Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Showing posts with label US. Show all posts

OpenAI Limits GPT-5.6 Release While U.S. Reviews AI Safety

 



OpenAI has postponed the extensive public rollout of its latest frontier artificial intelligence model, GPT-5.6, after the U.S. government requested an opportunity to examine the technology before it reaches a wider audience. Rather than making the model immediately available to all users, the company will begin with a restricted deployment involving a small number of carefully vetted partners whose identities have been disclosed to federal authorities.

The temporary decision surfaces an increasingly cautious approach toward highly capable AI systems as governments evaluate their potential impact on national security. Policymakers have become more concerned that advanced generative AI models, while offering substantial benefits across research, software development and cybersecurity, could also be exploited to support sophisticated cyberattacks, automate vulnerability discovery, generate convincing phishing campaigns or assist other malicious activities if deployed without adequate safeguards.

According to OpenAI, the limited rollout is intended to provide government officials with an opportunity to study the model's capabilities and assess possible security risks before broader public access is granted. The company said it has already briefed the U.S. government on GPT-5.6 and its expected capabilities and described the current arrangement as an interim measure while it works with Washington to establish a more structured framework for releasing future frontier AI models.

Chief Executive Officer Sam Altman publicly expressed support for rigorous safety evaluations but questioned whether government agencies should determine which organizations receive early access. In a post on X, Altman said extensive testing of advanced AI systems is appropriate, while arguing that customer selection should remain outside government control.

The latest development follows an executive order signed earlier this month by President Donald Trump establishing a voluntary process under which developers of designated "covered frontier models" may provide the U.S. government with access to their systems for up to 30 days before they are released to trusted external partners. The initiative is designed to give officials time to evaluate emerging security concerns and strengthen oversight of increasingly capable AI technologies before wider deployment.

OpenAI stated that restricting access during this initial period represents what it believes is the most practical route toward making GPT-5.6 more broadly available in the coming weeks while discussions continue with the Administration on implementing the cyber-focused executive order and developing a repeatable review process for future launches.

The company added that engineering teams will continue conducting extensive safety evaluations and work closely with early partners throughout the testing phase. At the same time, OpenAI cautioned that the current level of government access should remain a temporary measure rather than becoming a permanent requirement for future AI releases. It also declined to identify the organizations participating in the initial rollout.

OpenAI further warned that prolonged restrictions on access to frontier AI systems could slow innovation across multiple sectors. The company noted that developers, businesses, cybersecurity professionals and international collaborators all rely on access to advanced models to build defensive security tools, strengthen research, develop enterprise applications and accelerate responsible AI adoption.

Leading the new product family is GPT-5.6 Sol, which OpenAI describes as its most capable model to date. The release also includes Terra, positioned as a mid-range model, and Luna, a lower-cost alternative intended to make advanced AI capabilities available at a lower price point across a wider range of use cases.

The government's heightened scrutiny extends beyond OpenAI. Earlier this month, Anthropic was instructed by U.S. authorities to suspend access to its frontier AI models for foreign nationals because of national security concerns. The company continues to face an ongoing legal and regulatory dispute with the government over those restrictions, illustrating the growing debate surrounding oversight of advanced artificial intelligence systems.

The developments come as both OpenAI and Anthropic have confidentially submitted paperwork for U.S. initial public offerings. Separately, The New York Times reported that OpenAI is considering postponing its public market debut until next year.

The developing relationship between AI developers and governments illustrates how the deployment of frontier models is becoming closely linked with cybersecurity and national security policy. While companies continue to pursue increasingly powerful AI capabilities, regulators are placing greater emphasis on evaluating how these systems could influence cyber defense, critical infrastructure protection and the misuse of AI by malicious actors before they are released at scale.

Play Gang Claims Responsibility for MyPillow Hack, Company CEO Denies the Breach


The US military has always known that threat actors could use location data to spy on troops’ devices. The military also knows the easy solutions for the problem. But the Pentagon implemented none of these security measures. 

Recently, CySecurity reported that threat actors were using digital advertising data to attack US soldiers in war zones. The US law enforcement recently warned about the “anti-tech” extremism because the AI criticism was growing in the country.

Play gang takes responsibility 

The Play ransomware hacking group claimed the data theft behind the US pillow manufacturer called MyPillow. It stole personal and private confidential data from the victim. 

About the target

MyPillow was founded by 2020 Minnesota gubernatorial candidate and 220 election conspiracy theorist Mike Lindell.

The stolen data claim first surfaced on Play’s blog recently, it threatened that it was able to steal an unknown amount of information which may be exposed soon which may leak “"private and personal confidential data, clients and etc. documents, budget, payroll, IDs, taxes, finance information."

The claim, which appeared on Play's dark web leak portal earlier this week, threatens that an undeclared amount of data will be released on Friday, potentially exposing "private and personal confidential data, clients and etc. documents,budget, payroll, IDs, taxes, finance information."

High profile case

Straight Arrow News first reported about the incident. But MyPillow’s high-profile CEO Mike Lindell has denied claims of any ransomware attack which happened at all.

MyPillow was a lucrative victim for the threat actors, as Lindell’s role in pumping the controversial claims that the 2020 US presidential campaign was rigged against the now President Donald Trump.

According to Straight Arrow News, Lindell claimed in a recent interview on his website, Lindell TV, that political attacks during the previous few years cost MyPillow $400 million in damages. 

What next?

Lindell stated that he will submit an application for reimbursement from Trump's $1.8 billion "Anti-Weaponization Fund," which was established as part of Trump's settlement of an Internal Revenue Service lawsuit. 

The settlement, according to critics, offered Trump a slush fund to compensate rioters on January 6 and other individuals who have spread election conspiracy theories.

Whether MyPillow was hacked is not confirmed at the time of writing. The company denies the claim, whereas Play gang takes responsibility.

Hackers Use Phone Location Data to Attack US Military Personnel

Hackers Use Phone Location Data to Attack US Military Personnel

Threat actors are targeting U.S. military personnel deployed in active war zones, exploiting commercially available location data. 

This shows how the global surveillance economy (digital targeted advertising) affects battlefield security. 

Location data exposing military location

The US Central Command (Centcom) confirmed this attack and said, "multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater."

Details about the incident

This alarming development was shared with Reuters by Senator Ron Wyden, but no particular detail about the incident was offered. 

But Centcom’s operation area consists of the Gulf, where the US forces are at war with the Iranian military. This is the first time that US forces have confirmed it is being targeted in an active war zone with the help of digital ads that are exposing location data. 

