Welcome to this week’s edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

News

Ransomware gang files SEC complaint over undisclosed breach

File this under ‘unintended consequences.’ The ransomware gang AlphV/BlackCat filed an SEC report accusing MeridianLink (their victim) of not disclosing a breach (that they did). The Verge

Ransom paid by ICBC to Lockbit over ransomware incident

The scope of last week's ransomware incident against ICBC, performed by Lockbit, is coming to light. With news (from Lockbit) that ICBC paid a ransom. Beyond the ransom paid, ICBC's entire corporate email system for ICBC was also taken out. Reuters

350 Victims worldwide to the Royal ransomware variant, according to CISO advisory

The scope of last week's ransomware incident against ICBC, performed by Lockbit, is coming to light. With news (from Lockbit) that ICBC paid a ransom. Beyond the ransom paid, ICBC's entire corporate email system for ICBC was also taken out. CISA

Insurance payout of $20.5M in HanesBrands ransomware event, which cost them $35M

HanseBrands, hit by a ransomware attack in May of 2022, received $20.5M in insurance payments over the incident. The incident cost them $35M in adjusted operating profit last year. Winston-Salem Journal

Clorox CISO Leaves after the August incident

Following the August cyberattack on Clorox, it appears Clorox's CISO has left the company. National CIO Review

FDA makes recommendations on managing legacy medical devices

The FDA sponsored Mitre's research on managing the cybersecurity risks that the healthcare industry faces. Many legacy devices, which cost thousands, if not millions, cannot be updated and use software with known vulnerabilities. Healthcare Dive Mitre

Cyber Security Incidents

Samsung discovers a 3-year old breach

Personal information was breached via a vulnerability in a 3rd-party application used by Samsung. However, Samsung just discovered the incident, which occurred between July 1, 2019, and June 30, 2020. This is the 3rd data breach Samsung has disclosed in the past two years. TechCrunch

Prospects hospitals breached 100k+ records

Three hospital systems were breached, compromising patient and employee records. The compromise occurred over six weeks and was initially thought to have only impacted a quarter as many records CT Mirror

Perry Johnson & Associates breach of 9M records

PJ&A disclosed a breach starting in March of 2023, which compromised the names, DoB, address, and medical records (including diagnoses) of 9M patients. PJ&A is a transcription company with customers across the US. TechCrunch

Truepill breach of 2.3M users

Data for 2.3M user records was breached in an event in August. Names, medications, and more were disclosed. Fierce Healthcare

McLaren Health Care breach of 2.2M records in ransomware incident

Rounding out a lousy week for healthcare, McLaren, a Michigan healthcare company, shared that 2.2M individual records were compromised in the ransomware event. SecurityWeek

AboutCybersecurity is at a crossroads, changing more rapidly than we believed was possible just a few years ago. Stay informed on what's going on, what's happened, and what's coming next.I'm Bryan Smith, the author of the Infosec Monitor. I've spent over a decade pioneering changes in how cybersecurity is managed. From helping create the first cyber risk quantification (CRQ) software to advising how to approach cybersecurity pragmatically and proactively.

Data & Research

Optimism bias over ransomware

According to OpenText Cybersecurity, 46% of SMBs have experienced a ransomware attack, but 65% don't believe they are a target, and in enterprise, 54% don't believe they are. Report

Ransomware is the most common attack at 29%, followed by DDoS 28%

Research by Fastly shows that, to no one's surprise, ransomware leads as the most common attack type this year. The report covers budget and investment trends, hiring, and AI. Report

Cybersecurity M&A

Scanmeter acquired by Boltonshield for an undisclosed sum Source

Ballistic Ventures is raising a $300M new fund focusing on cybersecurity startups. TechCrunch