Skip to main content

Friday Five 9/17

by Chris Brook on Monday September 20, 2021

Contact Us
Free Demo

A $10 million SEC fine, zero trust, and another free ransomware decryptor debuts - catch up on the infosec news of the week with the Friday Five!

1. What Is Zero Trust? It Depends What You Want to Hear by Lily Hay Newman

Wired has a nice explainer here on "zero trust," a catchphrase as it points out, has been everywhere these days. It does an admirable job of clearing the air around the term and the problems that can stem from further confusion around it. With the government set to embrace zero trust - the Office of Management and Budget released a draft a federal strategy for moving the U.S. government towards a zero trust architecture earlier this month - it's important that all stakeholders are aware exactly what they’re moving towards. There’s an excellent quote in here via Paul Walsh, the founder and CEO of an anti-phishing firm MetaCert: “What the security industry has been doing for the past 20 years is just adding more bells and whistles—like AI and machine learning—to the same methodology. If it’s not zero trust, it's just traditional security, no matter what you add.

Read more

2. App Annie Fined $10 Million in Case That Is the Future of Insider Trading by Shoshana Wodinsky

A story that likely flew under the radar for you this week: The U.S. Securities and Exchange Commission settled with App Annie, an analytics company, for $10 million following allegations the company failed to disclose how its customers data was being used. It’s a confusing order but Gizmodo's Shoshana Wodinsky digs into the story and finds that the company basically didn’t follow through on promises it made by lying to companies about how their confidential data was being used and then doubling down on those lies by selling the data to trading firm customers and encouraging them to trade on their phony estimates.

Read more

3. Good News: REvil Ransomware Victims Get Free Decryptor by Mathew J. Schwartz

We've been highlighting some good news in this section every week and time and time again it's been taking the form of ransomware victims being able to decrypt their locked files. This week's winners include anyone who may have been hit earlier this year by REvil, aka Sodinokibi. Victims who had their files locked before July 13 can now decrypt those files for free via a new decryptor. REvil has been one of the more popular strains of ransomware over the last few years - it began operating in April 2019. Hospitals and health systems have been big targets of ransomware especially; a Nevada hospital, University Medical Center of Southern Nevada, was hit by the strain in June. This summer's attack on JBS SA, the world's largest beef producer, was REvil too. Enterprises need to act fast to remedy ransomware attacks usually but if time isn't of the essence, it can pay to save that encrypted data and wait for the day a decryptor surfaces.

Read more

4. Operator of 'DownThem' DDoS Attack Service Convicted by Ionut Arghire

SecurityWeek has news on a conviction this week of a man who oversaw a DDoS (distributed denial of service) attack service. The service, DownThem, known as a "booting" service, could let users drag websites down by flooding them with traffic from DDoS attacks. According to the story, DownThem had over 2,000 users who used the service to knock users, governemnt websites, school websites, and bank websites offline.

Read more

5. FBI: $113 million lost to online romance scams this year by Sergiu Gatlan

The FBI’s Internet Crime Complaint Center (IC3) issues its annual internet crime report every spring and usually the statistics are about in line with what we read about in the news everyday - think lots of numbers around phishing, extortion, identity theft, and so on - but every so often it releases figures around news designed to help the general public. That was the case this week when the FBI announced that since the beginning of the year Americans have lost more than $113 million through romance scams. In romance scams victims are lulled into a sense of security through an online relationship, then taken advantage of. Victims typically end up surrendering their banking information, Social Security Number or other forms of identification. It's unclear whether this year's figure will wind up surpassing years past - Americans lost $475M through romance scams in 2019 and $600M in 2020 - but it's clearly an issue, with Americans relying more than ever before on the internet to do work and network.

Read more

Tags:  Ransomware Government DDoS FBI

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business