Officials’ statements

According to Pentagon and the US lawmakers, “"commercial location data can be used to identify where U.S. troops congregate and their pattern of life, which can be exploited by adversaries to target attacks such as missiles, drones, and roadside bombs, and for counterintelligence."

Lawmakers warned that "commercial location data can be used to identify where U.S. troops congregate and their pattern of life, which can be exploited by adversaries to target attacks such as missiles, drones, and roadside bombs, and for counterintelligence."

The risk of digital advertising targeting in wars

Senator Wyden has warned that it is time to “"start treating the adtech industry as a national security threat." 
The problem has again exposed the underlying privacy threats concerning location data, which is the foundation of digital advertising.

The Pentagon did not return messages seeking comment, and lawmakers' efforts to obtain more information from military officials about the targeting reports.

Attack tactic

The location data is retrieved by apps through smartphones or service providers. For instance, a third-party sometimes collects the data which is sold on the web for advertising purposes.

The privacy threats of selling personal location data is not new. In 2016, a US defense contract bought commercially available location data to trace special ops forces from their domestic bases to a private staging post in Syria, according to a Wall Street Journal (WSJ) report. 

Recently, reporters from two German news outlets and the Wired used billions of coordinates from a data broker to leak detailed locations of individuals near eleven US military sites in Germany. 

The US lawmakers wrote a letter to the Pentagon which argued that military officials should act faster to protect military personnel, as their location is sometimes exposed due to the complex location data trade market.

The US lawmakers have suggested to:
  1. Disable location sharing on field smartphones
  2. Shifting military staff away from Google Chrome in favour of privacy focused browsers.
  3. Turn off digital advertising on military devices.

The impact

Advertising groups such as the Association of National Advertisers and the Interactive Advertising Bureau have not responded to any questions or comments.

North Carolina Republican and former U.S. Army Special Forces officer, representative Pat Harrigan, co-signed the letter, saying that browsers such as Google Chrome “are built from the ground up to collect and share user data. every day they remain on government-issued devices is another day we are handing our adversaries a weapon against our own troops.”

Responding to the statement, Google said that its browser has “industry-leading security" and has "long advocated for stronger rules and safeguards against data brokers."

U.S. Lawmakers Press Telecom Providers for More Action Against Growing Scam Epidemic

 



A congressional committee is seeking answers from some of the largest telecommunications providers in the United States as financial losses linked to scams continue to rise across the country.

The inquiry comes from the Joint Economic Committee, whose leadership has asked major wireless carriers AT&T, Verizon, and T-Mobile to provide details about the measures they use to detect, monitor, and disrupt fraudulent activity occurring across their networks.

In a letter sent to the companies, committee chairman David Schweikert and ranking member Maggie Hassan said consumers should be able to trust the phone calls and text messages they receive from legitimate sources such as schools, healthcare providers, and other essential services. However, they noted that scam messages have become increasingly convincing, making it harder for people to distinguish fraudulent communications from authentic ones. The lawmakers argued that too much responsibility currently falls on consumers to identify suspicious activity on their own.

As part of the request, the committee is seeking information about how telecom providers gather intelligence on scams, monitor cybercrime-related activity, and respond to malicious actors who abuse communication networks to target the public.

The congressional review reflects broader concern in Washington over the rapid growth of cyber-enabled fraud. Scam operations have become a significant economic issue in recent years, with estimates indicating that Americans lost roughly $200 billion to various forms of fraud and cybercrime during 2024. Criminal groups increasingly use text messages, phone calls, social engineering techniques, and online platforms to reach potential victims at scale.

Telecommunications companies are not the only organizations facing scrutiny. Lawmakers have also examined the role played by satellite internet providers, online dating services, artificial intelligence firms, data brokerage companies, and federal agencies in either facilitating, detecting, or responding to cyber-enabled scams.

Efforts to address fraudulent communications are not new. In 2019, Congress passed the TRACED Act, legislation designed to curb robocalls and caller ID spoofing. The law, together with actions by the Federal Communications Commission, required major carriers to implement caller authentication technologies intended to help verify the origin of calls and improve investigators' ability to identify criminal operators.

Despite those measures, scam campaigns continue to reach consumers in large numbers. Security experts have repeatedly noted that many fraud networks operate across international borders, making enforcement and disruption efforts more difficult.

Industry data highlights both the scale of telecom intervention and the persistence of the problem. According to CTIA, wireless providers blocked approximately 55 billion spam and scam text messages during 2024 while also flagging or blocking around 45 billion suspected scam calls each year. Yet fraudulent communications continue to bypass filtering systems and reach consumers.

Additional industry estimates suggest the volume remains substantial. Robocall monitoring company YouMail reported that Americans received more than 50 billion robocalls during 2025. Separate data from RoboKiller indicated that spam text traffic exceeded 19 billion messages per month throughout 2024.

Federal Trade Commission statistics further illustrate the role of telecommunications channels in scam activity. The agency's data shows that text messages were among the most commonly reported methods used by scammers to contact victims, while phone calls also ranked near the top of reported contact methods.

Industry representatives argue that telecom providers are actively engaged in combating the problem. Josh Bercu, senior vice president of policy at USTelecom, said companies support scam prevention efforts through call traceback programs, disruption of unlawful activity, and cooperation with law enforcement investigations. He added that addressing fraud requires coordination across multiple industries rather than action from a single sector alone.

At the same time, some telecommunications providers have introduced paid security-focused services, including advanced call-filtering tools and branded caller identification features. These offerings aim to provide customers with additional protection against unwanted communications.

Consumer advocates, however, believe stronger incentives may be necessary to encourage broader action. Eden Iscil of the National Consumers League argued that companies may not implement the fullest possible protections unless greater accountability or financial consequences are attached to failures in consumer protection.

The discussion reflects a larger challenge facing governments, technology companies, and telecom providers worldwide. As scammers adopt increasingly sophisticated tactics and make greater use of automation, artificial intelligence, and stolen personal data, organizations responsible for digital communications face mounting pressure to strengthen detection systems while ensuring legitimate messages continue to reach consumers without disruption.

Threat Actors Hit Iranian Sites and Apps After the US-Israel Strike


A series of cyber attacks happened last week during the U.S- Israel attack on targets throughout Iran. 

The cyberattacks included hijacking the various news sites to show messages and also hacking BadeSaba, a religious calendar application over 5 million downloads, which showed messages warning users “It’s time for reckoning” and telling armed forces to give up and quit. 

The U.S Cyber Command spokesperson didn't comment on the issue. 

Internet connectivity in Iran has dropped significantly at 0706 GMT, with minimum connectivity remaining, according to Kentik’s director of internet analysis. It was a smart move to launch a cyberattack on BadeSaba as pro-government people use it and are more religious, said Hamid Kashfi, a security expert and founder of DarkCell, a cybersecurity firm. 

Cyberattacks also hit various Iranian military targets and government services to restrict a coordinated Iranian response, according to the Jerusalem Post. Reuters hasn't verified the claims yet. Sophos director of threat intelligence said that “As Iran considers its options, ‌the likelihood increases that proxy groups and hacktivists may take action, including cyberattacks, against Israeli and U.S.-affiliated military, commercial, or civilian targets,” said Rafe Pilling, the director of threat intelligence with cybersecurity firm.”

These cyber operations may include old data breaches reported as new, vain efforts to breach interne-exposed industrial systems, and may also redirect offensive cyber operations. 

Cynthia Kaiser, a senior vice president at the anti-ransomware company Halcyon and a former top FBI cyber official, stated that activity has escalated in the Middle East. 

According to Kaiser, the company has also received calls to action from well-known pro-Iranian cyber personalities who have previously carried out ransomware attacks, hack-and-leak operations, and distributed denial-of-service (DDoS) attacks, which overload internet services and make them unavailable. He stated, "CrowdStrike is already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating DDoS attacks.”

Experts also believe that state-sponsored Iranian hacking gangs already launched “wiper “ attacks that remove data on Israeli targets before the strikes. 

Apart from a brief disruption of services in Tirana, the capital of Albania, there was little indication of the disruptive cyberattacks frequently mentioned during discussions about Iran's digital capabilities in June following the U.S. strike on Iranian nuclear targets, according to media sources.

U.S. Agencies Consider Restrictions on TP-Link Routers Over Security Risks

 



A coordinated review by several federal agencies in the United States has intensified scrutiny of TP-Link home routers, with officials considering whether the devices should continue to be available in the country. Recent reporting indicates that more than six departments and agencies have supported a proposal recommending restrictions because the routers may expose American data to security risks.

Public attention on the matter began in December 2024, when major U.S. outlets revealed that the Departments of Commerce, Defense and Justice had opened parallel investigations into TP-Link. The inquiries focused on whether the company’s corporate structure and overseas connections could create opportunities for foreign government influence. After those initial disclosures, little additional information surfaced until the Washington Post reported that the proposal had cleared interagency review.

Officials involved believe the potential risk comes from how TP-Link products collect and manage sensitive information, combined with the company’s operational ties to China. TP-Link strongly disputes the allegation that it is subject to any foreign authority and says its U.S. entity functions independently. The company maintains that it designs and manufactures its devices without any outside control.

TP-Link was founded in Shenzhen in 1996 and reorganized in 2024 into two entities: TP-Link Technologies and TP-Link Systems. The U.S. arm, TP-Link Systems, operates from Irvine, California, with roughly 500 domestic employees and thousands more across its global workforce. Lawmakers previously expressed concern that companies with overseas operations may be required to comply with foreign legal demands. They also cited past incidents in which compromised routers, including those from TP-Link, were used by threat actors during cyber operations targeting the United States.

The company has grown rapidly in the U.S. router market since 2019. Some reports place its share at a majority of consumer sales, although TP-Link disputes those figures and points to independent data that estimates a smaller share. One industry platform found that about 12 percent of active U.S. home routers are TP-Link devices. Previous reporting also noted that more than 300 internet providers distribute TP-Link equipment to customers.

In a separate line of inquiry, the Department of Justice is examining whether TP-Link set prices at levels intended to undercut competitors. The company denies this and says its pricing remains sustainable and profitable.

Cybersecurity researchers have found security flaws in routers from many manufacturers, not only TP-Link. Independent analysts identified firmware implants linked to state-sponsored groups, as well as widespread botnet activity involving small office and home routers. A Microsoft study reported that some TP-Link devices became part of password spray attacks when users did not change default administrator credentials. Experts emphasize that router vulnerabilities are widespread across the industry and not limited to one brand.

Consumers who use TP-Link routers can reduce risk by updating administrator passwords, applying firmware updates, enabling modern encryption such as WPA3, turning on built-in firewalls, and considering reputable VPN services. Devices that no longer receive updates should be replaced.

The Department of Commerce has not issued a final ruling. Reports suggest that ongoing U.S. diplomatic discussions with China could influence the timeline. TP-Link has said it is willing to improve transparency, strengthen cybersecurity practices and relocate certain functions if required. 

ICE Uses Fake Tower Cells to Spy on Users

Federal contract to spy

Earlier this year, the US Immigration and Customs Enforcement (ICE) paid $825,000 to a manufacturing company that makes vehicles installed with tech for law enforcement, which also included fake cellphone towers called "cell-site" simulators used to surveil phones. 

The contract was made with a Maryland-based company called TechOps Specialty Vehicles (TOSV). TOSV signed another contract with ICE for $818,000 last year during the Biden administration. 

The latest federal contract shows how few technologies are being used to support the Trump administration's crackdown on deportation. 

In September 2025, Forbes discovered an unsealed search warrant that revealed ICE used a cell-site simulator to spy on a person who was allegedly a member of a criminal gang in the US, and was asked to leave the US in 2023.  Forbes also reported on finding a contract for "cell site simulator." 

About ICE

Cell-site simulators were also called "stingrays." Over time, they are now known as International Mobile Subscriber Identity (IMSI) catchers, a unique number used to track every cellphone user in the world.

These tools can mimic a cellphone tower and can fool every device in the nearby range to connect to the device, allowing law enforcement to identify the real-world location of phone owners. Few cell-site simulators can also hack texts, internet traffic, and regular calls. 

Authorities have been using Stingray devices for more than a decade. It is controversial as authorities sometimes don't get a warrant for their use. 

According to experts, these devices trap innocent people; their use is secret as the authorities are under strict non-disclosure agreements not to disclose how these devices work. ICE has been infamous for using cell-site simulators. In 2020, a document revealed that ICE used them 466 times between 2017 and 2019. 

DHS Data Sharing Error Left Sensitive Intelligence Open to Thousands

 



A technology mishap inside the U.S. Department of Homeland Security (DHS) briefly left sensitive intelligence records open to people who were never supposed to see them. The issue, which lasted for several weeks in 2023, involved the Homeland Security Information Network (HSIN) — a platform where intelligence analysts share unclassified but sensitive reports with select government partners.

