Ransomware Running Rampant

Insurance and security companies have grown so used to ransomware that cyber-threat researchers can now become "negotiators". One of them shares his experience to the register. Based on previous discussions with designated criminal groups, negotiators can tell which is more likely to give back the key if you are healthcare and who will greedily maintain its ransom demand. Don't picture Casa de papel-like verbal scuffles. It looks more like a tedious MSN Messenger chat, minus the WIZZ and song lyric statuses.
One area of concern outlined in the article and confirmed in a recent British School attack (therecord) is criminals using their own research into the victim's cyber insurance to set their ransom demands. This vicious attack against minors is another sad landmark for the Hive ransomware family, which also targets healthcare services. Trendmicro's research on the organized group shows how far the threat has come. While details on the latest attack against an IT vendor providing the '111' service (equivalent to 911) in the UK remain scarce, it appears to carry the signature of Hive.
Sophisticated cybercriminals are not our only worry, though. The Lazarus group and APT38 have been linked to the North Korean government. Their attacks, which include the high-profile theft of the SWIFT network, are reportedly used to fund the nation's missile program. North Korea has also been recently associated with recent malware "SHARPEXT" which can read your Gmail using a malicious browser extension. The ArsTechnica has a detailed technical breakdown. I found the attack quite clever because we tend to think of the browser as "sandboxed". Why try to escape the sandbox when you can exfiltrate from within?
Report" which, if you are like me, has LIT UP your Twitters and LinkedIns more than charli d'amelio's latest nail polish. Highlights are summarized in the article below.

My biggest takeaway is not the $4.4 million per breach price tag. It feels meaningless given there are so many different contexts. What concerns me are the top 5 worse events in probability and impact. The usual suspects of phishing, stolen credentials and email compromise still reign, but you suddenly see "cloud misconfiguration" and "third-party software vulnerability" creeping up over more "traditional" scenarios such as social engineering, physical security compromise, and stolen devices.
I have to admit, I was always the one laughing the hardest at the cybersecurity industry's marketing of NATION STATES and HIGHLY ORGANIZED CYBERCRIMINALS~!!! While I still believe such marketing tactics to be irritating, there is at least a foment of sound data underlying the fear-mongering.
What should we do?
Probably not rush to subscribe to a quarter million's worth of AI-based endpoint detection software. My two cents:
- Getting rid of e-mails. I'm not kidding! Everybody hates email anyway! Use mobile and push notifications, plus your instant messaging apps. Aim to decrease your e-mail traffic by 80% in the next 3 years. Those phishing scams will stick out!
- Invest in cloud visibility. Gross cloud misconfiguration should trigger alerts. Vetted software libraries, server images and container images should be easy to use and find in your environments. Internal apps not using vetted components should trigger alerts. People should look at alerts.
On a more personal note: back up your baby's pictures in the cloud and to a portable drive not connected to your computer. Now.