TELL ME MORE

Bill's Picks



This section has to do with current trends in cyber security. Our President, Bill Palisano hand selects articles he thinks are pertinent to read and understand every few weeks. Keeping up with this section will enable you to stay updated, informed and current so that you never find yourself without the tools to secure your information.


LTO TAPE CAPACITY SHIPMENTS REACH NEW RECORD IN 2021

SILICON VALLEY, CALIF. – (April 19, 2022) – The LTO Program Technology Provider Companies (TPCs), Hewlett Packard Enterprise Company, IBM Corporation and Quantum Corporation, today released their annual tape media shipment report. With a growth rate of 40%, this strong performance in shipments continues following the previous record-breaking capacity shipped in 2019. In 2021, LTO tape capacity shipments achieved the largest increase since 2006!!!
https://www.lto.org/2022/04/lto-tape-capacity-shipments-reach-new-record-in-2021/


LinkedIn Becomes the Most Impersonated Brand for Phishing Attacks

LinkedIn has become by far the most impersonated brand for phishing attacks, according to new research by Check Point Research (CPR). The cybersecurity vendor’s 2022 Q1 Brand Phishing Report revealed that phishing attacks impersonating the professional social networking site made up over half (52%) of all attempts globally in the first quarter of 2022. This represents a 44% increase compared to the previous quarter, Q4 2021, when LinkedIn was the fifth most impersonated brand.
https://www.infosecurity-magazine.com/news/linkedin-impersonated-brand/


The three email threat types that are hardest for users to detect

There’s a question that all organizations need to be asking themselves when it comes to securing their email security posture: Do my users know how to distinguish between a legitimate email and an email threat?
https://blog.barracuda.com/2022/04/26/the-three-email-threat-types-that-are-hardest-for-users-to-detect/


US Offers $10m for Russian NotPetya Sandworm Team

The US authorities are offering a multimillion-dollar reward for anyone with information that could identify or locate six members of a notorious Russian state hacking group responsible for NotPetya. The Department of State’s Rewards for Justice (RFJ) program has pledged up to $10m for information on six officers of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
https://www.infosecurity-magazine.com/news/us-10m-russian-notpetya-sandworm/


For effective incident response, use a remediation checklist

Email occupies a precarious place in our lives today, being both completely necessary and totally hazardous. Security practitioners know that there’s no email security technology that’s 100% effective at preventing email attacks — a targeted attack will inevitably make its way into a recipient’s inbox. Of course, an effective email security architecture will go a long way in keeping successful attacks to a minimum. Still, for those that are missed, it’s crucial to have a strategy to stop the spread, minimize the damage, and reinforce prevention and detection methods.
https://blog.barracuda.com/2022/04/14/for-effective-incident-response-use-a-remediation-checklist/


It’s Not Fair, But Cyber Crime Is Cheap!

How cheap? You can buy ransomware for as little as $66, or hire a threat actor for $250. And if you look hard enough, you can even get a phishing kit for free on underground forums. Although these illicit methods may not be expensive, the damage they inflict can be substantial.
https://securityintelligence.com/articles/cyber-crime-cheap/


Conflict in Ukraine might ultimately strengthen cybersecurity

This fascinating article touches on how closely Russia’s Federal Security Service (FSB) works WITH ransomware gangs:
https://blog.barracuda.com/2022/03/21/conflict-in-ukraine-might-ultimately-strengthen-cybersecurity/


Lessons on tax scams from the IRS Dirty Dozen over the years

Each year the IRS publishes its ‘dirty dozen' — a list of the top 12 tax scams to watch for during the tax season and throughout the year. The IRS Dirty Dozen is current with the release of the 2021 list last summer:
https://blog.barracuda.com/2022/03/10/lessons-on-tax-scams-from-the-irs-dirty-dozen-over-the-years/


It’s time to attack your ransomware recovery strategy

Backup solutions (are) being targeted by malware to prevent recovery. Which means organizations have to assume that local snapshots or backups have been compromised by an attack. Going beyond the backup focused 3-2-1 rule and including replication technology will be critical in helping organizations recover quickly and minimize the threat of ransomware attacks.
https://www.techradar.com/features/its-time-to-attack-your-ransomware-recovery-strategy


Hacked US Companies Must Report to Government Under New Law


AP wrote that the new rules require companies considered part of the nation’s critical infrastructure, including finance, transportation and energy, to report any “substantial cyber incident” within three days, and any ransomware payment they make within one day, to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. https://www.pymnts.com/news/security-and-risk/2022/hacked-us-companies-must-report-to-government-under-new-law/


Russia Uses Deepfake of Zelensky to Spread Disinformation


This is the FIRST TIME Artificial Intelligence/Deep Fake Technology has been used to spread misinformation during an active war! “…The incident marks the first time deepfakes have been used to spread uncertainty and disinformation among the populace in a kinetic war. However, experts have warned for several years that the technology is becoming more accurate and affordable.” https://www.infosecurity-magazine.com/news/russia-uses-deepfake-zelensky/hacked-us-companies-must-report-to-government-under-new-law/


Proactive Defense Strategies Provide the Best Chance to Defeat Ransomware

Here’s a GREAT Executive Report based on study by IDC Research. Concise, to the point and hard core facts .
https://www.lto.org/wp-content/uploads/2022/01/Proactive-Defense-Strategies-Provide-the-Best-Chance-to-Defeat-Ransomware.pdf


Five cybersecurity trends we’ll see in 2022

Suddenly, “once-in-a-decade” breaches of the past are now happening monthly, with a laundry list of companies falling victim. This proliferation of cyber-attacks has catapulted the zero-trust security framework into the limelight. Zero trust is no longer a security aspiration: today, it’s a security mandate, in which all users are vetted each time they request access to a company’s online assets.
https://ventureburn.com/2022/01/five-cybersecurity-trends-well-see-in-2022/


So Much Data – So What Do We Do With It?

