kim zetter

July 19, 2021

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

This post was originally published on this siteBrowse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective. This story isn’t about what organizations do in response to cybercriminals holding their data for hostage, which has become something of a best practice among most of the top […]
April 20, 2023

3CX Breach Was a Double Supply Chain Compromise

This post was originally published on this siteWe learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading […]