Assistant Attorney General for National Security John C. Demers announces the unsealing of an indictment charging six Russian intelligence agents with hacking.

6 Takeaways: Russian Spies Accused of Destructive Hacking

Mathew J. Schwartz • October 20, 2020

U.S. officials have accused the Russian government of behaving "maliciously or irresponsibly" by taking steps such as crashing Ukraine power grids in the dead of winter and causing more than $10 billion in damages via NotPetya malware. But why make the accusations now? And how might Moscow respond?

►

Cyberwarfare / Nation-State Attacks

Unsecured AWS Database Left Patient Data Exposed

Latest

DevSecOps

Getting Visibility Into Open Source Components

Suparna Goswami • October 21, 2020

Many applications use open source components, which can make it challenging to pinpoint any security issues. How can organizations gain better visibility of risks?

Cybercrime

Tom Kellermann on the Price of Digital Transformation

Tom Field • October 20, 2020

VMware Carbon Black is out with its latest Global Incident Response Threat Report, which describes "the perfect storm" for increasingly sophisticated attacks heading into 2021. Cybersecurity strategist Tom Kellermann discusses what that means - and how these trends should inform our defensive strategies.

Anti-Money Laundering (AML)

Bitcoin 'Mixer' Fined $60 Million

Akshaya Asokan • October 20, 2020

The Treasury Department has fined the owner of two bitcoin "mixing" sites $60 million for violating anti-money laundering laws. It's the first time the department's Financial Crimes Enforcement Network has issued a civil monetary penalty against the operator of a cryptocurrency site.

Cybercrime

Trickbot Rebounds After 'Takedown'

Doug Olenick • October 20, 2020

The recent "takedown" of Trickbot by Microsoft and others had only a temporary effect; the botnet's activity levels have already rebounded, according to Crowdstrike and other security firms.

Governance & Risk Management

Sensitive Voicemail Transcripts Exposed

Marianne Kolbasuk McGee • October 19, 2020

A security researcher recently discovered an unsecure Elasticsearch database cluster exposed on the internet that contained transcripts of sensitive voicemail messages, including some for medical clinics and financial service companies.

Cyberwarfare / Nation-State Attacks

FCC Wants More Information on Threat Posed by China Unicom

Chinmay Rautmare • October 19, 2020

The FCC is asking the Justice Department and other executive branch agencies if China Unicom's operations within the U.S. pose a significant enough national security threat to merit revoking the company's business license.

Fraud Management & Cybercrime

Instagram Investigated for Exposure of Minors' Details

Jeremy Kirk • October 19, 2020

Ireland's Data Protection Commissioner has launched an investigation into whether Facebook's Instagram service improperly displayed the email addresses and phone numbers of minors on its platform. Facebook, Instagram's owner, could face a GDPR fine if it's found to have violated privacy requirements.

Critical Infrastructure Security

Google Offers Fresh Details on China-Linked Hacking Group

Akshaya Asokan • October 17, 2020

A report from Google's Threat Analysis Group offers fresh details about the hacking group that targeted Democratic presidential candidate Joe Biden's campaign with phishing emails earlier this year. The phishing effort was linked to a little-known hacking group called APT31, which has connections to China.

Anti-Money Laundering (AML)

20 Arrested in Money-Laundering Crackdown

Prajeet Nair • October 16, 2020

A international law enforcement operation involving 16 countries has resulted in the arrest of 20 individuals suspected of belonging to the QQAAZZ criminal network, which helped launder cash and cryptocurrency for other cybercriminals.

General Data Protection Regulation (GDPR)

British Airways' GDPR Fine Dramatically Reduced

Doug Olenick • October 16, 2020

Britain's Information Commissioner's Office announced this week a dramatic reduction in its fine against British Airways for violating the EU's General Data Protection Regulation. The company will pay a $26 million fine instead of $238 million in a case tied to a 2018 breach.

ATM / POS Fraud

'Black Box' and Physical Attacks Against ATMs Surge

Mathew J. Schwartz • October 16, 2020

Criminals have been seeking innovative new ways to steal cash from ATMs. In the U.S., there has been a surge in physical attacks, while Europe has seen a sharp increase in "black box" attacks designed to make ATMs dispense cash on demand.

Business Continuity Management / Disaster Recovery

Iranian Hacking Group Suspected of Deploying Ransomware

Akshaya Asokan • October 16, 2020

A hacking group with links to Iran's government is suspected of using ransomware in attempts to damage the systems of organizations in Israel and other countries, the security firm ClearSky reports.