Security News

Banks in the US paid out nearly $1.2 billion in 2021 as a result of ransomware attacks, a marked rise over the year before though it may simply be due to more financial institutions being asked to report incidents. The figures come from the most recent Financial Trend Analysis report [PDF] on ransomware from the US Treasury's Financial Crimes Enforcement Network covering Bank Secrecy Act filings for 2021.

Attempts to reorganize supply chains to cut out China and foil its attempts to build a high-tech chip industry will be costly and may simply cause the Middle Kingdom to redouble its efforts, says memory maker Kioxia. Flores said China would likely retaliate against the recently announced US export controls by ramping up domestic investment in NAND as a long-term solution to its chip supply issues.

As cyberattacks have grown increasingly destructive, nations are entertaining the idea of responding to them with conventional military forces. The seriousness of a cyberattack classified as an "Armed attack" against a NATO member cannot be overstated.

Only a "Handful" of US states have stopped buying Chinese technologies deemed by the government to pose security threats, according to a report from a Washington policy research group. The Georgetown University think tank paper, published this week, says that "Thousands" of public officials are still purchasing prohibited tech from "Huawei, ZTE, and other Chinese companies" and that most state and local governments simply haven't bought into existing federal actions by making any changes to their procurement policies.

The prolific pro-Beijing Dragonbridge crew has apparently stepped up its activity ahead of the US 2022 midterms by trying to discourage Americans from voting as well as pinning the Nord Stream pipeline explosion on Uncle Sam. Dragonbridge has become better at impersonating Americans in social media posts, mainly through improved writing and use of pronouns, Mandiant claimed.

American prosecutors on Monday accused 13 people of committing espionage-linked crimes in the US on behalf of the Chinese government. Their charges, spread over three separate cases, include: attempting to force a Chinese national in America to return to China; attempting to interfere with the federal criminal prosecution of a Chinese company, said to be Huawei; and attempting to recruit US academics and government officials in the US to spy for China.

CISA, the FBI, and the Department of Health and Human Services warned that a cybercrime group known as Daixin Team is actively targeting the U.S. Healthcare and Public Health sector in ransomware attacks. "The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the advisory revealed.

The Reg attended Singapore International Cyber Week 2022, where officials from twelve countries had an airing of grievances across three separate panels, as if they were seated at carefully arranged tables at a wedding. "We should stop these actions and come to the table, and talk the way you do here in Singapore in International Cyber Week. I was lucky to be invited. I prefer coming here than to the UN because the US does everything possible to restrict discussions."

The FBI has released a warning that scammers may be targeting individuals seeking to enroll in the Federal Student Aid program to steal their personal information, payment details, and money. Federal Student Aid is a debt relief program announced in August 2022 that opened for applications yesterday.

Advanced persistent threat group Budworm has shifted targets after hitting the Middle East, Europe and Asia, and was caught this week trying to break into the systems of an unnamed US state legislature. Symantec's Threat Hunter team reported the intrusion, saying it has all the hallmarks of an attack from Chinese-linked Budworm gang, which is thought to be state-sponsored.