67% of first-year costs follow, as hospitals work to resurrect systems and operations. These expenses include making legal, technical, and regulatory amends, notifying and communicating with affected patients, and heightening data security following the incident. On top of these expenses, more money is lost as hospital business decreases as a result of waning customer trust, damage to their reputation, and system shutdowns during reparation. After hospitals find themselves on a steady path to recovery, small to medium medical organizations have spent 5% of their yearly revenue, which on average, totals to $2.5 million.

An additional layer of data security may be the answer to fears and ignite preventative action. Blockchain, defined as, “a distributed ledger for recording transactions and tracking assets”, can secure healthcare data and shield against breaches. Wearable and remote monitors, telehealth, gamification, and health data NFTs are a few blockchain tools that can make a world of difference.

Wearable and remote devices include narcolepsy, blood pressure, seizure, pulse, sleep apnea, and diabetic monitors among others. These devices can be connected to databases that retain each individual’s recorded information. Healthcare personnel can retrieve patient data as it’s being recorded, patients can have more personalized care, and paramedics can better treat patients according to recent data when they arrive. With better security, less errors in data reporting, and longer-lasting technologies, these devices offer many benefits that can aid both data safety and the productiveness of patient-professional relationships.

Telehealth on its own poses notable risks, as few fully-fleshed out regulations and protocols regarding the storage and distribution of data exist and personal information can be shared with marketers and other parties without consent. By implementing blockchain, telehealth security heightens and becomes more dependable. Blockchain can infuse secure storage systems for medical records and compile data to give medical professionals a more comprehensive account of patient history.  By augmenting customer trust in the system and providing more efficient forms of data exchange, adding blockchain components to telehealth could be another guard against data breaches.

Gamification and health data NFTs go hand-in-hand. With gamification, patients are more focused through strategies that facilitate orientation toward their health-related objectives and openness to adopting new skills and habits. Those who attend doctor’s appointments, complete surveys, take prescriptions, and abide by doctor’s orders are rewarded with cryptocurrency tokens. Medical professionals, in turn, minimize losses as a result of improved, motivated outcomes. 

NFTs for health data describes the utilization of non-fungible tokens to protect an individual’s health record, guarding against theft and fraud. Patients benefit from increased control over their data, the possibility of gaining a profit from sharing select data with third parties, and being able to verify the legitimacy of personal information. 

Blockchain is being adopted into systems by both long-standing and up-and-coming healthcare companies, as they improve services and transactions and guard against the toll that data breaches can take on any organization. Learn more about blockchain and health to see how it can secure your service and operations too.

INFOGRAPHIC: A Line of Defense for Healthcare

Infographics Posted by Jen Greco on Mar 2, 2022

Law Enforcement, Chief Information Security Officers from Region’s Largest Organizations Convene to Get Ahead of Expanding Cyber Threats

ST. LOUIS, MO – November 29, 2021. Data Connectors, representing the largest cybersecurity community in North America, confirmed the details for the State of Cyber 2021 Conference, which will take place December 1st and 2nd, 2021. In partnership with the St. Louis InfraGard Alliance and local field offices of the Federal Bureau of Investigation (FBI) and the US Secret Service, the Chesterfield, MO-based firm will present this year’s in-person and online gatherings, a return from last year’s all-virtual format.

“The United States Secret Service is proud to collaborate with our local, state, and federal partners at the State of Cyber 2021 Conference. Sharing intelligence with them and the organizations responsible for a private infrastructure operating in the St. Louis metropolitan area furthers our investigative mission to thwart crimes against the financial infrastructure of the United States,” stated Thomas Landry, Special Agent in Charge, U.S. Secret Service – St. Louis Field Office.

Landry also headlines the agenda on Wednesday, December 1st.

The conference features prominent Chief Information Security Officer (CISO) executives from the region, as well as industry luminaries, cybersecurity solutions experts, and representatives from government agencies. The two-day agenda represents a combination of the St. Louis Cybersecurity Conference, which has been run annually since 2003, the St. Louis InfraGard Alliance’s State of Cyber event started in 2016, and an annual update for local cyber professionals conducted by the St. Louis Office of the United States Secret Service’ Cyber Fraud Task Force.

Validated professionals in the community that attend the Conference will receive briefings from the Department of Homeland Security (DHS) Cyber Infrastructure Security Association (CISA), and hear from local peer executives from organizations such as Mastercard, First Bank and TikTok.

The Conference will also feature a panel discussion on the State of Cyber Inter-Agency Cooperation, and keynotes from public and private sector executives:

• Richard Quinn, Special Agent in Charge, FBI St. Louis Division
• Erin Hug, Cyber Intelligence Analyst, Cybersecurity Forensics & Intelligence Unit at Missouri State Highway Patrol
• Angela Robinson, Cybersecurity Specialist with the Department of Public Safety (DPS)
• Derek Rieger, Deputy Director of the St. Louis Fusion Center
• Brian Cockrill, Senior Special Agent – Technical Staff Assistant at the United States Secret Service – St. Louis Field Office
• Christopher Cockburn, Cybersecurity Advisor at CISA
• D. Henry, Cyber Security Advisor & Indiana Cybersecurity State Coordinator at CISA

Over 300 members of the Data Connectors Cybersecurity Community are expected to attend this conference. More than 30 community partners and affiliate organizations will also be a part of the gathering including Auth0, Attivo Networks, Darktrace, and Noname Security.

The Conference will take place on Wednesday and Thursday, December 1-2, starting at 8:00 a.m. CST at the Hyatt Regency St. Louis at The Arch, 315 Chestnut St., St. Louis, MO 63102. Registration is FREE for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation.

More information for the Summit can be found at dataconnectors.com/state-of-cyber.

+++++++++

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 Community Partners across North America. Members enjoy informative education, networking and support via award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

# # #

Note to reporters: If you wish to attend these sessions at no charge, please contact Michael Hiskey, Chief Strategy Officer, at +1.636.778.9495, or info@dataconnectors.com.

