Weekly News Roundup February 19-23, 2024


Posted on by Kacy Zurkus

Earlier this week I was braving the freezing cold of some of New England’s ski slopes, while news of the Cactus ransomware group was blazing through headlines. The ski resort I visited was a great family destination as the hotel is also home to an indoor water park. One of the attractions is FlowRider, an indoor surfing experience.

A friend was brave enough to attempt this feat, and I wanted to record the effort for posterity. She politely asked that I not take footage for fear that the video could go viral. It served as a reminder that it’s not just organizations that have to worry about protecting their brand’s reputation.

And this week, we’ve seen several ransomware attacks impacting companies large and small. Security Week reported, “The Cactus ransomware gang has claimed responsibility for the cyberattack that French industrial giant Schneider Electric disclosed at the end of January.”

Despite releasing a patch for a newly discovered critical vulnerability in ConnectWise ScreenConnect, attackers are reportedly exploit the two critical vulnerabilities to deliver ransomware associated with LockBit.

But malicious actors weren’t the only cyber actors busy this week. CNN reported that the US Federal Bureau of Investigations and its international allies took down LockBit’s site on the dark web. The multinational ransomware gang had taken credit for multiple large-scale attacks around the globe in recent months, including the attack on the Industrial and Commercial Bank of China. 

As the week came to a close, though, Nashville, Tennessee legislators took a stand with a bill that would block the state from paying off hackers. To learn more about how to respond to a ransomware attack, visit our Library.

Now let’s take a look at what else made industry headlines this week.

Feb. 23: According to Cyber News,A new report finds that three in ten job board users have fallen victim to fake job ads on popular sites such as Indeed, LinkedIn, and Craigslist.

Feb. 22: The Federal Trade Commission imposed a fine of $16.5 million upon Avast, a software provider, for violating consumer rights and selling data without consent.

Feb. 22: “The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes,” Bleeping Computer reported

Feb. 21: UnitedHealth Group filed a Form 8-K with the SEC after discovering, “a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems.”

Feb. 21: After discovering spyware on the phones of defense subcommittee members and staff, the European Parliament urged all members to have their devices checked.

Feb. 21: AP reported, “President Joe Biden on Wednesday signed an executive order and created a federal rule aimed at better securing the nation’s ports from potential cyberattacks.”

Feb. 20: The National Security Agency’s Cybersecurity Director, Rob Joyce, announced that he will be retiring at the end of March 2024.

 

 

Contributors
Kacy Zurkus

Director of Content, RSAC

RSAC Insights

ransomware hackers & threats risk management law malware Advanced Threat Protection threat management

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs