Podcasts about notpetya

Hacks used to be impressive, utilizing bits and pieces of technology that made us sit up and pay attention. Nowadays, every scam, breach, or sketchy text message gets labelled a "hack" when it's really just basic use of existing technology, or an outright scam. Let's take a closer look at how the meaning of “hack” has changed, from the complex brilliance of NotPetya in 2017, to today's flood of scams powered by stolen data and AI fakery. It's the end of the Age of the Great Hack, and the rise of the Age of Many Scams.Resources:Healthcare Data Breach StatisticsBeing Infected by NotPetya: What Maersk learnedNotPetya: A Columbia University Case StudySend us a textDigital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods.Listen on: Apple Podcasts SpotifySupport the showJoin our Patreon to listen ad-free!

The 2017 NotPetya cyberattack remains one of the most devastating and costly breaches in history, inflicting over $1.4 billion in damages on pharmaceutical giant Merck. What made this attack especially alarming was its simplicity: a single overprivileged service account became the key that unlocked chaos across Merck's global network. In episode 74 of the Hybrid Identity Protection Podcast, host Sean Deuby sits down with Lance Peterman, CIDPRO, who was on the front lines during the breach. Lance shares a rare, firsthand account of how the attack unfolded, the critical identity vulnerabilities that were exploited, and the long road to recovery.

In diesem Deep Dive analysieren wir die Operationen des russischen APT Akteurs Sandworm/APT44 von ihren ersten Angriffen bis zu den jüngsten Entwicklungen. Wir untersuchen, wie Sandworm Russlands geopolitische Agenda durch gezielte Angriffe auf ukrainische Stromnetze, globale Lieferketten wie bei NotPetya und mobile Kriegsführung mit Infamous Chisel vorantreibt. Wir zeigen die Vielfalt ihrer Methoden - von Propaganda über Sabotage bis hin zur Unterstützung des Angriffskriegs Russland in der Ukraine - und beleuchten die Reaktionen von NATO, EU und Technologieunternehmen. Ein nüchterner Blick auf Cyber als Werkzeug hybrider Kriegsführung, die Bedrohungen für Länder wie die baltischen Staaten oder Moldawien und die ungewisse Zukunft digitaler Konflikte.Quellen:(1) https://en.wikipedia.org/wiki/Sandworm_(hacker_group)(2) https://adarma.com/blog/sandworm/(3) https://attack.mitre.org/groups/G0034/(4) https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/(5) https://www.ncsc.gov.uk/news/new-sandworm-malware-cyclops-blink-replaces-vpnfilter(6) https://www.aljazeera.com/news/2020/10/19/six-russian-military-officers-accused-of-widespread-hacking(7) https://industrialcyber.co/critical-infrastructure/ukrainian-cert-details-malicious-plan-by-sandworm-group-to-disrupt-critical-infrastructure-facilities/(8) https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html(9) https://nsarchive.gwu.edu/media/32139/ocr(10) https://de.wikipedia.org/wiki/Sandworm(11) https://www.microsoft.com/en-us/security/blog/2022/04/27/ukraine-war-update-microsofts-hunt-for-threats-to-ukrainian-networks/(12) https://www.wired.com/story/sandworm-russian-hackers-indictment/(13) https://www.wired.com/story/sandworm-hackers-indicted-olympics-notpetya/(14) https://www.justice.gov/opa/press-release/file/1328521/download(15) https://www.state.gov/rewards-for-justice-russian-military-intelligence-officers-wanted/(16) https://www.gov.uk/government/news/uk-sanctions-russian-cyber-criminals-from-gru-sandworm(17) https://www.bellingcat.com/news/uk-and-europe/2020/10/19/inside-the-grus-cyberwarfare-unit/(18) https://www.spiegel.de/netzwelt/netzpolitik/sandworm-russische-cybertruppe-als-gefahr-fuer-europa-a-00000000-0002-0001-0000-000169773292(19) https://www.washingtonpost.com/national-security/2022/03/10/russia-ukraine-cyberattacks/(20) https://www.cisa.gov/news-events/alerts/2022/03/15/cisa-advisory-russian-state-sponsored-cyber-actors-targeting-us-cleared-defense(21) https://www.cert.gov.ua/article/37638(22) https://www.mandiant.com/resources/blog/apt44-unearthing-sandworm(23) https://services.google.com/fh/files/misc/apt44-unearthing-sandworm.pdf(24) https://industrialcyber.co/ransomware/mandiant-exposes-apt44-russias-sandworm-cyber-sabotage-unit-targeting-global-critical-infrastructure/(25) https://duo.com/decipher/a-decade-of-sandworm-digging-into-apt44-s-past-and-future(26) https://adarma.com/blog/sandworm/(27) https://www.hhs.gov/sites/default/files/seashell-blizzard-threat-actor-profile-tlpclear.pdf(28) https://greydynamics.com/the-apt44-sandworm-a-threat-assessment/(29) https://blog.eclecticiq.com/sandworm-apt-targets-ukrainian-users-with-trojanized-microsoft-kms-activation-tools-in-cyber-espionage-campaigns(30) https://www.conquer-your-risk.com/2024/04/19/apt44-russias-forefront-in-cyber-warfare-and-espionage-report/(31) https://www.lemonde.fr/en/pixels/article/2024/04/17/how-sandworm-russia-s-elite-hackers-attacked-a-small-mill-instead-of-dam-they-targetted_6668731_13.html

The purpose of Russian hacking and their concept of cyber war is conceptually and practically different from Western strategies.  This talk will focus on understanding why Russia uses cyber tools to further strategic interests, how they do it (by examining the 2016 interference in the U.S. presidential election and the NotPetya cases), and who does it. About the speaker: Dr. Richard Love is currently a professor at NDU's College of Information and Cyberspace and recently served as a professor of strategic studies at U.S. Army War College's (USAWC) School of Strategic Landpower and as assistant director of the Peacekeeping and Stability Operations Institute from 2016-2021. From 2002 to 2016, Dr. Love served as a professor and senior research fellow at NDU's Institute for National Strategic Studies / WMD Center.  He is an adjunct professor teaching law, international relations, and public policy at Catholic University and has taught law and policy courses at Georgetown, the Army Command and General Staff College, the Marshall Center, and the Naval Academy, among others.  He holds a Ph.D. in International Relations and Security Studies from the University of New South Wales in Australia (2017), an LLM from American University School of Law (2002), and a Juris Doctor in Corporate and Security Law from George Mason University School of Law. His graduate studies in East-West relations were conducted at the Jagellonian University in Krakow, Poland, and the University of Munich, in Germany.  His undergraduate degree is from the University of Virginia.

In this episode of Reimagining Cyber, we set sail into the world of maritime cybersecurity with one of the foremost experts in the field, Dr. Gary Kessler. From GPS spoofing to autonomous vessels, Gary breaks down the evolving threats facing modern ships and ports as they become increasingly digitized and connected. With over 50 years of experience in cybersecurity and a lifelong connection to the water, Gary shares how his career merged passion and profession, leading to groundbreaking research in AIS spoofing and maritime threat mitigation.We explore the real-world cyber risks impacting global logistics, including the infamous 2017 NotPetya attack on Maersk, the rise of ghost and dark fleets, and how pirates are using hacked logistics systems to target high-value cargo. Gary also explains why the term “cybersecurity” may miss the mark—and why protecting the information itself is what really matters.Plus, hear about the upcoming Maritime Hacking Village at DEFCON and how you can get involved. If you're curious about the cyber threats lurking beyond the horizon, this episode is your compass.Links:Maritime Cybersecurity: A Guide for Leaders and ManagersMaritime Hacking VillageFollow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

Podcast: Bites & Bytes PodcastEpisode: Securing Food Systems with a Defense Mindset with Brian SchleiferPub date: 2025-04-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarization

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Shadowserver Foundation Alliance Director Tod Eberle about cybersecurity. Tod tells how his background as a prosecutor led to his interest in cybersecurity, how he encountered the non-profit Shadowserver Foundation, and how he left the public sector to work with them. He explains how Shadowserver provides actionable data to alert network owners and law enforcement of network vulnerabilities that need to be mitigated. He discusses trends in malware attacks, especially in ransomware. He shares his thoughts on ransomware threats of 2025 and the years to come. He provides tips on preparing your network against ransomware.   Listen to how you can harden your organization's network against malware attacks. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:33] About this episode. We will discuss cybersecurity with Tod Eberle, the Alliance Director of the Shadowserver Foundation. [:55] RIMS-CRMP Workshops! On February 19th and 20th, there will be a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:18] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:34] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:58] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:20] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:31] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:49] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! Our guest Tod Eberle is the Alliance Director of the Shadowserver Foundation, a non-profit security organization working altruistically behind the scenes to make the internet more secure for everyone. [3:15] Tod Eberle is with us to discuss the cybersecurity trends on his risk radar and the threats he wants risk professionals to be aware of as 2025 kicks into high gear. Shadowserver Alliance Director, Tod Eberle, welcome to RIMScast! [3:41] Justin saw that Shadowserver Foundation was promoted by the National Cybersecurity Alliance and he thought it would be great to have a follow-up on his appearance there. [3:54] Tod says the National Cybersecurity Alliance is a great organization. After working together with them for a year, they invited Tod to do a webinar. It was a great experience. [4:28] Tod's background is as a career prosecutor, starting as a county prosecutor in Western Pennsylvania in 1997. In 2004, Tod became a Federal Prosecutor in Pittsburgh for the U.S. Department of Justice. [5:00] In 2014, He transitioned over to the National Security and Cybercrime section in Pittsburgh. Pittsburgh was at the forefront of cyber investigations by both the U.S. Attorney's Office and the FBI. Tod wanted to be a part of that. [5:34] The Pittsburgh office has run investigations and issued indictments against Chinese Military Intelligence officers and Russian GRU officers for hacking. In 2014, Pittsburgh had the first criminal indictment of nation-state threat actors. [6:00] In that case, Chinese Military Intelligence PLA officers hacked into Pittsburgh companies Westinghouse, ALCOA, U.S. Steel, and United Steel Workers. Some forward-thinking folks at the FBI and the U.S. Attorney's Office, particularly U.S. Attorney David Hickton, focused on cyber. [6:29] That continued over the years until the present. [6:46] To begin an investigation, the FBI and U.S. Attorney's Office in Pittsburgh, need to have some aspect of an organization's criminal activity touch that district, the Western District of Pennsylvania. A national ransomware case with one victim in Pittsburgh can be investigated. [7:16] In the investigation of Russian GRU actors responsible for the destructive NotPetya malware attack, a district hospital's network was attacked and destroyed. They expanded the investigation and charging documents to include other attacks around the country. [7:58] In 2015 Tod was a prosecutor working with the FBI on an investigation. He was at Europol at the Hague in the Netherlands, a center that brings together investigators and prosecutors from different countries who investigate the same threat group through Europol and Eurojust. [8:33] Tod met the Shadowserver Foundation non-profit group at the Hague in 2015. They were helping, through free technical support to the takedown operation, to dismantle the infrastructure of a crime group, using sinkholing and other security measures. [9:08] Tod Joined the Shadowserver Foundation in January of 2023. He is the Shadowserver Alliance Director. As a small non-profit, everyone wears many hats. The Shadowserver Foundation is a 501(c)(3) in the U.S. and a separate non-profit legal entity in the Netherlands. [9:47] The Shadowserver Foundation started about 2004. It celebrated its 20th anniversary in 2024. It began as a loose group of volunteers made up of cybersecurity researchers and technical experts who came together to help network owners and law enforcement. [10:15] Over the years they became more structured and became a non-profit organization. It's an unusual non-profit organization working 100% in operations. It works in three core areas. First, it's the world's largest provider of free, actionable cyber threat intelligence. [10:45] Second, the Shadowserver Foundation does cybersecurity capacity-building around the world. Third, it also provides free support to law enforcement investigations and disruption operations with technical support and expertise. Those three things are its core mission. [11:07] Justin notes commonalities between RIMS cyber risk reporting and the Shadowserver Foundation's work. Shadowserver collects a vast amount of threat data daily. What are the patterns it sees for 2025? [11:29] Shadowserver Foundation can help organizations mitigate risks. It collects cyber threat data at its data center in California through internet-wide scanning, honeypot sensors, sinkholing operations, and collecting and analyzing malware samples. [11:57] Every day for free the Shadowserver Foundation takes that data and provides it to over 9,000 organizations around the world and to 201 National C-CERTs that cover about 176 countries. [12:13] These reports identify exposed, misconfigured, vulnerable, compromised instances or devices on networks that need patching. [12:25] The organizations that get Shadowserver's data can be anything from banks to hospitals, universities, K-12 school districts, ISPs, local, state, and federal governments, small, medium, and large businesses, Fortune 500s, and NGOs; just about anyone can sign up. [12:46] The idea behind this is that cyber security should be available to everyone, regardless of the ability to pay. Organizations can sign up at the Shadowserver Foundation website, and provide their contact information and network information with IP ranges and ASNs. [13:12] The Shadowserver Foundation does its due diligence and if everything checks out, it automates those reports to go out to the organization daily. About 9,000 organizations sign up directly to receive daily reports. [13:22] The Shadowserver Foundation also sends out data for entire countries to the national C-CERT designated to handle that in those countries. In the U.S., CISA gets hundreds of millions of events from them every day for all the U.S. It is the same around the world. [13:52] Tod says that some things never change. Networks are breached primarily through phishing attacks, malicious links or attachments, and social engineering. [14:09] One trend is a focus on vulnerabilities. Criminals exploit vulnerabilities in the network that aren't timely patched and before they are patched. Shadowserver gives organizations an external snapshot view of their networks just as criminals are scanning for themselves. [14:52] Cybercriminal groups increasingly leverage zero-day vulnerabilities to breach a network. A zero-day vulnerability is a flaw in software or hardware that's unknown to the vendor and has no patch. The vendor has had zero days to fix the vulnerability after it has been discovered. [15:16] That was the case with the Clop ransomware gang. In 2024, they started exploiting zero-day vulnerabilities in Fortra's GoAnywhere software. That continued in May, with them exploiting Progress Software's MOVEit file transfer application. [15:38] Very recently, in December, the Clop Ransomware group claimed responsibility for using a zero-day vulnerability in Clio's file transfer platform that breached victims' networks. [15:49] Cyber criminals extort victims and steal data with ransomware attacks. Risk managers in cybersecurity need to stay on top of critical vulnerabilities that often go unpatched. Those are often the easiest gateway into a network. [16:26] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:38] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:54] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:06] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:17] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [17:35] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [17:58] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [18:08] Let's Return to the Conclusion of My Interview with Tod Eberle of Shadowserver! [18:49] Justin notes that In December of 2024, China attackers breached the Committee on Foreign Investment in the U.S. That is the government office that assesses foreign investments for national security risks. [18:58] China also targeted the Treasury's Sanctions Office after it sanctioned a Chinese company for its alleged role in cyberattacks. [19:14] Tod thinks we should acknowledge that this is nothing new and nothing we should be surprised about. It's been going on for many years and it's going to continue. Justin was in the Federal government in 2013 and 2014. [19:32] In 2015, it was announced that the U.S. Office of Personnel Management had been breached. Personal sensitive data for 42 million people were stolen. [19:44] In May 2014, five Chinese military officers were indicted for computer hacking and economic espionage against companies based in Pittsburgh. This is nothing out of the ordinary. Unfortunately, indictments don't seem to have a deterrent effect. [20:21] Countries can deny the charges of hacking even with strong evidence of their involvement. [20:37] There are different types of hacking, with different types of motivation. There is traditional espionage against U.S. government agencies. There is theft of intellectual property with nation-states trying to gain a commercial advantage in business. [21:23] There are destructive hacks by nation-state actors, like the NotPetya attack, or attacks on the Ukrainian power grid and banking systems in 2015 and 2016. [21:36] The Volt Typhoon threat actor group and its access to the U.S. critical infrastructure is one of the greatest national security concerns because of its potential to disrupt everything from water to power, to food, to transportation. [22:10] The ripple effect that can come from those disruptions would be enormous. The Colonial Pipeline ransomware attack of a few years ago affected fuel supplies, commerce, and the prices of goods. [22:31] Nation-state hacking is no longer just a concern for government agencies and companies that do business internationally, but it's now a concern for all of society. There's the potential to affect the daily lives of innocent civilians through attacks on critical infrastructure. [23:16] Tod mentions another 2014 indictment out of Pittsburgh, on the GameOver Zeus Botnet takedown. Part of that was a crypto locker ransomware disruption. This was in the infancy of ransomware, for $300 ransoms. Now ransom demands are in the tens of millions of dollars. [23:53] We have seen a huge evolution in ransomware. It's not going away. One thing we're seeing is bypassing data encryption and focusing on data theft. It's easier and less time-consuming for the threat actors because they don't have to map out the network. [24:41] If a victim company had good backups and easy restoration, that was an issue ransomware actors had to deal with, so why would the threat actors bother with that? They just focus on easy data theft and extortion of ransom for the data. [25:04] Tod thinks we will continue to see extortion. Ransomware continues to be the greatest concern for companies. The use of AI has been increasing both for defenders and attackers.  [25:14] A new ransomware group, FunkSec, is claiming large numbers of victims of extortion, encryption, and data theft. They seem to have ransom demands of less than $10,000. They have sold stolen data. Researchers think this is a less experienced group using AI to write code. [27:22] Shadowserver's very talented team collects the data. It's free. They want to get it into the hands of those who can use it. The reports identify things that are seen to be misconfigured or unnecessarily exposed to the internet. Sometimes they can show if something is compromised. [28:12] Shadowserver designates the events by severity level so the end user can prioritize their patching and address first the ones that are most critical and severe. The reports act both as an early warning system and a victim notification system if a device is seen to be compromised. [28:59] The network owner needs to remediate that and patch it before further exploitation like a ransomware attack can occur. [29:07] Shadowserver has two ways to detect that a device is compromised. The first is if they have indicators that tell them a device on the network is compromised. The second is with their support for law enforcement, law enforcement may share sensitive data with Shadowserve. [29:32] When law enforcement does a takedown and they get victim identification data like IP addresses, they must do victim notification. Law enforcement isn't scaled to do victim notification for hundreds of thousands of users. Shadowserver helps them with notifications. [30:48] Shadowserver is very careful to share data responsibly. Company A will get the data they have for Company A and it won't be shared with Company B and vice versa. Shadowserver views the data as belonging to that network owner. [31:08] If a company authorizes Shadowserver and wants them to share their data with a third party, Shadowserver will happily do it. There are several companies with MSSPs to manage their security. If the company asks, Shadowserver will send the data to their MSSP. [31:43] As a small, non-profit organization, not everyone has heard of the Shadowserver Foundation. They want people to know they have this data and they want to share it. It could be relevant for cyber insurance companies' due diligence, with the insurance applicant's consent. [32:20] It's important because those reports can show whether a network has remained healthy and secure over time. Tod would love to see Shadowserver be able to help more in the risk mitigation areas. [32:56] Special thanks again to Shadowserver Foundation's Tod Eberle for joining us here on RIMScast! Check out this episode's show notes for links to the Shadowserver reports we mentioned. [33:07] Be sure to tune in next week for Data Privacy Day! We've got a special episode with James Burd, Chief Privacy Officer of the Cybersecurity and Infrastructure Security Agency (CISA). That's going to be a good one! [33:22] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [33:50] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [34:07] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [34:25] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.  [34:41] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [34:55] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [35:03] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4‒7 | Register today! RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy Shadowserver Foundation National Cybersecurity Alliance RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule   Related RIMScast Episodes: “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024)   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail' | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Tod Eberle, Shadowserver Foundation   Production and engineering provided by Podfly.  

