Ransomware
September 2023
September 2023
Vol. 6, Iss. 38
Robin’s Newsletter #274
Ransomware groups target Save the Children, and Las Vegas casinos, and the Sri Lankan government.
August 2023
August 2023
Vol. 6, Iss. 35
Robin’s Newsletter #271
Lapsus$ group pair court verdict. Ransomware dwell times are down. Cloud providers looses all their customers data in ransomware incident.
July 2023
July 2023
Vol. 6, Iss. 27
Robin’s Newsletter #263
SEC issues noticed to SolarWinds CFO, CISO. Apple opposed Online Safety Bill. US Supreme Court rejects cyberstalking case.
June 2023
June 2023
Vol. 6, Iss. 26
Robin’s Newsletter #262
More organisations caught up in MOVEit. Alphv/BlackCat has been all up in a lot of business. PlugWalkJoe gets 5-year sentence for Twitter crypto scam.
Vol. 6, Iss. 25
Robin’s Newsletter #261
More MOVEit victims and a $10 million bounty on Clop. Fortinet VPN vulnerability. A couple of cool side-channel techniques.
Vol. 6, Iss. 24
Robin’s Newsletter #260
Clop ransomware beaches MOVEit file transfer systems. Barracuda urges rip-and-replace of their email security gateways. Snowden leaks, ten years on.
May 2023
May 2023
Vol. 6, Iss. 21
Robin’s Newsletter #257
Montana bans TikTok. Ransomware as activitsm. Fallout from Capita breaches escalate.
March 2023
March 2023
Vol. 6, Iss. 13
Robin’s Newsletter #249
TikTok bans continue, Russia bans iPhones from Putin’s inner circle, China & Russia set sights on tech sovereignty
February 2023
February 2023
Vol. 6, Iss. 9
Robin’s Newsletter #245
USSOCCOM Email server left exposed. Critical vulnerability in another file transfer app. Signal says it would exit UK market.
Vol. 6, Iss. 7
Robin’s Newsletter #243
Sanctions for TrickBot as ransomware declared tier 1 national security risk. Hacking ChatGPT with prompt injection attacks. ESXiArgs ransomare spree continues. Dutch police bring down Exclu encrypted phone service.
January 2023
January 2023
Vol. 6, Iss. 5
Robin’s Newsletter #241
Hive ransomware infrastructure seized by FBI. The concentration of the illicit crypto-currency market. GoTo confirms customer data stolen during November breach.
Vol. 6, Iss. 4
Robin’s Newsletter #240
Ransomware payments fell 40% in 2022. T-Mobile suffers *another* breach; 37 million accounts affected. Credential stuffing attacks against Norton Password Manager, PayPal.
Vol. 6, Iss. 1
Robin’s Newsletter #237 — 2023 Forecast
My thoughts on the broad outlook and specific predictions for the world of cyber in 2023.
December 2022
December 2022
Vol. 5, Iss. 49
Robin’s Newsletter #233
UK managed security businesses to be regulated. Medibank attackers release data. Anker's Eufy smart camera 'local only' claims disputed.
November 2022
November 2022
Vol. 5, Iss. 47
Robin’s Newsletter #231
Crypto-exchange FTX's governance failures. Medibank attackers release stolen mental health data. Majority of UK COBRA meetings are about ransomware.
Vol. 5, Iss. 45
Robin’s Newsletter #229
Slovkia's parliamentary business suspended. Mondelez & Zurich settle NotPetya insurance claim. US Treasury says ransomware losses are over $1 billion.
August 2022
August 2022
Vol. 5, Iss. 34
Robin’s Newsletter #218
Cl0p ransomware gang mistakes attack on South Staffs Water for Thames Water. DigitalOcean caught up in latest Mailchimp breach. Apple security vulnerabilities.
Vol. 5, Iss. 33
Robin’s Newsletter #217
Twilio, Cloudflare & Cisco attacks also targeted employee's personal devices and accounts. NHS 111 outage may last weeks. Sanctions for Tornado Cash.