“State of Cyber 2021” Brings Together H …

Press Releases Posted by Emily Ramsey on Nov 29, 2021

ATLANTA’S CHIEF INFORMATION SECURITY OFFICERS DEBATE FUTURE OF CYBERSECURITY; 2022 TRENDS

Targeted by Nation-States and Ransomware Gangs, Boards and Executive Leadership Teams Face Realities of Current Threat Landscape

ATLANTA, GA – October 25, 2021 Data Connectors, representing the largest cybersecurity community in North America, confirmed the details for the Atlanta Cybersecurity Conference this week.  The important gathering for senior executives in the region that has been listed as one of the top five in the country returns to an in-person format, after a 19-month hiatus.

The conference features prominent Chief Information Security Officers (CISO) executives from the region, as well as industry luminaries, cybersecurity solutions experts, and representatives from government agencies including the Federal Bureau of Investigation (FBI) and the United States Secret Service.

The 15th annual event returns with a two-day agenda, highlighting important areas of cybersecurity such as identity and access management, cloud email security, development security operations (DevSecOps), and managed detection and response.

“Boards and executive leadership teams are confronted with the reality that they can no longer engage in digital transactions or e-commerce without understanding the global cybersecurity landscape or the state of their internal security program,”  said Derek Johnson, local cybersecurity executive from the Susan G. Komen organization and Board Member at the InfraGard Atlanta Members Alliance. In his featured keynote at the conference, Johnson will lead a discussion for the cybersecurity community members on hand to explore the topic further this Thursday afternoon at the Marriott Buckhead Hotel & Conference Center.

In his presentation “Atlanta FBI Looks Back on 2021 Cyber Threats,” Special Agent Nathan Langmack, from the FBI Atlanta Field Office, will dissect the key components of some of the recent high-profile ransomware attacks such as SolarWinds and Colonial Pipeline. He will use these and others to surface lessons learned that translate to what CISOs and all information security executives should regard as best practices.

These discussions include some of the top executives throughout the region, such as:

• Kevin Gowen, CISO at Synovus Bank
• Dean Mallis, CISO at MARTA (Metropolitan Atlanta Rapid Transit Authority
• Jameeka Green Aaron, CISO at Auth0
• Michael F.D. Anaya, Head of Attack Surface Analysis at Palo Alto Networks
• Tamika Bass, CISO at Georgia Department of Revenue
• Taiye Lambo, Founder at HISPI and Pioneer vCISO

Over 300 members of the Data Connectors Cybersecurity Community are expected to attend this week.  More than 30 community partners and affiliate organizations will also be a part of the gathering including Votiro, Auth0, Attivo Networks, Security Scorecard, and the local chapters of ISC2, AFCEA, and CNSP.

The Conference will take place on Wednesday – Thursday, October 27-28 starting at 8:00 a.m. E.S.T at the Atlanta Marriott Buckhead Hotel & Conference Center, 3405 Lenox Road NE, Atlanta, Georgia 30326. Registration is FREE for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation.

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking, and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Atlanta’s Chief Information Security …

Press Releases Posted by Emily Ramsey on Oct 25, 2021

STATE, LOCAL, FEDERAL CYBERSECURITY EXECUTIVES CONFER ON 2022 THREATS, ATTACK LANDSCAPE 

Inaugural Cybersecurity in Government Virtual Summit to include CISO Public Sector Discussion Forums this week.

WASHINGTON, D.C. – OCTOBER 18, 2021 Data Connectors, representing the largest cybersecurity community in North America, has announced a first-of-its-kind online event. Over 50,000 professionals focused on information security, risk, and governance have been invited for a Virtual Summit that will debate key issues.

The 2021 Cybersecurity in Government Virtual Summit will fuel a discussion among attendees and invited executive guests that have been wrangling with a continued deluge of cyber-attacks over the past 18 months (SolarWinds, Kaseya, Colonial Pipeline, etc.), alongside increased focus related to the most recent Executive Order on Cybersecurity.

Keynote presentations include John Felker, Former Assistant Director of the Department of Homeland Security’s (DHS) Cyber Infrastructure Security Agency (CISA), as well as Mark McIntyre, Chief Security Advisor from Microsoft Federal.

“The reality for cybersecurity leaders in the public sector can be more challenging than it is for their commercial business counterparts,” said Dawn Morrissey, CEO and Founder at Data Connectors. “The Summit this week will focus on important collaboration to help them overcome the issues they face with regard to ransomware, cyber skills and staffing concerns, as well as the changing threat landscape,” she concluded.

The summit will feature four expert panel discussions with well-known Chief Information Security Officers (CISOs) from state, federal, local government organizations as well as higher education. Community members in attendance are also executives at those same concerns, from across the US and Canada.

Some of the invited panelists include:

• Shane Barney, CISO at USCIS-Department of Homeland Security
• Dr. Brian Gardner, CISO, City of Dallas
• James Wolff, Associate Administrator, CIO at U.S. Department of Energy
• Nathan Shiflet – Former CISO, State of Florida
• Aaron Verdell Call, CISO, WPS Health Solutions & Former CISO at State of Minnesota
• Jeffrey Brown, CISO of State of Connecticut
• Lester Godsey, CISO, Maricopa County, Arizona
• Scott St. Pierre, Deputy Director, Cybersecurity Division at U.S. Navy
• Shannon Lawson – ACIO/CISO, City of Phoenix

Attendees will ask questions and interact with the experts, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Attivo Networks, Ivanti, Axio, Cisco and many more.

Registration is FREE for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. More information for the Summit can be found at dataconnectors.com/cyberingov.

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking, and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

State, Local, Federal Cybersecurity Executi …

Press Releases Posted by Emily Ramsey on Oct 18, 2021

Stay tuned for this update each week. This is a joint cybersecurity weekly product from the Missouri Information Analysis Center, St. Louis Fusion Center, Kansas City Regional Fusion Center and the Missouri Office of Homeland Security.