Most of the data we create is rarely accessed but much of it must be stored for analytical purposes to stay competitive in the global commerce. How do we deal with petabytes or even exabytes of data economically, securely and accessibly? The answer just might be an active archive with help from LTO Technology. What exactly is an active archive?
https://www.lto.org/2022/01/so-much-data-so-how-do-we-deal-with-it/


Ransomware victims are paying up. But then the gangs are coming back for more

Cybersecurity experts warn against paying ransoms - this is why. According to analysis by cybersecurity researchers at Proofpoint, 58% of organisations infected with ransomware paid a ransom to cyber criminals for the decryption key – and in many cases, they paid up more than once.
https://www.zdnet.com/article/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more/


W-2 scams: How to defend against this annual threat

Email January 15, 2022. From: Sandy’s boss, the CFO To: Sandy, the Payroll Administrator Hey Sandy, please send me all the W-2s for Marketing personnel. I just need to check for a possible issue. Thanks! -Your boss” Don’t do it, Sandy.
https://blog.barracuda.com/2022/02/17/w-2-scams-how-to-defend-against-this-annual-threat/


CISA LAUNCHES NEW CATALOG OF FREE PUBLIC AND PRIVATE SECTOR CYBERSECURITY SERVICES

WASHINGTON – The  Cybersecurity and Infrastructure Security Agency (CISA) published the “Free Cybersecurity Services and Tools” webpage intended to be a one-stop resource where organizations of all sizes can find free public and private sector resources to reduce their cybersecurity risk. The catalog published today is a starting point. Going forward, CISA will incorporate other free services into the catalog.
https://www.cisa.gov/news/2022/02/18/cisa-launches-new-catalog-free-public-and-private-sector-cybersecurity-services


How email threats are evolving

How email attacks evolved from volumetric attacks to social engineering and other sophisticated attacks.
https://blog.barracuda.com/2022/02/14/how-email-threats-are-evolving/


This is the year to build a cybersecurity culture

The cumulative effect of the massive wave of attacks will lead to significant improvements to cybersecurity culture in 2022, predicts Dr. Keri Pearlson, executive director of the Cybersecurity at MIT Sloan, an interdisciplinary consortium for improving critical infrastructure cybersecurity at the MIT Sloan School of Management.
https://blog.barracuda.com/2022/01/31/this-is-the-year-to-build-a-cybersecurity-culture/


Social Engineering of Cheektowaga Eye Doctor leads the theft of $12 Million

Although this story focuses mainly on legality of Crypto Currencies – the root cause was the doctor was tricked into giving his credentials to cyber thieves. This is why Security Awareness Training is an ABSOLUTE MUST!
https://buffalonews.com/news/local/a-12m-theft-from-cheektowaga-eye-doctor-raises-question-is-cryptocurrency-legal-tender/article_9048f82c-885e-11ec-a9d8-772bb98d0968.html


White House confirms person behind Colonial Pipeline ransomware attack nabbed during Russian REvil raid.

Russian officials arrested 14 alleged members of the REvil ransomware group on Friday.
https://www.zdnet.com/article/white-house-says-person-behind-colonial-pipeline-ransomware-attack-nabbed-during-russian-raid/


SURVEY SAYS: YOU CAN DEFEND AGAINST RANSOMWARE

In this NewsBytes edition, we’re sharing the results from a unique data security survey conducted by the LTO Program. The goal was to find out what concerns IT managers have when it comes to ransomware – and what actions they are taking to defend against cyberattack.
https://www.lto.org/newsbytes-winter-2021/


CISA releases Insider Risk Mitigation Self-Assessment Tool

The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks.
https://securityaffairs.co/wordpress/122762/security/cisa-insider-risk-mitigation-self-assessment-tool.html


How legitimate websites are used to spread ransomware

Supply chain attacks surged in 2021, as cybercriminals continued to find new ways to exploit the digital networks of the world. The rapid shift to hybrid work and school, the increase in smart devices, and the urgent expansion of health sector and vaccine networks created new opportunities for hacking gangs. Ransomware-as-a-service and advances in malware and ransomware capabilities have also made it easier for new criminals to launch sophisticated attacks.
https://blog.barracuda.com/2022/01/05/how-legitimate-websites-are-used-to-spread-ransomware/


SE Labs recognizes Barracuda as “Best Email Security Service"

In their Advanced Email Security test, SE Labs carried out extensive testing of top email security providers and their ability to detect various threat types, including phishing, social engineering, business email compromise, and scamming. The testing used both examples of attacks found in the wild and targeted attacks their team created in the lab.
https://blog.barracuda.com/2021/12/06/se-labs-recognizes-barracuda-as-best-email-security-service/