This episode of the Lloyd's List Podcast was brought to you by Veson. Visit veson.com/decision-advantage for more information. Ten years or so ago, when the University of Plymouth ran their first cybersecurity symposium, the number attendees barely made double figures. This week, held in the main hall of the International Maritime Organization on London's Albert Embankment, the same event attracted more than 300, from shipping companies in almost every sector. Clearly, the topic has gained attention and traction, partly down to the repeated warnings of horror stories the industry continues to receive, right the way up to hackers being able to remotely control very large crude carriers. There have been several high-profile cyber incidents in shipping since the devastating NotPetya attack which cost Maersk more than $250m in 2017. The Port of Seattle, the Port of Lisbon and class society DNV can all count themselves of cyber attacks in the last two years. But the apocalyptic vision that has been painted for the industry time and time again hasn't materialised yet. So, how worried should we really be about cybersecurity in shipping? Joining Joshua on the podcast this week are: Kevin Jones, professor of computer science and director of the Maritime Cyber Threats Research Group, University of Plymouth Daniel Ng, chief executive of Cyberowl Svante Einarsson, head of cybersecurity maritime for EMEA and APAC, DNV Knut Ørbeck-Nilssen, maritime chief executive, DNV

In this month's “News From The Fintech Front" host Elizabeth Kleinveld discusses recent fintech developments with guests Bruno Diniz and Ritesh Jain. They explore major fintech news, focusing on topics like the expansion of payment company Adyen into India, investments by Japan's Credit Saison in Latin American startups, and HSBC's involvement in open property data for smoother home buying in the UK. They also delve into Brazil's innovative financial infrastructure, including PIX, open finance, and the central bank's efforts in AI and data science. Furthermore, they discuss challenges in retail CBDC adoption and MasterCard's partnerships aimed at expanding fintech opportunities in Africa and the Middle East. Throughout the conversation, the importance of financial literacy versus financial inclusion is emphasized, alongside concerns about AI biases in financial systems. ‌ Bruno Diniz https://www.linkedin.com/in/brunoevdiniz Managing Partner, Spiralem Innovation Consulting / Professor on Financial Innovation, University of Sao Paulo (USP) Regarded as one of the top fintech influencers in LATAM, Mr. Diniz is also an international speaker, and bestselling author of three books on financial innovation: The Fintech Phonomenon, The New Financial Logic, and The Age of Crypto-Economy. ‌ Dr. Ritesh Jain - Founder, Infynithttps://www.linkedin.com/in/drriteshjain/ Known for his work in payments innovation, open banking, and digital public infrastructure. He has held key roles at HSBC, VISA, Apple, and Maersk, where he developed the Apple Pay tokenization stack and led major transformations.Dr. Jain advises global payment programs like UPI, FedNow, and PIX, and is a recognized expert in financial inclusion. He is the first to earn a PhD in Open Banking and played a crucial role in Maersk's recovery from the NotPetya ransomware attack. He is also a trusted advisor to G20 and GPFI, an active fintech investor, and a sought-after speaker at global conferences.

On July 19, the CrowdStrike outage was all over the news. But what was it really about, and what does it have to do with all of us? While the outage was repaired quickly, the fact that it affected so many systems we depend on is a wakeup call reminiscent of crippling cybersecurity attacks. In this episode, we look at what happened, how it relates to other outages including targeted cybersecurity attacks, and how we can protect ourselves from the fallout of such outages in the future.Resources:Washington Post: The hospitals, airlines and banks affected by the global IT outageVideo: Times Square billboards with Blue Screen of DeathForbes: CrowdStrike Windows Outage—What Happened And What To Do NextWindows 3.1 saves the day during CrowdStrike outage — Southwest Airlines scrapes by with archaic OSSupport the Show.Visit us on Patreon for bonus content and special offers! But only if you hate scams and attacks too.

Guest: ✨ Lennart Maschmeyer, Senior Researcher at Center for Security Studies (CSS) at ETH Zurich [@CSS_ETHZurich]On LinkedIn | https://www.linkedin.com/in/lennartmaschmeyer/____________________________Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli_____________________________This Episode's SponsorsBlackCloak

The Supreme Court overturning Chevron deference brings uncertainty to cyber regulations. Stolen credentials unmask online sex abusers. CISA updates online maritime resilience tools. Patelco Credit Union suffers a ransomware attack. Spanish and Portuguese police arrested 54 individuals involved in a vishing fraud scheme. Splunk patches critical vulnerabilities in their enterprise offerings. HHS fines a Pennsylvania-based Health System $950,000 for potential HIPAA violations related to NotPetya. CISOs look to mitigate personal risks. On the Learning Layer we reveal the long-awaited results of Joe Carrigan's CISSP certification journey. Avoiding an Independence Day grill-security flare-up.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On today's Learning Layer segment, we share the results of Joe Carrigan's CISSP exam attempt! Hint: the test ended at 100 questions...Tune in to hear host Sam Meisenberg and Joe reflect on his test day experience and what advice he has for others who are in the homestretch of their studies. Note, Joe's ISC2 CISSP certification journey used N2K's comprehensive CISSP training course. Selected Reading US Supreme Court ruling will likely cause cyber regulation chaos (CSO Online) Stolen credentials could unmask thousands of darknet child abuse website users (The Record) CISA updates MTS Guide with enhanced tools for resilience assessment in maritime infrastructure (Industrial Cyber) American Patelco Credit Union suffered a ransomware attack (Security Affairs) Dozens of Arrests Disrupt €2.5m Vishing Gang (Infosecurity Magazine) Splunk Patches High-Severity Vulnerabilities in Enterprise Product (SecurityWeek) Feds Hit Health Entity With $950K Fine in Ransomware Attack (GovInfo Security) How CISOs can protect their personal liability (CSO Online) Traeger Grill D2 Wi-Fi Controller, Version 2.02.04 (Bishop Fox) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of The Cybersecurity Defenders Podcast, we discuss the GRU-backed cyber unit Sandworm which was recently promoted to APT44 by Mandiant.Sandworm is a notorious hacking group, believed to be linked to Russia's military intelligence agency, the GRU. Known for its destructive cyberattacks, Sandworm has targeted various sectors worldwide, including energy, media, and election systems. Their activities are marked by the use of sophisticated malware and tactics that not only seek to steal information but also to disrupt critical infrastructure. The group gained international prominence with attacks like NotPetya in 2017, which caused billions of dollars in damage across multiple countries, emphasizing their capability to impact global cyber stability.The name "Sandworm" is inspired by the monstrous creatures from Frank Herbert's science fiction novel "Dune," reflecting the group's elusive and destructive nature. Over the years, Sandworm's operations have evolved, showcasing their adaptability and the increasing complexity of their attacks. This evolution highlights the growing challenges in cybersecurity, making the understanding of such threat actors crucial for developing robust defense strategies against state-sponsored cyber warfare.YouTube video showing Sandworm attacking a Ukrainian power plant here.Episode #56 - When the lights went out in Ukraine (Part 1)Episode #74 - When the lights went out in Ukraine (Part 2)Episode #16 - NotPetya

Podcast: Data Breach Today Podcast (LS 32 · TOP 5% what is this?)Episode: How the Merck Case Shapes the Future of Cyber InsurancePub date: 2024-01-11Merck & Co.'s proposed settlement with insurers over a $1.4 billion claim related to the NotPetya attack will change the language the insurance industry uses to exclude acts of war in its policies, and organizations need to consider how those changes affect risk, said attorney Peter Halprin.The podcast and artwork embedded on this page are from DataBreachToday.com, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Data Breach Today Podcast (LS 32 · TOP 5% what is this?)Episode: How the Merck Case Shapes the Future of Cyber InsurancePub date: 2024-01-11Merck & Co.'s proposed settlement with insurers over a $1.4 billion claim related to the NotPetya attack will change the language the insurance industry uses to exclude acts of war in its policies, and organizations need to consider how those changes affect risk, said attorney Peter Halprin.The podcast and artwork embedded on this page are from DataBreachToday.com, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Link to blog post This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Allan Cockriel, Group CISO, Shell Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta's platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com

The DOJ concludes its xDedic Marketplace investigation. A cyberattack shuts down a major mortgage lender. The Swiss Air Force suffers third party breach. An update on SilverRAT. The Space Force emphasizes collaboration for effective cyber growth. The DOE announces cyber resilience funding. Merck reaches a settlement on NotPetya. NIST warns of AI threats. Our guest is Dragos CEO Robert M. Lee, with a look at intellectual property theft in manufacturing. And Chump Change fines for big tech.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Robert M. Lee, founder and CEO of Dragos, to discuss intellectual property theft in manufacturing.  Selected Reading AsyncRAT campaign targets US infrastructure. (CyberWire) 19 Individuals Worldwide Charged In Transnational Cybercrime Investigation Of The xDedic Marketplace (US Department of Justice) Space Force is crafting in-house cyber teams but sees need for closer work with USCYBERCOM (Nextgov/FCW) Energy Department has cyber threats to infrastructure in mind with $70 million funding offer (FedScoop) Swiss Air Force documents exposed via cyber attack on third party (BeyondMachines.net) Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack (SecurityWeek) Merck settles with insurers who denied $700 million NotPetya claim (The Record) Syrian Threat Group Peddles Destructive SilverRAT (DarkReading) NIST Warns of Security and Privacy Risks from Rapid AI System Deployment (The Hacker News) Mortgage firm loanDepot cyberattack impacts IT systems, payment portal (BleepingComputer) Big Tech has already made enough money in 2024 to pay all its 2023 fines (Proton) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Merck and its insurers settle $1.4 billion NotPetya case BreachForums admin Popompurin breaches terms of pretrial freedom Iranian crypto exchange Bit24.cash accidentally exposes customer data Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta's platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

Jesper Larsson is a Freelance PenTester. Jesper works with a hacker community called Cure53. Co-organizes SecurityFest in Gothenburg, Sweden. Hosts Säkerhetspodcasten or The Security Podcast. Jesper is also a Star on Hackad, a Swedish TV Series about hacking.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week Kubernetes Removals, Deprecations, and Major Changes in Kubernetes 1.29 Introducing SIG etcd etcd, with Marek Siarkowicz and Wenjia Zhang (The Kubernetes Podcast from Google) WebAssembly (WASM) and OpenShift: A Powerful Duo for Modern Applications Linux Foundation Events Pass the torch in ContribEx #7603 Links from the interview Cure53 Hacker Community Säkerhetspodcasten Hackad TV Show on IMDB SecurityFest Gothenburg Falco by Sysdig Wolfi by Chainguard The Untold Story of NotPetya, the Most Devastating Cyberattack in History Links from the post-interview chat The Untold Story of NotPetya, the Most Devastating Cyberattack in History

