US public and private organizations (CISA and Mandiant, respectively) have warned that healthcare organizations are under an increasing threat from ransomware. The strains deployed are usually Conti and (especially) Ryuk; the perpetrators are Russophone gangsters, not spies. "Brazen," Ars Technica calls them.
US hospitals have been notably affected by ransomware, but it's not solely a US problem: the Montreal Gazette reports that various targets in Québec have been hit, including non-healthcare targets in the transportation and law enforcement sectors. Montréal's Jewish General Hospital has been hit with a cyberattack the hospital's administrator says wasn't ransomware, but his conclusion was based on the fact that no extortion demand had (yet) been received.
Cloudflare's COO Michelle Zatlyn offers an interesting metaphor as she looks at the future of cybersecurity: it's moving toward a "water treatment model," she told Business Insider's inaugural tech executive roundtable.
The Harvard Business Review reminds business leaders that cyber insurance policies may have war clauses that exclude coverage for state-sponsored attacks. And Corporate Counsel tells attorneys that lawyers play an important risk management role (but should mind their lanes).
Two more former eBayers took guilty pleas yesterday in a Massachusetts cyberstalking case. A former Senior Manager of Special Operations for eBay’s Global Security Team and the former manager of eBay’s Global Intelligence Center, pleaded guilty to conspiracy to commit cyberstalking and conspiracy to tamper with witnesses. This brings the total of guilty pleas to five; two other former eBayers in the eCommerceBytes harassment case have yet to plead.