As a former teacher, I love to learn. More than anything, I love to learn for free. What I appreciate about the cybersecurity industry is that there are ample low-or-no-cost opportunities to learn new skills and deepen one’s understanding of tools, processes, procedures—even people. 

This week, RSAC365 hosted a webcast that made me smile not only because of the engaging personalities of the speakers but also because of the inbound comments from attendees, like “I almost missed this for lunch, glad I stuck around!” The topic—extortion—was nothing to laugh about though, especially for small town America. There’s not a state across the US who hasn’t had at least one of its municipalities hit with a ransomware attack. A fun fact I learned—cybercriminals are leveraging the new Securities and Exchange Commission’s (SEC) reporting mandates to breach companies and then report them for not having filed in adherence to the regulations.

One piece of wisdom that I took away from the conversation is that email is a low-hanging fruit for threat actors. Peter Hedberg, Vice President, Underwriting at Corvus Insurance, cautioned that no one needs to hold onto emails that are older than six months to a year—one of many public service announcements Peter made throughout the hour. 

The reality is, though, most people have an inbox filled with emails that go back years. Violet Sullivan, AVP, Head of Cyber Services at Crum & Foster admitted that if she were a malicious actor, she would do a deep dive into email to find the spiciest bits.  

Check out this session on Tabletop Exercise: Ransomware and Cyber Extortion in our Library where you can also learn more about Generative Email Attacks and How to Defend Against Them.

Now let’s look at what else made industry headlines this week. 

Feb. 16: Google announced the launch of a new initiative leveraging AI “to boost cybersecurity.”

Feb. 15: The US Justice Department announced the successful disruption of a botnet operated by Russian agents being used for cyber espionage. 

Feb. 15: A Chinese-speaking threat actor dubbed GoldFactory has reportedly developed sophisticated banking trojans, including an iOS malware called GoldPickaxe that has not previously been documented.

Feb. 15: CISA released seventeen Industrial Control Systems (ICS) advisories.

Feb. 14: Bank Info Security reported, “A hack at Integris Health in November affected an estimated 2.4 million people, but the fallout from the data breach didn't end there. At least one child, M.J. - and his Oklahoma mom Teresa Johnston - said cybercriminals used the stolen data to try to extort money from them.”

Feb. 14: Infosecurity Magazine reported, “Experts have warned users of AI-powered “relationship” chatbots that their data and privacy are at risk, after failing all 11 apps they tested.”

Feb. 13: Trans-Northern Pipelines, a Canadian oil and gas pipeline operator based in Ontario, was the victim of a ransomware attack believed to be the work of ALPHV/BlackCat.

Feb. 13: Microsoft released several security updates, highlighting three bugs being exploited, including one notable vulnerability, CVE-2021-43890, that is linked to malware like Emotet/Trickbot/Bazaloader. 

Feb. 12: “The US Government Accountability Office said Monday that CGI Federal, an IT contractor and unit of CGI Inc, notified the agency of a data breach last month affecting about 6,000 current and former GAO employees,” Reuters reported.