FBI Shares Technical Details for Hive Ransomware

The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks. In a rare occurrence, the FBI has included the link to the leak site where the ransomware gang publishes data stolen from companies that did not pay. Hive ransomware relies on a diverse set of tactics, techniques, and procedures, which makes it difficult for organizations to defend against its attacks, the FBI says. Among the methods that the gang uses to gain initial access and to move laterally on the network, there are phishing emails with malicious attachments and the Remote Desktop Protocol (RDP).

How to Stay Secure from Ransomware Attacks this Labor Day Weekend

Labor Day weekend is just around the corner and, believe it or not, cybercriminals are likely just as excited as you are! Ransomware gangs have nurtured a nasty habit of starting their attacks at the least convenient times: When computers are idle, when employees who might notice a problem are out of the office, and when the IT or security staff who might deal with it shorthanded. They like to attack at night and on weekends, and they love a holiday weekend. Indeed, while many people are looking forward to catching up with friends and family this Labor Day weekend, cybercrime gangs are likely huddling, too, planning to attack somebody. On the last big holiday weekend, Independence Day, attackers using REvil ransomware celebrated with an enormous supply-chain attack on Kaseya, one of the biggest IT solutions providers in the US for managed service providers (MSPs). Threat actors used a Kaseya VSA auto-update to push ransomware into more than 1,000 businesses.

How Ransomware Runs the Underground Economy

The unwanted attention attracted by ransomware attacks recently has caused several of the top cybercrime forums to ban ransomware discussions and transactions on their platforms earlier this year. While some hoped this might have a significant impact on the ability of ransomware groups to organize themselves, the bans only pushed their activity further underground, making it harder for security researchers and companies to monitor it. If anything, the attacks in the months that followed the forum bans then have been more potent and audacious than ever. The truth is that ransomware is the lifeblood of the cybercrime economy and it will take extraordinary measures to put an end to it. The groups coordinating the attacks are highly professionalized and in many ways resemble modern corporate structures with development teams, sales and PR departments, external contractors, and service providers that all get a cut from the illegal proceeds. They even use business lingo in their communications with victims, referring to them as clients who buy their data decryption services.

Cold Wallet, Hot Wallet, or Empty Wallet? What is the Safest Way to Store Cryptocurrency?

In August of 2021, a thief stole about $600 million in cryptocurrencies from The Poly Network. They ended up giving it back, but not because they were forced to. Slightly more than one week later, Japanese cryptocurrency exchange Liquid was hacked and lost $97 million worth of digital coins. These examples of recent news about hacked cryptocurrency exchanges left many investors wondering whether it was still smart to invest in cryptocurrencies and how to keep them safe. We can’t answer the first question for you. I wish I knew. But we can explain the terminology, the methods, and the risks. So you can decide which would be best for you.

CISA Adds Single-Factor Authentication to the List of Bad Practices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the shortlist of “exceptionally risky” cybersecurity practices that could expose critical infrastructure as well as government and private sector entities to devastating cyberattacks. Single-factor authentication is a method of signing in users to websites and remote systems by using only one way of verifying their identity, typically a combination of username and password. It’s considered to be of low security since it heavily relies on “matching one factor — such as a password — to a username to gain access to a system.” But with weak, reused, and common passwords posing a grave threat and emerging a lucrative attack vector, the use of single-factor authentication can lead to unnecessary risk of compromise and increase the possibility of account takeover by cybercriminals.

Cybersecurity Advisory: Top Routinely Exploited Vulnerabilities

This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)— routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021. Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide. However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management
system.

File Upload Security Best Practices Rarely Implemented to Protect Web Applications

Despite a marked increase in concerns around malware attacks and third-party risk, only 8% of organizations with web applications for file uploads have fully implemented the best practices for file upload security, a report from OPSWAT reveals. Most concerning, one-third of organizations with a web application for file uploads do not scan all file uploads to detect malicious files and a majority do not sanitize file uploads with CDR to prevent unknown malware and zero-day attacks. “The hybrid workspace has been driving digital transformation and cloud migration initiatives for a while now, and the rise of cloud services, mobile devices, and remote workers has driven organizations to develop and deploy web applications that enhance the experience for their customers, partners, and employees,” said Benny Czarny, CEO at OPSWAT. “Web applications for file uploads help to streamline their business by making it faster, easier, and less expensive to submit and share documents. Consequently, this adoption has also introduced new attack surfaces that organizations are not effectively protecting.”

Cyberattackers are Now Quietly Selling Off Their Victim’s Internet Bandwidth

Cyberattackers are now targeting their victim’s internet connections to quietly generate illicit revenue following a malware infection. On Tuesday, researchers from Cisco Talos said “proxyware” is becoming noticed in the cybercrime ecosystem and, as a result, is being twisted for illegal purposes. Proxyware, also known as internet-sharing applications, are legitimate services that allow users to portion out part of their internet connection for other devices, and may also include firewalls and antivirus programs. Other apps will allow users to ‘host’ a hotspot internet connection, providing them with cash every time a user connects to it. It is this format, provided by legitimate services including Honeygain, PacketStream, and Nanowire, which is being used to generate passive income on behalf of cyber attackers and malware developers.

Cybercriminal Sells Tool to Hide Malware in AMD, NVIDIA GPUs

Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit (GPU) of a compromised system. While the method is not new and demo code has been published before, projects so far came from the academic world or were incomplete and unrefined. Earlier this month, the proof-of-concept (PoC) was sold on a hacker forum, potentially marking cybercriminals’ transition to a new sophistication level for their attacks.

China’s Microsoft Hack May Have Had a Bigger Purpose Than Just Spying

NPR’s months-long examination of the attack — based on interviews with dozens of players from company officials to cyber forensics experts to U.S. intelligence officials — found that stealing emails and intellectual property may only have been the beginning. Officials believe that the breach was in the service of something bigger: China’s artificial intelligence ambitions. The Beijing leadership aims to lead the world in a technology that allows computers to perform tasks that traditionally required human intelligence — such as finding patterns and recognizing speech or faces. “There is a long-term project underway,” said Kiersten Todt, who was the executive director of the Obama administration’s bipartisan commission on cybersecurity and now runs the Cyber Readiness Institute. “We don’t know what the Chinese are building, but what we do know is that diversity of data, quality of data aggregation, accumulation of data is going to be critical to its success.”