May 2022
May 2022
Vol. 5, Iss. 20
Robin’s Newsletter #204
Costa Rica declares state of emergency over ransomware incidents. Civil penalties proposed for Colonial Pipeline over safety breaches.
Vol. 5, Iss. 18
Robin’s Newsletter #202
Conti ransomware gang targets Costa Rica following election. Timeline of Russian cyberatacks against Ukraine. Facebook doesn't know where your data flows.
March 2022
March 2022
Vol. 5, Iss. 13
Robin’s Newsletter #197
The rise, and fall?, of Lapsus$ as Okta confirm breach. US CNI cyberattack warning. Build capabilities, not plans for resilience.
Vol. 5, Iss. 12
Robin’s Newsletter #196
Russia/Ukraine roundup. Mysterious incident affecting satcom terminals. Ransomware group adds wiper capability. Law firm gets GDPR fine for not patching.
February 2022
February 2022
Vol. 5, Iss. 7
Robin’s Newsletter #191
Slovenian TV disruption. 500 ecommerce sites compromised by MageCart. 2021 was a bumper year for cyber M&A.
January 2022
January 2022
Vol. 5, Iss. 5
Robin’s Newsletter #189
Activists ransomware Belarus' state-woned railway company. New UK cyber strategy for government. Let's Encrypt re-issuing 2M certs.
Vol. 5, Iss. 3
Robin’s Newsletter #187
Russian authorities scoop up members of REvil. Google Analytics and GDPR. Using a cyberattack to accelerate dgitial transformation.
Vol. 5, Iss. 2
Robin’s Newsletter #186
Potential FTC legal action over Log4shell. Phishing using Google Docs. New UK Information Commissioner. Reframing cybersecurity.
October 2021
October 2021
Vol. 4, Iss. 43
Robin’s Newsletter #175
US bans sales of offensive cyber tools to authoritarian governments. REvil taken offline in multi-national operation. The MoD's economic warefare unit.
Vol. 4, Iss. 42
Robin’s Newsletter #174
White House ransomware summit attended by over 30 countries. Client-side scanning (such as for CSAM) may undermine democracy. Don't view-source on Missouri state websites
Vol. 4, Iss. 40
Robin’s Newsletter #172
Azure AD wasn't logging all failed SSO requests. Ransomware crew gets pissy. 'Monoculture' cyber risk.
September 2021
September 2021
Vol. 4, Iss. 39
Robin’s Newsletter #171
'Releasing the hounds' on ranomware actors, though FBI involvement in Kaseya shows offnseive operations may already be underway.
July 2021
July 2021
Vol. 4, Iss. 28
Robin’s Newsletter #160
More on Kaseya. The PrintNightmare continues. Farmers win 'right to repair' and Kaspersky's not-so-random number generator.
Vol. 4, Iss. 27
Robin’s Newsletter #159
Kaseya VSA used to launch 'over 1,000' ransomware attacks. Security researchers cause PrintNightmare. EU grants UK data protection adequacy decision.
June 2021
June 2021
Vol. 4, Iss. 25
Robin’s Newsletter #157 — 3rd Birthday Edition 🥳
Suspected Cl0p members arrested. Ransomware is an 'urgent' threat to U.K. Balancing cyber supply and demand. And, Dear Intern...
Vol. 4, Iss. 24
Robin’s Newsletter #156
EA games source code stolen. Apple's news privacy and security features. The FBI ran An0m encrypted comms app. Ransomware thinking.
Vol. 4, Iss. 23
Robin’s Newsletter #155
The U.S. continues beef with Russian ransomware gangs. Colonial Pipeline was result of compromised creds. FireEye to divest name, products business.
May 2021
May 2021
Vol. 4, Iss. 21
Robin’s Newsletter #153
Lots of ransomware: Ireland's HSE will not pay. Colonial coughed up $4.4M'. But there are Technology Detection Dogs. And they're very good dogs!
Vol. 4, Iss. 20
Robin’s Newsletter #152
All the stats: it's DBIR time. Colonial Pipeline paid ransom, restored service and DarkSide disappeared. Being better at security engagement.
