Weekend reading: Friday, March 10, 2017

I, like many of you, catch up on news over morning coffee on the weekend. Starting today, I’m going to post some of the more interesting data-related stories that I found both interesting and helpful in my role as a Chief Information Security Officer (CISO). I strongly suggest you spend a few minutes this weekend (or even Monday morning) to review these important stories during your “off-time.”

RanRan Ransomware being used as a political tool – SC Magazine

A new strain of ransomware, discovered by Palo Alto’s Unit 42 research group, is targeting Middle Eastern organizations, asking victims to post political statements online instead of requesting monetary payments. This is yet another evolution in the methods employed by ransomware-toting criminals that mimic traditional kidnap and ransom tactics. Not saying “I told you so” but

Boeing insider data breach serves as reminder for HR – SHRM

The data of more than 36,000 Boeing employees in four different states may have been exposed after one employee shared a spreadsheet with his spouse. This blog post is a good reminder of why HR needs to ensure employees are trained on proper data security measures.

FBI says surge of ‘ransomware’ phishing hits Boston – Boston Herald

According to an FBI supervisory special agent for the Boston Criminal Cyber Squad, his office is fielding four to five new reports of ransomware every week. What’s more alarming, however, is that not even half of ransomware infections are being reported.

Pa. Senate Democrats are slowly finding their cyber-legs again after ransomware attack – PennLive.com

At a cost, however. Though Senate Minority Leader Jay Costa believes any extra cost from the attack can be absorbed by his caucus’ operating budget (and has made clear the Senate Democrats did not pay the ransom), it may cause the Democrats’ to forego other planned IT upgrades.

Do you know where your sensitive data lives? – DataGravity.com

One of the biggest challenges organizations face when trying to secure IT environments is a lack of data awareness. Despite all the recent high-profile attacks against well-known enterprises, many companies still don’t know where much of their critical business information exists at any given time.

Paying ransomware attackers perpetuates attacks, says researcher – ComputerWeekly.com

Kaspersky Lab principal security researcher David Emm believes paying cyber criminals only promotes their business model. Whether to pay or not was a hotly contested topic at the inaugural RSAC 2017 Ransomware Summit. Unfortunately, no consensus was reached as experts on both sides of the argument simply could not agree.

New Cerber Ransomware Variant Released That Keeps Original Filename – BleepingComputer

Researchers found a new sample of the Cerber ransomware that leaves the original filename untouched, only attaching a random extension. The original version would not only encrypt files, but annoyingly encrypt the file names as well.

Data Breach Notification Passes Senate Committee – Los Alamos Daily Post

This week, the New Mexico Senate Public Affairs Committee passed House Bill 15, which would require businesses and other entities to implement reasonable procedures to protect consumers’ personal information. The bill would require that consumers be notified if it is suspected that their data may have been compromised by a breach. The bill will go on to the Senate Judiciary Committee next.

Thanks for reading! Feel free to share with your employees, peers, upper management, family and friends.

Be sure to register for our newsletter and look for next week’s post.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.