Ingredients of a Good Insider Risk Program

Suparna Goswami • December 3, 2021

Any technology that allows you to do a full-person assessment by taking into account nontechnical data as well as technical data is a value-add to an insider risk program, says Peter J. Lapp, former special agent at the FBI. He discusses the ingredients in a good insider risk program.

►

Cybercrime

Spotting Credit Card Fraud in the Airline Industry

Latest

Business Continuity Management / Disaster Recovery

Ransomware Operations Double Down on Data Leak Sites

Mathew J. Schwartz • December 3, 2021

Many ransomware-wielding attackers continue to rely on initial access brokers to easily gain deep access to victims' systems, allowing them to steal data and attempt to pressure victims into paying via data leak sites. Researchers say that the number of victims being listed on such sites has surged.

Business Continuity Management / Disaster Recovery

FBI Seizes Bitcoins From Alleged REvil Ransomware Affiliate

Mathew J. Schwartz • December 1, 2021

The FBI has seized 39.9 bitcoins worth $2.3 million from an alleged affiliate of the notorious REvil - aka Sodinokibi - ransomware group. A forfeiture notice filed by the government accuses Russian national Aleksandr Sikerin of having amassed the cryptocurrency via victims' ransom payments.

Governance & Risk Management

Troublemaker CISO: Penny-Wise, Pound-Foolish & Insider Risk

Ian Keller • December 1, 2021

The saying "Penny-wise, pound-foolish" is relevant when we talk to those friendly, knowledgeable finance people about ongoing employee screening due to the dreaded insider threat and the costs associated with it - which leads to us pulling out our hair in utter frustration. This rant is about that.

COVID-19

Darknet Markets Advertise Fake COVID-19 Vaccine Passports

Mathew J. Schwartz • November 29, 2021

Criminals have been selling fake vaccine certificates online, claiming to be able to fool systems designed to verify the certificates' validity, researchers warn. Authorities, meanwhile, warn that fraudsters continue to target all things COVID-19, including selling scam vaccine passports.

Anti-Money Laundering (AML)

Report: DeFi Fraud, Theft Exceeds $10 Billion in 2021

Dan Gunderman • November 22, 2021

More than $12 billion has been lost in decentralized finance, or DeFi, applications in 2021 - $10.8 billion of which is attributed to fraud and theft, a 600% increase from 2020, according to a new report from blockchain analytics firm Elliptic.

Application Security

More Than Half of Indian Loan Apps Illegal, RBI Panel Finds

Soumik Ghosh • November 22, 2021

Critical issues in India's digital lending ecosystem were identified by a RBI working group. These include the existence of fake and illegal apps and unscrupulous money recovery practices. Establishment of a self-regulatory body to oversee operations of lending platforms is recommended.

Breach Notification

Utah Imaging Associates Notify Nearly 584,000 of PHI Hack

Marianne Kolbasuk McGee • November 22, 2021

A recent hack of a Utah medical radiology group's network server has compromised sensitive health information of more than a half-million individuals, ranking the incident among the 20 largest health data breaches posted on the federal tally so far this year. What are the risks to patients?

Blockchain & Cryptocurrency

Youth in $37 Million Crypto Heist; BitConnect Ponzi Payout

Prajeet Nair • November 20, 2021

A Canadian teenager is under arrest after allegedly stealing C$46 million ($37 million) in the latest cryptocurrency SIM swap scam. Meanwhile in the U.S., the Department of Justice is going to sell off $57 million worth of cryptocurrency seized from the BitConnect Ponzi scheme.

3rd Party Risk Management

Regulators: Banks Have 36 Hours to Report Cyber Incidents

Dan Gunderman • November 19, 2021

U.S. federal banking regulators have approved a new rule that will require banks to notify regulators no later than 36 hours after the organization determines it has suffered a qualifying "computer-security incident," the nation's top financial agencies announced this week.

Account Takeover Fraud

SharkBot Trojan Targets Bank and Cryptocurrency Credentials

Mihir Bagwe • November 18, 2021

A newly identified banking Trojan dubbed SharkBot is now targeting banking and cryptocurrency exchange customers across the U.K., Italy and the U.S. through a sideloading campaign and/or a social engineering campaign.

3rd Party Risk Management

EU Report Calls for More Health-Specific Incident Response

Marianne Kolbasuk McGee • November 16, 2021

Cyberattacks on the EU's healthcare sector grew by nearly 50% in 2020, over 2019, and continue to pose serious threats to patient safety as well as to the entire health supply chain, says a new report calling for the development of more healthcare-specific incident response teams among EU members.

Anti-Money Laundering (AML)

Money Laundering Cryptomixer Services Market to Criminals

Mathew J. Schwartz • November 16, 2021

Cryptocurrency-using criminals continue to rely on services designed to launder their virtual currency to give them "clean coins" that are tougher for law enforcement to trace. Experts say such services are widely marketed on cybercrime forums, and sometimes provided directly to ransomware groups' affiliates.