Hello, I'm Mark Bassingthwaighte, the risk manager here at ALPS, and welcome to another episode of ALPS In Brief, the podcast that comes to you from the historic Florence building in beautiful downtown Missoula, Montana.  Okay, today it's just me, and we're going to talk about managing cyber crime risks and really looking at the whys behind what it does in terms of obtaining cyber liability insurance. And I really want to dig into this a little deeper. I still get a lot of questions about insurance, what it does, what it doesn't do, and is it necessary, and the list goes on and on and on. So let's hit that topic.  Before we jump into some of the specifics of using insurance to manage your risk, I want to set the stage again, I always start my cyber programs with some information. Let's look at headlines from 2022.  In 2022, 255 million phishing attacks occurred in just six months. Now this is a report done by SlashNext, and they analyzed billions of link based URLs, attachments, natural language messages in email, mobile, and browser channels over six months and that's what they found. And that's a 61% increase in phishing attacks compared to 2021. That's pretty significant. They also recorded a 50% increase in attacks on mobile devices. And I really ask that you pay attention and try to appreciate the significance of that. Cyber criminals really are moving their attacks to mobile and personal communication channels to reach employees. The big attacks right now are scams and credential theft. They're the top of the list or the desired outcome with these mobile attacks. And a lot of this will be a phishing and smishing, using SMS text messaging as the attack avenue for a phishing attack, if you will. Smishing is combining SMS and the word phishing, so that's how you get to that.  The FBI has reported that cyber criminals are tampering with QR codes in an attempt to steal victim funds. A lot of people will say, "Well, I'm not going to be that exposed to this stuff, and how frequently is this all this going on?" I got to tell you, it's getting a little crazy out there. Remember QR codes, for instance during the pandemic, particularly as things started to open back up and you go out to restaurants. And instead of handing you a menu, they'd have that little QR code, that little box that has all the dots and dashes and little squares and things in it. And you would scan that and it would take you to the menu or a webpage. Well, a lot of these can be faked. People will just create a QR code sticker and put it over.  Think at a parking lot and you go to scan something to pay your bill, your parking fee, and if you're misdirected to a site that looks like the site that you would expect to pay your parking bill for the evening, but it's not, you've just turned over your account information to somebody that doesn't have your best interest in mind. We've seen it in parking tickets, creating fake parking tickets. And again, it'll have the local parking authority logo and the little yellow envelope and they stick it on your windshield. And again, ah, good lord, I got a parking ticket. They make it very convenient to scan the code. It's not real. So we got to be careful.  We're even seeing QR codes being sent via email pretending to be a multifactor authentication process. And the emails may even mimic corporate logos, law firm logos, it could be anything. And people are falling prey to this. So it's just another crazy unusual attack vector that a lot of folks out there really aren't aware of.  There's also a report that 79 million malicious domains were flagged in the first half of 2022. Please understand what that means. 79 million fake websites. Banks, could be anything, anything at all. And again, they're going to look very, very similar to the real thing. That's 79 million opportunities for anyone at your firm, you or any other employee or attorney practicing at your firm. It's just an opportunity for them to do something innocently, naively, but it's just getting scammed, getting taken advantage of.  The final thing I'll throw at you here in 2022, the A Legal Technology Survey results reported that 27% of participating law firms reported experiencing a data breach of some kind.  So I try to share all this to get your attention, because we need to always remember that IT support isn't the last line of defense. You and whoever else has access to your office network is the last line of defense. And this has consequences, and it really does. The consequences, you really need to care because as a lawyer, you are a valuable target, particularly those of you who practice in the solo and small firm space. I know a lot of lawyers don't believe that. They just think we're not going to be on anybody's radar. It's a rural practice, as an example. Well, come on, there is no such thing as rural on the internet.  And you're considered in the so small firm space sort of the low hanging fruit because the cyber criminals know that you don't have typically the financial wherewithal and oftentimes the deep understanding of everything that could be done. I think the financial wherewithal piece is probably the bigger piece because you just can't throw the same kind of money that a company like Microsoft does around their cloud, protecting your data there as an example. So you're sort of viewed as the low hanging fruit.  And you really need to care because I got to tell you, it's only a matter of time. Robert Mueller, if you remember, the former director of the FBI, famously said, "There are only two types of companies, those that have been hacked and those that will be hacked." But almost actually at the time he said that, that kind of statement was out of date. It really should be something more like there are only two types of companies, those that have been hacked and those that don't know they've been hacked. I mean, I'm not trying to be melodramatic about it, I'm just sharing. It's not if, it really is when.  Now this presentation really isn't about all the things that you can do to prevent becoming a victim. I have lots of other materials, podcasts, CLEs, webinar, all sorts of stuff that can go there. I will share that there is a checklist, a cybersecurity checklist available, if you have any interest, on our website. Just go to the homepage and under resources, scroll down a little bit, you'll see sample forms of checklist. Check there and you'll go in and there'll be another link to checklist and the cybersecurity checklist is there, and that might be useful to you.  But I do want to discuss the risk associated with not being proactive with your cybersecurity efforts. And just as an aside, this really in terms of cybersecurity, proactive efforts, that really does need to include social engineering awareness training, even if you're just a true solo and it's you. You need to stay abreast of what's happening. So I'll just throw that out there.  Okay. Some of the risks your firm faces by someone, anyone at your firm, not doing their part. This really is an all hands on deck kind of situation. Well, let me just read some of the things that can go wrong in terms of the types of risk. I mean, we're sort of talking about the legal and financial risks, but there's legal liability to others, employees, clients, third parties, for loss, theft, or unauthorized disclosure of personally identifiable information. And there may be legal liability for the theft of client funds. Think wire fraud or business email compromise, being tricked and scammed into sending typically larger sums of money to the wrong bank and just a cyber criminal. Legal liability for the theft or loss of third party corporate information. Being subject to regulatory action for the failure to comply with state breach notification laws. Having to cover the costs of responding to and recovering from a breach. Damage to your reputation. Loss of revenue due to a breach. These are things to take pretty seriously. I mean, this can get crazy fairly quickly.  I would encourage you to pay attention to this. The typical costs of a network breach for small businesses is currently around 200,000. And I will share the device theft, think of smartphone, jump drives, laptops, et cetera. So device theft of these mobile types of things. Wire fraud and ransomware are really common problems we see for law firms in terms of the lawyers and the firms that we insure.  So as an aside, and just again keep your attention in play here, there could be a coverage problem. Think about, a lot of lawyers have fallen prey to various types of financial fraud. But let's just talk about this in the context of wire fraud, being tricked into sending money to the wrong bank because a routing number has been changed and you weren't aware that that change occurred and didn't do anything to try to catch it. And the lawyers will immediately call in and say, "This is malpractice. I got to file a claim." Well, I'm not so sure that that's the case. Theft of funds is a property loss, and malpractice actually doesn't cover property losses.  So wire fraud, theft of funds, can be in many instances an uncovered loss if the only way you're trying to ensure for that is through a malpractice policy. Read your policy. This is not unique to ALPS. These policies weren't intended or designed to cover cyber crime. Now, we'll explore that a little bit more here in a bit, but generally, I mean, that's not the purpose behind it. It's really to cover you for professional negligence in the practice of law.  Okay. Now, let's talk about the fallout. So let's assume, I'm not going to look at this never happens, but we'll see, that there is some type of breach. And I'm not talking about wire fraud here, I'm talking about a data breach so that someone really is in the system. What does that mean? How does this play? Well, you need to understand, we're going to start, if you will, with the response and system recovery. So someone needs to come in, typically a forensic team, IT forensic team, that typically is not your IT support. These folks typically know a great deal about how to protect you, but often don't have the skillset to do the forensic piece once there is a breach. That's a different group.  So they're going to come in and they need to understand the breach, try to figure out what happened and terminate it if it's still going on. There may be programs that have encrypted your system and as you try to clean that up may still be there and that can encrypt again. So they have to terminate, try to clean up. This team is going to try to figure out the who, the what, the when, the where, the how. Really understand.  Well, while all this is going on, you don't have access to your network. They need to image typically the entire network. And that's something that doesn't happen... The preserving the evidence of the crime, and it helps them evaluate and understand, and that doesn't happen in half an hour. So you're not going to have access to your systems and your data while this is going on. Now, how long can that take? It depends on the type of breach and what's going on. If it's just a lost laptop that has some passwords on it, they could probably do a remote kill and try to evaluate was that laptop and any passwords used to access the network? So that may be relatively brief. But if there is a major ransomware attack, as an example, and everything's encrypted, it could be days to even several weeks. It just depends.But we need to think through that, and how would that impact your practice? Some it may not be too bad, others, it could really be a pretty devastating event.  So once all that's done, you understand, okay, man, they're starting to build the system back. Phew, we're going to get through this. It's still not over. Every jurisdiction in the United States has their own unique breach notification law and you need to comply with these. And you need to understand too what states are in play. It's not about, well, I practice here in Florida and that's it. If in your database there's information from clients and third parties, and just the list goes on and on, of people in multiple surrounding states, you may have to comply with those state breach notification laws as well. Typically, there's some cost of notifying all the people that have been impacted by this. The cost of compliance. Do you want to pay for credit monitoring? The list just goes on and on. Reputation management, et cetera. This can get expensive. So that can be managed obviously, but I want you to hear and understand, a breach can be significant. It's not just the loss of money, whether that's a ransomware payment or wire fraud, there's lots of other things that can go on.  And you need to think about, there's all kinds of information in your files. There's just gobs of information out there. So again, don't minimize the consequences of a data breach.  Now the good news of course, and where I said I'd go with this was, that you can manage this risk with the purchase of a cyber liability insurance policy. And of course, I would always couple that with following through on cybersecurity best practices. You don't get a reference to a lot of things in that checklist. There are other proactive things you can do, making sure that there's robust security software running on all the mobile devices at work or anything that used for work. So work from home folks, if they're using personal devices, we need to protect these things. But let's focused on this insurance piece.  At the outset, I do want to share that the purchase of cyber insurance, depending on how much coverage you'd like, the type of coverage you're looking for, how big your firm is, this discussion, sort of tangential discussion on security best practices, getting back to that checklist, is important because an insurer may make it a requirement that you do certain things. You may have to have multifactor authentication in play. They're just going to be looking and asking questions about, what is your security posture? What steps have you taken? What processes are in play? Do you use out-of-band communications as an example to verify the accuracy of all wiring instructions prior to wiring funds? So there are a variety of things that can be important here.  So the accuracy of the information you provide in terms of the application going through the process is going to be very, very important. You don't mislead. Don't lie. Say, "Well, I know this is what they want to hear, this is what they want us to do, and we try, but this is our intent." If post breach an insurer learns that you in fact weren't doing all that you said you were doing on the prevention front, you may have a serious, serious coverage problem. So I do want to focus here just a side moment on these security best practices. That can be very, very significant.  But what basically does cyber liability insurance provide? What do you get for your premium dollar? It's really looking at providing coverage for the type of losses I had talked about a bit. Commonly, you're going to see these policies cover business interruption, as an example. So that would be covering the loss of income and forensic expenses sustained during the period of restoration after the breach. Now, that coverage may be contingent upon a short waiting period. Media liability. So that's things like copyright or trademark infringement, malicious defacement of a website, and liable.  Data recovery. So we're talking about the reasonable and necessary costs incurred in order to regain access to, replace, or restore data, or the reasonable and necessary costs incurred in order to determine that the data cannot be accessed, replaced, or restored. So I think ransomware as an example. And then sometimes you might even pay for a decryption key that don't do much, or you might've been impacted with wiperware and your data's just been erased and destroyed. So there's some costs in terms of trying to figure out, what can we get back and is it doable?  Privacy breach response. So that's the expenses associated with complying with relevant breach notification laws. We had talked about that. Look for a policy that includes coverage for the cost of privacy counsel, forensic investigators, and notification and credit monitoring services.  It will also provide typically, again, data and network liability. Now, these are the damages and expenses related to claims resulting from a breach of data in your control or a third party, and damages and expenses resulting from a security breach. Examples of a security breach would include unauthorized access or use of network resources, a denial-of-service attack, an insertion of malicious code, if somebody downloads something and it's maybe a key log or just tracking what's going on your network, and the transmission of malicious code from your network, so someone's using your network to harm somebody else.  Crisis management. This is the expense associated with bringing in outside experts to investigate the incident and fix the problem. And with some policies can include the cost of a public relations consultant.  Cyber extortion. This is the expense associated with investigations and paying for the return of or gaining back access to data. Now, one thing to be aware with cyber extortion, it is pretty common in the cyber insurance space that you need permission in advance from the insurer to make that ransom payment. It has to do with regulations that monies can't be paid to nation states. You don't want to pay the Iraqis, as an example, their military. And they're very involved in ransomware. So there's some issues there. But I'm just making you aware of that little side note, but typically money is available in terms of reimbursement.  Fraudulent instruction. This is a loss resulting from the transfer of funds after relying in good faith on an instruction that was a misrepresentation of a material fact. Now again, coverage may be contingent upon an out-of-band communication taking place. Again, if you're not familiar, an out-of-band communication is, let's say that the wire fraud instructions come via fax. So that's the inbound communication channel. An out-of-band communication channel means we changed the communication channel for an outbound communication in an attempt to verify the accuracy of the information that was received in the inbound communication. So incoming fax, wire instructions. I pick up the phone with a previously verified number from whoever sent the fax, and I will read the information, Hey, Sue. I just want to verify, thanks for sending over the fax, got everything. Is this information correct?"  Because these things can and have been and will continue to be intercepted and changed. So if a call comes in, it could be a deepfake audio. And I'm telling you folks, this has happened. You're not talking to who you think you're talking to so you have the information. So use a different communication channel to reach back out and confirm. That's an out-of-band communication. That's what we mean by that.  Some other benefits from cyber liability insurance. It can cover regulatory defense and penalties. These are the expenses and penalties that an insurer is obligated to pay as a result of a regulatory proceeding that arose due to a data or security... My tongue is getting twisted today. A security breach.  And finally, payment card liabilities. So it might be PCI fines, the payment card industry PCI fines, costs, expenses. An insurer is legally obligated to pay as a result of a data or security breach.  So these are some of the common coverages you will typically find in a cyber liability policy. And again, that's some pretty thorough stuff and can really help you manage the risks and get through this, in again, the event that there is a significant data breach of some type.  Now, a few things to keep in mind and just be aware of. There are going to be exclusions for war and state sponsored attacks. I would think that wouldn't be much of a surprise. But the current Russia-Ukraine war is one obvious example as to why. NotPetya, which was... It looked like ransomware. Russia released it into the wild prior to the onset of the war, but leading up to it, in an attempt to really do some serious damage in Ukraine. But it just spread and went global. And that NotPetya was what we call wiperware. It looks like ransomware, acts like ransomware, but the intent is not to hold your data ransom for some payment, the intent is to wipe your data, just get rid of everything. That's not good. And it is nasty, nasty stuff.  Also be aware that these policies cover data. They don't cover hardware. If you have a lightning strike and your server's just toast, a cyber liability policy isn't going to respond. That would be something you'd cover under your general insurance, your business owner's policy or your commercial package, whatever that might be.  Some common exclusions just to be aware of, breaches that occurred prior to the effective date of the policy. Now there's a growing move in this space to kind of be a little more liberal with that in terms of this insurance space because it just just very difficult to try to figure out when these things occurred.  But if you are breached and you know it, and you come and buy a cyber liability policy, the house is already on fire, that's not going to work. You would have to have absolutely no idea that a breach occurred. Because sometimes these people can be in your system for months and sometimes even a year or more. That's just the way it is.  Insider attacks. If somebody in your employer, another attorney in the firm, just makes bad decisions for whatever reason and does a lot of damage, again, insider attack, that's not going to be covered.  And some policies, think about what I'm about to share here, phishing scams are often not covered or maybe subject to a sublimit. And really what that's talking about and getting to is yet again, wire fraud business email compromise. It's the loss of funds. Other examples might be someone who stripped it and buying a bunch of gift cards to pay something. Turning over credit card information.  You might ask if there's a social engineering endorsement available that might pull some of this back in. And again, if there is coverage under the policy, typically it's a sublimit and it's not going to be as high as the general limits of the overall cyber liability coverage that you might purchase. So for example, let's say you buy $250,000 in coverage, the sublimit on these kinds of theft of funds might be just 10% of that, so 25 grand. You could also look at getting some coverage under a crime policy, and that's probably the most effective way to try to get this covered. But every carrier is going to be different. I'll come back to that here in a moment.  Also, an attack resulting from a failure to correct a known vulnerability. So if you are continuing to use outdated systems because hey, Windows 8 still works wonderfully, even though you know that it's no longer supported and there's no security patches and up where, as a result of that, you're not keeping systems current and patched and there's a breach. If you're using unpatched systems, outdated systems, that may void coverage for anything. So you need to just be aware.  There are different types, different ways I guess to say, to get into this. A lot of malpractice carriers have what I would say an add-on. It's sort of in part.... Maybe the best way to say is it's some type of cyber endorsement to a malpractice policy. And that's not bad, don't get me wrong. It's better than nothing. But understand these endorsements, these add-ons, often come with lower limits and less broad coverage. And part of the reason that that's the case is due to limited, and at times even no, underwriting being involved in that cyber insurance piece. You can opt in. Sometimes it just is automatically there depending on the carrier. So again, it's important to have some type of cyber coverage, but I need you to understand if you're not really reading these policies, these endorsements, and really understanding what they do and don't do, you might be running with some assumptions. I really prefer to see a freestanding cyber policy.  And just as a aside real quick. I shared that this add-on and the automatic, if you will, endorsement is in some malpractice policies. You'll also see that at times in some business owner package policies as well. But again, the same issue is in play. It's not as austere. Just not as broad. Limits aren't going to be as high. So I would encourage you to look at standalone coverage.  How much? Boy, that is a tough one. I would say in the solo and small firm space, I would want to at a minimum be looking at a quarter to half a million, and understanding that we're talking about the expenses and consequences of a data breach as opposed to theft of funds. I'm going to look at theft of funds perhaps at a higher amount separately, just depending on how much money you're moving through your accounts.  And also, just as an aside, some of the cyber policies, even the standalone policies, will cover theft of your funds, but not theft of client funds. So if money is accidentally wired, firm money wired to a wrong vendor making a payment or some sort out of the operating account, okay, cyber will cover that. You wire 850,000 of client funds out, the cyber policy may not cover that at all. So you really need to ask and look into this. Because it's again another reason to look at a crime policy or a crime endorsement and see what you can do there. You may need to have several different policies in play even to get to this total that whatever you're looking at.  If you can get to a million, even better. But again, I don't know enough about your individual practices and firms in terms of how valuable is the data. How much do we have here? That's something you're going to have to maybe talk with an underwriter or a marketing person with, business development person, with your insurer, to really gets a better ideas of what to do there.  The final thing I want to throw at you is just know that these policies differ, at times substantially, between insurers. So it's worth at times shopping the market a little bit. Prices can be quite variable as well. A lot of the variability goes with just what coverage is being offered. If you have a policy that's going to cover your money and client money as an example, that's going to be more expensive than a policy that doesn't cover any loss of funds in terms of wire fraud and these phishing scams. So again, you have to make sure you're comparing apples to apples.  But know that this is a very dynamic market relative to life insurance and lots of other... They've been around for decades and decades. This is new stuff. And the risks are changing almost daily. It's very difficult for an insurer to really understand what their exposure's going to look like two or three years down the road, based on what the risk analysis is today. Who knows? AI as an example. How is this going to change things? How significant will deepfakes become? They are already in play, so please... But I'm just trying to share, can you appreciate how challenging it is? An insurer has to set premium on an unknown risk. It's changing and evolving very quickly. So that's why you will experience and see great differences perhaps in coverage, differences in premium, et cetera. So it's really worth sitting down and talking with someone about how to move forward and what might be best for your situation.  So that's really all I have on cyber liability. I hope you found something of value. And I like at times to go back and say, "What are the takeaways here?" And the biggest takeaway for me, if I'm sitting in your shoes, if you already have not done so, I strongly encourage you to consider adding cyber liability insurance to your insurance portfolio. In my mind, I just honestly have seen too much. And I truthfully can say I've been involved post breach with a number of firms in a number of different situations, and more than a few really never recovered. The financial hit was just too much, and that was that. So I want to make sure, my hope is that you hear, that there's some learning that we can obtain from the experiences of others. So I'll leave it at that.  Again, I'm Mark Bassingthwaighte. If you ever have a need, desire, concern that you want to talk about, please don't hesitate to reach out. My email is mbass@alpsinsurance.com. You do not need to be an insured to visit with me. There's no cost. I'm hired to be a risk manager for the bar at large. I'm hired to be your risk manager. So if there's ever anything I can do on cybersecurity, explaining insurance, and a lot of lawyers have questions about legal malpractice insurance and other types of coverage, happy to talk. Ethics, malpractice avoidance, [inaudible 00:41:54], whatever, I'm here. That's it. Bye-bye all. 