T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks

T-Mobile’s CEO and an individual who claims to be behind the recent hacking of the mobile carrier’s systems have shared some information about how the attack was carried out. In a statement issued on Friday, Mike Sievert, CEO of TMobile, said that while the company’s investigation into the incident was “substantially complete,” he could not share too many technical details due to the criminal investigation conducted by law enforcement. He did, however, share a high-level summary of the attack. “What we can share is that, in simplest terms, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to our testing environments and then used brute force attacks and other methods to make their way into other IT servers that included customer data,” he said. “In short, this individual’s intent was to break in and steal data, and they succeeded.”

DMARC 101: How to Keep Phishing Attacks Out of Your Inbox

You have the latest antivirus program. The firewall is turned on. Passwords are strong and frequently updated. Now you can sleep at night knowing your organization is safe from cyberattacks, right? Well, at least until John from HR decides to log in from a link he received in an email. He probably knew not to click on suspicious emails, but what is considered suspicious? That email could have arrived from your own domain. Attackers can spoof your domain to trick employees or your customers into divulging confidential information or downloading a malicious file attachment. Phishing emails are arriving with smarter baiting tactics, becoming harder to identify. Defenses need to catch up as well. Security teams, especially those responsible for domain integrity, should make sure to correctly implement the three anti-phishing standards: SPF, DKIM, and DMARC.

Increase in Credential Phishing and Brute Force Attacks Causing Financial and Reputational Damage

Abnormal Security released a report which examines the escalating adverse impact of socially engineered and never-seen-before email attacks and other advanced email threats—both financial and reputational—to organizations worldwide. The report surveyed advanced email attacks across eight major industry sectors, including retail and consumer goods; manufacturing; technology; energy and infrastructure services; medical; media and television; finance; and hospitality. 32.5% of all companies were targeted by brute force attacks in early June 2021; 137 account takeovers occurred per 100,000 mailboxes for members of the C-suite; 61% of organizations experienced a vendor email compromise attack this quarter; 22% more business email compromise attacks since Q4 2020; 60% chance of a successful account takeover each week for organizations with 50,000+ employees; 73% of all advanced threats were credential phishing attacks; 80% probability of attack every week for retail and consumer goods, technology, and media and television companies.

See Something/Say Something

The three Missouri Fusion Centers: the St. Louis Fusion Center, the Missouri Information Analysis Center, and the Kansas City Regional Fusion Center have teamed up with the Missouri Office of Homeland Security and P3 to create a Suspicious Cyber Activity Reporting Tool. The Suspicious Cyber Activity Reporting Tool is accessible on the SafeNation App.

Your Weekly DHS/CISA Threat Assessment (Sep …

Press Releases Posted by Data Connectors Newsroom on Sep 3, 2021

Intrusive relatives, major storm systems, and never-ending traffic have all been accredited to the ruin of our most beloved holidays; don’t let a ransomware attack be the most devastating party crasher of all.

With Labor Day weekend rapidly approaching, DHS – CISA released an alert regarding an observed increase in highly impactful ransomware attacks over the holidays and on weekends; strategically when businesses are closed and at their most vulnerable. The exponential rise of ransomware in the last few years continues to be a consistent threat. Protect yourself and your business by reading the Ransomware Awareness for Holidays and Weekends

Summary

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed—in the United States, as recently as the Fourth of July holiday in 2021. The FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday. However, the FBI and CISA are sharing the below information to provide awareness to be especially diligent in your network defense practices in the run-up to holidays and weekends, based on recent actor tactics, techniques, and procedures (TTPs) and cyberattacks over holidays and weekends during the past few months. The FBI and CISA encourage all entities to examine their current cybersecurity posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.

Click here for a PDF copy of this report.

Threat Overview

Recent Holiday Targeting

Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends over the last several months. The FBI and CISA do not currently have specific information regarding cyber threats coinciding with upcoming holidays and weekends. Cybercriminals, however, may view holidays and weekends—especially holiday weekends—as attractive timeframes in which to target potential victims, including small and large businesses. In some cases, this tactic provides a head start for malicious actors conducting network exploitation and follow-on propagation of ransomware, as network defenders and IT support of victim organizations are at limited capacity for an extended time.

• In May 2021, leading into Mother’s Day weekend, malicious cyber actors deployed DarkSide ransomware against the IT network of a U.S.-based critical infrastructure entity in the Energy Sector, resulting in a week-long suspension of operations. After DarkSide actors gained access to the victim’s network, they deployed ransomware to encrypt victim data and—as a secondary form of extortion—exfiltrated the data before threatening to publish it to further pressure victims into paying the ransom demand.
• In May 2021, over the Memorial Day weekend, a critical infrastructure entity in the Food and Agricultural Sector suffered a Sodinokibi/REvil ransomware attack affecting U.S. and Australian meat production facilities, resulting in a complete production stoppage.
• In July 2021, during the Fourth of July holiday weekend, Sodinokibi/REvil ransomware actors attacked a U.S.-based critical infrastructure entity in the IT Sector and implementations of their remote monitoring and management tool, affecting hundreds of organizations—including multiple managed service providers and their customers.

Ransomware Trends

The FBI’s Internet Crime Complaint Center (IC3), which provides the public with a trustworthy source for reporting information on cyber incidents, received 791,790 complaints for all types of internet crime—a record number—from the American public in 2020, with reported losses exceeding $4.1 billion. This represents a 69 percent increase in total complaints from 2019. The number of ransomware incidents also continues to rise, with 2,474 incidents reported in 2020, representing a 20 percent increase in the number of incidents, and a 225 percent increase in ransom demands. From January to July 31, 2021, the IC3 has received 2,084 ransomware complaints with over $16.8M in losses, a 62 percent increase in reporting and 20 percent increase in reported losses compared to the same time frame in 2020.1   The following ransomware variants have been the most frequently reported to FBI in attacks over the last month.

