to confirm it. Doing so will prompt the company to discard a customer’s genetic testing samples and prevent the company from using their data for future research projects. It could take up to 30 days to go into effect, though.

There is a catch though:

Although customers can request the company to delete their data, 23andMe won’t necessarily erase all your information. The company has been telling users who request an account deletion: “23andMe and the contracted genotyping laboratory will retain your Genetic Information, date of birth, and sex as required for compliance with legal obligations, pursuant to the federal Clinical Laboratory Improvement Amendments of 1988 and California laboratory regulations.”

And that is going to be a worry for any 23andMe customer. Especially since any bankruptcy proceeding or sale of the company likely would involve selling that data as part of the assets of the company. But at least requesting that your account be closed is something.

Bottom line. This is a cautionary tale that illustrates that these sorts of companies operate in a “grey area” and more regulation is required to govern how companies like this operate.

Leave a comment »

Review: Twelve South MagicBridge Extended

Posted in Products with tags on October 5, 2024 by itnerd

I’ve been working on upgrading my desk setup and I’ll be doing a story on that shortly. But in the meantime, I’ve been looking for a way to better use the Apple Magic Keyboard and Magic Trackpad that I’ve recently acquired. The main issue that I’ve had is that one or the other would move. Thus I couldn’t use muscle memory to control and type on my Mac. Thus figuring that I wasn’t the only person with this issue, I did some hunting around and came across the Twelve South Magic Bridge Extended.

The MagicBridge Extended is a plastic tray that fits the MagicKeyboard that I have along with the Magic Trackpad. The grey section is where the keyboard goes if you’re right handed. Or you can move it to the left to set it up the other way around.

The bottom has holes that allow you to push out the keyboard and trackpad should you need to.

This is the end result with the keyboard on the left, and my Snapping everything in is simple because TwelveSouth put out this video that shows you how to set things up:

I had no issues setting things up after I watched this video and it only took a couple of minutes.

The back of the MagicBridge Extended has holes that not only allow Bluetooth signals through, but also give you access to the on/off switch as well as the Lightning port for charging.

So I have used this setup for a couple of days. And once I found a position where I could type and use the Magic Trackpad without it feeling weird, I found that it worked quite well. By “weird” I mean that you have centre the keyboard part of this setup so that typing feels normal. That puts the trackpad out to the right in my case as I am right handed. I can see how that might be an issue for some. And for those who have a bit of OCD about centring everything on your desk, that might be a bit of an issue too. Since the keyboard and trackpad are one piece, I can use it on my lap if I so choose. It also allows me to move the keyboard and trackpad out of the way quickly if I need the surface of the desk for something else. But the main goal was to keep the keyboard and the trackpad in a consistent place where muscle memory would allow me to be productive as nothing was moving about. And it succeeds on that front. Overall, I like the setup.

The MagicBridge Extended is $50 USD directly from Twelve South. But if you have the Magic Keyboard without the number pad, they have a version for that use case as well which is simply called the MagicBridge. If you own a Magic Keyboard and Magic Trackpad and you want to make them even more useful, The MagicBridge Extended or MagicBridge is absolutely worth looking at.

1 Comment »

Travelers Canada Risk Index Features Cyber Threats as the Top Business Concern

Posted in Commentary with tags on October 4, 2024 by itnerd

The Travelers Companies, Inc. today announced the results of the 2024 Travelers Canada Risk Index, showing cyber threats as the leading concern among business leaders for the second consecutive year. The survey, which was first published in 2023, asks business decision-makers from small- and medium-sized Canadian companies across various industries about the issues that worry them most.

Nearly two-thirds (65 per cent) of respondents said they worry somewhat or a great deal about cyber risks – an increase from 61 per cent last year. Cyber concerns were followed this year by broad economic uncertainty (62 per cent), the impact of the global economy on their companies (58 per cent), financial issues (57 per cent) and supply chain risks (56 per cent).

Cyber Coverage

Two-thirds (66 per cent) reported their companies have purchased cyber insurance, a decrease from 72 per cent a year earlier. Among those who said that their companies did not purchase a cyber policy, 32 per cent indicated it was due to the cost of coverage, and 29 per cent said it was because their companies already have adequate protection in place.

Cyber Incidents

Nearly three in 10 respondents (29 per cent) said their companies or organizations have experienced a cybersecurity event. Medium-sized businesses (36 per cent) were more likely to have suffered a cyber incident than small businesses (20 per cent).

Nearly one in five (19 per cent) admitted their companies experienced a cyber event but did not report it, due largely to fear of damaging their brand or compromising intellectual property.

The most common type of incident was a security breach (36 per cent), where someone gained unauthorized access into a company’s computer system.

Top Cyber Concerns

Eighty-four per cent of respondents agreed having proper cyber controls in place is critical to their companies’ well-being.

The top cyber-specific concern was an unauthorized user gaining access to company banking accounts or financial control systems – up from sixth just one year ago – with 60 per cent of respondents citing it as a worry. Additional cyber concerns included:

  • The potential for compromise, theft or loss of control of customer or client records (59 per cent).
  • A security breach where an unauthorized user gains access to computer systems (59 per cent).
  • A system glitch or error causing computers to go down (58 per cent).

For more information about cyber insurance coverage options with Travelers Canada, click here.