Below the Surface: Log4j attack trends

The next episode of Below the Surface, our LinkedIn Live show, will be streaming on Monday, and it’s can’t-miss viewing for anyone interested in learning more about the log4j vulnerability. Hosts Darshna Kamini and Stephanie Cavigliano will be speaking with Anshuman Singh, Senior Director of Product Management, Application Security at Barracuda, and Tushar Richabadas, Senior Product Marketing Manager, Application Security at Barracuda, about what this vulnerability is, some statistics about malicious traffic Barracuda has seen carrying Log4j attacks, and how organizations can prepare themselves for such incidents.
https://blog.barracuda.com/2022/01/07/below-the-surface-log4j-attack-trends/


LTO NEXT GEN TAPE IS MASSIVE!

And it needs to be....! It’s estimated that by the year 2025 over 460 exabytes of data will be created daily worldwide bringing us in to the Zettabyte Era! Storage managers are clamoring to keep pace with this data growth phenomenon while managing near stagnant budgets, fending off cyberattacks, and reducing the carbon footprint. But good news from the LTO Program is on the way!
https://www.lto.org/2021/11/lto-next-gen-tape-is-massive/


FTC warns companies to secure consumer data from Log4J attacks

The US Federal Trade Commission (FTC) has warned today that it will go after any US company that fails to protect its customers' data against ongoing Log4J attacks. "The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future," the US government agency said. For the full report:
https://www.bleepingcomputer.com/news/security/ftc-warns-companies-to-secure-consumer-data-from-log4j-attacks/


White House Press Release: Protecting Against Malicious Cyber Activity before the Holidays…

On 12/10 cyber-security researches discovered an incredibly serious, widely used application vulnerability, now known as the “Apache log4j Flaw”. I’ve spent many hours on calls/webinars/video mtgs with representatives of the FBI, CISA, NSA and other cyber defense organizations presenting the seriousness of this flaw and mitigation steps to take IMMEDIATELY. Every year, the White House puts out a statement regarding protecting your assets during the holidays. This year, with the log4j, I think we all need to be even more diligent and watchful:
https://www.whitehouse.gov/briefing-room/statements-releases/2021/12/16/protecting-against-malicious-cyber-activity-before-the-holidays/


Re: Log4J Vulnerability: “Log4shell by the numbers- Why did CVE-2021-44228 set the Internet on Fire?

The news is big enough to have been featured in the media, and the crunch has been felt by industry insiders - but there are a few unanswered questions. Why exactly is this so widespread?
https://blog.sonatype.com/why-did-log4shell-set-the-internet-on-fire


Log4j flaw: Now state-backed hackers are using bug as part of attacks, warns Microsoft:

State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft. As predicted by officials at the US Cybersecurity and Infrastructure Security Agency (CISA), more sophisticated attackers have now started exploiting the so-called Log4Shell bug (CVE-2021-44228), which affects devices and applications running vulnerable versions of the Log4j Java library. It's a potent flaw that allows remote attackers to take over a device after compromise.
https://www.zdnet.com/article/log4j-flaw-now-state-backed-hackers-are-using-bug-as-part-of-attacks-warns-microsoft/


Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware:

Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability.
https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html


FTC shares ransomware defense tips for small US businesses:

One key protective step is to set up offline, off-site, encrypted backups of information essential to your business," the FTC said. "This isn't something to save for a slow day at the office. Your IT team should immerse themselves in the latest advice from CISA and other authoritative experts.
https://www.bleepingcomputer.com/news/security/ftc-shares-ransomware-defense-tips-for-small-us-businesses/


U.S. Brings More Pressure to Bear on Cybercriminal Gangs:

The U.S. government has launched a series of initiatives aimed at disrupting the operations of cybercriminals that launch ransomware attacks. U.S. Cyber Command head and director of the National Security Agency Gen. Paul Nakasone disclosed this week that the military has “conducted a surge” over the past three months to help deter ransomware attacks on U.S. interests.
https://blog.barracuda.com/2021/11/08/u-s-brings-more-pressure-to-bear-on-cybercriminal-gangs/


7 suspected hackers arrested in global ransomware crackdown:

The arrests were part of a law enforcement investigation called GoldDust that involved the United States and 16 other countries. REvil, also known as Sodinokibi, has been linked in recent months to ransomware targeting the world’s largest meat processor, JBS SA, as well as a Fourth of July weekend attack that snarled businesses around the world through a breach of a Florida-based software company called Kaseya.
https://www.winknews.com/2021/11/08/7-suspected-hackers-arrested-in-global-ransomware-crackdown/


Here are the Industries That Ransomware Impacts the Most:

Some of the worst ransomware attacks that have occurred recently have had to do with municipal services such as water suppliers and the like. Some of the most high profile companies that have been hit with ransomware are internet companies, but with all of that having been said and now out of the way it is important to note that they are not the most frequently targeted companies by any stretch of imagination. Quite on the contrary, they are simply the most visible victims and a lot of other companies are impacted in an even worse manner.
https://www.digitalinformationworld.com/2021/11/here-are-industries-that-ransomware.html