• Conti
• PYSA
• LockBit
• RansomEXX/Defray777
• Zeppelin
• Crysis/Dharma/Phobos

The destructive impact of ransomware continues to evolve beyond encryption of IT assets. Cybercriminals have increasingly targeted large, lucrative organizations and providers of critical services with the expectation of higher value ransoms and increased likelihood of payments. Cybercriminals have also increasingly coupled initial encryption of data with a secondary form of extortion, in which they threaten to publicly name affected victims and release sensitive or proprietary data exfiltrated before encryption, to further encourage payment of ransom. (See CISA’s Fact Sheet: Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches.) Malicious actors have also added tactics, such as encrypting or deleting system backups—making restoration and recovery more difficult or infeasible for impacted organizations.

Although cybercriminals use a variety of techniques to infect victims with ransomware, the two most prevalent initial access vectors are phishing and brute-forcing unsecured remote desktop protocol (RDP) endpoints. Additional common means of initial infection include deployment of precursor or dropper malware; exploitation of software or operating system vulnerabilities; exploitation of managed service providers with access to customer networks; and the use of valid, stolen credentials, such as those purchased on the dark web. Precursor malware enables cyber actors to conduct reconnaissance on victim networks, steal credentials, escalate privileges, exfiltrate information, move laterally on the victim network, and obfuscate command-and-control communications. Cyber actors use this access to:

• Evaluate a victim’s ability to pay a ransom.
• Evaluate a victim’s incentive to pay a ransom to:
  • Regain access to their data and/or
  • Avoid having their sensitive or proprietary data publicly leaked.
• Gather information for follow-on attacks before deploying ransomware on the victim network.

Threat Hunting

The FBI and CISA suggest organizations engage in preemptive threat hunting on their networks. Threat hunting is a proactive strategy to search for signs of threat actor activity to prevent attacks before they occur or to minimize damage in the event of a successful attack. Threat actors can be present on a victim network long before they lock down a system, alerting the victim to the ransomware attack. Threat actors often search through a network to find and compromise the most critical or lucrative targets. Many will exfiltrate large amounts of data. Threat hunting encompasses the following elements of understanding the IT environment by developing a baseline through a behavior-based analytics approach, evaluating data logs, and installing automated alerting systems.

• Understand the IT environment’s routine activity and architecture by establishing a baseline. By implementing a behavior-based analytics approach, an organization can better assess user, endpoint, and network activity patterns. This approach can help an organization remain alert on deviations from normal activity and detect anomalies. Understanding when users log in to the network—and from what location—can assist in identifying anomalies. Understanding the baseline environment—including the normal internal and external traffic—can also help in detecting anomalies. Suspicious traffic patterns are usually the first indicators of a network incident but cannot be detected without establishing a baseline for the corporate network.
• Review data logs. Understand what standard performance looks like in comparison to suspicious or anomalous activity. Things to look for include:
  • Numerous failed file modifications,
  • Increased CPU and disk activity,
  • Inability to access certain files, and
  • Unusual network communications.
• Employ intrusion prevention systems and automated security alerting systems—such as security information event management software, intrusion detection systems, and endpoint detection and response.
• Deploy honeytokens and alert on their usage to detect lateral movement.

Indicators of suspicious activity that threat hunters should look for include:

• Unusual inbound and outbound network traffic,
• Compromise of administrator privileges or escalation of the permissions on an account,
• Theft of login and password credentials,
• Substantial increase in database read volume,
• Geographical irregularities in access and log-in patterns,
• Attempted user activity during anomalous log-on times,
• Attempts to access folders on a server that are not linked to the HTML within the pages of the web server, and
• Baseline deviations in the type of outbound encrypted traffic since advanced persistent threat actors frequently encrypt exfiltration.

See the joint advisory from Australia, Canada, New Zealand, the United Kingdom, and the United States on Technical Approaches to Uncovering and Remediating Malicious Activity for additional guidance on hunting or investigating a network, and for common mistakes in incident handling. Also, review the Ransomware Response Checklist in the CISA-MS-ISAC Joint Ransomware Guide.

Cyber Hygiene Services

CISA offers a range of no-cost cyber hygiene services—including vulnerability scanning and ransomware readiness assessments—to help critical infrastructure organizations assess, identify, and reduce their exposure to cyber threats. By taking advantage of these services, organizations of any size will receive recommendations on ways to reduce their risk and mitigate attack vectors.

Ransomware Best Practices

The FBI and CISA strongly discourage paying a ransom to criminal actors. Payment does not guarantee files will be recovered, nor does it ensure protection from future breaches. Payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of malware, and/or fund illicit activities. Regardless of whether you or your organization decide to pay the ransom, the FBI and CISA urge you to report ransomware incidents to CISA, a local FBI field office, or by filing a report with IC3 at IC3.gov. Doing so provides the U.S. Government with critical information needed to help victims, track ransomware attackers, hold attackers accountable under U.S. law, and share information to prevent future attacks.

Information Requested

Upon receiving an incident report, the FBI or CISA may seek forensic artifacts, to the extent that affected entities determine such information can be legally shared, including:

• Recovered executable file(s),
• Live memory (RAM) capture,
• Images of infected systems,
• Malware samples, and
• Ransom note.

Recommended Mitigations

The FBI and CISA highly recommend organizations continuously and actively monitor for ransomware threats over holidays and weekends.2   Additionally, the FBI and CISA recommend identifying IT security employees to be available and “on-call” during these times, in the event of a ransomware attack. The FBI and CISA also suggest applying the following network best practices to reduce the risk and impact of compromise.

Make an offline backup of your data.

• Make and maintain offline, encrypted backups of data and regularly test your backups. Backup procedures should be conducted on a regular basis. It is important that backups be maintained offline as many ransomware variants attempt to find and delete or encrypt accessible backups.
• Review your organization’s backup schedule to take into account the risk of a possible disruption to backup processes during weekends or holidays.

