This Week in Cyber takes a look at a few of the top news stories across the industry for the week of Jan. 10. Plus, get a peek at what’s coming up on the Data Connectors Community calendar.

Is 2022 the year of cryptomining? Signs, so far, point to yes. Users everywhere were buzzing over the addition of a cryptomining component in Norton 360 software over the last week. The news has landed in some mainstream publications, where authors are citing public outrage over the addition, including Wired magazine which says “you should absolutely not do this,” as it is an environmental drain and a potential security risk. There’s also the inherent hypocrisy involved; this software should seek to prevent cryptomining from threat actors rather than cashing in on it.

For a quick definition, ExtraHop defines cryptomining as the process where a user’s computing resources are used to mine cryptocurrencies like Bitcoin or, in the case of Norton 360, Ethereum. Threat actors have been known to do this surreptitiously uses a systems CPU and sometimes GPU to perform complex mathematical calculations that result in long alphanumeric strings called hashes.

And as for the cash payouts, Norton is keeping 15% of all earnings.

Once is chance, twice is coincidence… Krebs on Security is reporting that fellow virus scanner software Avira followed in Norton’s footsteps, putting some 500 million users’ PCs to work in the old Ethereum mines. Similar backlash has ensued. The question remains: is there space for cryptomining within security software offerings?


The cover-up is the crime. Remember back in 2016 when Uber fumbled 56 million users’ and drivers’ data? Then-security chief Joseph Sullivan is racking up charges for the behind-the-scenes coverup, most recently three counts of wire fraud to previously filed felony obstruction and misprision charges, according to a statement from the Department of Justice. 

The lesson for CSOs everywhere? Don’t make six-figure deals with hackers in exchange for their silence; don’t attempt to cover up a data leak from the people it affects, and definitely don’t try to hide it from the feds in the Federal Trade Commission.


Log4january updates? CISA Director Jen Easterly gave her thoughts on the status of the end-of-the-year fire drill we all experienced in 2021, saying that most government agencies here in the US are in the clear from log4shell vulnerabilities, in part due to vigilant cybersecurity engineers. However, the reach of this thing is so massive, we’ll be living with it for a long, long time.


Ten days into 2022, how are your resolutions going? If you started this year with a goal of reading more, you’re in luck. The Data Connectors Holiday Reading List is still live and ready for your consumption. Get access to white papers and analyst reports that will keep you sharp in the new year.

On the road again. The Data Connectors team is starting the year in the Grand Canyon state, with an all-star lineup at its Phoenix Cybersecurity Conference on Wednesday, Jan. 12. We’re joined by Dr. Jonathan D.T. Ward, a world-renowned expert on China and Russia, who will be sitting down and taking audience questions in a Fireside Chat format.

Phoenicians (and other locals) can catch their local Secret Service Supervisory Special Agent Ingrid Rush, as well as FBI Special Agent Suzanne Allen, plus an all-star panel discussion titled “What Your Left Out of Your 2022 Cybersecurity Plan (And How to Fix It).”

This session will be followed up with another Cybersecurity Conference out in Salt Lake City on Jan. 27, as well as the SouthWest Virtual Cybersecurity Summit on Feb. 2-3.

Before you go… Don’t lose your seat at the CyberConnect Web Briefing on Jan. 20, where a panel of CISOs will be discussing the topic, “Automating Risk Management at Scale for the Modern CISO.” This is a can’t-miss discussion, particularly in a world after log4j. 

This Week in Cyber: The Year of Cryptomining?

Hot Topics in Cybersecurity Posted by Jen Greco on Jan 11, 2022

Fifth Patch Released:


Log4j continues to make news during the final week of 2021, as Apache issues the fifth patch, 2.17.1, since the initial vulnerability was uncovered earlier this month.

This patch fixes CVE-2021-44832, an arbitrary code execution flaw, which could be used by threat actors to run malicious code.

Per the CVE description: “Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.”


Joint Guidance Issued:


Federal law enforcement agencies from the US, Australia, Canada, New Zealand, and the United Kingdom issued a joint statement on the log4j vulnerabilities.

