Tonya Riley – Page 29 – WindowsTechs.com

A new bill would require ransomware victims to report payments within 48 hours

Posted on October 5, 2021 by Tonya Riley

Democrats introduced legislation in the House and Senate Tuesday requiring ransomware victims who pay hackers to notify the Department of Homeland Security within 48 hours of payment. The bill would also require DHS to release a report publicly disclosing information about payments from the prior year. The report would not include identifying information about victims. The legislation, which was introduced in the Senate by Elizabeth Warren, D-Mass, also directs DHS to study the role cryptocurrency plays in ransomware attacks and produce recommendations for improving cybersecurity. “The U.S. cannot continue to fight ransomware attacks with one hand tied behind our back,” said Rep. Deborah Ross, D-N.C., who introduced the legislation in the House. “The data that this legislation provides will ensure both the federal government and private sector are equipped to combat the threats that cybercriminals pose to our nation.” The bill is the most recent in a collection of cybersecurity […]

The post A new bill would require ransomware victims to report payments within 48 hours appeared first on CyberScoop.

Continue reading A new bill would require ransomware victims to report payments within 48 hours→

Police raid in Ukraine results in arrests of 2 alleged ransomware hackers

Posted on October 4, 2021 by Tonya Riley

Europol coordinated with the FBI, French national police and Ukrainian National Police to arrest two members of an active ransomware group, the police agency Europol said Monday. The statement did not name the group the suspects allegedly worked for, said the scammers pulled off attacks against “very large industrial groups in Europe and North America from April 2020 onwards.” The group uses a double-extortion technique in which it locks up the victim’s servers and then threatens to leak sensitive data if the victim does not pay, according to authorities. The raid comes amid growing interest in strengthening global cooperation against the threat of ransomware. The White House will host a summit of 30 countries in October to discuss the growing threat of ransomware, as reported by CNN. The council of the European Union will meet Wednesday to discuss a potential Joint Cyber Unit Initiative and U.S. ransomware initiatives. Authorities from […]

The post Police raid in Ukraine results in arrests of 2 alleged ransomware hackers appeared first on CyberScoop.

Continue reading Police raid in Ukraine results in arrests of 2 alleged ransomware hackers→

The FCC wants to force phone carriers to guard against SIM-swapping scams

Posted on September 30, 2021 by Tonya Riley

The Federal Communications Commission proposed rules Thursday aimed at curbing the threat of attacks in which cybercriminals use a victim’s personal information to steal their phone number and swap it into a scammer-controlled device, a technique known as “SIM-swapping” or “port-out fraud.” Specifically, the proposed rule would amend the rules regarding porting numbers from one account or phone to another to include a requirement that carriers “adopt secure methods of authenticating a customer.” The draft rule also proposes that careers be required to immediately notify customers of any request to swap or port-out their number. Scammers can use such access to reset or takeover other accounts, including social media profiles or financial accounts. The FCC did not publicly rlease the rules by press time Thursday. The agency declined to comment on how the rule will define “secure methods.” SIM-swapping can give cybercriminals more than access to vctims’ messages or calls. […]

The post The FCC wants to force phone carriers to guard against SIM-swapping scams appeared first on CyberScoop.

Continue reading The FCC wants to force phone carriers to guard against SIM-swapping scams→

Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords

Posted on September 30, 2021 by Tonya Riley

Fraudsters are posing as human rights group Amnesty International to trick individuals into downloading malicious software, researchers at Cisco’s threat intelligence unit Talos report. Masquerading as the human rights group, hackers registered multiple domains using variations on the Amnesty name to advertise a demo for “Amnesty Anti Pegasus” software that could allegedly scan devices for the NSO Group spyware, which Amnesty has closely examined. The malware had a realistic-looking “Anti Pegasus” user interface. In fact, victims downloaded Sarwent, a malicious software that gives attackers a backdoor to a victim’s machine. Hackers can use that access to download and execute other malicious tools as well as exfiltrate data such as passwords. The campaign preys on growing concerns around the threat of spyware. Human rights advocates have long criticized the NSO Group for the use of its technology by governments to spy on activists, dissidents and journalists. A sweeping July report by […]

The post Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords appeared first on CyberScoop.

Continue reading Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords→

Ransomware gangs are starting more drama on cybercrime forums, upending ‘honor among thieves’ conventions

Posted on September 29, 2021 by Tonya Riley

When ransomware group REvil reappeared in September after a nearly two-month downtime, its return was met with a less-than-friendly reception on the cybercriminal underground. Before going dark, the Russia-based gang attracted attention from the White House for two attacks that disrupted U.S. supply chains: the May breach at global meat supplier JBS that netted a reported $11 million payment, and a July hack on the software company Kaseya that immobilized hundreds of clients, some for months. REvil’s sudden disappearance left hackers that had been leasing out the group’s ransomware tools to conduct their own attacks, also known as affiliates, in the lurch. Almost immediately, several affiliates opened arbitration cases against the group on illicit forums. One hacker “Boriselcin” claimed on the XSS forum that the REvil owed him money before it disappeared. While the two parties quickly resolved the case, not all disputes end so quietly, according to researchers who study dark […]

The post Ransomware gangs are starting more drama on cybercrime forums, upending ‘honor among thieves’ conventions appeared first on CyberScoop.