Quantum tape libraries gain remote eject capability:

Quantum introduced Ransom Block to its Scalar tape libraries, allowing customers to remotely eject tape magazines and prevent cyber criminals from accessing the data within. Data in tapes is generally safe from cyber criminals, but Quantum Corp. aims to make it even harder to access.
https://searchdatabackup.techtarget.com/news/252508974/Quantum-tape-libraries-gain-remote-eject-capability?utm_campaign=20211116_Quantum+adds+remote+tape+feature+for+ransomware+protection&utm_medium=EM&utm_source=NLN&track=NL-1822&ad=940329&asrc=EM_NLN_191084521


Threat Spotlight: Bait attacks:

As attackers work to make their phishing attacks more targeted and effective, they’ve started researching potential victims, working to collect information that will help them improve the odds that their attacks will succeed. Bait attacks are one technique attackers are using to test out email addresses and see who’s willing to respond.
https://blog.barracuda.com/2021/11/10/threat-spotlight-bait-attacks/


Bad bots on the rise: How to fight back:

Bots account for about half of all internet traffic — and about half of that is due to malicious bots. These bots execute a wide variety of attacks, including web scraping, account takeover, distributed denial of service (DDoS), distributed denial of inventory (DDoI), and more.
https://blog.barracuda.com/2021/11/11/bad-bots-on-the-rise-how-to-fight-back/


FTC shares ransomware defense tips for small US businesses:

The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors' attempts to exploit vulnerabilities using social engineering or exploits targeting technology.
https://www.bleepingcomputer.com/news/security/ftc-shares-ransomware-defense-tips-for-small-us-businesses/


INSURING AGAINST CYBERATTACK

They say prevention is better than cure but sometimes, you can't stop being the target of a cyberattack. Is cyber insurance the answer?
https://www.lto.org/2021/09/insuring-against-a-cyberattack/


US Authorities Issue BlackMatter Ransomware Alert

Data exfiltration is attempted over the web, and SMB is used to encrypt shares remotely. There’s also a warning that BlackMatter may wipe backup stores rather than encrypt them as most variants do.
https://www.infosecurity-magazine.com/news/us-authorities-issue-blackmatter/


DDoS attacks on the rise — using powerful new techniques

Ransomware has been dominating cybersecurity headlines for a while now, so it’s completely understandable if you haven’t been keeping up with the latest news about distributed denial-of-service (DDoS) attacks. But there have been some startling recent developments.
https://blog.barracuda.com/2021/10/13/ddos-attacks-new-techniques/


How Coinbase Phishers Steal One-Time Passwords

A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.
https://krebsonsecurity.com/2021/10/how-coinbase-phishers-steal-one-time-passwords/


Threat Spotlight: Remote code execution vulnerabilities

Here’s a closer look at these vulnerabilities, recent attack patterns, and solutions you can use to help protect against these types of attacks.
https://blog.barracuda.com/2021/10/13/threat-spotlight-remote-code-execution-vulnerabilities/


VIDEO SURVEILLANCE AND THE STORAGE CHALLENGE

In this BlogBytes, we will examine how surveillance cameras help stop crimes but create storage challenges!
https://www.lto.org/2021/09/video-surveillance-storage-challenges/


Report: The state of network security in 2021

To capture perspectives on cloud adoption, working from home, security concerns, and a variety of issues and challenges related to cybersecurity risks, Barracuda commissioned independent market research firm Vanson Bourne to survey IT decision makers. Barracuda examines key findings in this newly published report. The survey includes responses from 750 IT decision makers responsible for their organization’s networking, public cloud, and security. They came from organizations in companies with 500 or more employees in the U.S., EMEA, and APAC.
https://blog.barracuda.com/2021/09/14/report-the-state-of-network-security-in-2021/


Cloudflare slams Amazon Web Services over massive markups. Transferring data out of AWS' network will cost you.

Since 2015, we at Lincoln Archives & LACyber have been preaching about this. Putting data ‘into the cloud is inexpensive. Getting data back out of the cloud ‘can be very, very expensive!’ In this article – Cloudflare calls AWS out. This is why we strongly support – write your inactive data to TAPE, and we’ll vault it for pennies per TB per month!!! Contact us, after reading this article:
https://www.techradar.com/news/cloudflare-slams-amazon-web-services-over-massive-markups


The Storage Challenges of the Digital Future!

IDC estimates that by 2025 there will be 7 trillion gigabytes of cold archive data, presenting unprecedented challenges for companies of all sizes. So what role does LTO tape storage play in this so-called ‘Zettabyte Era’? What do the experts say? We got three of the best technology minds together in a straight-talk webinar to answer these questions and other thought provoking queries.
https://www.lto.org/2021/09/tape-innovation-uncovered/


Using Tape Storage to Solve Data Management Problems – a Q&A Discussion

When faced with an IT decision you will likely ask a series of questions to gather decision making criteria. We posed several key questions related to tape storage to industry expert Phil Goodwin, IDC Research Director, Infrastructure Systems, Platforms and Technologies. In this BlogBytes issue we will give you a preview of some of the Q&A and a link to the full discussion with Goodwin in which some of his answers may surprise you. Let’s take a look!
https://www.lto.org/2021/05/using-tape-storage-to-solve-data-management-problems/


Recent Attacks Lead to Renewed Calls for Banning Ransom Payments

When faced with an IT decision you will likely ask a series of questions to gather decision making criteria. We posed several key questions related to tape storage to industry expert Phil Goodwin, IDC Research Director, Infrastructure Systems, Platforms and Technologies. In this BlogBytes issue we will give you a preview of some of the Q&A and a link to the full discussion with Goodwin in which some of his answers may surprise you. Let’s take a look!
https://www.darkreading.com/endpoint/recent-attacks-lead-to-renewed-calls-for-banning-ransom-payments/d/d-id/1341548


Ransomware-proof Your Backups!