The notice includes CISA’s previously issued guidance, with steps including:

  • Identifying assets affected by Log4Shell and other Log4j-related vulnerabilities, 

  • Upgrading Log4j assets and affected products to the latest version as soon as patches are available and remaining alert to vendor software updates, and

  • Initiating hunt and incident response procedures to detect possible Log4Shell exploitation. 

Download a pdf this joint report here.


Consequences from the Chinese Government:


Bloomberg News reported that the vulnerability was initially found by an Alibaba software developer in late November and reported to Apache.

The developer’s organization, Alibaba Cloud, has been suspended from an information sharing partnership by regulators for six months for reporting the issue to Apache prior to reporting it to the Chinese Ministry of Industry and Information Technology, according to reports from ZDNet.


Cyber Experts Offer Insights on the Future of Log4j:


CEO and Founder of Check Point Software Technologies Gil Shwed appeared on CNBC to explain the impact of this vulnerability.

“What makes it very dangerous is that it’s very infectious,” Shwed said in the interview. He stated that the cybersecurity industry’s response has been very good, however, the shrewdness and skill of the hackers has improved so much in recent years. There are about 60 variants of this vulnerability, Shwed said.

In Case You Missed It: Log4j’s Holiday Week

Hot Topics in Cybersecurity Posted by Jen Greco on Dec 29, 2021

Thanks to the log4j vulnerabilities, businesses across the world got a not-so-friendly reminder earlier this month, that it’s vital to ensure that all third-party software within the organization is assessed frequently.

Following the news and the subsequent patches, organizations can take the wake-up call to complete a full third-party risk assessment, according to a report from Security Scorecard in their latest release, “Log4j Vulnerability Technical Report.” 

After you’ve assessed your organization and the internal impact, there are several important steps to take, including assessing your vendors and seeing if they have an older version of log4j (earlier than 2.17.0, as of this publication), according to the report. “We have published a new informational signal in SecurityScorecard called Vulnerable Log4j Version Detected. This informational signal does not impact scores and appears on Scorecards where a vulnerable Log4j instance was detected as of December 14th. If you see this signal on a vendor’s scorecard, reach out to them right away,” the report read.

Another way to assess your third-party damage is to download the Log4Shell Questionnaire, provided by Security Scorecard, and send it to all your software vendors, and then share your findings with your business partners.



Third-party risk management is not just something an organization should do after a breach; for security experts, it should be top-of-mind according to “Best Practices for Trusted Third Party Risk Management,” also issued by Security Scorecard.

“Third parties are a necessary part of your enterprise. They are your vendors, your suppliers, your contractors, and your partners. Without them, you can’t do business,” according to the report. “Unfortunately, third parties are also a major source of cyber risk. Cybercriminals often target third-party providers to target their clients’ data and networks, such as the notorious SolarWinds breach at the end of 2020.”

Learn more about the important steps for Automated Risk Management at the CyberConnect Web Briefing on January 20, 2022. Register today.

Third Party Risk Assessment Gains Importanc …

Hot Topics in Cybersecurity Posted by Jen Greco on Dec 21, 2021

A second log4j vulnerability (CVE-2021-45046) was uncovered on Dec. 15 and has already been patched. In the description, it is stated that the original fix to address CVE-2021-44228 “was incomplete in certain non-default configurations.” The release of log4j 2.16.0 fixed the issue by removing support for message lookup patterns, according to the CVE record.

“The safest thing to do is to upgrade Log4j to a safe version or remove the JndiLookup class from the log4j-core jar,” according to the Apache Log4j Security Vulnerabilities page.

The Cybersecurity and Infrastructure Security Agency (CISA) updated its Vulnerability Guidance page to reflect this second vulnerability. In the update, the agency added: “A remote attacker can exploit this second Log4j vulnerability to cause a denial-of-service (DOS) condition in certain non-default configurations. Note: affected organizations that have already upgraded to Log4j 2.15.0 will need to upgrade to Log4j 2.16.0 to be protected against both CVE-2021-44228 and CVE-2021-45046.”

CISA has issued guidance telling vendors and affected organizations to ensure they’ve now updated to 2.16.0 in order to protect from both vulnerability.

The exploits on log4j are officially getting more sophisticated, according to Microsoft, including state-sponsored hackers from China, Iran, North Korea and Turkey.

This includes Chinese state-sponsored group HAFNUIM (of Microsoft Exchange hack fame), which has been using a DNS service “typically associated with testing activity to fingerprint systems,” Microsoft stated.

“The bulk of attacks that Microsoft has observed at this time have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers,” Microsoft wrote in its security blog.

One of the targets currently includes Minecraft servers, according to Microsoft. Minecraft is a popular sandbox and survival video game which is regarded as the best-selling video game of all time with nearly 140 million monthly active users.

“Microsoft can confirm public reports of the Khonsari ransomware family being delivered as payload post-exploitation, as discussed by Bitdefender. In Microsoft Defender Antivirus data we have observed a small number of cases of this being launched from compromised Minecraft clients connected to modified Minecraft servers running a vulnerable version of Log4j 2 via the use of a third-party Minecraft mods loader,” Microsoft wrote on its blog post.

Patch Released for Second Log4j Vulnerability

Hot Topics in Cybersecurity Posted by Jen Greco on Dec 16, 2021

This guest post was originally posted on LinkedIn and has been reposted with permission.

If you are just finding out about log4j, here’s what you need to know as a defender:

1. It’s bad. VERY bad. The level of badness can’t be overstated.

2. Don’t think you’re exposed because you don’t use java? I guarantee you at least one of your SaaS vendors/cloud hosting providers/web server providers does.

Java was the most popular programming language of the 90s and early 00s. Hell, it’s still in Stack Overflow’s Top 10 and taught widely in high school & college.


3. Go through EVERY app, website, and system that you own/use that talks to the internet. This includes self-hosted installs of vendor products and cloud-based services.

Focus on systems that are internet-facing that contain sensitive data, secrets, etc. Focus on older “legacy” vendors.

4. This exploit is not only publicly known, the barrier to entry is LOW. Anyone, including your 5yo playing Minecraft, can use this exploit. It’s as simple as typing in a few characters into a chat box.

5. Don’t think you’re protected because aUthEnTiCatIoN. This exploit is pre-auth. Which means an attacker DOESN’T NEED TO SIGN IN to your web app/system/whatever in order to pop you.

6. Once you finish assessing your hosted apps, vendor systems, etc. – move on to endpoint applications. Java-based apps like WebEx, Minecraft, JetBrains IDEs, Citrix, Filezilla FTP are all
vulnerable. You need to patch, patch, patch. If no patch is available, uninstall.

7. Once you’re done with endpoint apps, make sure all your work from home folks update their personal devices and home routers.

Yes, home routers are susceptible.

I told you it was bad.

Note – don’t rely on your work from home folks to do this right, even with clear instructions.

A lot of them will ignore you.
Prepare for this eventuality.
Make nice with your IT team.
You’re gonna need them.

7. Your immediate reaction will be to set gateway rules to block the exploit string.

Don’t. It won’t work.

There are an infinite number of ways to obfuscate the string. Your regex will be no match, I assure you.

8. Instead, focus on patching. Focus on limiting outbound traffic.
If you can block the LDAP/LDAPS protocol entirely from your outbound traffic, do it.

If you can’t, well, at least block the default LDAP/LDAPS ports. It’s not much, but it’s something.

9. Lastly, communicate with your senior leaders. They should be in the know about this one.

If your leaders ignore you, go to the leadership level above them.

If they ignore you, go to the CEO.

If the CEO ignores you, go to the board.

I told you it was bad.

10. Don’t think this is going to go away any time soon. We’re just starting to get a glimpse of what is being tried out there in the wild.
Buckle up. It’s going to be a wild Christmas.

One final thing to add: if you don’t have edge protection, you can still set firewall rules at the host level. Send outbound traffic to only trusted IPs. This should be a small list.

• • •
To recap:
1. log4j is very bad
2. you are susceptible
3. patch & filter outbound traffic
4. get IT to help you
5. tell your senior leaders


Naomi Buckwalter is an experienced CISO and non-profit director, and is a featured speaker among the Data Connectors Cybersecurity Community. Find her on LinkedIn. 

Ten Things You Must Know About Log4j

Hot Topics in Cybersecurity Posted by Naomi Buckwalter on Dec 14, 2021

The following is a statement shared by the US Secret Service’s Gateway Cyber Task Force at the St. Louis Field Office for the benefit of the public.