About the Survey

Hart Research conducted a national online survey of 1,000 Canadian business decision-makers August 7-19, 2024, regarding their top challenges. The Travelers Canada Risk Index survey was commissioned by Travelers.

Leave a comment »

70 Countries Attend Counter Ransomware Initiative And Release Response guidance

Posted in Commentary with tags on October 4, 2024 by itnerd

This week, cybersecurity experts from almost 70 countries are attending the fourth annual International Counter Ransomware Initiative meeting at the White House, and yesterday, the UK and Singapore released a voluntary guidance document designed to help victims respond to ransomware attacks and minimize the impact.

Under the new voluntary ransomware guidance, victims are encouraged to:

  1. Report attacks on a more timely basis to law enforcement agencies
  2. Record incident response decisions and data captured for post-incident reviews
  3. Involve more advisers such as cyber insurance carriers and other outside firms that can assist 
  4. Consider if the decision to pay the ransom “is likely to change the outcome”
  5. Review local regulatory requirements for compliance

“External experts such as insurers, national technical authorities, law enforcement or cyber incident response companies familiar with ransomware incidents can improve the quality of decision-making,” according to the new guidance. 

During the event, the participants tackled several initiatives including:

  • The completion of a project on secure software and labeling principles
  • The launch of a member portal by Australia for information sharing 
  • A new U.S. government fund to strengthen members’ cybersecurity capabilities

Morten Gammelgaard, EMEA, co-founder, BullWall had this comment:

  “The International Counter Ransomware Initiative is important, and the steps taken are crucial for improving the worlds collective response against ransomware. The new initiatives coming from the meet, together with new regulatory requirement for better Ransomware resilience will help to drive the fight against Ransomware.

  “However, Ransomware continues to successfully bring down organizations at pace. The world is experiencing a level of disruption and business risk from Ransomware never seen before, and the overall loss from ransomware is at an all-time high for the last 4 years. Some companies fare better than others when attacked and are therefore able to recover faster with less cost. Often, these are the companies that invest in being resilient. Ransomware resilience is directly related to:

  1. The strength of the backup systems and are they available after the attack. Often the organizations that fare well have multiple different options in use such as Cloud back up and Tape backup.
  2. How many files are encrypted during the attack. The less files encrypted the quicker the restoration and recovery time, which means, if the attack can be contained quickly, a organization can recover quickly 

   “Too few organizations test run restoring millions of files and therefore they don’t realize the time and costs associated with the process until it is too late. As a result, they often encounter very high recovery costs when attacked successfully. Companies must adopt an “Assume Breach” posture as all attack can no longer be prevented.

Here’s the thing. Making sure that your organization is in a place where you never have to pay the threat actor is not just good for you. It’s good for all of us as crime shouldn’t pay. I encourage organizations big and small to look at this document and follow it. And if that’s not enough, there’s a broader document which you can read here which gives additional guidance that is useful.

Leave a comment »

Wayne County Pwned In A Ransomware Attack

Posted in Commentary with tags on October 4, 2024 by itnerd

According to local media, Wayne County government has been dealing with a ransomware cyber attack that has taken many services offline since yesterday.

“The county information technology team is aware of a cyber incident targeting some internal systems. We are currently investigating the scope of the incident with our cybersecurity partners which include the FBI and Michigan State Police,” county spokesman Doda Lulgjuraj said.

The full scope of the cyberattack is not fully understood, but for example, at the Sheriff’s Office, jail inmates could not be bonded out as the servers were comprised, and defense attorneys said they couldn’t schedule visits with their clients following the hack.

The Register of Deeds Office closed due to the hack so residents weren’t able to record real estate sales or obtain property records. Furthermore, the Treasurer’s Office reported that tax payments could not be collected online and needed to be made in person.

It is not clear who is behind the attack, but a source says the hacker has made a ransom demand.

Steve Hahn, Executive VP, BullWall:

  “In the last two years Cities and States have moved up as one of the top targets of Ransomware gangs. Most of these gangs are Russian based and as such they view their attacks as a financial element but also as vehicles to disrupt essential services, seed chaos, exacerbate inflation and cause maximum loss of life. When cities, states or counties are hit, essential services like 911 are often impacted and often times, like as was the case for the City of Oakland, they will need to declare a state of emergency. The threat actor also knows that these government bodies do not have the people, staff or tools to stop their attacks. With enough patience and focus, they can take down cities and state services all across the US. Hundreds have been hit in the last two years alone.

  “As we head into the holiday season, threat actors will increase attacks dramatically. A vast majority of attacks take place during off hours and holidays so IT staffs have less ability to respond. We expect to see an unprecedented level of attacks as conflicts continue to rise and tensions with Russia continue to increase.

  “Too often Cities and States think they can prevent these attacks just with traditional security tools like gateways, firewalls and Endpoint Security. The reality is a determined threat actor with patience will find the crack that gets them in. This is why we’ve seen a 200% increase in successful ransomware attacks in the last two years and also why cities and states need to adopt an “when not if” strategy to these events and understand how to contain and recover from them quickly to minimize disruption.”

The phrase “stop the madness” comes to mind as it is madness that we keep having situations like these when organizations should be taking precautions to not get pwned. This honestly needs to end as the continued rampage of threat actors pwning all the things is not something that we can allow to become part of our everyday lives.

Leave a comment »

« Older Entries
Newer Entries »