Backups are the best way to save an organization's data after a ransomware attack. Hackers know this and often purposely seek out and encrypt backups to force organizations into paying a hefty ransom. Protecting backups is therefore critical in reducing ransomware damages and costly business disruption.
https://datasafe.britinsurance.com/view_layout.php?layout_id=7769


Unsure how to defend against rampant ransomware? Our checklist makes it simple.

Barracuda’s research has uncovered a three-step process that is currently the dominant way for ransomware to be deployed. And, the included 3 step checklist is relatively simple to implement. Enjoy:
https://tinyurl.com/LA-CyberBP8-18-21


Ransomware has changed the way we think about data backup

This is a great article; they talk about 3-2-1 backup strategy and Air Gapping, which is critical. (Btw – we’ve been preaching this for YEARS!). But we at LACyber take it to the next level: 3-2-1-1. The last “1” is a fully Air Gapped copy which we’ll move to tape (yes – tape!) and vault it. Truly Off-Line. You want a real fail-safe? Connect with us. Enjoy this read:
https://tinyurl.com/LA-CyberBP7-16-21


What Can Businesses Do to Fill the Cybersecurity Talent Shortage?

The shortage is real. We’re advising clients to get their teams in place and start or strengthen their relationships with trusted cyber-security providers – especially for SMB’s (Small & Medium Sized Businesses):
https://tinyurl.com/LA-CyberBP6-17-21


FBI demonstrates significant hacking capability

It is GREAT to see law enforcement actually start WINNING battles against cyber thieves! Enjoy this one:
https://tinyurl.com/LA-CyberBP6-15-21


U.S. finally flexes ransomware muscle

Score one for the good guys! Enjoy:
https://tinyurl.com/LA-CyberBP5-19-21


Barracuda cited as a leader in enterprise email security by Forrester

Hot off the presses. So happy to provide this protection for our clients! Love that the report cites: “Barracuda Network’s incident response feature ‘is a superior product for the continuous remediation option provided as well as the straightforward process for starting remediations.’” Reach out for information, help and/or pricing. Enjoy: https://tinyurl.com/LA-CyberBP5-7-21


A roadmap to Zero Trust implementation

The rapid shift to remote work over the past year has pushed many organizations to rethink their approach to security. For many, this means embracing the Zero Trust security model, but necessary changes in strategy and architecture can be daunting at first…
https://tinyurl.com/LA-CyberBP4-22-21


Ransomware negotiations: An inside look at the process

Ransomware negotiators are brought in to communicate with cybercriminals and hopefully arrange less expensive payments. How often do they succeed?
https://tinyurl.com/LA-CyberBP4-16-21


Unstructured data growth poses hidden cloud security and compliance risk

Data Classification & Governance needed NOW, as up to 90% of data organizations own is unstructured and estimated to be growing at 55-65% each year!
https://tinyurl.com/LA-CyberBP4-14-21


WFA bodes ill for cybersecurity

This article explains well the challenge that SMB’s are facing (and will face even more) with keeping their systems secure, post COVID. Big companies will spend the money and swallow up security expertise and service resources. SMB’s need to get their security providers in place NOW!
https://tinyurl.com/LA-CyberBP4-5-21


The Tape Renaissance Changes the Game

Today’s Tape is Nothing Like the Past:
https://tinyurl.com/LA-CyberBP3-16-21


CYBERWAR is imminent & will affect ordinary Americans, claims CEO of company that ‘discovered’ SolarWinds hack.

Fasten your seatbelt. This could get ugly.
https://tinyurl.com/LA-CyberBP3-2-21


How data storage technology can overcome human vulnerabilities that open the door to ransomware

A VERY familiar technology (WORM) with another, useful, defense quality:
https://tinyurl.com/LA-CyberBP2-18-21


2020 Data Breaches Point to Cybersecurity Trends for 2021

Risk Based Security released their 2020 year-end data breach report this past week, and despite an overall decline in breach events (security incidents), the number of breached records grew dramatically:
https://tinyurl.com/LA-CyberBP2-11-21


Managing unstructured data to boost performance, lower costs:

Is unmanaged, unstructured data clogging up your primary storage? Get control of this costly, performance-sapping situation and start managing unstructured data cost-effectively.
https://tinyurl.com/LA-CyberBP1-12-21


SolarWinds hackers also used common hacker techniques, CISA revealed:

CISA revealed that threat actors behind the SolarWinds hack also used password guessing and password spraying in its attacks.
https://tinyurl.com/LA-CyberBP1-9-21


Ransomware attacks target backup systems, compromising the company ‘insurance policy’

Ransomers will NOT be taking holiday! In an era where backup systems are now targeted and compromised first, experts and even the FBI recommend that this may be the only defense that will save you. We agree.
https://tinyurl.com/LA-CyberBP12-16-20


How can I best implement an active archive environment?