The restricted section of HSIN, known as HSIN-Intel, is designed for law enforcement agencies and national security officials who require access to intelligence leads and analyses. However, due to a misconfiguration, access controls were set incorrectly, making the files visible to the entire network rather than just the authorized users. As a result, thousands of individuals, including government employees in unrelated departments, private contractors, and even some foreign officials were able to view materials meant for a much smaller audience.

An internal review later revealed that 439 intelligence products were exposed during this period, with unauthorized users opening them more than 1,500 times. While many of the users were from within the United States, the inquiry confirmed that several foreign accounts also accessed the data. Nearly 40 percent of the leaked material related to cybersecurity, including reports on state-sponsored hacking groups and foreign attempts to infiltrate government IT systems. Other exposed content included law enforcement tips, assessments of disinformation campaigns, and files mentioning protest activity within the United States.

DHS acted quickly to fix the technical error once it was discovered. The department later stated that oversight bodies determined no serious harm resulted from the incident. Yet not all officials agreed with this conclusion. The internal memo describing the incident argued that personally identifiable information, such as details connected to U.S. citizens had been exposed and that the impact might have been greater than DHS initially suggested. The document recommended additional training for staff to ensure stronger protection of personal data.

Privacy experts point out that the incident raises wider concerns about domestic surveillance practices. When government agencies collect and store intelligence on Americans, even unclassified data, errors in handling it can create risks for both national security and individual privacy. Critics argue that such leaks highlight the need for stronger oversight and accountability, especially as legislative efforts to reform DHS’s intelligence powers continue in Congress.

Although DHS maintains that the exposure was contained and promptly resolved, the episode underlines how technical flaws in sensitive systems can have unintended consequences. When security tools are misconfigured, information meant for a limited circle of analysts can spread far beyond its intended audience. For citizens and policymakers alike, the event is a reminder of the delicate balance between gathering intelligence to protect the country and ensuring that privacy and civil liberties are not compromised in the process.



UnitedHealth Cyberattack Becomes Largest Health Data Breach in History

 



The recent cyberattack on UnitedHealth has now been confirmed as the biggest health care data breach ever recorded, affecting more than 192 million people, over one-third of the U.S. population.

When news of the incident first broke in 2023, reports estimated around 100 million individuals had been impacted. Updated figures released by the U.S. Department of Health and Human Services now show the scale was nearly twice as large, with 192.7 million people’s personal and medical information exposed.

The stolen data is said to include highly sensitive details such as medical records, diagnoses, test results, treatment information, and insurance identifiers. In addition, Social Security numbers, driver’s license details, billing information, payment data, and claims history were also compromised. The breadth of this information makes the breach especially serious, as it extends beyond health data into financial and personal identity details.

The attack targeted Change Healthcare, a technology subsidiary of UnitedHealth that processes payments for many major health insurance providers. According to congressional testimony earlier this year, hackers gained access to company systems through stolen employee login details. Critically, the system they broke into did not have multi-factor authentication enabled, making it easier to exploit.

The group responsible, known as BlackCat, used ransomware to disrupt claims processing and patient care systems nationwide. UnitedHealth paid a ransom reportedly worth $22 million to secure deletion of the stolen files, but investigators later found the attackers had not honored the agreement. After receiving payment, the group disappeared and shut down its servers.


What this means for individuals

Given the enormous number of people affected, many Americans may find their private information exposed. While there is no way to undo the breach, individuals can take steps to reduce risks.

Experts recommend:

1. Identity protection services: These can alert you to unusual use of your information and often provide insurance against fraud.

2. Stronger device security: Reliable antivirus programs help block malware and often include additional tools such as virtual private networks (VPNs) for safer browsing.

3. Account monitoring: Keep a close eye on bank, insurance, and medical accounts for suspicious activity.

4. Vigilance against scams: Many attackers follow up breaches with phishing emails or fake offers. Do not click links or open attachments from unknown sources, even if they appear official.


It is also important to remain cautious on social media and to avoid offers or messages that appear too good to be true, as these are common tactics in social engineering attacks.

The UnitedHealth incident underscores how cyberattacks on critical infrastructure can have wide-reaching consequences. For the millions affected, awareness and proactive security measures are now essential in limiting further damage.



Zero-Click iMessage Exploit ‘NICKNAME’ Targets High-Profile Figures in US and Europe

 

A newly uncovered zero-click vulnerability in Apple’s iMessage, codenamed NICKNAME, has been exploited in a series of sophisticated cyberattacks targeting influential individuals across the United States and Europe, according to a new report from mobile security firm iVerify. The exploit, which requires no interaction from the victim, was detected on iPhones belonging to political leaders, journalists, and executives in the AI industry. 

The campaign is suspected to be part of an espionage operation with potential links to Chinese state-backed actors. In late 2024 and early 2025, iVerify observed a minuscule but significant anomaly in crash reports—0.0001% of logs among a sample of 50,000 iPhones. Deeper analysis led to the identification of the NICKNAME flaw, which stems from a vulnerability in the imagent process. 

The exploit is triggered by a rapid sequence of iMessage nickname updates, leading to a use-after-free memory issue that allows for remote device takeover. Six compromised devices have been identified so far. Four displayed signs of the NICKNAME exploit, while two showed evidence of successful breaches. 

The common link among the victims was their perceived opposition to Chinese interests, with many previously targeted by the notorious Salt Typhoon operation or involved in business or activism against the Chinese Communist Party (CCP). Although Apple addressed the flaw in its iOS 18.3.1 update, iVerify warns that NICKNAME may be only a single piece of a broader, ongoing exploit chain. 

The company is urging government agencies and high-risk organizations to revamp their mobile security frameworks in light of the growing threat landscape. While direct attribution to the CCP remains unconfirmed, circumstantial evidence is strong. Independent iOS security experts, including Patrick Wardle of the Objective-By-The-Sea foundation, have corroborated the threat, validating the risks posed by mobile spyware even against encrypted platforms like Signal.

Cyberattacks Hit U.S. Healthcare Firms, Exposing Data of Over 236,000 People

 


Two separate data breaches in the U.S. have exposed sensitive information of more than 236,000 people. These incidents involve two organizations: Endue Software in New York and Medical Express Ambulance (MedEx) in Illinois.

Endue Software creates software used by infusion centers, which help treat patients with medication delivered directly into their bloodstream. In February this year, the company found that hackers had broken into its system. This breach led to the exposure of personal details of around 118,000 individuals. The leaked information included full names, birth dates, Social Security numbers, and unique medical record identifiers. While there is currently no proof that the stolen data has been used illegally, the company isn’t taking any chances. It has added more safety tools and measures to its systems. It is also offering one year of free credit monitoring and identity protection to help affected people stay safe from fraud.

In a different case, MedEx, a private ambulance service provider based in Illinois, reported that it was also hit by a cyberattack. This breach happened last year, but the details have recently come to light. Information belonging to more than 118,000 people was accessed by attackers. The data included health records, insurance information, and even passport numbers in some cases.

These events are part of a larger pattern of cyberattacks targeting the healthcare industry in the U.S. In recent months, major organizations like UnitedHealth Group and Ascension Health have also suffered large-scale data breaches. Cybercriminals often go after hospitals and medical companies because the data they store is very valuable and can be used for scams or identity theft.

Both Endue and MedEx are working with cybersecurity experts to investigate the breaches and improve their systems. People affected by these incidents are being advised to be extra cautious. They should use the free protection services, monitor their bank and credit accounts, and immediately report anything unusual.



US Imposes Ban on Chinese and Russian Tech in Passenger Cars Over Security Risks

 

The United States has introduced a new regulation barring the use of Chinese and Russian technology in passenger vehicles sold domestically, citing national security risks. According to AFP, the ban covers both hardware and software from these countries, forming part of a broader effort to reduce China's influence in critical industries.

Outgoing President Joe Biden initiated the rule after a prolonged regulatory process aimed at tightening controls on foreign-linked technologies. This follows recent debates over restricting drones and other equipment from adversarial nations. Commerce Secretary Gina Raimondo highlighted the growing reliance of modern cars on advanced technology like cameras, microphones, GPS systems, and internet connectivity, which could pose risks if developed using foreign components.

"This is a targeted approach to keep Chinese and Russian-manufactured tech off American roads," said Raimondo.

The rule initially applies to passenger vehicles under 10,001 pounds, with plans to extend it to commercial vehicles, such as buses and trucks, in the future. It prohibits manufacturers with significant ties to China or Russia from selling cars equipped with foreign-made hardware or software for internet connectivity or autonomous driving.

Implementation will occur in two stages:

  • Software ban: Effective from the 2027 model year.
  • Hardware ban: Beginning with the 2030 model year.Imports of such technology from China and Russia will also face restrictions.

The regulation could affect companies like BYD, a Chinese electric vehicle manufacturer operating a facility in California that produces buses and other vehicles. US officials have raised concerns that connected vehicles equipped with foreign technology could be exploited to misuse sensitive data or interfere with critical systems.

National Economic Advisor Lael Brainard warned, "China is attempting to dominate the future of the auto industry," underscoring the need to shield American vehicles from foreign influence.

The new rule aligns with a broader strategy to bolster domestic industries and reduce dependence on foreign technologies. On the same day, President Biden signed an executive order to fast-track the development of AI infrastructure in the US.

"We will not let America fall behind in building the technology that will define the future," Biden stated.

As Biden prepares to leave office, these measures will transition to the administration of President-elect Donald Trump, who takes office next Monday. While it remains uncertain how Trump will handle these policies, significant shifts in strategy are anticipated.

Hackers Use Trojanized Minesweeper Clone to Phish Financial Organizations

 

Hackers are exploiting code from a Python clone of Microsoft's classic Minesweeper game to conceal malicious scripts in attacks targeting financial institutions in Europe and the US.

Ukraine's CSIRT-NBU and CERT-UA have identified the threat actor 'UAC-0188' as responsible for these attacks. They are using the legitimate game code to hide Python scripts that download and install the SuperOps RMM (Remote Monitoring and Management) software. SuperOps RMM, though legitimate, provides remote actors with direct access to compromised systems.

CERT-UA's investigation into the initial discovery has uncovered at least five breaches in financial and insurance sectors across Europe and the United States linked to these same files.

The attack initiates with an email from "support@patient-docs-mail.com," posing as a medical center with the subject "Personal Web Archive of Medical Documents." The email prompts recipients to download a 33MB .SCR file from a Dropbox link. This file includes harmless code from a Python clone of Minesweeper, alongside malicious Python code designed to download additional scripts from a remote source, "anotepad.com."

Incorporating Minesweeper code within the executable helps disguise the 28MB base64-encoded string containing the malicious code, making it seem benign to security software. The Minesweeper code features a function named "create_license_ver," repurposed to decode and execute the hidden malicious code, using legitimate software components to mask and facilitate the attack.

The base64 string decodes to a ZIP file containing an MSI installer for SuperOps RMM, which is extracted and executed using a static password. While SuperOps RMM is a legitimate tool, in this scenario, it grants attackers unauthorized access to the victim's computer.

CERT-UA advises organizations not using SuperOps RMM to treat its presence or related network activity, such as connections to "superops.com" or "superops.ai" domains, as indicators of a compromise.

The agency has also provided additional indicators of compromise (IoCs) associated with this attack at the end of their report.

EU AI Act to Impact US Generative AI Deployments

 



In a move set to reshape the scope of AI deployment, the European Union's AI Act, slated to come into effect in May or June, aims to impose stricter regulations on the development and use of generative AI technology. The Act, which categorises AI use cases based on associated risks, prohibits certain applications like biometric categorization systems and emotion recognition in workplaces due to concerns over manipulation of human behaviour. This legislation will compel companies, regardless of their location, to adopt a more responsible approach to AI development and deployment.

For businesses venturing into generative AI adoption, compliance with the EU AI Act will necessitate a thorough evaluation of use cases through a risk assessment lens. Existing AI deployments will require comprehensive audits to ensure adherence to regulatory standards and mitigate potential penalties. While the Act provides a transition period for compliance, organisations must gear up to meet the stipulated requirements by 2026.

This isn't the first time US companies have faced disruption from overseas tech regulations. Similar to the impact of the GDPR on data privacy practices, the EU AI Act is expected to influence global AI governance standards. By aligning with EU regulations, US tech leaders may find themselves better positioned to comply with emerging regulatory mandates worldwide.

Despite the parallels with GDPR, regulating AI presents unique challenges. The rollout of GDPR witnessed numerous compliance hurdles, indicating the complexity of enforcing such regulations. Additionally, concerns persist regarding the efficacy of fines in deterring non-compliance among large corporations. The EU's proposed fines for AI Act violations range from 7.5 million to 35 million euros, but effective enforcement will require the establishment of robust regulatory mechanisms.

Addressing the AI talent gap is crucial for successful implementation and enforcement of the Act. Both the EU and the US recognize the need for upskilling to attend to the complexities of AI governance. While US efforts have focused on executive orders and policy initiatives, the EU's proactive approach is poised to drive AI enforcement forward.

For CIOs preparing for the AI Act's enforcement, understanding the tools and use cases within their organisations is imperceptible. By conducting comprehensive inventories and risk assessments, businesses can identify areas of potential non-compliance and take corrective measures. It's essential to recognize that seemingly low-risk AI applications may still pose significant challenges, particularly regarding data privacy and transparency.

Companies like TransUnion are taking a nuanced approach to AI deployment, tailoring their strategies to specific use cases. While embracing AI's potential benefits, they exercise caution in deploying complex, less explainable technologies, especially in sensitive areas like credit assessment.

As the EU AI Act reshapes the regulatory landscape, CIOs must proactively adapt their AI strategies to ensure compliance and mitigate risks. By prioritising transparency, accountability, and ethical considerations, organisations can navigate the evolving regulatory environment while harnessing the transformative power of AI responsibly.



US Department of Energy Receives Dual Ransom Demands Amidst Expanding MOVEit Hack Fallout

 

The spokesperson for the US Department of Energy (DOE) revealed that the Russia-linked extortion group Cl0p sent ransom requests to both the nuclear waste facility and scientific education facility of the DOE, which were recently targeted in a global hacking campaign. This attack, initially reported on Thursday, affected the DOE contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant in New Mexico, which is responsible for disposing of defense-related radioactive nuclear waste.

The breach occurred through a security flaw in the file transfer tool MOVEit Transfer, a widely-used software for sharing sensitive data among organizations worldwide. Progress Software, the company behind MOVEit Transfer, discovered the security flaw last month, resulting in various victims, including US government departments, the UK's telecom regulator, and energy company Shell.

This incident highlights the significant impact of ransomware attacks, even on security-conscious federal agencies. Ransomware gangs often target widely-used tools, and the attack on MOVEit Transfer reveals the challenges faced by federal agencies in defending against such threats. 

The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed that several federal agencies were affected but noted minimal impact on the federal civilian executive branch. Analysts predict that more victims may emerge in the coming weeks.

The ransom requests to the DOE were sent via individual emails to each facility. The spokesperson did not disclose the demanded amount, but mentioned that the two entities did not engage with Cl0p. Currently, there is no indication that the ransom requests have been withdrawn.

In response to the breach, the DOE has notified Congress and is cooperating with law enforcement and the CISA in their investigations. Cl0p did not respond to requests for comment, but in a post on its website, it said, “WE DON’T HAVE ANY GOVERNMENT DATA” and suggested that should the hackers inadvertently have picked up such data in their mass theft “WE STILL DO THE POLITE THING AND DELETE ALL.”

According to Allan Liska, an analyst from Recorded Future, Cl0p's assertion about deleting government data may be an attempt to safeguard themselves from potential retaliation by Washington and other governments.

US Government Confirms Federal Agencies Affected by MOVEit Breach, Hackers Expand List of Victims

 

jThe U.S. government has acknowledged that several federal agencies have been targeted in cyberattacks that exploit a security vulnerability found in a popular file transfer tool.

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed the intrusions in a statement provided to TechCrunch. The attacks were attributed to the Clop ransomware gang, believed to be linked to Russia. The group recently began revealing the names of organizations it claims to have hacked by exploiting the vulnerability in the file transfer tool, called MOVEit Transfer, developed by Progress Software.

The exact number of affected agencies was not disclosed by CISA, though CNN was the first to report on the attacks. The agencies impacted were not named, but the Department of Energy confirmed that two of its entities were breached. 

The Federal News Network identified Oak Ridge Associated Universities and a Waste Isolation Pilot Plant in New Mexico as the affected entities. These breaches exposed the personally identifiable information of potentially tens of thousands of individuals, including Energy employees and contractors.

“Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency (CISA),” a DoE spokesperson said. “The Department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach.”

The Federal Data Procurement System indicates that approximately twelve other U.S. agencies have active contracts with MOVEit, including the Department of the Army, the Department of the Air Force, and the Food and Drug Administration.

CISA Director Jen Easterly stated in a press conference that the agency is working urgently with the affected agencies to understand the impact and implement timely remediation. Although it is still uncertain if data has been stolen, Easterly mentioned that the intrusions do not appear to be focused on stealing specific high-value information or gaining persistence in targeted systems.

“In sum, as we understand it, this attack is largely an opportunistic one,” Easterly said. “In addition, we are not aware of Clop actors threatening to extort or release any data stolen from U.S. government agencies.”

In an update on their dark web leak site, Clop declared that government data had been erased, and no government agencies have been listed as victims so far.

However, Clop added more victims to their list, claiming that they have compromised organizations such as the Boston Globe, East Western Bank based in California, Enzo Biochem located in New York, and Nuance, an AI firm owned by Microsoft. When contacted, Enzo declined to comment, and the other companies mentioned have not responded to inquiries.

Just a day earlier, Clop had released the initial list of impacted organizations, which included U.S.-based financial services firms 1st Source and First National Bankers Bank, as well as the U.K. energy company Shell.

As new victims are being discovered, Progress Software has rushed to address another vulnerability affecting MOVEit Transfer. The company warned customers in an advisory that this vulnerability, identified as CVE-2023-35708, could result in unauthorized access to customer environments.

The United States has Released its National Cybersecurity Strategy: Here's What you Need to Know

 


The US government is taking steps to enhance the country's cybersecurity capabilities and improve its overall technology governance strategy. President Joe Biden recently unveiled a new National Cybersecurity Strategy aimed at securing cyberspace and building a resilient digital ecosystem that is easier to defend than to attack. 

"When we pick up our smartphones to keep in touch with loved ones, log on to social media to share our ideas with one another, or connect to the internet to run a business or take care of any of our basic needs, we need to be able to trust that the underlying digital ecosystem is safe, reliable and secure," Biden wrote in the framework's preface.

The strategy is part of a broader effort by the Biden administration to reinforce cyber and technology governance, which includes increasing accountability for tech firms, strengthening privacy protections, and ensuring fair competition online.

