Cybersecurity News Update: Week of March 21, 2022

Hello and welcome to our Cybersecurity News Update!

It's probably not much of a surprise, but this week many of the top stories revolve around ransomware.?

We begin with a new report from the?Federal Bureau of Investigation (FBI)'s Internet Crime Unit, which says ransomware gangs?breached the networks of at least 649 organizations from multiple US critical infrastructure sectors in 2021. The report on 2021 Internet Crime says the?actual number of organizations that were impacted may be even higher since the FBI only started tracking such incidents last June. It should be noted the FBI did not include attacks in its statistics if the victims did not file a complaint with its Internet Crime Complaint Center (IC3).?

Ransomware group?Lapsus$?has hit some big new targets -- Microsoft and identity management company Okta. The criminal gang breached both companies in recent hacking sprees. Microsoft had some of its source code released after Lapsus$ compromised an account, but it says that the code isn't sensitive. In Okta's case, the company says?attackers gained access to a support engineer’s laptop for five days in January. The incident resulted in the exposure of data for 366 of its customers. The newest hits on Microsoft and Okta come on the heels of Lapsus$ attacks on LG, Nvidia and Samsung.?

With Lapsus$ increasing its exposure via its successful hacks, cybersecurity researcher Brian Krebs has written?this informative piece?that takes a closer look at the group.?

Also this week, a new report from?security monitoring and data analytics vendor Splunk says companies have just 42 minutes to mitigate ransomware attacks once encryption occurs. Because it's such a limited amount of time, cybersecurity teams may not be able to respond quickly enough. According to Infosecurity, Splunk evaluated the speed at which 10 ransomware variants encrypt data to?compile its report.?In order of fastest first, the variants analyzed by Splunk were: LockBit; Babuk; Avaddon; Ryuk; REvil; BlackMatter; DarkSide; Conti; Maze; and Mespinoza (Pysa).

That's a wrap for another busy week following all the events in cybersecurity. For more information visit our blog update!