Examine the major elements of an active archiving environment, including the kinds of data that you can use in one and resources to help with platform execution.
https://tinyurl.com/LA-CyberBP11-27-20


ESG TAPE LANDSCAPE STUDY - WHAT IT PROFESSIONALS REALLY THINK!

ESG recently conducted a user survey that examined the tape storage landscape for 2020. It was designed to understand the existing and emerging technology and business challenges and drivers influencing tape usage and purchasing strategies.
https://tinyurl.com/LA-CyberBP11-20-20


How to choose a long-term data archiving services vendor.

Great article, however their costs are a bit off... Our costs are way better than those quoted (and your information stays here, local, right where you want it)...
https://tinyurl.com/LA-CyberBP11-12-20


What NOT to Do in Your First 90 Days as a CISO.

Recently, Daniel Hooper, CISO at Varo Bank asked his LinkedIn network what their recipe for the first 90 days as a CISO would be. The post got 50+ responses but one that really stood out (and resonated with the whole group) was what NOT to do. This comment by Max S., CSO, saw a lot of folks nodding their heads and some even chuckling out loud. Daniel then threw out a call to action for someone to summarize this list into a blog post, so here goes, folks – the list of what not to do as a new CISO. (will make you smile)
https://tinyurl.com/LA-CyberBP11-2-20


Avoiding the snags and snares in data breach reporting: What CISOs need to know.

Ambiguities in a growing list of US reporting requirements keep CISOs up at night: Will they be compelled to report every breach even if they can prove the data was untouched? Experts advise on how to avoid trouble.
https://tinyurl.com/LA-CyberBP10-20-20


NYDFS enforces its cybersecurity regulation for the first time

On July 22, NYDFS filed a statement of charges against a title insurer for allegedly failing to safeguard mortgage documents, including bank account numbers, mortgage and tax records, and other sensitive personal information. This is the first enforcement action alleging violations of NYDFS’ cybersecurity regulation (23 NYCRR Part 500), which took effect in March 2017 and established cybersecurity requirements for banks, insurance companies, and other financial services institutions.
https://tinyurl.com/LA-CyberBP9-16-20


Is your Coffee Pot Watching You?

Devices become vulnerable to attack within minutes of connecting to the Internet. The device could be a computer or a smartphone, but it doesn’t have to be. It could be a security camera, light bulb, teddy bear, or car. The world is becoming more connected, and cybercrime is getting easier and more accessible.
https://tinyurl.com/LA-CyberBP10-14-20


Ransomware & Air Gapping leads to Record Breaking Tape Capacity Shipments

Tape Shipment Report Reveals Record Breaking Tape Capacity Shipments – "Ransomware is more rampant than ever and a significant challenge for protecting data, especially as employees continue to work remotely amid the current pandemic," said Christophe Bertrand, Senior Analyst, The Enterprise Strategy Group, Inc. “Air gapping with tape technology should be a serious consideration for any company looking at best practices to ensure their company’s data and their customers’ privacy."
https://tinyurl.com/LA-CyberBP10-9-20


Ransomware attacks on schools continue to increase:

Schools have been under extreme pressure this year due to the COVID-19 pandemic. Students need additional help with the new safety measures or remote learning, and parents are flooding schools with questions, suggestions, or complaints. U.S. schools were an attractive target for ransomware in 2019, and they’ve become more popular this year as the pandemic caused a massive disruption in how education is delivered to students. Barracuda research shows that attacks on schools and universities made up 15% of attacks in 2020, compared to 6% in 2019. Here are stats and some defenses:
https://tinyurl.com/LA-CyberBP10-7-20


Election Crimes and Security

Concerned about our upcoming elections and foreign intervention? Check out this 9 Minute Video. IT IS WORTH YOUR TIME! The Directors of the FBI, the NSA, CISA (the Cybersecurity & Infrastructure Security Agency) and NCSC (National Counterintelligence & Security Center) speak about what your Country is doing to safeguard our elections. POWERFUL! In addition to election security – understand this: these people and agencies are working 24/7 to protect us from any and all cyber threats. I’m glad they’re on our side:

Here’s the 9 min video (on youtube): https://youtu.be/H-3Ek14eO7o
Here’s the complete FBI Web Page “Election Crimes and Security”: https://tinyurl.com/LA-CyberBP10-6-20


Air gaps – the most effective defense against cyberattacks

In data protection, air pockets or gaps are actually highly recommended, as they play an important role in terms of protecting your business-critical data against cyber attacks. These threats are becoming more frequent, and are capable of simultaneously corrupting live, backup and archive data. Consequently, it is an enormous challenge for all businesses to protect themselves from this type of data loss.
https://tinyurl.com/LA-CyberBP9-18-20


"He, who does not learn from history, is condemned to repeat it."