Continue reading Ransomware gangs are starting more drama on cybercrime forums, upending ‘honor among thieves’ conventions→

Cybercrime is hitting communities of color at higher rates, study finds

Posted on September 27, 2021 by Tonya Riley

Black people, Indigenous people, and people of color (BIPOC) are more likely to suffer from identity theft and financial impact from the fallout, according to survey data collected by internet security company Malwarebytes with the nonprofits Digitunity and the Cybercrime Support Network. The survey found, for instance, that just 47% of BIPOC respondents were able to avoid a financial impact due to identity theft, compared to 59% of overall respondents. Compared to overall respondents, BIPOC on average reported roughly $200 more in financial losses. “Forty-seven percent sounds like okay, well, that’s not so bad — it’s like 50-50 whether you’re losing money, right? But 47% is compared to 59% of all respondents,” said David Ruiz, an online privacy advocate at Malwarebytes. “That means that everyone else has a better chance at not being financially hit, everyone else has a better chance of skirting by kind of unscathed.” Ruiz says the […]

The post Cybercrime is hitting communities of color at higher rates, study finds appeared first on CyberScoop.

Continue reading Cybercrime is hitting communities of color at higher rates, study finds→

CISA, FBI, NSA warn of increased attacks involving Conti ransomware

Posted on September 22, 2021 by Tonya Riley

The Department of Homeland Security’s cybersecurity agency, the FBI and National Security Agency urged organizations in an alert Wednesday to update their systems amid an increase in Conti ransomware attacks. DHS’ Cybersecurity and Infrastructure Security Agency and the FBI reported over 400 attacks using Conti ransomware against mostly U.S. targets. The group primarily runs “double extortion” campaigns in which hackers encrypt and steal files. In the scheme, they demand a ransom from the victim in order to restore access to the systems; if the victim doesn’t pay, the actors threaten to leak the stolen data. At least 16 of the 400 reported attacks targeted U.S. health care providers and first responder networks, the FBI reported in May. The Conti ransomware gang has already been linked to several major attacks this year. In June the gang stole roughly 18,000 files from the Tulsa police, leaking some after the city refused to […]

The post CISA, FBI, NSA warn of increased attacks involving Conti ransomware appeared first on CyberScoop.

Continue reading CISA, FBI, NSA warn of increased attacks involving Conti ransomware→

Treasury sanctions cryptocurrency platform for working with ransomware payments

Posted on September 21, 2021 by Tonya Riley

The Treasury Department on Tuesday announced sanctions against a cryptocurrency exchange for facilitating transactions involving money illegally gained via ransomware hacking, the first action of its kind. The sanctions against Russia-based exchange Suex are a significant step by the Biden administration in making it harder for cybercriminals to access payments, with the ultimate goal of disrupting the rapid rise of ransomware attacks. (The government did not disclose which hacking groups allegedly laundered their funds through the service.) “Exchanges like Suex are critical to attackers’ ability to extract profits from ransomware attacks. This action is a signal of our intention to expose and disrupt illicit infrastructure using these attacks,” said Wally Adeyemo, deputy secretary of the Treasury Department. Over 40% of Suex’s transactions are associated with illegal activity, according to the Treasury Department. The new sanctions block all of Suex’s property and business interests in the U.S. and threaten additional sanctions […]

The post Treasury sanctions cryptocurrency platform for working with ransomware payments appeared first on CyberScoop.

Continue reading Treasury sanctions cryptocurrency platform for working with ransomware payments→

Democrats urge FTC to make privacy rules while fight over a federal law drags on

Posted on September 20, 2021 by Tonya Riley

Nine Senate Democrats are urging the Federal Trade Commission to make new data privacy rules that will work in parallel with the long-running effort by Congress to reach an agreement on a federal privacy law. Lawmakers are urging the agency to look at better protecting vulnerable communities from discriminatory data practices, as well as requiring companies to get consumers to explicitly opt into having their data collected. “We believe that a national standard for data privacy and security is urgently needed to protect consumers, reinforce civil rights, and safeguard our nation’s cybersecurity,” the group of Senators led by Richard Blumenthal, D-Conn., wrote. The letter comes in response to frustrations that the FTC’s current rules against unfair and deceptive practices have proven ineffective to take on major privacy violations and data breaches by technology companies. Leaning on the authority in lieu of strong national privacy protections has forced the agency to […]

The post Democrats urge FTC to make privacy rules while fight over a federal law drags on appeared first on CyberScoop.

Continue reading Democrats urge FTC to make privacy rules while fight over a federal law drags on→

Momentum builds to strengthen FTC’s role as privacy enforcer, though hurdles remain

Posted on September 20, 2021 by Tonya Riley

When the White House nominated Alvaro Bedoya, a Georgetown law professor known for his expertise on privacy, for a role on the Federal Trade Commission, privacy advocates interpreted the move as the latest evidence that the agency is looking to expand its work investigating and bringing cases against companies that exploit and mismanage consumer data. Bedoya, a former Senate Judiciary counsel who is known for his work addressing racial and gender bias on facial recognition technology and other surveillance of communities of color, comes with the promise of what privacy advocates envision for the future of the agency. “Just as Lina Khan really sent a strong signal about taking the FTC seriously as an antitrust regulator, I think that the nomination of Alvaro Bedoya should send us the same signal to take the agency seriously as a privacy regulator,” said Christine Bannan, senior policy counsel at the Open Technology Institute, one […]

The post Momentum builds to strengthen FTC’s role as privacy enforcer, though hurdles remain appeared first on CyberScoop.

Continue reading Momentum builds to strengthen FTC’s role as privacy enforcer, though hurdles remain→