DHS – CISA and its partners, through the Joint Cyber Defense Collaborative, are tracking and responding to active, widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1. Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.

CISA has created a webpage, Apache Log4j Vulnerability Guidance and will actively maintain a community-sourced GitHub repository of publicly available information and vendor-supplied advisories regarding the Log4j vulnerability.

CISA urges organizations to review its Apache Log4j Vulnerability Guidance webpage and upgrade to Log4j version 2.15.0, or apply the appropriate vendor recommended mitigations immediately.

Please follow this link for more information.

CISA Develops Web Page for Apache Log4j Vul …

Hot Topics in Cybersecurity Posted by Data Connectors Newsroom on Dec 14, 2021

For a cybersecurity strategy to succeed, collaboration is vital – whether that’s between teams, organizations or federal agencies.

That was one of many key takeaways at the State of Cyber Conference held in downtown St. Louis on Dec. 1-2.  This event was the result of the country’s top law enforcement agencies coming together to discuss the current cyber threat landscape.

Developed along with the St. Louis InfraGard Alliance and the local offices of the Federal Bureau of Investigation and the US Secret Service, with presentations from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), this conference was attended by hundreds of senior cybersecurity professionals from across the region.

“When we first started State of Cyber [in 2016], our goal was to get more partnership between the fed agencies and local resources for the 16 critical infrastructures that InfraGard serves,” said David Wren, president of St. Louis InfraGard.

The conference featured content that was exclusive for attendees only, including a briefing from the FBI on the current state of cybersecurity in the region – namely, its work in combatting ransomware. Attendees also heard from the Department of Homeland Security CISA on how their organizations can partner with the agency to protect themselves against the many threats that are out there.

The two-day conference closed with an inter-agency panel, featuring representatives from:

  •       The US Secret Service
  •       St. Louis Fusion Center
  •       Missouri Department of Public Safety
  •       DHS-CISA
  •       Missouri State Highway Patrol

During this exclusive session, the experts discussed ways their agencies collaborate with each other and with the public to ensure a high-end cybersecurity infrastructure in the region.


It wasn’t just the local cybersecurity pros who took notice of the State of Cyber Conference. Several local news organizations took note of the high-profile speakers list and timeliness of the event.

“The State of Cyber 2021 is a great opportunity for the Secret Service to meet with corporations and security directors to talk about the trends and tactics we’re seeing imposed on the civilian population and also corporations themselves,” US Secret Service Special Agent in Charge Thomas Landry told Fox2Now. Landry is based in the St. Louis field office, and was featured as a key speaker during the conference. His session, given in collaboration with USSS Senior Special Agent Brian Cockrill, was titled “The USSS Cyber Fraud Task Force Model.” This session gave attendees a better understanding of how the agency, which is (in part) designed to fight financial crimes against US citizens, can aid organizations when it comes to avoiding, combatting and reporting cyber crimes. 

Data Connectors CEO Dawn Morrissey highlighted ransomware as one of the biggest cyber threats for KMOV4 viewers regarding one of the biggest cyber threats facing companies of all sizes: ransomware.

“It’s continued to increase, not only the amount of ransom demands, but the frequency of attacks,” she said in the news report. “And it’s affecting everyone from businesses, all the way up to large corporations.”


The Data Connectors team is continuing to partner with InfraGard to present the State of Cyber Virtual Cybersecurity Summit – a complementary, fully online session intended for cyber professionals in the Midwest and Great Lakes region on Dec. 14-15.

This fully virtual experience features similar panels and discussions from the high-profile lineup of speakers, including an interactive inter-agency panel. Registration is still available.

“State of Cyber 2021” Connects Executiv …

Industry News Posted by Jen Greco on Dec 8, 2021

Law Enforcement, Chief Information Security Officers from Region’s Largest Organizations Convene to Get Ahead of Expanding Cyber Threats


ST. LOUIS, MO – November 29, 2021. Data Connectors, representing the largest cybersecurity community in North America, confirmed the details for the State of Cyber 2021 Conference, which will take place December 1st and 2nd, 2021. In partnership with the St. Louis InfraGard Alliance and local field offices of the Federal Bureau of Investigation (FBI) and the US Secret Service, the Chesterfield, MO-based firm will present this year’s in-person and online gatherings, a return from last year’s all-virtual format.