Do not click on suspicious links.

• Implement a user training program and phishing exercises to raise awareness among users about the risks involved in visiting malicious websites or opening malicious attachments and to reinforce the appropriate user response to phishing and spearphishing emails.

If you use RDP—or other potentially risky services—secure and monitor.

• Limit access to resources over internal networks, especially by restricting RDP and using virtual desktop infrastructure. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources and require MFA. If RDP must be available externally, it should be authenticated via VPN.
• Monitor remote access/RDP logs, enforce account lockouts after a specified number of attempts, log RDP login attempts, and disable unused remote access/RDP ports.
• Ensure devices are properly configured and that security features are enabled. Disable ports and protocols that are not being used for a business purpose (e.g., RDP Transmission Control Protocol Port 3389).
• Disable or block Server Message Block (SMB) protocol outbound and remove or disable outdated versions of SMB. Threat actors use SMB to propagate malware across organizations.
• Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity.
• Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under an established security policy.
• Open document readers in protected viewing modes to help prevent active content from running.

Update your OS and software; scan for vulnerabilities.

• Upgrade software and operating systems that are no longer supported by vendors to currently supported versions. Regularly patch and update software to the latest available versions. Prioritize timely patching of internet-facing servers—as well as software processing internet data, such as web browsers, browser plugins, and document readers—for known vulnerabilities. Consider using a centralized patch management system; use a risk-based assessment strategy to determine which network assets and zones should participate in the patch management program.
• Automatically update antivirus and anti-malware solutions and conduct regular virus and malware scans.
• Conduct regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices. (See the Cyber Hygiene Services section above for more information on CISA’s free services.)

Use strong passwords.

• Ensure strong passwords and challenge responses. Passwords should not be reused across multiple accounts or stored on the system where an adversary may have access.

Use multi-factor authentication.

• Require multi-factor authentication (MFA) for all services to the extent possible, particularly for remote access, virtual private networks, and accounts that access critical systems.

Secure your network(s): implement segmentation, filter traffic, and scan ports.

• Implement network segmentation with multiple layers, with the most critical communications occurring in the most secure and reliable layer.
• Filter network traffic to prohibit ingress and egress communications with known malicious IP addresses. Prevent users from accessing malicious websites by implementing URL blocklists and/or allowlists.
• Scan network for open and listening ports and close those that are unnecessary.
• For companies with employees working remotely, secure home networks—including computing, entertainment, and Internet of Things devices—to prevent a cyberattack; use separate devices for separate activities; and do not exchange home and work content.

Secure your user accounts.

• Regularly audit administrative user accounts and configure access controls under the principles of least privilege and separation of duties.
• Regularly audit logs to ensure new accounts are legitimate users.

Have an incident response plan.

• Create, maintain, and exercise a basic cyber incident response plan that:
  • Includes procedures for response and notification in a ransomware incident and
  • Plans for the possibility of critical systems being inaccessible for a period of time.

Note: for help with developing your plan, review available incident response guidance, such as the Public Power Cyber Incident Response Playbook and the Ransomware Response Checklist in the CISA-MS-ISAC Joint Ransomware Guide.

If your organization is impacted by a ransomware incident, the FBI and CISA recommend the following actions.

• Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected, whether wired or wireless.
• Turn off other computers and devices. Power off and segregate (i.e., remove from the network) the infected computer(s). Power off and segregate any other computers or devices that share a network with the infected computer(s) that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted. Powering off and segregating infected computers from computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists.
• Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.

Immediate Actions You Can Take Now to Protect Against Ransomware

• Make an offline backup of your data.
• Do not click on suspicious links.
• If you use RDP, secure and monitor it.
• Update your OS and software.
• Use strong passwords.
• Use multi-factor authentication.

Additional Resources

For additional resources related to the prevention and mitigation of ransomware, go to https://www.stopransomware.gov as well as the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. Stopransomware.gov is the U.S. Government’s new, official one-stop location for resources to tackle ransomware more effectively. Additional resources include:

• • CISA Insights: Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses
  • CISA: Cyber Essentials
  • NIST SP 800-83 Rev. 1: Guide to Malware Incident Prevention and Handling for Desktops and Laptops
  • NIST SP 800-46 Rev. 2: Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security

CISA Alert: Ransomware Awareness for Holida …

Hot Topics in Cybersecurity Posted by Michael Hiskey on Sep 1, 2021

Stay tuned for this update each week. This is a joint cybersecurity weekly product from the Missouri Information Analysis Center, St. Louis Fusion Center, Kansas City Regional Fusion Center and the Missouri Office of Homeland Security.

Businesses Fall Victim to Ransomware Despite Precautions

According to a new survey of 200 decision makers in businesses that had suffered a ransomware attack since 2019, more than half of victims had received anti-phishing training and 49 percent had perimeter defenses in place at the time of attack. The study conducted by Sapio Research for Cloudian finds that phishing continues to be one of the easiest paths for ransomware, with 24 percent of attacks starting this way. Phishing succeeds despite the fact that 54 percent of all respondents and 65 percent of those that reported it as the entry point have conducted anti-phishing training for employees. The public cloud is the most common point of entry for ransomware, with 31 percent of respondents being attacked this way. One an attack is under way things happen quickly, 56 percent of survey respondents report that attackers were able to take control of their data and demand a ransom within just 12 hours, and another 30 percent say it happened within 24 hours.

Success of Ransomware Attacks Shows the State of Cybersecurity

According to a new study of over 1,000 enterprise IT professionals around the world, 40 percent of organizations confirm they have fallen victim to a phishing attack in the last month, with 74 percent experiencing one in the last year. The research from automation platform Ivanti also shows that 80 percent of respondents say they have witnessed an increase in volume of phishing attempts, with 85 percent saying those attempts are getting more sophisticated. In addition, 73 percent of respondents say that their IT staff have been targeted by phishing attempts, and 47 percent of those attempts were successful. Asked about the causes of successful attacks, 37 percent of respondents cite a lack of both technology and employee understanding. However, 34 percent blame successful attacks on a lack of employee understanding. While 96 percent of IT professionals report that their organization offers cybersecurity training to teach employees about common attacks like phishing and ransomware, only 30 percent of respondents say that 80-90 percent of employees have completed the training.