Equifax really learned from its’ mistakes when attackers breached it and stole the personal information of 182 Million Americans. And we can ALL learn from what they share here. There is an incredible amount of wisdom, insight and actionable measures in this 5-minute read. It’s not all sunshine and rainbows, but will definitely teach you a valuable lesson or two. Let’s learn from their mistakes and be much wiser moving forward. Enjoy:
https://tinyurl.com/LA-CyberBP9-10-20

When Aston Martin (James Bond’s car) did a self-assessment of its’ IT Security, its’ focus was laser sharp:

“The brand is enormously important. It's the thing that keeps us where we are. So, protecting that is a bigger focus for us than maybe some other things. If we had, for example, a breach and lost customer data, with the types of people that buy our cars you don't want to be the person on BBC News for instance explaining what's happened and how that's going to hurt the brand. The reputation damage would be enormous on that.”
https://tinyurl.com/LA-CyberBP8-20-20


SANS Institute, which drills cyber professionals in defense, suffers data breach:

The SANS Institute, which trains cybersecurity professionals around the world, was hacked, resulting in the compromise of 28,000 records of personally identifiable information, the organization said Tuesday.
https://tinyurl.com/LA-CyberBP8-14-20

5 traits all the best CISOs have:

I know many CISO’s. If you’re an Owner, CEO, President, or C-Suite, you’ll want to read this. It is RIGHT ON TARGET! As a career entrepreneur and business person, #3 resonates with me. It is what separates a GOOD CISO from a GREAT CISO. Think about yours… Is he/she good, or great?:
https://tinyurl.com/LA-CyberBP7-30-2020

FBI Issues DDoS amplification attack alert:

The Federal Bureau of Investigation (FBI) in the U.S. has issued an alert warning organizations that distributed denial of service (DDoS) amplification attacks are on the rise. With all of the attention to Ransomware, DDoS attacks have taken a back stage, but, they’re still there. Get Ready to be attacked:
https://tinyurl.com/LACyberBillsPick7-13-20

Cracking the cyber liability code leads to better insurance coverage:

Many clients/friends I’ve spoken with ‘think’ (hope) they’re insured properly for cyber-liability. And in some cases, I get the hint that they’d rather not dig into it (ignorance is bliss?). Well, ‘hope’ is NOT a strategy, nor a contingency plan. This 5 minute read has a GREAT explanation and 5 item listing of MUST HAVE’s for cyber-liability coverage:
https://tinyurl.com/LA-CyberBP6-25-20

The Lesson here is really Behind the Scenes:

A somewhat ‘typical’ ransomware against a city in Alabama. But the educational value is within the “Comments” section. Read the article and then: READ THE COMMENTS at the end. Especially the conversation thread started by this question: “Can someone kindly explain to me how a security firm in Wisconsin can “see” what’s happening with regards to an attack inside a network in Alabama?”
https://tinyurl.com/LA-CyberBP6-10-20

Cyber security 101: Protect your privacy from hackers, spies, and the government

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
https://tinyurl.com/LA-CyberBP6-11-20

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

With the huge surge in unemployment claims, and state unemployment systems being over-run, you had to know this would be coming:
hhttps://tinyurl.com/LA-CyberBP5-22-20

1 Day, 3 New Ransomware Attacks reported, not all successful. Why?


  1. Magellan Health – proving (during this COVID Crisis) “There is no Honor among the Thieves.” Threat Vector: Phishing (as usual). Undetermined: Was exfiltrated data anonymized and do they need to notify breached individuals?
    https://tinyurl.com/LA-CyberBP5-14-20A


  2. Pitney Bowes – After their previous Ransomware Attack – 7 months ago, a New Successful Attack & Breach BUT Unsuccessful Ransomware Execution! New endpoint detection & response and advanced threat protection tools deployed – Won the Day!
    https://tinyurl.com/LA-CyberBP5-14-20B


  3. Texas Court – Partially shut down by Ransomware. Although they “will not pay” the ransom, they do acknowledge the need for more/better security training of their employees. As government branches continue to be targeted by these types of attacks, they continue to struggle to keep pace with the security required to deliver information to citizens, yet protect it from nefarious use by bad actors: https://tinyurl.com/LA-CyberBP5-14-20C


Threat Spotlight: Coronavirus-Related Phishing.

As much of the world grapples with the new coronavirus, COVID-19, and how to handle it, attackers are taking advantage of the widespread discussion of COVID-19 in emails and across the web..
https://tinyurl.com/LA-CyberBP5-1-2020

5 ways COVID-19 is reshaping the cybercrime economy.

As the COVID-19 pandemic pushes the above-ground economy to the brink of a major recession, the cybercrime economy appears to still be hard-charging ahead. And yet, the virus has rapidly reshaped the way business is being done on the dark web, as buyers and sellers jump on the opportunity to capitalize on global fears, as well as dramatic shifts in supply and demand.
https://tinyurl.com/LA-CyberBP5-4-2020
https://tinyurl.com/LA-CyberBP5-1-2020

SBA emergency loan applicants’ data likely exposed.

breach at the Small Business Administration may have exposed personal information on almost 8,000 small businesses that applied to the agency’s Economic Injury Disaster Loan program (EIDL), recently expanded to include organizations affected by the COVID-19 pandemic..
https://tinyurl.com/LA-CyberBP4-22-20

Zoombombing provides teachable moment for cybersecurity teams.