“The United States Secret Service is proud to collaborate with our local, state, and federal partners at the State of Cyber 2021 Conference. Sharing intelligence with them and the organizations responsible for a private infrastructure operating in the St. Louis metropolitan area furthers our investigative mission to thwart crimes against the financial infrastructure of the United States,” stated Thomas Landry, Special Agent in Charge, U.S. Secret Service – St. Louis Field Office.

Landry also headlines the agenda on Wednesday, December 1st.

The conference features prominent Chief Information Security Officer (CISO) executives from the region, as well as industry luminaries, cybersecurity solutions experts, and representatives from government agencies. The two-day agenda represents a combination of the St. Louis Cybersecurity Conference, which has been run annually since 2003, the St. Louis InfraGard Alliance’s State of Cyber event started in 2016, and an annual update for local cyber professionals conducted by the St. Louis Office of the United States Secret Service’ Cyber Fraud Task Force.

Validated professionals in the community that attend the Conference will receive briefings from the Department of Homeland Security (DHS) Cyber Infrastructure Security Association (CISA), and hear from local peer executives from organizations such as Mastercard, First Bank and TikTok.

The Conference will also feature a panel discussion on the State of Cyber Inter-Agency Cooperation, and keynotes from public and private sector executives:

  • Richard Quinn, Special Agent in Charge, FBI St. Louis Division
  • Erin Hug, Cyber Intelligence Analyst, Cybersecurity Forensics & Intelligence Unit at Missouri State Highway Patrol
  • Angela Robinson, Cybersecurity Specialist with the Department of Public Safety (DPS)
  • Derek Rieger, Deputy Director of the St. Louis Fusion Center
  • Brian Cockrill, Senior Special Agent – Technical Staff Assistant at the United States Secret Service – St. Louis Field Office
  • Christopher Cockburn, Cybersecurity Advisor at CISA
  • D. Henry, Cyber Security Advisor & Indiana Cybersecurity State Coordinator at CISA

Over 300 members of the Data Connectors Cybersecurity Community are expected to attend this conference. More than 30 community partners and affiliate organizations will also be a part of the gathering including Auth0, Attivo Networks, Darktrace, and Noname Security.

The Conference will take place on Wednesday and Thursday, December 1-2, starting at 8:00 a.m. CST at the Hyatt Regency St. Louis at The Arch, 315 Chestnut St., St. Louis, MO 63102. Registration is FREE for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation.

More information for the Summit can be found at


About Data Connectors
Since 1999, Data Connectors ( has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 Community Partners across North America. Members enjoy informative education, networking and support via award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

# # #

Note to reporters: If you wish to attend these sessions at no charge, please contact Michael Hiskey, Chief Strategy Officer, at +1.636.778.9495, or

“State of Cyber 2021” Brings Together H …

Press Releases Posted by Emily Ramsey on Nov 29, 2021

Cyber incidents kill. They killed before. They will kill again



Ransomware attacks have taken a deadly turn. Hackers have become more organized and sophisticated leading to the first ransomware-related death in September 2019. These threats continue to escalate, making healthcare systems, government operations, and other life-depending organizations prime targets for cybercriminals. However it is no longer just about financial gains, these organizations, when attacked and compromised, threaten lives.


In September 2019, the first ransomware-resulted death occurred at Springhill Medical Center in Alabama. The Wall Street Journal reported on the lawsuit filed by Teiranni Kidd, which will go to court in November 2022. In the article “A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death” by Kevin Poulsen, Robert McMillan, and Melanie Evans, it was reported that Ms. Kidd was checked in to the hospital in the middle of a ransomware attack. The attack blocked off all medical records along with vital monitors used to track patients’ vitals. Ms. Kidd’s baby was born with the umbilical cord wrapped around her neck, causing brain damage that, nine months later, killed her.

The hospital’s lack of response to the ransomware attack, along with their refusal to tell their patients, and the public at first, what was really going on all begs the question: was Nicko Silar’s death preventable?