On this episode we do a master class on cyber warfare. Learn the terminology. Learn the differences and similarities between kinetic and cyber warfare. There's a lot of interesting discussion, so check it out. Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts https://docs.google.com/document/d/1yJYoVs3pO4u_Zq8UC8YQmnYVGrsH93-H Air Force Doctrine Publication 3-0 - Operations and Planning https://www.doctrine.af.mil/Portals/61/documents/AFDP_3-0/3-0-D15-OPS-Coercion-Continuum.pdf Dykstra, J., Inglis, C., & Walcott, T. S. (Joint Forces Quarterly 99, October 2020) Differentiating Kinetic and Cyber Weapons to Improve Integrated Combat. https://ndupress.ndu.edu/Portals/68/Documents/jfq/jfq-99/jfq-99_116-123_Dykstra-Inglis-Walcott.pdf Tallinn Manual 1.0 published April 2013; 2.0 in 2017 https://ccdcoe.org/research/tallinn-manual/ Version 3.0 under development; inputs solicited at https://ecv.microsoft.com/RRllEKKMJQ https://www.csis.org/analysis/cyber-operations-during-russo-ukrainian-war Chapters 00:00 Introduction 01:57 Definition of Cyber War 04:18 Kinetic vs Cyber War 07:02 Goal of Offensive Cyber Operations 10:06 International Law Applied to Cyber Operations (Sovereignty & Necessity) 11:33 Diplomatic, Information, Military, & Economic (DIME) 12:57 Proportionality 14:04 Law of Distinction 15:56 Tallinn Manual 18:15 Stuxnet, Sony Pictures, NotPetya, and SolarWinds attacks 23:47 Ukraine Cyber War 28:21 Comparing old tanks to old mainframes 39:55 Winning a Cyber War

