Posts in the Commentaries and Analyses Category at DataBreaches.net

The Average Ransomware Payment Is Rising – Coveware researchers

Posted by Dissent at 11:29 am Commentaries and Analyses, Malware

Feb 202019

Danny Bradbury reports:

The average ransomware payment is growing as criminals become more sophisticated in their attacks, according to a report released by ransomware incident response company Coveware.

According to Coveware’s Q4 2018 Global Ransomware Marketplace Report, the average ransom increased by 13% to $6733 in Q4 2018 compared to Q3’s $5973.

It’s difficult to judge the statistical margin of error for these figures because the company, which bases the data on ransomware cases handled by its support team, doesn’t divulge the exact number of ransomware cases that it has dealt with. However, it says that the increase is probably down to the more targeted nature of recent attacks.

Turkish Data Protection Authority Announces The Procedure To Be Taken By Companies In Cases Of Data Breaches

Posted by Dissent at 10:54 am Breach Laws, Commentaries and Analyses, Legislation, Non-U.S., Of Note

Feb 202019

Ertuğrul Can Canbolat LL.M., Baran Can Yildirim, LL.M. and S. İrem Akin of Actecon write:

Article 12 of the Turkish Data Protection Law No. 6698 (“TurkishData Protection Law“) entitled “Obligations Regarding Data Security” deals with the obligations of the data controller.

Article 12/1 of the Turkish Data Protection Law states the data controller shall take all necessary technical and organizational measures to provide a sufficient level of security. In addition, Article 12/5 of the Law obliges the data controller to notify the Board of Protection Personal Data (“Board“) as well as data subjects in case personal data is acquired through unlawful means by stating that “in case processed personal data are acquired by others through unlawful means, the data controller shall notify the data subject and the Board of such situation as soon as possible. The Board, if necessary, may declare such situation on its website or by other means which it deems appropriate.”

Privacy commissioner investigating security of patient health records at Alberta Health Services Social Sharing

Posted by Dissent at 8:26 am Commentaries and Analyses, Health Data, Non-U.S.

Feb 192019

Jennie Russell reports:

Alberta’s privacy commissioner is investigating whether Alberta Health Services properly safeguards the public’s personal health information after CBC News revealed the electronic system housing it was vulnerable to outside security threats.

A 2018 assessment by an external security firm found several “significant risks” with the health authority’s administration of the Alberta Netcare Portal. The system gives health-care providers access to key information from a patient’s medical file, such as laboratory test results and hospital visits.

MalwareTech’s Judge Seems More Sympathetic to Hutchins about the Intent of Prosecution than the Law

Posted by Dissent at 10:35 pm Commentaries and Analyses, Malware, Of Note

Feb 172019

emptywheel writes:

JP Stadtmueller, the judge who will preside over MalwareTech (Marcus Hutchins’) case, last week denied his pretrial motions to get his post-arrest interview and all the charges of his indictment thrown out.

So right, that’s not great news for Marcus, or even good news. But to get a better understanding of how the case is shaping up, read emptywheel’s analysis and commentary on her blog.

Reserve Bank of India warns of mobile data theft by ‘AnyDesk’ app

Posted by Dissent at 7:46 am Commentaries and Analyses, Non-U.S.

Feb 172019

ENS Economic Bureau reports:

Amid rising instances of fraud using the Unified Payment Interface (UPI) platform, the Reserve Bank of India has cautioned all banks and payment system operators about a new modus operandi allegedly used by scammers to target customer phones.

In an alert dated February 14, the cyber security and IT examination cell of the central bank said that a mobile application called ‘AnyDesk’ was allegedly being used by fraudsters to access data on mobile devices. Once the app is installed on customer phones, it seeks permission to access controls of the phone, like all other applications.