Welcome back to Cyber Weekly. Thanks to all 1200 subscribers! If you like receiving the cyber news every week, be sure to show your support by sharing the article. It helps a lot! This week, I include 3 scary facts about cyber security.
It’s true. Google is buying cyber security company Mandiant. They’re known for uncovering the SolarWinds attack. With 600 security consultants and 300 intelligence analysts, Google plans on adding this team to their Google Cloud to create an “end-to end security operations suite.” Mandiant provides XDR (extended detection and response) and collects and automatically correlates data across multiple layers of the stack including email, endpoint, cloud, and more. It was reported that Microsoft was also competing to buy the company as Microsoft and Google are trying to control the cloud services market. (TheVerge)
My thoughts: This strategic purchase by Google is indicative of how important cyber security solutions are and equally important to Google’s portfolio. The biggest fact that many talked about: How Google kept this away from Microsoft!
It was revealed that the US National Security Agency (NSA) is using cyber weapons” to monitor and hijack social media accounts, emails and communication information. Particularly targeting Chinese users, this is the second time evidence demonstrates what they are doing and how. Details in the article. (GlobalTimes)
My thoughts: Cyber threats are not just “the bad guys.” I have come across stories where competitors try to take out their rivals. One example is where students hack their school system to change their grades. Those committing cyber-crimes are not always “hacker” stereotypes we see on television. On every level, from businesses to individuals, cyber security is a MUST.
The ransomware group, Hive, took responsibility for stealing the private data of 850,000 members of a Partnership HealthPlan (PHC) in California. PHC manages healthcare patients in over 14 countries. The Hive group uses many methods to launch their ransomware attacks including phishing attacks.
“After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, providing instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, ‘HiveLeaks,’ according to the FBI alert. (GovTech)
My thoughts: This story got me thinking about whether or not we should be identifying the offending ransomware groups. Clearly, they want attention. Are these reports just encouraging their efforts or making them even mor powerful? On one hand, knowing about a group lets us know what to expect and perhaps understand their MO. They usually follow the same techniques over and over again. However, are we giving them notoriety and publicity through talking about them in the news?
When companies tell you “It’s unlikely to hit us,” just tell them this fact: 4/5 organizations were targeted with ransomware in the last 12 months. (BusinessWire)
Atento is a leading customer relationship management platform primarily based in Latin America. They were hit with a cyber-attack last year on its Brazilian subsidiary. At the time, they mitigated risks relatively quickly. However, their financial report for 2021 noted $34.8m in lost revenue and another $7.3m in costs to tend to the attack. (InfoSecurity)
My thoughts: I do wonder how large companies are overlooking cyber security nowadays. Smaller companies often use the “limited funds” excuse, forcing them to defer their cyber security investments, putting them at risk. However, for large organizations, they must act now, with conviction. Cyber security can no longer be considered a luxury.
Cybercrimes costs organizations nearly $1.79 million PER MINUTE (InfoSecurity)
Fastest Ransomware encrypts 100,000 files in 4 minutes (InfoSecurity)
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.