The current  Petya 'ransomware' is emerging as an information warfare malware. It  seems primarily aimed at destroying data  on Windows systems rather than ransoming. There appears no way paying the ransom will result in your data being decrypted. Petya  can spread throughout organisations and servers, including backups and both encrypts the data and does irreversable damage to hard drives.  Information warfare primarily involves one party degrading the assets of another party. The current Petya infection appears to follow this path rather than that of criminal intent.
A cure for Petya infection is potentially possible for those quick to act.

A new ransomware attack at least as big as WannaCry is attacking computers throughout the world today (28 June 2017). The result is work has stopped in many companies and government organisations. Symantec and other claim the attack is again based on based on the NSA's Eternal Blue exploit. It is not possible to buy recovery decryption  keys  but it is possible (if one is quick!) to recover from the infection - see https://www.itnews.com.au/news/what-we-know-so-far-about-the-petyagoldeneye-ransomware-466707?eid=3&edate=20170628&utm_source=20170628_PM&utm_medium=newsletter&utm_campaign=daily_newsletter

BOSS-GRAM is our free cyber-security newsletter for all managers, executives and bosses.

Why for managers, executives and bosses?

First, cyber-security is primarily a business and management issue: Management considerations include cost-benefit assessment, scale and type of cyber-risks and losses, intellectual property risks, business continuity protection, competitive advantage risk, loss of business credibility with loss of confidential information etc.

Second, IT security is no longer enough: 'Whole of business' cyber security has this year been identified as being better by most cyber-security institutes and government bodies: The reason? Cyber-criminals attack via every aspect of business front and back office processes, staff behaviours, and even the activities of organisations a business interacts with.

Third, many important cyber-security protections come from changes to business practices rather than IT: Managers and executives are the people who can change business practices to improve cyber-security.

BOSS-Gram contains succinct, practical and up-to-date cyber-security and cyber-risk information for managers and executives to make informed management decisions about cyber-security. BOSS-Gram is purposefully written in straight management English and avoids technical language.

Why free?

We believe well-informed management cyber-security is important for business and for reducing cyber-risks worldwide.

 

 

Regarded as the most sophisticated Mac malware and ransomware so far. MacSpy and MacRansom are the start of a new strand of 'malware as a service' (MAAS) in which additional features can be bought by cyber-criminals. Both MacSpy and MacRansom have been available from the dark web since May25.
MacSpy can capture screenshots every 30 seconds, log every keystroke, access synced iPhone photos, record sounds continuously even without the microphone turned on, retrieve clipboard contents, and

 

 

People find it difficult to use passwords easily and securely. Many professionals have a LOT of passwords.

Below  is practical way to manage passwords that is effective, secure and easy to use. It was developed for a wide variety of business process environments that needed to have high levels of security for critical important passwords and have easy access for less important passwords .

During this year, Australia will require organisations to notify cyber-breaches to the Privacy Commissioner and to all affected parties. Penalties are $360,000 for individuals and $1.8 million for organisations for not notifying cyber-breaches. There are however many exceptions...

Almost all businesses in the US had cyber-attacks, mostly these included ransomware

The picture of cyber-attacks in 2016 from Radware is that of increasing numbers of cyber-attacks  and with greater sophistication. There is a move away from more traditional cyber-attacks towards multiple attacks aiming at different parts of the business and IT. Increasingly, cyber-attacks target the business rather than only targeting the IT systems.

A new kind of 'invisible' malware has been identified by Kaspersky as being widespread in banks, telcom companies and government organisations.

Malware usually appears in files on computers and that is how they are identified. This new kind of malware exists instead in computer's memory.  This makes it much harder to spot. It also marks an increase in the use in the wild of what have been up to now rare memory-based cyber-attacks.

Information Risk Assessment identifies the levels of risk to a business of the different kinds of information the business is managing.

Every business depends on information to make a profit and for its continuity. Attacks on a business’s information can adversely affect the business and third parties and result in a variety of liabilities and losses. Information Risk Assessment helps businesses to decide the levels of cyber-protection for the different kinds of information.

 

From the early days, Apple has been proud of its cyber-security.There's a widespread assumption Apple computers and devices are safe from cyber-attacks. Recent evidence contradicts this.

How serious is it for businesses using Apple ? What are the best business cyber-security strategies for Apple products?

Layering in cyber security means putting more barriers in the way of cyber-attacks.

Instead of  cyber-security existing as a single perimeter barrier, cyber-security can offer layers of differing forms of protection.

The idea can be most easily seen in castles **