In this episode of the Security Squawk podcast, we dive deep into the rapidly shifting landscape of cybersecurity and the ripple effects that breaches have on organizations worldwide. We begin by discussing the monumental court ruling favoring Merck's $1.4 billion insurance claim post the NotPetya cyberattack. The breaches at Leaseweb, Prospect Medical, and the University of Michigan reveal diverse sectors' vulnerabilities. But it's not just private entities in the crosshairs; even the US government's email servers have faced recent zero-day attacks. Additionally, with data breaches like Mom's Meals affecting millions, and the University of California locking horns with Lloyd's of London over cyber insurance, it's evident that digital security and its implications are more profound than ever. Join us as we dissect these events and shed light on the crucial lessons businesses and institutions should draw from them.

Stop chasing after patches “Our goal is to make you, the user, stop chasing after patches, says Amit Serper is the Director of Security Research at Sternum IoT. In this podcast Amit walks us through the security challenge and then presents his company's proactive approach. “Deploy it once, and you forget about patching,” adds Amit. “We're going to catch and kill it before it happens.” Amit is a cybersecurity expert, and the discoverer of the "vaccine" for NotPetya. With a background in leading cybersecurity research teams at renowned companies like Akamai Technologies and Guardicore, Amit is now spearheading Sternum IoT's mission to revolutionize IoT defense. His extensive experience in the private sector is complemented by his previous roles in Israeli intelligence, where he undertook diverse security projects. Amit advocates for a proactive approach to cybersecurity, emphasizing the importance of runtime protection over traditional patching methods. Visit https://sternumiot.com/

Welcome to this week's episode of the PEBCAK Podcast! We've got four amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”

We are nearly half way through 2023, and we're seeing some new trends surface in the cyber landscape. These include generative artificial intelligence, which was everywhere at RSA Conference this year, as well as automation across security operations and the continued need for skilled expertise. Join Matt Alderman from CyberRisk Alliance and Antonio Sanchez, Principal Evangelist at Fortra, as they dive into 2023 cybersecurity trends and observations. Segment Resources: https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness https://www.fortra.com/products/bundles?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness   This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!   In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won't go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security's eternal prioritization problem!   The browser is the most used application, but was never built with the needs of the enterprise in mind. The Enterprise Browser delivers a whole new level of visibility, security and governance. This conversation will explore the benefits of the Enterprise Browser and the gaps it is filling for enterprises around the world. This segment is sponsored by Island. Visit https://securityweekly.com/islandrsac to learn more about them!   Resilience and the capacity for reinvention have never been more important. In a world evolving at the speed of tech and roiled by the pandemic, enterprises that have security innovation woven into their DNA enjoy a distinct advantage. Learn more. This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them!   The increased prevalence of phishing kits sourced from black markets and chatbot AI tools like ChatGPT has seen attackers quickly develop more targeted phishing campaigns. This improved targeting has simplified the process of manipulating users into taking actions that compromise their security credentials, leaving them and their organizations vulnerable. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw317 

We are nearly half way through 2023, and we're seeing some new trends surface in the cyber landscape. These include generative artificial intelligence, which was everywhere at RSA Conference this year, as well as automation across security operations and the continued need for skilled expertise. Join Matt Alderman from CyberRisk Alliance and Antonio Sanchez, Principal Evangelist at Fortra, as they dive into 2023 cybersecurity trends and observations. Segment Resources: https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness https://www.fortra.com/products/bundles?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness   This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!   In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won't go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security's eternal prioritization problem!   The browser is the most used application, but was never built with the needs of the enterprise in mind. The Enterprise Browser delivers a whole new level of visibility, security and governance. This conversation will explore the benefits of the Enterprise Browser and the gaps it is filling for enterprises around the world. This segment is sponsored by Island. Visit https://securityweekly.com/islandrsac to learn more about them!   Resilience and the capacity for reinvention have never been more important. In a world evolving at the speed of tech and roiled by the pandemic, enterprises that have security innovation woven into their DNA enjoy a distinct advantage. Learn more. This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them!   The increased prevalence of phishing kits sourced from black markets and chatbot AI tools like ChatGPT has seen attackers quickly develop more targeted phishing campaigns. This improved targeting has simplified the process of manipulating users into taking actions that compromise their security credentials, leaving them and their organizations vulnerable. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw317 

In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won't go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security's eternal prioritization problem!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw317 

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Joe Sullivan's sentencing MSI key material leak Merck to be paid in NotPetya claim The FBI takes down Turla's Snake malware operation Much, much more This week's show is brought to you by Gigamon. Chaim Mazal, Gigamon's CSO, is this week's sponsor guest. He's talking about how the company's gear is acting as a data source for network security products. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Former Uber CSO avoids prison time for ransomware coverup | Cybersecurity Dive Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders | Cybersecurity Dive Home / Twitter Hunting Russian Intelligence “Snake” Malware | CISA Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia's Federal Security Service | OPA | Department of Justice Iranian state-sponsored hackers exploiting printer vulnerability Iran: Fake It Till You Make It - by Tom Uren Hacktivists Target Iran's Foreign Ministry, Leak Trove Of Data New Cactus ransomware encrypts itself to evade antivirus White House considers ban on ransom payments, with caveats | Cybersecurity Dive Hamas armed wing announces suspension of bitcoin fundraising | Reuters FBI, Ukraine seize cryptocurrency exchanges for abetting cybercriminals Dallas still recovering from ransomware on eve of municipal election | Cybersecurity Dive Dallas restores core emergency dispatch systems | Cybersecurity Dive Hackers hijacked a university's emergency system to threaten students and faculty Organizations slow to patch GoAnywhere MFT vulnerability even after Clop ransomware attacks $10M Is Yours If You Can Get This Guy to Leave Russia – Krebs on Security Coming to DEF CON 31: Hacking AI models | CyberScoop Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts | WIRED US Court Rules for Corellium in Apple Copyright Case SafeGraph Lands US Air Force Contract After Targeting Abortion Clinics | WIRED

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Joe Sullivan's sentencing MSI key material leak Merck to be paid in NotPetya claim The FBI takes down Turla's Snake malware operation Much, much more This week's show is brought to you by Gigamon. Chaim Mazal, Gigamon's CSO, is this week's sponsor guest. He's talking about how the company's gear is acting as a data source for network security products. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Former Uber CSO avoids prison time for ransomware coverup | Cybersecurity Dive Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders | Cybersecurity Dive Home / Twitter Hunting Russian Intelligence “Snake” Malware | CISA Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia's Federal Security Service | OPA | Department of Justice Iranian state-sponsored hackers exploiting printer vulnerability Iran: Fake It Till You Make It - by Tom Uren Hacktivists Target Iran's Foreign Ministry, Leak Trove Of Data New Cactus ransomware encrypts itself to evade antivirus White House considers ban on ransom payments, with caveats | Cybersecurity Dive Hamas armed wing announces suspension of bitcoin fundraising | Reuters FBI, Ukraine seize cryptocurrency exchanges for abetting cybercriminals Dallas still recovering from ransomware on eve of municipal election | Cybersecurity Dive Dallas restores core emergency dispatch systems | Cybersecurity Dive Hackers hijacked a university's emergency system to threaten students and faculty Organizations slow to patch GoAnywhere MFT vulnerability even after Clop ransomware attacks $10M Is Yours If You Can Get This Guy to Leave Russia – Krebs on Security Coming to DEF CON 31: Hacking AI models | CyberScoop Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts | WIRED US Court Rules for Corellium in Apple Copyright Case SafeGraph Lands US Air Force Contract After Targeting Abortion Clinics | WIRED