First reported to The Wall Street Journal, Joshua Corman, senior adviser for the Cybersecurity and Infrastructure Security Agency (CISA), which is part of the Department of Homeland Security, found evidence that ransomware can lead to dire consequences for hospitals. “We can see that a cyberattack can strain you enough to contribute to excess deaths,” Corman concluded. Had the ransomware attack been paid off, or had the hospital had proper security measures to defend against such attacks, there is a significant chance Nicko Silar could have been saved.


With the rise in such deadly ransomware attacks, insiders have been invited to address Data Connectors’ attendees on their takeaways and best practices in this new threat landscape. One of those experts is Menny Barzilay, CEO at Cytactic. Barzilay addressed the New England Virtual Cybersecurity audience this past August with his Keynote presentation, “Cyber incidents kill. They have killed before. They will kill again.” He discussed how life-threatening cyberthreats should be incorporated into the risk management process in a way that would allow security experts and decision-makers to identify and tackle such threats effectively. He also encouraged attendees to understand why the cyber industry must adopt the right mindset when human lives are at stake and incorporate this notion into their standards, policies, and methodologies.


“Cyber incidents have already cost human lives in the past. And they will soon again. Yet, most cyber professionals haven’t yet fully embraced their responsibility to protect human lives.” he said. “A tectonic shift in the cyber industry is about to happen,” he added.


Menny Barzilay writes on all cybersecurity topics like ransomware in his blog “THINK: CYBER.”

In his blog article “Cyber Kills,” Barzilay lays out the numerous ways in which cyberattacks, especially ransomware, can destroy lives. The most terrifying include, “After an attack on emergency call systems (like 911 in the US) we’ll hear about people getting killed because the emergency responder was not available in time, and after an incident in which pictures will be leaked, we’ll hear about people committing suicide.”

In the same vein, Jaycee Roth, Associate Managing Director of Cyber Risk at Kroll, will present “From the Ransomware Frontlines: R-Rated Takeaways” at the upcoming Canada West Virtual Cybersecurity Summit. With the same warnings as Barzilay, Roth will address encryption, exfiltration, and the rise of the triple extortion and what it means for organizations. She will also instruct which steps precede ransomware detonation along with effective precursors to monitor for and how to act before detonation. These precautions will aim to stop such devastating attacks.

Ransomware attacks have significantly escalated over the last few years. This escalation now impacts lives ranging from exploitation to life-threatening interruptions. For more resources on ransomware, be sure to check out our news page for the latest in cybersecurity news. You can also attend one of the upcoming virtual summits and conferences where ransomware will continue to be a recurring topic among the community.

Ransomware Kills: An insider look at the tr …

Hot Topics in Cybersecurity Posted by Emily Ramsey on Nov 18, 2021

The Data Connectors Cybersecurity Community’s resource guide to #BeCyberSmart


At the start of October, the FBI Cybercrime division IC3 received over 2,700 ransomware reports with losses of over $30 million. This is a 66% increase from the $18 million reported in the same time frame in 2020.* With hackers becoming more organized and sophisticated it is important to stay informed, up to date, and prepared for whatever comes next.


2021 was the 18th year October had been recognized as Cybersecurity Awareness Month. The National Cybersecurity Alliance, who established the commemoration in 2004 with the U.S. Department of Homeland Security (DHS). What began as a collaborative effort between government and industry to ensure safety online, is now recognized across the globe by professional organizations, cybersecurity companies, and organizations of every type to educate and protect their people and assets.


CISA along with DHS had reported that this year’s theme would remain “Do Your Part. #BeCyberSmart.” This calls upon individuals and organizations to each take active measures to ensure that their company and personal cyberspace are protected. On September 30th, the White House issued an official proclamation dawning the start of the nationally recognized month. It stated:


“Our Nation is under a constant and ever-increasing threat from malicious cyber actors.  Ransomware attacks have disrupted hospitals, schools, police departments, fuel pipelines, food suppliers, and small businesses — delaying essential services and putting the lives and livelihoods of Americans at risk.  Any disruption, corruption, or dysfunction of our vital infrastructure can have a debilitating effect on national and economic security, public health, and our everyday safety.”


The Data Connectors Community News Team has rounded up some of the most important articles, interviews, and resources our Community Members have found particularly useful:


Cracking Down on Cybersecurity at the State Level

Over the past year and a half, companies all over the world have had to adjust to the work-from-home mandate and new hybrid working environment while ensuring cybersecurity protection of both the organization’s endpoints and their employees. Local governments have had to adapt to the necessary new regulations for cybersecurity as well.