Why does the United States require a National Cybersecurity Strategy?

The world is becoming more complex, and cyber threats are becoming more sophisticated, with ransomware attacks causing millions of dollars in economic losses in the United States. According to IBM, the average cost of a ransomware attack in 2022 will be more than $4.5 million. The greatest threats we face are interconnected, raising the prospect of a "polycrisis," in which the overall combined impact of these events exceeds their individual impact.

This is also true of technological risks, where attacks on critical information infrastructure, for example, could have disastrous consequences for public infrastructure and health, or where rising geopolitical tensions increase the risk of cyberattacks.

Cybercrime and cyber insecurity were ranked eighth in terms of severity of impact by risk experts polled for the World Economic Forum's Global Risks Report, both in the short term (the next two years) and over the next decade. According to Google data, state-sponsored cyberattacks targeting NATO users increased by 300% in 2022 compared to 2020. With cyberattacks on the rise, experts at the World Economic Forum's Annual Meeting at Davos predicted that 2023 would be a "busy year" for cyberspace with a "gathering cyber storm".

“This is a global threat, and it calls for a global response and enhanced and coordinated action,” Jürgen Stock, Secretary-General of the International Criminal Police Organization (INTERPOL), said at Davos.

According to the Forum's Global Cybersecurity Outlook 2023, 93% of cybersecurity experts and 86% of business leaders believe global instability will have a negative impact on their ability to ensure cybersecurity in the future.

As Biden notes, "Cybersecurity is essential to the basic functioning of our economy, the operation of our critical infrastructure, the strength of our democracy and democratic institutions, the privacy of our data and communications, and our national defense.

"We must ensure the internet remains open, free, global, interoperable, reliable, and secure – anchored in universal values that respect human rights and fundamental freedoms."

What are the National Security Strategy's five pillars?

Because the COVID-19 pandemic has accelerated the world's digital transformation, we rely on connected devices and digital technology to do more than ever before, putting our lives and livelihoods at greater risk from cyber threats.

The US National Security Strategy recognizes the need to rebalance the burden of responsibility for cybersecurity away from small businesses and individuals and onto the public and private organizations best placed to defend cyberspace through "robust collaboration".

It also aims to strengthen cyberspace resilience by balancing the need to address immediate threats with incentivizing investment in the digital ecosystem's secure, long-term future. Each of the five pillars it establishes is divided into strategic objectives, but here's a quick rundown of what they entail:

1. Defend critical infrastructure
2. Disrupt and dismantle threat actors
3. Shape market forces to drive security and resilience
4. Invest in a resilient future
5. Forge international partnerships to pursue shared goals


FBI Admits to Have Gained US Citizens’ Location Data, Unwarranted


According to a Wired report, FBI Director Christopher Wray revealed for the first time at a Senate Intelligence Committee hearing yesterday that the organization has previously acquired the location data of US citizens without obtaining a warrant. 

Despite the practice becoming more frequent and widespread since the US Supreme Court restricted the government’s ability to track Americans’ phones warrantlessly, around five years ago, the FBI did not previously acknowledge ever making purchases of such kind. 

The revelation comes after Sen. Ron Wyden [D-Ore] questioned Wray “Does the FBI purchase US phone-geolocation information?” The response to which alarmed privacy experts. 

“To my knowledge, we do not currently purchase commercial database information that includes location data derived from Internet advertising[…]I understand that we previously—as in the past—purchased some such information for a specific national security pilot project. But that’s not been active for some time,” said Wray. 

The response, while being vague and revolving around the question asked, gave a clear insight into the way the FBI made use of location data to monitor US individuals with no court oversight. 

It is not immediately clear whether Wray was talking to a warrant—a court order that states that a crime has been committed—or another legal device. Wray also did not explain why the FBI decided to stop the practice. 

The Supreme Court ruled in the infamous Carpenter v. United States decision, that when government organizations accessed historical location data without a warrant, they were in violation of the Fourth Amendment's prohibition on unjustified searches. But the decision was interpreted very strictly. Privacy groups claim that the judgment left an obvious gap that enables the government to just buy anything it is unable to legally obtain. The Military Intelligence Agency and US Customs and Border Protection (CBP) are two federal organizations that are known to have exploited this loophole. 

On being asked during the Senate hearing whether the FBI is planning to adhere to the practice of buying location data again, Wray said “We have no plans to change that, at the current time.” 

According to Seam Vitka, a policy lawyer at Demand Progress, a nonprofit firm based on national security and private reforms, the FBI needs to be more forthcoming about the purchase, dubbing Wray’s revelation as “horrifying” in its implications. “The public needs to know who gave the go-ahead for this purchase, why, and what other agencies have done or are trying to do the same,” says Vitka. 

US lawmakers have historically failed to enact a comprehensive privacy law, and the majority of the proposed bills have purposely ignored the government's own acquisition of US citizens' private data. For example, all law enforcement organizations and any business "gathering, processing, or transferring" data on their behalf are excluded from the provisions of the American Data Privacy and Protection Act (ADPPA), which was presented last year. Wyden and other senators have attempted to tackle the problem head-on with a number of proposals. For instance, the Geolocation Privacy and Surveillance Act has been reintroduced multiple times in Congress since 2011, but it has never been put to a vote.  

Protect Your Online Data Now, Rather than Waiting for the Government

 

The old joke goes, "The opposite of pro is con, so the opposite of progress is Congress." Getting laws proposed and passed can be difficult even in a more relaxed political climate, but the present state of the US Congress makes most new legislation, regardless of content, a difficult sell. That is one of the challenges that government advisers from the cybersecurity industry face when urging politicians to suggest and pass federal data privacy laws. Other obstacles include inconsistent data privacy laws in some US states.

It's long past time for the United States to adopt the EU's General Data Protection Regulation (GDPR). GDPR is a set of stringent rules that govern how EU residents' data is handled, sold, and stored. GDPR protects consumers' privacy and security rights by imposing fines on companies that fail to comply.

In conversation with Wade Barisoff of the cybersecurity firm Fortra (Opens in a new window) last week about the current state of data privacy protections in the United States. Barisoff emphasized the importance of federal data privacy regulations, citing the European Union's GDPR as an effective example.

"GDPR was significant, not only because it was a unifying act that enshrined the rights of people and their digital identities to govern how their data could be handled,” Barisoff said, “but also because it was the first legislation with real teeth.”