The “godfather of AI” has left Google, offering warnings about the existential risks for humanity of the technology. Mark MacCarthy calls those risks a fantasy, and a debate breaks out between Mark, Nate Jones, and me. There's more agreement on the White House summit on AI risks, which seems to have followed Mark's “let's worry about tomorrow tomorrow” prescription. I think existential risks are a bigger concern, but I am deeply skeptical about other efforts to regulate AI, especially for bias, as readers of Cybertoonz know. I argue again that regulatory efforts to eliminate bias are an ill-disguised effort to impose quotas more widely, which provokes lively pushback from Jim Dempsey and Mark. Other prospective AI regulators, from the Federal Trade Commission (FTC)'s Lina Khan to the Italian data protection agency, come in for commentary. I'm struck by the caution both have shown, perhaps due to their recognizing the difficulty of applying old regulatory frameworks to this new technology. It's not, I suspect, because Lina Khan's FTC has lost its enthusiasm for pushing the law further than it can be pushed. This week's example of litigation overreach at the FTC include a dismissed complaint in a location data case against Kochava, and a wildly disproportionate ‘remedy” for what look like Facebook foot faults in complying with an earlier FTC order.  Jim brings us up to date on a slew of new state privacy laws in Montana, Indiana, and Tennessee. Jim sees them as business-friendly alternatives to General Data Protection Regulation (GDPR) and California's privacy law. Mark reviews Pornhub's reaction to the Utah law on kids' access to porn. He thinks age verification requirements are due for another look by the courts.   Jim explains the state appellate court decision ruling that the NotPetya attack on Merck was not an act of war and thus not excluded from its insurance coverage. Nate and I recommend Kim Zetter's revealing story on the  SolarWinds hack. The details help to explain why the Cyber Safety Review Board hasn't examined SolarWinds—and why it absolutely has to—because the full story is going to embarrass a lot of powerful institutions. In quick hits,  Mark makes a bold prediction about the fate of Canada's law requiring Google and Facebook to pay when they link to Canadian media stories: Just like in Australia, the tech giants and the industry will reach a deal.  Jim and I comment on the three-year probation sentence for Joe Sullivan in the Uber “misprision of felony” case—and the sentencing judge's wide-ranging commentary.  I savor the impudence of the hacker who has broken into Russian intelligence's bitcoin wallets and burned the money to post messages doxing the agencies involved. And for those who missed it, Rick Salgado and I wrote a Lawfare article on why CISOs should support renewal of Foreign Intelligence Surveillance Act (FISA) section 702, and Metacurity named it one of the week's “Best Infosec-related Long Reads.”  Download 456th Episode (mp3)  You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

The “godfather of AI” has left Google, offering warnings about the existential risks for humanity of the technology. Mark MacCarthy calls those risks a fantasy, and a debate breaks out between Mark, Nate Jones, and me. There's more agreement on the White House summit on AI risks, which seems to have followed Mark's “let's worry about tomorrow tomorrow” prescription. I think existential risks are a bigger concern, but I am deeply skeptical about other efforts to regulate AI, especially for bias, as readers of Cybertoonz know. I argue again that regulatory efforts to eliminate bias are an ill-disguised effort to impose quotas more widely, which provokes lively pushback from Jim Dempsey and Mark. Other prospective AI regulators, from the Federal Trade Commission (FTC)'s Lina Khan to the Italian data protection agency, come in for commentary. I'm struck by the caution both have shown, perhaps due to their recognizing the difficulty of applying old regulatory frameworks to this new technology. It's not, I suspect, because Lina Khan's FTC has lost its enthusiasm for pushing the law further than it can be pushed. This week's example of litigation overreach at the FTC include a dismissed complaint in a location data case against Kochava, and a wildly disproportionate ‘remedy” for what look like Facebook foot faults in complying with an earlier FTC order.  Jim brings us up to date on a slew of new state privacy laws in Montana, Indiana, and Tennessee. Jim sees them as business-friendly alternatives to General Data Protection Regulation (GDPR) and California's privacy law. Mark reviews Pornhub's reaction to the Utah law on kids' access to porn. He thinks age verification requirements are due for another look by the courts.   Jim explains the state appellate court decision ruling that the NotPetya attack on Merck was not an act of war and thus not excluded from its insurance coverage. Nate and I recommend Kim Zetter's revealing story on the  SolarWinds hack. The details help to explain why the Cyber Safety Review Board hasn't examined SolarWinds—and why it absolutely has to—because the full story is going to embarrass a lot of powerful institutions. In quick hits,  Mark makes a bold prediction about the fate of Canada's law requiring Google and Facebook to pay when they link to Canadian media stories: Just like in Australia, the tech giants and the industry will reach a deal.  Jim and I comment on the three-year probation sentence for Joe Sullivan in the Uber “misprision of felony” case—and the sentencing judge's wide-ranging commentary.  I savor the impudence of the hacker who has broken into Russian intelligence's bitcoin wallets and burned the money to post messages doxing the agencies involved. And for those who missed it, Rick Salgado and I wrote a Lawfare article on why CISOs should support renewal of Foreign Intelligence Surveillance Act (FISA) section 702, and Metacurity named it one of the week's “Best Infosec-related Long Reads.”  Download 456th Episode (mp3)  You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In this episode I talk with Doron Naim who is the CEO of DevOcean which is a cloud platform that is changing how vulnerability management is done in the cloud. We talk about how he destroyed a $5000 computer, reverse engineering malware and more. If you enjoy this episode please share it & review the podcast! We are now live on Youtube! If you want to watch the video of this interview then go to the links below!LinkedIn: https://www.linkedin.com/in/doron-naim/Website: https://www.devocean.security/Support the showFollow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today

Are K-12 organizations and universities prepared for the onslaught of cyber threats? How long does it take me to find a vulnerable school district, it ain't long? An appeals court has upheld Merck's claim in the the NotPetya case. What does that mean for cyber insurance, and why does this make me so happy? Iran is moving quickly into the realm of influence operations, are they mirroring the Russian operations and how will this affect the upcoming election cycle? ChatGPT had a breach issue, how much of a threat or problem is this? Should we have expected anything less? Phishing is getting worse, statistically speaking, but how is this possible with all of the training we get? Is there a technical alternative that works? Those questions and more on this episode!

Iran integrates influence and cyber operations. ChatGPT use and misuse. Phishing reports increased significantly so far in 2023, while HTML attacks double. An update on the Discord Papers. Cyberstrikes against civilian targets. My conversation with our own Simone Petrella on emerging cyber workforce strategies. Tim Starks from the Washington Post joins me with reflections on the RSA conference. And, turns out, a war clause cannot be invoked in denying damage claims in the NotPetya attacks (at least not in the Garden State). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/85 Selected reading. Rinse and repeat: Iran accelerates its cyber influence operations worldwide (Microsoft On the Issues) ChatGPT Confirms Data Breach, Raising Security Concerns (Security Intelligence)  Samsung Bans Generative AI Use by Staff After ChatGPT Data Leak (Bloomberg)  Malicious email campaigns abusing Telegram bots rise tremendously in Q1 2023, surpassing all of 2022 by 310% (Cofense) Threat Spotlight: Proportion of malicious HTML attachments doubles within a year (Barracuda) Zelensky says White House told him nothing about Discord intelligence leaks (Washington Post) Russia attacks civilian infrastructure in cyberspace just as it does on ground - watchdog (Ukrinform) Merck's Insurers On the Hook in $1.4 Billion NotPetya Attack, Court Says (Wall Street Journal) Merck entitled to $1.4B in cyberattack case after court rejects insurers' 'warlike action' claim (Fierce Pharma)

David Finz, speaks to the recent court case where Merck won an appeal in the Superior Court of New Jersey regarding a property insurance claim they filed after being impacted by the NotPetya attack. The court found that the exclusion for hostile warlike actions did not apply to the situation and was not written in a way that would be triggered in the absence of a physical or military attack.

In Nicole Perlroth's blockbuster 2021 book, “This Is How They Tell Me the World Ends,” the former New York Times journalist conveys cybersecurity experts' mounting anxiety about increasingly dangerous digital threats. From spyware to ransomware, the black market for cyber tools that skirt the law is lucrative and often poorly understood. Nicole points to catastrophic cyberattacks like NotPetya, a 2017 ransomware look-alike that attempted to obliterate Ukraine's critical infrastructure before causing billions of dollars in damages worldwide. But even with geopolitical tensions now at a fever pitch, Nicole, now a cybersecurity advisor and investor, explains why “mutually assured digital destruction” has so far helped stave off major attacks on U.S. critical infrastructure. ---------Also covered in the podcast: * The importance of educating board members about cybersecurity * What constitutes a cyber weapon* Why Nicole is optimistic about the future of ransomware

This week host Derek E. Silva joins Amit Serper, Director of Security Research at Sternum and a former member of an elite cyber unit in the Israeli government. Amit, who disabled the infamous NotPetya attack in 2017, shares the story about one of the biggest cyber attacks in history and the elite hackers behind it. Join us as we dive into the ever-evolving world of cyber security issues that are shaping our world.