While headline-grabbing attacks like Colonial Pipeline and SolarWinds grab headlines, state and local governments, as well as municipalities and public education facilities have long been the target of debilitating ransomware attacks.

For more on cybersecurity within government, you can hear from Florida state’s CIO, Jamie Grant at the Miami Cybersecurity Conference on November 09-10. Register today for a chance to hear the experiences that will benefit cybersecurity leaders – be they in the public or private sectors. Grant will discuss cutting bureaucracy, budgeting, staffing, working with solution providers, and motivating teams to strive for a meaningful mission.


Data Connectors Partners Join Multi-Sector Ransomware Task Force

Several members of the Data Connectors community, including companies like SecurityScorecard, Rapid7, and Cybereason, have teamed up with industry leaders across government, academia, non-profit organizations, and other private-sector organizations to form a Ransomware Task Force.

Ransomware is now a threat equal to terrorism. Cryptocurrencies have proven to be a lucrative modus operandi for criminal groups and state actors looking to launder funds and evade sanctions. It is vital for organizations such as CipherTrace to utilize support to prevent sophisticated attacks. Pamela Clegg, VP of Financial Investigations at CipherTrace, presented on this at the Dallas Cybersecurity Conference with “Ransomware Investigations and Actionable Intelligence from DarkSide and REvil.”

This task force was organized by the Institute for Security and Technology (IST), who convened the task force and began work in January 2021. At that point, the organization launched a website highlighting the leadership roles and a complete list of members.

This task force will continue to aid in the fight against cybercrime; see who else is included, and how they can help your organization.


Gartner: Cybercriminals Will Kill by 2025

Gartner has predicted that by 2025, cyber attackers will weaponize operational technology environments to harm or kill humans.

Data Connectors Community Members know that this has already happened. In Menny Barzilay’s New England Virtual Cybersecurity Summit Keynote this past August, his “Cyber Kills” talk demonstrated numerous cases where cyber-attacks have led to the loss of life over the recent past.

In coming after OT, hardware and software that monitors and controls equipment, attackers gain the ability to impede upon cyber-physical systems (CPS), according to Gartner. This is the evolution from attacks like that on the Colonial Pipeline – disruption is one thing, but with enough access, bad actors can impact the health and welfare of private individuals.

To prevent this horrible prediction from coming true, see what Gartner recommends to protect you and your enterprise.


CISA Alert: Ransomware Awareness for Holidays and Weekends

DHS – CISA released an alert regarding an observed increase in highly impactful ransomware attacks over the holidays and on weekends; strategically when businesses are closed and at their most vulnerable. The exponential rise of ransomware in the last few years continues to be a consistent threat. Protect yourself and your business by reading the Ransomware Awareness for Holidays and Weekends


An Insider’s Look at the Colonial Pipeline Ransomware Attack

It had the makings of a typical ransomware attack — likely set off through a phishing scam, resulting in the wrong people getting their hands where it didn’t belong. But the outcome of the Colonial Pipeline ransomware attack was beyond typical.

In a LinkedIn Live session with former CISA Assistant Director John Felker, the Data Connectors Community gained a unique insight into what was likely happening behind the scenes, both in the Colonial boardroom and in the government offices.

The session, titled “Reflections on the Colonial Pipeline Ransomware Attack, took a comprehensive look at the timeline of events surrounding the attack, as well as a deep-dive in the actions of the perpetrators, the DarkSide hacking group.

In another example of this kind of broadband attack, Atlanta Infragard Board Member Derek Johnson led a Keynote discussion at the Atlanta Cybersecurity Conference on October 27 – 28. Attendees discovered how organizations today can no longer engage in digital transactions or eCommerce serving their employees, customers, or partners without understanding the global cybersecurity landscape or the state of their internal security program.


Looking for further discussion on these topics? Check out all upcoming summits and conferences.


For more information and to stay connected to experts in the industry, join our community!

Wrap up – Looking back on Cybersecuri …

Hot Topics in Cybersecurity Posted by Hubspot System on Nov 2, 2021