Consumers in the United States would benefit from federal data privacy regulations that enforce severe penalties on companies that fail to comply. If you live in the United States, you may not have much control over what companies can do with your data once they have it, so lock down your accounts with multi-factor authentication and evaluate the privacy policies of your apps today.

Analyzing Data Breach Statistics

There is little recourse for victims of identity theft in the United States whose data was stolen because a company in the United States failed to report a breach. In the Identity Theft Resource Center's (ITRC) 2022 Data Breach Report(Opens in a new window), CEO Eva Velasquez noted a significant disparity between the average number of breach notices issued each business day in the US (seven) and the 356 breach notices issued daily in the EU in 2021.

"Common sense tells us that data breaches are underreported in the United States," Velasquez explained in the report. "The result is individuals are largely unable to protect themselves from the harmful effects of data compromises which are fueling an epidemic—a scamdemic—of identity fraud committed with stolen or compromised information."

Based on the Data Breach Report, since most state governments do not require companies to include factual data surrounding data breach incidents, the majority of US-based companies do not publish this information at all. According to the ITRC, businesses may choose not to include the details surrounding these incidents in order to avoid future lawsuits for failing to protect consumer data. LastPass, the embattled password management company, was singled out in the report for failing to explain the details of a 2022 attack in which cybercriminals gained access to its customers' information.

The Legal Status of Data Privacy in the United States

According to Barisoff, data privacy regulation in the United States has a long history in certain industries. In the United States, for example, the Health Insurance Portability and Accountability Act, or HIPAA, was signed into law nearly 30 years ago. It is still used to develop data privacy policies for healthcare organizations. Barisoff told me that going beyond decades-old industry guidelines is difficult because capitalism is such a powerful drug.

"We've never really climbed this mountain yet because data is worth money," Barisoff said. "Google has built its entire empire just on data and understanding what people are doing and selling that. There's more of a focus on capitalism, and there's a lot of powerful players here in the US that basically made their entire company off of private data."
 
Some state legislators are attempting to retaliate against tech companies by proposing and passing statewide data privacy legislation. According to Barisoff, these laws are a beginning, but imposing them may be difficult. "The only consistency will be that each new law is different," he noted.

This effect is already being felt. Texas sued Google last year, claiming that the company's Photos and Assistant apps violated state biometric privacy laws. In 2016, residents in Illinois filed and won a similar lawsuit against Google. According to Barisoff, the creation, and enforcement of state-by-state data privacy laws makes it more difficult for businesses to comply with regulations.

"As each state seeks to highlight how much they value their citizens’ rights over the next, we’ll see an element of 'What’s good for California isn’t good enough for Kansas' creep in,” warned Barisoff. 

"This developing complexity will have a significant impact on organizations operating across the country," he concluded.

Where Do the Most Ransomware Attacks Take Place in the United States?

 

Ransomware can be as disruptive to your day as a flood, earthquake, fire, or another natural disaster. It has the potential to devastate businesses, close hospitals, and close schools. And if you're unlucky enough to be affected, it can completely devastate your finances. 

However, as with natural apocalyptic events, there are patterns in misfortune, and it is possible to draw patterns and identify high-risk areas. You can avoid disaster entirely with some forethought. 

What is Ransomware? 

Criminals are after your money, and draining your bank account is problematic. By encrypting vital files on compromised computers, criminals persuade victims to hand over their money voluntarily. Companies that are unable to perform business and are losing money every day, they are not functioning and will frequently pay criminals to decrypt their machines and enable them to continue trading. Criminals typically gain access to devices through either lax security processes or social engineering attacks.

Engaging in any criminal enterprise is a risky business, and cybercriminals prefer to target targets that will net them the most money while exposing them to the least amount of risk. It makes more sense to hit fewer large targets rather than many small ones. And it's understandable that they'd rather target businesses that are more likely to pay than call law enforcement.

Between 2018 and January 2023, there were 2,122 ransomware attacks in the United States, as per Comparitech research. That's a lot, and even more is likely to have gone unreported. Even if this figure is taken at face value, it equates to more than one ransomware attack per day. Each ransom was worth an astounding $2.3 million on average.

Naturally, because businesses have more money than private individuals, schools, or government agencies, they are regarded as the biggest jackpot for hackers. And because they're constantly making money, every pause costs them more. The largest ransom known to have been paid during this time period was a whopping $60 million paid in 2022 by Intrado, a communications company with interests in cloud collaboration, 911 operations, enterprise communications, and digital media, among other things.

In fact, nine of the top ten ransoms were paid by corporations, including Kia Motors, Garmin, and EDP Renewables. The education sector is prominent, with Broward County Public Schools paying the second-largest ransom of $40 million in 2021. The notorious Conti group, which has been linked to hundreds of other attacks, carried out the attack.

Hospitals and other medical care facilities are prime targets for ransomware attacks because when hospital computers go down, patients don't get the care they require, and people die. Ransoms from the healthcare sector tend to be lower, with an average payout of around $700,000, possibly because the criminals have some conscience about people dying as a direct result of their actions.

Government facilities are also frequently targeted, with state and regional facilities particularly vulnerable. Local government agencies have limited IT security resources and frequently use outdated software due to their stricter budgets, making them easier targets. However, this also means that they pay significantly less than businesses with a median revenue of half a million dollars.

Where do most attacks take place?

Ransomware attacks occur wherever criminals believe they can make a quick buck, and attacks are concentrated in areas with a high concentration of wealth and businesses with a high turnover.

In the United States, this includes the east coast, which includes Washington, DC, Maryland, Delaware, and New York; the north-west coast, which includes California and Seattle; and major regional hubs like Chicago, Illinois. The majority of these attacks target businesses, but that doesn't mean the rest of the country is safe. Attacks on healthcare and government are far more common in poorer states. Again, this is most likely due to reduced IT budgets.

Between 2018 and January 2023, no US state was immune to ransomware attacks, though some were either less appealing or more resilient to criminals. Wyoming had the fewest reported attacks, with one ransomware incident at Carbon Power and Light and two healthcare facility attacks.

Ransomware is frightening, but just like designing flood defences or forest fires, there are steps you can take to avoid becoming a victim. Here are some of the best recommendations:
  • Take regular backups and store them securely
  • Employ a good antivirus
  • Train your staff
  • Keep your systems updated
Ransomware is terrible, but at least you know that if you pay the ransom, your system will be restored to normal working order and you can resume business as usual... right? This isn't always true. What appears to be ransomware is sometimes fake ransomware: your files have been encrypted, but the criminals who have encrypted them will never decrypt them.