ISMG Editors: London Summit Highlights

Anna Delaney • May 27, 2022

Four editors at Information Security Media Group discuss highlights from ISMG's recent London Summit, including whether if collateral damage from the Russia-Ukraine war isn't necessarily all it was reputed to be, then what are the most concerning emerging threats; building a cyber risk playbook to help businesses

Fraud Management & Cybercrime

DOJ Revises Policy for Good-Faith Security Researchers

3rd Party Risk Management

Trusting Our Global Supply Chain

Profiles in Leadership: Marene Allison, Johnson & Johnson

Latest

Fraud Management & Cybercrime

Ransomware Costs City of Quincy, Illinois, $650,000

Mihir Bagwe • May 27, 2022

The City of Quincy, Illinois' administrative systems were hit by a ransomware attack on May 7, confirmed Mayor Mike Troup in a press conference held on Tuesday. Consulting fees and a ransom were paid but critical services continued to operate throughout the incident.

Account Takeover Fraud

Suspected Business Email Compromise Ringleader Busted

Mathew J. Schwartz • May 27, 2022

Police in Nigeria this week arrested a 37-year-old man who's been charged with masterminding "a criminal syndicate tied to massive business email compromise and phishing campaigns," Interpol reports. But with known BEC losses last year exceeding $2.4 billion, will the arrest have a noticeable impact?

Application Security & Online Fraud

Threat Actors Exploiting Free Browser Automation Framework

Prajeet Nair • May 27, 2022

An increasing number of threat actors are deploying a free-to-use browser automation framework as part of their attack campaigns. Automation tools are expected to become a more common element of the threat actor’s toolkit.

Business Email Compromise (BEC)

FBI: 2021 Business Email Compromise Losses Hit $4.3 Billion

Anna Delaney • May 27, 2022

The latest edition of the ISMG Security Report discusses how the leader of a "transnational cybercrime syndicate" has been arrested in Nigeria, according to Interpol. It also shares updates on U.S. privacy laws and how we can improve collaboration as an industry.

3rd Party Risk Management

Why FDA's Medical Device Cyber Recommendations 'Have Teeth'

Marianne Kolbasuk McGee • May 27, 2022

The inclusion of a new secure product development framework for manufacturers is a most significant addition to recently updated federal draft guidance for the cybersecurity of premarket medical devices, says attorney Linda Malek of the law firm Moses & Singer LLP.

Cloud Security

Broadcom Beefs Up Security Business With $61B VMware Buy

Michael Novinson • May 26, 2022

Broadcom has agreed to buy cloud and virtualization giant VMware for $61 billion, bringing together the $1.6 billion Symantec and $1 billion VMware security teams. Broadcom will incorporate its existing security offerings into the VMware portfolio and bring them to market under the VMware brand.

Cloud Security

Lacework Announces Layoffs 6 Months After Raising $1.3B

Michael Novinson • May 26, 2022

Cybersecurity startup Lacework has announced layoffs - affecting 20% of its employees, according to one report - to strengthen its balance sheet, just six months after raising $1.3 billion. The company says it restructured its business in response to a large shift in the public and private markets.

Next-Generation Technologies & Secure Development

Cribl Raises $150M to Incubate New Observability Features

Michael Novinson • May 25, 2022

Cribl has raised $150 million to drive the development of new features such as hosted versions of the company's technology. The company will build out separate tools for each piece of the observability process rather than forcing customers to purchase a bundle with features they don't care about.

Fraud Management & Cybercrime

Attempted Ransomware Attack Grounds SpiceJet Flights

Mihir Bagwe • May 25, 2022

Indian passenger airline SpiceJet says an attempt at a ransomware attack was made against its IT infrastructure on Tuesday night. The airline says the attack was "contained," and it has resumed regular operations. Passengers continued to complain about takeoff delays until noon local time.

Fraud Management & Cybercrime

13% Spike in Ransomware Is Biggest in 5 Years

Brian Pereira • May 25, 2022

Ransomware has grown 13% year on year in 2022, a jump greater than the past five years combined, a Verizon Business 2022 Data Breach Investigations Report published on Tuesday shows. It says financial gain continues to be the primary motive for attacks, followed by espionage.

Application Security

WhiteSource, Renamed Mend, Takes on Remediating Code Issues

Michael Novinson • May 25, 2022

WhiteSource has renamed itself Mend as the company pushes beyond software composition analysis to become a broad application security platform with automated remediation. The name WhiteSource didn't have any negative connotations when the company was founded, but some people today find it offensive.

Healthcare

Developing Medical Device Cybersecurity Maturity Benchmarks

Marianne Kolbasuk McGee • May 25, 2022

An effort to establish industry benchmarks for medical device cybersecurity maturity aims to help advance overall cybersecurity in the healthcare sector, says Rob Suárez, CISO of medical device maker Becton, Dickinson and Co. He discusses how to improve the state of medical device cybersecurity.