Most of the instances of conference calls being hacked, popularly known as Zoombombing, are from a cybersecurity perspective a self-inflicted wound. The fact that malicious actors could, for example, use publicly posted meeting links, guess meeting IDs, and discover personal meeting IDs posted online to join a meeting uninvited is not some newly discovered set of vulnerabilities. It’s only been with the need for large swaths of the population to remain at home that these issues are coming to the fore. Zoom, as the most popular video collaboration platform of the moment, is naturally at the center of the storm.
https://tinyurl.com/LA-CyberBP4-14-20

Preventing Eavesdropping and Protecting Privacy on Virtual Meetings.

Conference calls and web meetings—virtual meetings—are a constant of modern work. And while many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Who hasn’t been finishing one call when attendees of the next call start joining – because the access code is the same? In the moment it may be annoying, or even humorous, but imagine if you were discussing sensitive corporate (or personal) information. Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop or disrupt them. Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident.
https://tinyurl.com/LA-CyberBP4-8-20

Working from Home? SANS Security Awareness Deployment Guide (for businesses) & Top 5 Tips for Working from Home Securely (for employees)

With the coronavirus disrupting business as usual, organizations and school districts worldwide are implementing work-from-home policies. Not only does this pose new challenges for organizations that lack the processes and technologies required to secure a remote workforce, it puts an even greater burden on families who must quickly adapt to a new way of working and learning from home — and do so safely and securely.
https://tinyurl.com/LA-CyberBP4-7-20

Five billion records exposed in open ‘data breach database’

More than five billion records were exposed after a Keepnet Labs Elasticsearch “data breach database” housing a trove of security incidents from the last seven years was left unprotected.
https://tinyurl.com/LA-CyberBP3-20-20

Malicious coronavirus map hides AZORult info-stealing malware:

Cyberattackers continue to seize on the dire need for information surrounding the novel coronavirus. In one of the latest examples, adversaries have created a weaponized coronavirus map app that infects victims with a variant of the information-stealing AZORult malware.
https://tinyurl.com/LA-CyberBP3-12-19

The SHIELD Act: NY’s New Data Protection Requirements Take Effect:

In his Health Law column, Francis J. Serbaroli discusses New York’s new SHIELD Act, which imposes new data security and data breach reporting requirements on any entity in possession of private information of New York residents regardless of whether the entity is located in New York. The Act also levies higher penalties for non-compliance with its data security and reporting requirements, but does not provide for a private cause of action.
https://tinyurl.com/LA-CyberBP1-21-20

25 Tech Predictions for 2020:

Much will be different, relative to ten years ago. The year 2020 opens a new decade and much will be different, relative to ten years ago. Here are more than two dozen predictions about what to expect, according to industry experts and executives.
https://tinyurl.com/LA-CyberBP01-03-20

Ring camera hacks show the need for better IoT security:

Ring camera doorbells gained fame for catching porch pirates steal packages but after several high-profile cases where hackers gained control of them they are being held up by the cybersecurity industry as a prime example why companies and homeowners need to take IoT security seriously.
https://tinyurl.com/LA-CyberBP12-19-19

Snatch ransomware reboots PCs into Safe Mode to bypass protection:


https://tinyurl.com/LA-CyberBP12-12-19

Cyberthreats to financial institutions 2020: Overview and predictions:


https://tinyurl.com/LA-CyberBP12-6-19

BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups - in the field:


https://tinyurl.com/LA-CyberBP12-5-19

Ransomware attack on nursing homes’ services provider threatens lives:

https://tinyurl.com/LACyberBillsPick11-26-19

How to negotiate with hackers:


https://www.ft.com/content/1f3917ae-ca59-11e9-af46-b09e8bfe60c0

How tape backup systems improve data protection:


https://searchdatabackup.techtarget.com/feature/How-tape-backup-systems-improve-data-protection

SHARED INTEL:
What it takes to preserve business continuity, recover quickly from a cyber disaster


https://tinyurl.com/y6oc6kd4

VPN to world:
Reports of my death are greatly exaggerated


https://www.scmagazine.com/home/opinion/executive-insight/vpn-to-world-reports-of-my-death-are-greatly-exaggerated/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_20191014&hmSubId=nWo3cyWXJlQ1&email_hash=3705b20fde64a48931537ae6718d9c72&mpweb=1325-10718-2245121

How ready are you to respond to a ransomware attack?

https://www.scmagazine.com/home/opinion/executive-insight/how-ready-are-you-to-respond-to-a-ransomware-attack/


I'm Interested, Tell me More!

Information On:
Effective Date/Start Date:
Contact Name:
Title:
Company:
Email Address:
Phone Number:



“As soon as we receive this request, we’ll forward the appropriate form for your review & signature. If you have any questions, please email us at info@la-cyber.com. THANK YOU!”

Bundled Services Pricing will be offered for any combination of recurring services contracted with ANY of the Lincoln Family of Companies (LACyber, Lincoln Archives, Biosan Disposal, Lincoln Distribution, Lincoln Warehousing, Lincoln Storage, Lincoln Self Storage, Lincoln Moving & Storage, WNY Foreign Trade Zones Operators).