Security News > 2021 > May

The DarkSide ransomware gang has collected at least $90 million in ransoms paid by its victims over the past nine months to multiple Bitcoin wallets. Blockchain analysis company Elliptic found and analyzed ransom payments made to DarkSide from 47 distinct Bitcoin wallets.

The FBI's Internet Crime Complaint Center has seen a massive 100% in cybercrime complaints over the past 14 months. When the IC3 first began logging complaints in 2000, it took seven years to reach 1 million complaints.

A survey from the Ponemon Institute recently found that insider threats increased by 47 percent from 2018 to 2020. The cost of insider threat incidents also rose by 31 percent from $8.76 to $11.45 million during the same time period.

The US Federal Trade Commission says that over $80 million were lost to cryptocurrency investment scams, according to roughly 7,000 reports received since October 2020. The most vulnerable group to this type of scam were consumers aged 20 to 49 who were five times more likely to lose money, with more than half of all investment scam losses they reported being linked to cryptocurrency.

A lot of Russian malware - the malware that targeted the Colonial Pipeline, for example - won't install on computers with a Cyrillic keyboard installed. In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country's borders files an official complaint as a victim.

Apple this week updated its Platform Security Guide to provide more details on a couple of recently announced authentication features. Apple's Platform Security Guide contains detailed technical information on the security technologies and features implemented in its products.

The British government has vowed to create a legally binding cybersecurity framework for managed service providers - and if you want to tell gov. Targeted at managed service providers and firms outsourcing their digital infrastructure services alike, the review is described by the government as helping build evidence for "Additional government intervention" to force businesses into formally assessing cyber risks to their supply chains.

The ransomware group that targeted Colonial Pipeline may be regretting its attack in the wake of reprisals from both the U.S. government and the ransomware community. Last week, the U.S. government in the form of the FBI pointed the finger at DarkSide as the culprit behind the pipeline ransomware attack.

Ireland's department of health services continues to grapple with a ransomware attack that occurred last week by the Conti gang. Officials state the attack will cost tens of millions to repair, even though attackers were not successful in their attempt to encrypt systems on Ireland's Department of Health systems.

A researcher has released a proof-of-concept exploit for a recently patched Windows vulnerability that could allow remote code execution and which has been described by Microsoft as wormable. The vulnerability affects the HTTP Protocol Stack and exploitation does not require authentication or user interaction.