In this episode I talk with Amit Serper who became famous for finding a way to stop the NotPetya ransomware from spreading and causing more damage than it already inflicted. We had a fascinating conversation and if you enjoy the podcast please leave a review and share the podcast. Amit's Links:LinkedIn: https://www.linkedin.com/in/aserper/Twitter: https://twitter.com/0xAmitInfosec.Exchange: @0xamit@infosec.exchangeWebsite: https://www.sternumiot.com/Dev InterruptedWhat the smartest minds in engineering are thinking about, working on and investing in.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastTikTok: Not today China! Not today

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Amit Serper, a hacker and reverse engineer, who was instrumental in stopping the most devastating cyber attack in history: NotPetya.On 27 June 2017, a major global cyberattack began (Ukrainian companies were among the first to state they were being attacked), utilizing a new variant of Petya. On that day, Kaspersky Lab reported infections in France, Germany, Italy, Poland, the United Kingdom, and the United States, but that the majority of infections targeted Russia and Ukraine, where more than 80 companies were initially attacked, including the National Bank of Ukraine. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%.Russian president Vladimir Putin's press secretary, Dmitry Peskov, stated that the attack had caused no serious damage in Russia. Experts believed this was a politically-motivated attack against Ukraine, since it occurred on the eve of the Ukrainian holiday Constitution Day.Kaspersky dubbed this variant "NotPetya", as it has major differences in its operations in comparison to earlier variants. McAfee engineer Christiaan Beek stated that this variant was designed to spread quickly, and that it had been targeting "complete energy companies, the power grid, bus stations, gas stations, the airport, and banks".This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Amit Serper is the Director of Security Research at Sternum IoT and is the one who found a 'vaccine' for NotPetya. He believes it's time to look past the ‘patchability' approach and implement a ‘vaccine' like solution. In this episode Amot talks about embedded device security, the vaccine approach, and introduces some of the key aspects of Sternum IoT's autonomous security and observability platform. Sternum IoT https://www.sternumiot.com/ Thank you for listening to The Secure Talk Cybersecurity Podcast.

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: DoJ seizes 50k bitcoin stolen from Silk Road, charges thief Australian health insurer Medibank refuses to pay ransom, data leaked Inside Qatar's $386m world cup espionage operation EU Parliament report into spyware lands SolarWinds settles shareholder lawsuit, faces SEC enforcement action Much, much more This week's sponsor guest is Andrew Morris from Greynoise Intelligence. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News ‘Project Merciless': how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB) FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post EU governments accused of using spyware ‘to cover up corruption and criminal activity' - The Record by Recorded Future Press conference on draft findings of EP spyware inquiry | News | European Parliament SolarWinds says it's facing SEC ‘enforcement action' over 2020 hack | TechCrunch Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室 Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup Could a ‘digital Red Cross emblem' protect hospitals from cyber warfare? - The Record by Recorded Future TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future More than 100 election jurisdictions waiting on federal cyber help, sources say $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig The Most Vulnerable Place on the Internet | WIRED So long and thanks for all the bits - NCSC.GOV.UK

On this week's show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week's security news, including: DoJ seizes 50k bitcoin stolen from Silk Road, charges thief Australian health insurer Medibank refuses to pay ransom, data leaked Inside Qatar's $386m world cup espionage operation EU Parliament report into spyware lands SolarWinds settles shareholder lawsuit, faces SEC enforcement action Much, much more This week's sponsor guest is Andrew Morris from Greynoise Intelligence. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News ‘Project Merciless': how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB) FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post EU governments accused of using spyware ‘to cover up corruption and criminal activity' - The Record by Recorded Future Press conference on draft findings of EP spyware inquiry | News | European Parliament SolarWinds says it's facing SEC ‘enforcement action' over 2020 hack | TechCrunch Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室 Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup Could a ‘digital Red Cross emblem' protect hospitals from cyber warfare? - The Record by Recorded Future TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future More than 100 election jurisdictions waiting on federal cyber help, sources say $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig The Most Vulnerable Place on the Internet | WIRED So long and thanks for all the bits - NCSC.GOV.UK

When you hear the word cyber-attack, what comes to mind? Someone hacking into your email, or stealing your Facebook password?As it turns out, our most critical infrastructure can be hacked. Our banks, water treatment facilities, and nuclear power plants can be deactivated and even controlled simply by finding bugs in the software used to operate them. Suddenly, cyber-attack takes on a different meaning.This week on Your Undivided Attention, we're talking with cyber-security expert Nicole Perlroth. Nicole spent a decade as the lead cyber-security reporter at The New York Times, and is now a member of the Department of Homeland Security's Cybersecurity Advisory Committee. She recently published “This Is How They Tell Me The World Ends” — an in-depth exploration of the global cyber arms race.CORRECTIONS: In the episode, Nicole says that "the United States could have only afforded 2 to 3 more days of Colonial Pipeline being down before it ground the country — our economy — to a halt." The correct number is actually 3 to 5 days. She also refers to a 2015 study researching why some countries have significantly fewer successful cyber-attacks relative to cyber-attack attempts. That study was actually published in 2016.RECOMMENDED MEDIA This Is How They Tell Me The World EndsNicole Perlroth's 2021 book investigating the global cyber-weapons arms raceReporter Page at the New York TimesNicole's articles while the lead cyber-security reporter at the New York TimesThe Global Cyber-Vulnerability Report (in brief)Brief of a 2015 study by the Center for Digital International Government, Virginia Tech, and the University of Maryland that researched why some countries have significantly fewer successful cyber-attacks relative to cyber-attack attemptsRECOMMENDED YUA EPISODES The Dark Side Of Decentralization with Audrey Kurth Cronin: https://www.humanetech.com/podcast/49-the-dark-side-of-decentralizationIs World War III Already Here? Guest: Lieutenant General H.R. McMaster: https://www.humanetech.com/podcast/45-is-world-war-iii-already-hereA Problem Well-Stated Is Half-Solved with Daniel Schmachtenberger: https://www.humanetech.com/podcast/a-problem-well-stated-is-half-solvedYour Undivided Attention is produced by the Center for Humane Technology. Follow us on Twitter: @HumaneTech_

Ukraine claims to have taken down a massive Russian bot farm. Russian cyber operations may have been premature. A report says Emergency Alert Systems might be vulnerable to hijacking. The Mirai botnet may have a descendant. Adam Flatley from Redacted with a look back at NotPetya. Ryan Windham from Imperva takes on Bad Bots. Attacks on a cryptocurrency exchange attempt to bypass 2FA. Solana cryptocurrency wallets looted. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/149 Selected reading. Ukraine takes down 1,000,000 bots used for disinformation (BleepingComputer) Did Russia mess up its cyberwar with Ukraine before it even invaded? (Washington Post)  So RapperBot, What Ya Bruting For? (Fortinet Blog) Gaming Respawned (Akamai) Coinbase Attacks Bypass 2FA (Pixm Anti-Phishing) Thousands of Solana wallets drained in multimillion-dollar exploit (TechCrunch) Thousands of Solana Wallets Hacked in Crypto Cyberattack (Wall Street Journal)  Solana, USDC Drained From Wallets in Attack (Decrypt)  Ongoing solana attack targets thousands of crypto wallets, costing users more than $5 million so far (CNBC)  Solana and Slope Confirm Wallet Security Breach (Crypto Briefing) How Hackers Target Bridges Between Blockchains for Crypto Heists (Wall Street Journal)

EternalBlue 5 Years After WannaCry and NotPetya https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/ OpenSSL Patches Two Vulnerabilities https://www.openssl.org/news/secadv/20220705.txt Iconburst NPM Software Supply Chain Attack https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites

EternalBlue 5 Years After WannaCry and NotPetya https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/ OpenSSL Patches Two Vulnerabilities https://www.openssl.org/news/secadv/20220705.txt Iconburst NPM Software Supply Chain Attack https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites

Lithuania sustains a major DDoS attack. Lessons from NotPetya. Conti's brand appears to have gone into hiding. Online extortion now tends to skip the ransomware proper. Josh Ray from Accenture on how social engineering is evolving for underground threat actors. Rick Howard looks at Chaos Engineering. US financial institutions conduct a coordinated cybersecurity exercise. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/122 Selected reading. Russia's Killnet hacker group says it attacked Lithuania (Reuters) The hacker group KillNet has published an ultimatum to the Lithuanian authorities (TDPel Media)  5 years after NotPetya: Lessons learned (CSO Online)  The cyber security impact of Operation Russia by Anonymous (ComputerWeekly) Conti ransomware finally shuts down data leak, negotiation sites (BleepingComputer) The Conti Enterprise: ransomware gang that published data belonging to 850 companies (Group-IB) Fake copyright infringement emails install LockBit ransomware (BleepingComputer) NCC Group Monthly Threat Pulse – May 2022 (NCC Group) We're now truly in the era of ransomware as pure extortion without the encryption (Register) Wall Street Banks Quietly Test Cyber Defenses at Treasury's Direction (Bloomberg)

Heard on the Baltimore waterfront. Privateering against Western brands. An update on sanctions and counter sanctions. Stonefly, straight outta Pyongyang. Lazarus is also back (and not in the good way). Richard Hummel from NETSCOUT discusses their bi-annual Threat Intel Report. Jon DiMaggio from Analyst1 joins us to discuss his new book, “The Art of Cyberwarfare - An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime.” And the US Department of State has added six Russian GRU officers to its Rewards for Justice program. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/81 Selected reading. Britain says Ukraine controls majority of its airspace (Reuters)  Latest strikes on Russia hint daring Ukraine is not intimidated by the Kremlin (The Telegraph)  West gearing up to help Ukraine for ‘long haul', says US defence secretary (the Guardian)  U.S., allies promise to keep backing Ukraine in its war with Russia (Washington Post)  Russia-linked hackers claim to have breached Coca-Cola Company (CyberNews) Stormous ransomware gang claims to have hacked Coca-Cola (Security Affairs)  Chinese drone-maker DJI quits Russia and Ukraine (Register)  Russia to Cut Gas to Poland and Bulgaria, Making Energy a Weapon (Bloomberg)  Russia cuts off gas to Poland, Bulgaria, stoking tensions with E.U. over Ukraine (Washington Post)  Why Russia's Economy Is Holding On (Foreign Policy)  Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets (Symantec) A "Naver"-ending game of Lazarus APT (Zscaler) U.S. offers $10 mln reward for information on Russian intelligence officers -State Dept (Reuters) US offering $10 million for info on Russian military hackers accused of NotPetya attacks (The Record by Recorded Future)  Rewards for Justice – Reward Offer for Information on Russian Military Intelligence Officers Conducting Malicious Activity Against U.S. Critical Infrastructure - United States Department of State (United States Department of State)