[ This article was originally published here ]
By Joe Fay
Australia to scrap cybersecurity rules as part of a new regime, ransoms bankroll further ransomware attacks, Dole and PyPi attacked, while the European Commission calls time on TikTok.
The Australian government is overhauling its approach to cybersecurity and will create a new agency to coordinate responses to cyberattacks and manage investment. The plans follow publication of a discussion paper on cybersecurity following recent high-profile attacks, including one that affected telco Optus. The minister for home affairs, Clare O’Neil, described the current regime as “bloody useless.”
. The telecoms giant built the unit around its $600m acquisition of AlienVault five years ago. AT&T’s strategy has been overtaken by a rash of startups offering more cost-effective offerings. Meanwhile, Trend Micro has acquired security operations center vendor Anlyz, boosting Trend’s orchestration, automation and integration capabilities and bringing 40 technical employees to Trend’s 3,000+ engineering team.
If ransomware victims pay the ransom they are bankrolling 10 more attacks on average, according to research from Waratah Analytics and Trend Micro. The report, What Decision Makers Need to Know about Ransomware Risk, applies data science techniques to a range of data, from chat logs to crypto currency transactions. It claims that LockBit and the historic Conti groups enjoyed ransom payment rates of 16%, probably thanks to their highly targeted business models.
Fruit and veg giant Dole has confirmed it had been hit by a ransomware attack, but the impact to its operations “has been limited”. The food producer said it had “moved quickly to contain the threat” and engaged leading third-party cybersecurity experts to work with Dole’s internal teams to remediate the issue and secure systems. The attack was first reported by CNN, which said it had resulted in shutdowns at Dole’s plants in the US earlier this month and halted shipments to grocery stores. Apparently, salad making kits were particularly affected, illustrating the supply chain disruption that ransomware can create.
The number of malicious “HTTP” libraries on the Python Package Index repository has increased according to research by ReversingLabs. In a blog post the firm said that most of these are “simple, malicious packages bearing names that are Frankenstein-like’ amalgamations of the acronym ‘HTTP’”, usually aping popular libraries in a bid to distribute malware or steal information. The PyPi repository was the source of a supply chain attack at the end of December, when someone uploaded a malicious dependency package with the same name as one shipped as part of the PyTorch nightly package index.
A year after Russia’s invasion of Ukraine, analysts and pundits have been contemplating the ongoing effect on the cyber landscape. A report from Google has detailed the phases of the cyberwar to date and its lasting effects, concluding that Moscow-based attackers have waged an “aggressive, multi-pronged effort…often with mixed results.” The effort has also “triggered a notable shift in the Eastern European cybercriminal ecosystem” with long term implications. The outlook? More of the same, with attacks likely to expand to include Ukraine’s NATO allies.
The European Commission has become the latest governmental organization to ban the video app TikTok from its staff’s corporate devices. The Commission explicitly said the move was to “increase its cybersecurity”, and to protect it against “actions which may be exploited for cyber attacks against the corporate environment of the commission”. Other social media platforms would be kept under review, it added. The commission is in good company, with multiple governments banning the app, along with a range of US government agencies. Joe , though the to reach the youth vote.
Ad