Can’t hack a computer if it’s BSODed
| I speak | English, Spanish, |
Pete 
- 182 Followers
- 91 Following
- 287 Posts
USCG Cyber Mission Specialist. technology lover. Mental Health advocate. Opinions are mine and does not represent in any way the USCG or the DHS.
Is this what midlife crisis feels like? 🤣 Bought a new Tesla and my wife said I’m going through a midlife crisis.
People who don’t understand statistics will arrive at the following conclusion. February is the best month to use fireworks. Seems to be the safest month.
The most common tip for the day before taking the OSCP test was to get a good night of rest…… it’s almost 1 am, this is not going well.
Every year has been “this is the year of Linux” for the past 20 years or so.
Have I Been PwnedNew breach: Advance Auto Parts had 79M unique email addresses for customers and employees breached and posted for sale to a popular hacking this month. Data also included name, phone and physical address. 60% were already in @haveibeenpwned. Read more: https://www.bleepingcomputer.com/news/security/advance-auto-parts-confirms-data-breach-exposed-employee-information/
BrianKrebsCISA, the FBI and NSA just jointly published a report on the threat from deepfakes. It's a fairly comprehensive look at deepfake threats to date, and includes some recommendations for how to spot and anticipate them.
https://media.defense.gov/2023/Sep/12/2003298925/-1/-1/0/CSI-DEEPFAKE-THREATS.PDF
Tarah WheelerIt should deeply concern us that cyber insurance is becoming less available.
The CEO of Zurich Insurance (the company that denied Mondelez's USD 100m claim after NotPetya on the grounds of it being warfare) says “What will become uninsurable is going to be cyber,” and he asks “What if someone takes control of vital parts of our infrastructure, the consequences of that?”
https://www.ft.com/content/63ea94fa-c6fc-449f-b2b8-ea29cc83637d
He's right - and also right that ransomware payments are creating perverse incentives for insurance companies. This is something like the equivalent of submitting a claim to your home insurance for $10,000 when you had to pay that 10k to a criminal threatening to burn your house down, and telling the insurance company that they should be happy that they aren't paying the full value of your home instead.
Now, the issue here is that there's no law enforcement agency with the ability to save you from ransomware attacks in the same way that you can turn in a criminal threatening arson, leaving especially small and mid-sized businesses in the lurch. Ransomware is existential for them in a way it is simply not for larger organizations.
The burden will be put on organizations to save themselves from ransomware with what I think is an ever more likely push by USG to ban ransomware payments. Because this ban will not hit SMBs (existential threat) the same way it will for enterprises (closer to a cost of doing business), USG *must* provide more services at the state and local level for SMBs to prevent and recover from ransomware attacks. I and @ciaranmartin wrote an article on this last year which is still 100% true: attacking critical infrastructure via ransomware payments along any point in the supply chain is a national security risk, not simply a financial one. https://www.brookings.edu/techstream/should-ransomware-payments-be-banned/