SonicWall: ‘Imminent’ Ransomware Attack Targets Older Products

The attack exploits a known vulnerability that was fixed in new versions of firmware released this year. SonicWall is alerting users to an “imminent” ransomware attack targeting Secure Mobile Access (SMA) 100 series and the older Secure Remote Access (SRA) series running unpatched and end-of-life (EOL) 8.x firmware. The campaign is using stolen credentials, the company reports, and the exploitation targets a known vulnerability that has been patched in newer versions of the firmware. Businesses using a range of EOL SMA and/or SRA devices running firmware 8.x should update their firmware or disconnect their devices, as per guidance SonicWall outlines in an advisory. As an additional mitigation, SonicWall advises organizations using SMA or SRA devices to reset all credentials associated with them, as well as for any other devices and systems that use the same credentials.

Who is Responsible for Guarding Against Software Supply Chain Attacks? Who Knows!

Software supply chain attacks like that on SolarWinds have become more of a threat in recent months. But when it comes to defending against them businesses can’t decide who is responsible according to a new report. The study from machine identity management company Venafi is based on the opinions of over 1,000 information security professionals, developers and executives in the IT and software development industries. It finds that 97 percent agree that the techniques and procedures used to attack SolarWinds software development environment will be reused in new attacks this year. But despite this certainty, there is no agreement between security and development teams on where responsibility for improving security in the software build and distribution environments should lie.

57% of Reported Incidents are Caused by Insiders

Insider data breaches were the top cause of data and cybersecurity incidents reported in the first quarter of 2021, according to the ICO. 57% of reported incidents were caused by insiders, with over 1,000 incidents reported in the first three months of 2021. Misdirected email was behind most of the incidents, with over 400 reports. Phishing was the second-biggest named cause, with over 200 incidents caused by employees falling for malicious emails. For the fourth quarter running, healthcare was the hardest hit, with over 420 reported incidents in just three months, while financial services was the industry targeted with the most phishing attacks.

Half of Organizations are Ineffective at Countering Phishing and Ransomware Threats

Half of US organizations are not effective at countering phishing and ransomware threats, Osterman Research research reveals. The findings come from a study compiled from interviews with 130 cybersecurity professionals in mid-sized and large organizations. “Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,” said Jon Clay, VP of threat intelligence for Trend Micro. “Organizations need multi-layered defenses in place to mitigate these risks.” The study asked respondents to rate their effectiveness in 17 key best practice areas related to ransomware and phishing, ranging from protecting endpoints from malware infection to ensuring prompt patching of all systems.

Five Critical Password Security Rules Your Employees Are Ignoring

Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security’s Workplace Password Malpractice Report sought to find out. In February 2021, Keeper surveyed 1,000 employees in the U.S. about their work-related password habits — and discovered that a lot of remote workers are letting password security go by the wayside. Here are 5 critical password security rules they’re ignoring.

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed “Diicot brute,” the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to facilitate the intrusions, Bitdefender researchers said in a report published last week. While the goal of the campaign is to deploy Monero mining malware by remotely compromising the devices via brute-force attacks, the researchers connected the gang to at least two DDoS botnets, including a Demonbot variant called chernobyl and a Perl IRC bot, with the XMRig mining payload hosted on a domain named mexalz[.]us since February 2021.

When ‘Later’ Never Comes: Putting Small Business Cybersecurity First

Small- and medium-sized businesses can be victims of digital attacks as much as global ones can. In fact, 88% of small business owners think they’re open to a cyberattack. In response, startups must allocate time and resources to getting the right small business cybersecurity measures, right? If only business realities were that simple. Let’s talk about startup culture for a second. What do you envision when you hear ‘startup’? Mark Zuckerberg, Silicon Valley, cold brew on tap, standing desks and a race to the finish line? You probably don’t think about late nights obsessing about small business cybersecurity. And therein lies the problem.

FragAttacks: Everything You Need to Know

A cybersecurity researcher discovered a new category of Wi-Fi vulnerabilities recently. But the surprising news is that this new category is actually very old. Called FragAttacks, these 12 Wi-Fi vulnerabilities have existed since the late 90s. But they’re new to the cybersecurity world because people only recently discovered and described them. Researchers unveiled the details on May 12, some nine months after discovery. The researchers will present their work at the USENIX Security conference at Black Hat USA in late July and early August.

Is Cryptocurrency-Mining Malware Due for a Comeback?

The world is now focused on ransomware, perhaps more so than any previous cybersecurity threat in history. But if the viability of ransomware as a criminal business model should decline, expect attackers to quickly embrace something else – but what? We’ve been here before. In late 2017, driven by a surge in bitcoin’s value, many criminals shifted from using ransomware, which at the time was typically spread via drive-by downloads and spam attacks, to using the same tactics to instead spread cryptocurrency-mining malware. Attackers don’t seem to prioritize any given approach over another. Or at least if there was a cult devoted to the first type of ransomware ever seen in the wild – the AIDS Trojan, which in 1989 began spreading via floppy disk – any lingering adherents would be in dire need of a day job.

Toddler Mobile Banking Malware Surges Across Europe

Researchers have provided a deep dive into Toddler, a new Android banking Trojan that is surging across Europe. In a report shared with ZDNet, the PRODAFT Threat Intelligence (PTI) team said that the malware, also known as TeaBot/Anatsa, is part of a rising trend of mobile banking malware attacking countries, including Spain, Germany, Switzerland, and the Netherlands. Toddler was first disclosed by Cleafy following its discovery in January. While still under active development, the mobile Trojan has been used in attacks against the customers of 60 European banks. In a report shared with ZDNet, the PRODAFT Threat Intelligence (PTI) team said that the malware, also known as TeaBot/Anatsa, is part of a rising trend of mobile banking malware attacking countries, including Spain, Germany, Switzerland, and the Netherlands. Toddler was first disclosed by Cleafy following its discovery in January. While still under active development, the mobile Trojan has been used in attacks against the customers of 60 European banks.

