Latest

Anti-Money Laundering (AML)

Treasury Dept. to Crypto Companies: Comply with Sanctions

Dan Gunderman  •  October 16, 2021

The U.S. Department of the Treasury unveiled additional steps to curb the illicit use of cryptocurrencies on Friday, warning enterprises not to engage with sanctioned entities exploiting the financial system - particularly to launder ransomware proceeds.

►

3rd Party Risk Management

ISMG Editors' Panel: Are Our Systems Too Complex to Secure?

Anna Delaney  •  October 15, 2021

In this update, four editors discuss key cybersecurity issues, including addressing the complexity of security, the rising number of victims targeted by double extortion ransomware and the Information Commissioner's Office's recent consultation on creating an international data transfer agreement.

3rd Party Risk Management

To Repel Supply Chain Attacks, Better Incentives Needed

Mathew J. Schwartz  •  October 14, 2021

The breach of text message routing giant Syniverse revealed yet another supply chain attack involving a key supplier, exacerbated by outdated communications protocols desperately in need of a security revamp and better incentives for improvement, says mobile telephony security expert Karsten Nohl.

3rd Party Risk Management

US Convenes Global Ransomware Summit Without Russia

Dan Gunderman  •  October 13, 2021

The White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations. This gathering aims to elevate both law enforcement collaboration and diplomatic efforts. Noticeably absent from the summit: Russia.

Anti-Money Laundering (AML)

3 Men Charged by US DOJ With Laundering BEC Proceeds

Mihir Bagwe  •  October 13, 2021

The U.S. Attorney's Office for the Eastern District of Virginia last week indicted three men - including an ex-employee of Bank of America and TD Bank - with money laundering and aggravated identity theft after the men allegedly conducted an extensive business email compromise scheme.

Cybercrime

Ransomware: No Decline in Victims Posted to Data Leak Sites

Mathew J. Schwartz  •  October 12, 2021

One measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators' dedicated data leak sites, as part of their so-called double extortion tactics. Unfortunately, the number of victims doesn't appear to be declining.

Blockchain & Cryptocurrency

Democratic Lawmakers Urge Agencies to Act on Ransomware

Dan Gunderman  •  October 11, 2021

A congressional letter sent to the heads of four federal agencies expressed an urgent need for the Biden administration to continue combating ransomware. This includes a particular focus on the cryptocurrency infrastructure that is enabling these cyberattacks, four Democratic lawmakers say.

CISO Trainings

Analyzing the Results of the 2021 Cybersecurity Complexity Study, EU & UK

Information Security Media Group  •  October 8, 2021

In this exclusive interview, Martin Cook, Senior Solutions Engineer with ReliaQuest, discusses how to reduce complexity, increase visibility and tap into new resources to enhance your own abilities to detect, investigate and respond to attacks.

►

Application Security

ISMG Editors’ Panel: First Fatality Linked to Ransomware?

Anna Delaney  •  October 8, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of product security, the impact of ransomware on healthcare sector entities during the pandemic and thinking about cybersecurity awareness creatively.

3rd Party Risk Management

Finding New Ways to Disrupt Ransomware Operations

Anna Delaney  •  October 8, 2021

The latest edition of the ISMG Security Report features an analysis of the arrest of two suspects tied to a major ransomware group in Ukraine. Also featured: Introducing "The Ransomware Files" and defining the next-gen CISO.

Blockchain & Cryptocurrency

US DOJ to Fine Contractors for Failure to Report Incidents

Dan Gunderman  •  October 7, 2021

The U.S. Department of Justice said this week it will pursue government contractors that fail to report cybersecurity incidents. The department also announced the formation of a Cryptocurrency Enforcement Team to prosecute the misuse of virtual currencies.

Cybercrime

HHS Warns Healthcare Sector About LockBit 2.0 Threats

Marianne Kolbasuk McGee  •  October 7, 2021

Federal regulators are warning healthcare and public health sector organizations of potential attacks by the ransomware group LockBit 2.0 and its affiliates. The group claimed credit for the August attack on consultancy firm Accenture. What preventative steps should healthcare sector entities take?