young hacker
Cybercrime Featured People Technology

The Year of the Teenage Hacker

The year 2020 was full of high-profile cyberattacks launched by criminal gangs and state-sponsored hackers. But dozens of headline-grabbing cybersecurity incidents and arrests this year involved teenagers—some of whom haven’t even graduated high school yet. As the coronavirus pandemic forced schools across the country to adopt distance learning programs and change the way they operate, some students—likely pent up at home with a lot of time and little to do that doesn’t involve a Wi-Fi connection—seem to have used it as an opportunity to hone their hacking skills…

Pavel Sitnikov
Cybercrime Featured People

An Interview With Russian Hacker Pavel Sitnikov: ‘There Is No [Hacking] Scene Now, Only Commerce’

Hackers often go to great lengths to be discreet. That’s not the case with Pavel Sitnikov. The long-standing, Russian-speaking hacker until recently posted frequently on Twitter, where he listed his name, his alias (FlatL1ne), and his self-proclaimed connection with the infamous hacking group APT28, or Fancy Bear—his Twitter account is currently suspended…

A man typing on a laptop
Featured People

The Record Is Hiring a Cybersecurity Reporter

The Record by Recorded Future is seeking a reporter to cover the ins and outs of the cybersecurity news beat. We are looking for a talented writer who feels at home reporting quick scoops on the latest cybersecurity stories, contributing to weekly newsletters and podcasts, and can write in-depth analysis on broader industry trends. The ideal candidate should be comfortable with building relationships with a wide range of sources, including government officials, cybersecurity executives, and academic researchers….

measurements
Featured Government Technology

‘More of an Art Than a Science:’ Behind the Government’s Effort To Measure Cybersecurity

A dirty little secret of cybersecurity is that no one really knows how to measure it. To start filling that void, the U.S. government standards agency, the National Institute of Standards and Technology, is leading a big push to catalogue existing measurement systems and research new ones. NIST asked in September for public comments about how organizations measure their cybersecurity performance….

iphone hacker
Featured Government Nation-state Technology

Spyware Attack Targeting Dozens of Journalists Used Pernicious Zero-Click Exploit, Researchers Say

The mobile phones of dozens of employees at news outlet Al Jazeera were hacked using a stealthy ‘zero-click’ exploit developed by NSO Group, a heavily scrutinized Israeli commercial spyware vendor, according to a new report by researchers at Citizen Lab. The security research group associated with the University of Toronto said that the 36 journalists identified in their report likely represent a “minuscule fraction” of the total victims of the company’s spyware given the size of NSO Group’s customer base and the reach of the vulnerability, which affects iPhones prior to the iOS 14 update that was released this fall and included several security enhancements….

israel code
Cybercrime Featured Government Leadership People Technology

Former Israeli CERT Chief: ‘A Cheap Incident Response Costs A Lot’

As the executive director of Israel’s National Computer Emergency Response Center, or CERT, Lavy Shtokhamer dealt with more cyberattacks in a week than many information security professionals would see in a year. The Center acted as a hub for information sharing and response in the country, with victims constantly informing Shtokhamer and his team of new incidents, which would then be anonymized and relayed to other companies and government organizations to help protect them from the similar attacks. Last week, I caught up with Shtokhamer via video conference—he will be taking on a new role in the coming days, and was open to talking about his experience in the Israeli government…

COVID Vaccine
Cybercrime Featured

Scammers Are Trying To Capitalize on the Race To Deliver COVID-19 Vaccines

In March and April, when fear and uncertainty about the coronavirus pandemic reached a high point in the U.S., hackers and scammers started incorporating language about COVID-19 into phishing attacks and new web domains to trick anxious victims into downloading malware, a U.S. cybersecurity agency warned. New research suggests that scammers are now pivoting their efforts—as governments and healthcare organizations race to deliver inoculations, hackers are embracing vaccine-related phishing lures…

department of homeland security
Featured Government Leadership Nation-state Technology

Ridding Hackers From Government Networks Will Be “Highly Complex and Challenging,” CISA Warns

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on Thursday issued its most urgent and detailed alert yet about the hacking campaign that has rocked government agencies and technology firms in recent days, saying that it “poses a grave risk” to federal and state governments, critical infrastructure entities, and private sector organizations. Additionally, CISA said it has evidence of additional attack vectors other than the SolarWinds Orion platform. CISA said it is still investigating the additional attack vectors, and that the attacker is likely using tactics, techniques, and procedures that have not yet been discovered…

chart
Chart of the Week Cybercrime Featured Technology

How Cybercrime Became a $1 Trillion Problem

Although the saying “crime doesn’t pay” may have some truth to it, a new report shows that cybercrime does in fact pay—and the numbers are only going up. Monetary losses from cybercrime are estimated to reach $945 billion in 2020, up from $522 billion in 2018 and $300 billion in 2013, according to a study released last week by The Center for Strategic and International Studies, a nonprofit research organization that focuses on national security issues, and the cybersecurity firm McAfee….

School desk
Cybercrime Featured Government

FBI, CISA Warn K-12 Schools of a Spike in Ransomware, With More Threats on the Horizon

On Thursday, the FBI and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency warned that 57% of ransomware attacks reported in August and September to MS-ISAC—a government-funded center that tracks cyberattacks on state, local, and tribal governments—hit K-12 institutions. That’s up from 28% between January and July. The alert suggests that the rapid transition to distance learning in 2020 contributed to cybersecurity gaps, which made schools more vulnerable to attack…