Cybercriminals Customizing Malware for Attacks on Virtual Infrastructure

Cyber incidents continue to rise, ransomware accounts for nearly two-thirds of all malware attacks, and more cybercriminals are customizing malware for attacks on virtual infrastructure, Positive Technologies finds. According to the research, the number of attacks increased by 17% compared to Q1 2020, with 77% being targeted attacks, and incidents with individuals accounting for 12% of the total. Cybercriminals attacked government institutions, industrial companies, scientific organizations, and educational institutions the most. Their main targets are personal data and credentials, and attacks on organizations are also aimed at stealing commercial secrets.

IoT Malware Attacks Rose 700% During the Pandemic

Zscaler released a study examining the state of IoT devices left on corporate networks during a time when businesses were forced to move to a remote working environment. The report analyzed over 575 million device transactions and 300,000 IoT-specific malware attacks blocked over the course of two weeks in December 2020 – a 700% increase when compared to pre-pandemic findings. These attacks targeted 553 different device types, including printers, digital signage and smart TVs, all connected to and communicating with corporate IT networks while many employees were working remotely during the COVID-19 pandemic. The research team identified the most vulnerable IoT devices, most common attack origins and destinations, and the malware families responsible for the majority of malicious traffic to better help enterprises protect their valuable data.

CISA Alerts and Announcements for this week:

Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department: Review here

Your Weekly DHS/CISA Threat Assessment (Jul …

Hot Topics in Cybersecurity Posted by Data Connectors Newsroom on Jul 28, 2021

Data Connectors Capital Regional Virtual Cybersecurity Summit to Host USSS Global Investigative Operations Center 

WASHINGTON, D.C. – JUNE 17, 2021 Data Connectors, representing the largest cybersecurity community in North America, will be hosting the US Secret Service’s Global Investigative Operations Center’s (GIOC) Romance Scam Symposium at the Capital Region Virtual Cybersecurity Summit on June 24.

This symposium will draw attention to the record-breaking cash spent in romance scams in 2020; the Federal Trade Commission stated that $304 million was spent last year and nearly $1 billion in the last five years.

For the Secret Service’s GIOC, raising awareness of romance scams is a crucial part of fighting them. Their primary mission in hosting this joint symposium is to shine a light on the massive impact on both the victims and on our country.

“The Secret Service and our many partners across both the private and governmental sectors, work diligently to protect our citizens from criminals who would seek to enrich themselves by extorting the most vulnerable in our society” said Stephen Dougherty, Forensic Financial Analyst for the Secret Service. “These scammers should know that their actions carry real consequences, both for their victims and for themselves, and that there are dedicated agents, analysts and prosecutors who will go above and beyond to find them, identify them and hold them accountable for their crimes.”

This event will feature speakers from the Secret Service, AARP, Lincoln Financial and Agari.

“The cost of romance scams are two-fold  — of course you consider the financial toll on the victims, but there is also a tremendous emotional impact. These criminals are growing trust with vulnerable people, getting their banking passwords and using them for the most nefarious purposes,” said Amy Nofziger of AARP. “And while this is growing in numbers across demographics, retired Americans are among the most common victims of these crimes.”

Leading up to this symposium is the Capital Region Virtual Cybersecurity Summit, which will take place on Wednesday and Thursday, June 23-24, which provides senior executives in the area education regarding new solutions, as well as the latest updates and challenges in the  industry. Leaders from law enforcement agencies team with Chief Information Security Officers (CISOs) from the private sector to offer industry-leading presentations and discussions.

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Cisco, Cloudflare, Proofpoint, Attivo Networks, ActZero and Auth0 and many more.

The Summit will take place over two days, Wednesday and Thursday, June 23-24 at 8:00 a.m. ET on both days, with the GIOC Symposium on the 24th starting at 2 p.m. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation.

More information can be found at dataconnectors.com/romance

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Secret Service Romance Scam Symposium to Hi …

Press Releases Posted by Jen Greco on Jun 17, 2021

The two countries boast the world’s longest land border, but when it comes to cybersecurity, the United States and Canada share so much more.

In a Q&A session, broadcast on LinkedIn Live on Monday, May 10, I was joined by Special Agent Eric Adams of the U.S. Secret Service from the Vancouver Field Office, where we discussed the agency’s mission in its dealings with Canada.

Adams will be holding a joint keynote session with Sergeant Graeme Sloane of the Calgary Police Service where they discuss the partnership between the agencies to ensure the safety of their citizens. During this special session, the speakers will be live and interacting with the Summit audience by answering your questions.

Have you gotten a chance to claim your spot for this talk? Register for the Canada West Virtual Cybersecurity Summit. Then, be sure to log in on Wednesday, May 12 by 12:20 p.m. PDT so you can catch this informative session.

During yesterday’s livestream, Adams delved into the role of the Secret Service  — beyond the typical mission of protecting the president.

“The mission of the Secret Service, both domestically and abroad, is the same.  And that mission is to safeguard the nation’s payment systems and overall financial infrastructure, which helps us to preserve the integrity of the economy,” Adams said during the live session.  “We’re able to accomplish this in our foreign offices by working with the world’s law enforcement community  by developing and forging partnerships and by providing guidance and expertise to safeguard those financial infrastructures through what we call a cross-border partnership.”

Did you miss the LinkedIn Live session? Catch the recording on the Data Connectors LinkedIn page. And, be sure to follow us so you don’t miss out on more of these live sessions with experts from across the industry.

Sneak Preview: Security Across Borders with …

Virtual Events Posted by Jen Greco on May 11, 2021

Weekly Partner Roundup: The Data Edition

Industry News Posted by Jen Greco on Mar 26, 2021