Vol. 4, Iss. 19
Robin’s Newsletter #151
Responsible cyber power. Colonial Pipline shut down due to ransomware. Injecting malware C2 into legitimate traffic. Authentication using a severed thumb.
Vol. 4, Iss. 18
Robin’s Newsletter #150
Babuk ransomware operators demand $50M from DC police. BoJo's phone number available online. Emotet deactivated. And, burrowing beavers.
April 2021
April 2021
Vol. 4, Iss. 17
Robin’s Newsletter #149
Ransomware in Apple's supply chain. Facebook seeks to 'normalise' scraping. The balkanisation of the Internet has intelligence agencies worried. Cellebrite's iPhone unlocking system is full of vulnerabilities.
Vol. 4, Iss. 16
Robin’s Newsletter #148
FBI gets a warrant to fix Hafnium web shells, becomes an MSSP. Sanctions for Russia over SolarWinds. Plus you cheddar believe there are some cheese puns.
Vol. 4, Iss. 14
Robin’s Newsletter #146
The long-tail of ransomware recovery. PHP source code compromise. Exploiting 'safe' file formats. Risk margins and early risk management decisions.
March 2021
March 2021
Vol. 4, Iss. 13
Robin’s Newsletter #145
FatFace IR comms 'confidential' while loosing 200GB data. Cyber insurer CNA may have been targeted for policy info. OSINT on the Ever Given.
February 2021
February 2021
Vol. 4, Iss. 6
Robin’s Newsletter #138
SolarWinds caught up in second campaign against U.S. gov tied to China. Plus an interview with a ransomware operator and Canada declares Clearview AI is 'illegal'.
November 2020
November 2020
Vol. 3, Iss. 45
Robin’s Newsletter #125
Nothing cyber happened in the US election. Corporate VOIP systems being targeted. Don't pay ransomware gangs to not leak your data.
October 2020
October 2020
Vol. 3, Iss. 43
Robin’s Newsletter #123
DOJ charges Fancy Bear, Doubts over Trump's Twitter password, and digital dilemmas for charity donations.
Vol. 3, Iss. 41
Robin’s Newsletter #121
Integrity in the UK Test & Trace scheme; ransomware attacks up 50%; a different type of lock-down.
Vol. 3, Iss. 40
Robin’s Newsletter #120
US Treasury issues advisory over ransomware payments; Huawei code quality still really bad; and Singapore's consumer security labels.
September 2020
September 2020
Vol. 3, Iss. 38
Robin’s Newsletter #118
Domain admin for EVERYONE! APT41/Winnti charged for cyber-espionage and activities against computer games companies. First death leading directly from cyber-attack :-(
August 2020
August 2020
Vol. 3, Iss. 35
Robin’s Newsletter #115
Attempted $1M bribe of Tesla employee in ransomware campaign. NZX trading suspended for four days due to DDOS. Supply and demand in security budgets.
Vol. 3, Iss. 31
Robin’s Newsletter #111
Ransomware payments encourage more ransomware attacks. EU cyber sanctions. Three charged in Twitter crypto-scam.
July 2020
July 2020
Vol. 3, Iss. 30
Robin’s Newsletter #110
Garmin 'ran somewhere.' UK Test & Trace doesn't have a DPIA. Emotet serving up Hackerman memes.
June 2020
June 2020
Vol. 3, Iss. 23
Robins Newsletter #103
REvil launch auction site, while Maze and LockBit team up to pool resources, know-how. Plus inside a BEC scam and DROP DATABASE tickets.
May 2020
May 2020
Vol. 3, Iss. 20
Robins Newsletter #100
Pricing cyber risk from external data, attack on 'UK electricity system' and mining crypocurrency with supercomputers
Vol. 3, Iss. 19
Robins Newsletter #99
Contact tracing apps, password reuse stats, law firm ransomware, and the integrity of systems
Vol. 3, Iss. 18
Robins Newsletter #98
Mobile device management as a vector, turning antivirus against itself and ransomware's long game
April 2020
April 2020
Vol. 3, Iss. 5
Robin’s Newsletter #85
Jumpshot reminds us security isn't privacy; whopping REvil ransom demands; and keep calm/cary on for DPOs.