A quick Saturday digest of cybersecurity news articles from other sources.
Who is Tech Investor John Bernard?
John Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared of murdering his wife on their honeymoon in India.
The Private Office of John Bernard, which advertises itself as a capital investment firm based in Switzerland, has for years been listed on multiple investment sites as the home of a millionaire who made his fortunes in the dot-com boom 20 years ago and who has oodles of cash to invest in tech startups. Read entire article…
CISA and MS-ISAC Release Ransomware Guide
Original release date: September 30, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint Ransomware Guide that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The in-depth guide provides actionable best practices for ransomware prevention as well as a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.
CISA encourages users and administrators to review the Ransomware Guide and CISA’s Ransomware webpage for additional information.
5 more things to know about ransomware – from TechRepublic
Ransomware. You’ve probably heard me talk about ransomware before, and I’m going to talk about it again. It shockingly has not gone away, and there are new things to be aware of. Here are five more things to know about ransomware.
- Your chances of getting hit with ransomware are still high. According to Coalition, one of the largest providers of cyberinsurance in North America, ransomware incidents accounted for 41% of cyberinsurance claims in the first half of 2020.
- Ransomware attacks are coming faster, too. Coalition reports that the frequency of ransomware attacks rose 260% in the first half of 2020.
- Ransomware is getting more expensive. Coalition reports that the average ransom demand increased 47% in the first half of 2020. The Maze Ransomware Group was the highest, with demands six times higher than the average.
- Ransomware attacks are targeting schools. With more students working from home, there’s a larger attack surface to get into networks. The first day of school was canceled in Hartford, CT because of ransomware, and the Newhall School District in California shut down classes September 15 because of a ransomware attack. These incidents aren’t the only ones.
- Plan now. The National Cyber Security Centre says having an incident response plan can reduce the impact if the worst happens. Even if you don’t think you’re at risk, you can end up targeted by accident–a plan can minimize damage.
You know ransomware is a threat, and you also know you need a plan–you don’t need me to tell you that. Maybe share this information with a friend or colleague who isn’t as on the ball as you are.
REvil Ransomware Crew Recruits Affiliates With $1 Million Payout
Ransomware-as-a-Service sellers recruit affiliate attackers with a 70/30% revenue split and experienced support. Read the whole story on Sophos Naked Security.
Windows XP source code allegedly leaked online
Windows XP source code! Who released it and why?
Who’s Behind Monday’s 14-State 911 Outage?
Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft‘s Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen, two companies that together handle 911 calls for a broad swath of the United States. Full story…
Microsoft releases Digital Defense Report detailing increasingly advanced cyberattacks
There’s been a surge in cybersecurity activity as companies continue to operate remotely and cybercriminals look to exploit the ongoing coronavirus pandemic. Digital Defense Report
In addition to attacks becoming more sophisticated, threat actors are showing clear preferences for certain techniques, with notable shifts towards credential harvesting and ransomware, as well as an increasing focus on Internet of Things (IoT) devices. Among the most significant statistics on these trends:
- In 2019, we blocked over 13 billion malicious and suspicious mails, out of which more than 1 billion were URLs set up for the explicit purpose of launching a phishing credential attack.
- Ransomware is the most common reason behind our incident response engagements from October 2019 through July 2020.
- The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware and virtual private network (VPN) exploits.
- IoT threats are constantly expanding and evolving. The first half of 2020 saw an approximate 35% increase in total attack volume compared to the second half of 2019.
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com