Tag Archive for: expected

Cryptocurrency related Ransomware Attacks “Skyrocketed” Last Year but there May be “Fewer Culprits” than Expected: Report

/in


Ransomware “skyrocketed” last year, however, there might be “fewer culprits” than we may think or expect, according to a report from blockchain analysis firm Chainalysis.

Chainalysis acknowledges that 2020 will “forever be known” as the year of COVID-19, but when it comes to cryptocurrency-related crime, it’s also the year that ransomware really began to take off.

Blockchain analysis reveals that the total amount paid by ransomware victims “increased by 311% this year to reach nearly $350 million worth of cryptocurrency,” Chainalysis confirmed in its report. Notably, there’s “no other category of cryptocurrency-based crime” that had a higher growth rate than this segment. Chainalysis also pointed out that this number is actually “a lower bound of the true total, as underreporting means we likely haven’t categorized every victim payment address in our datasets.”

2020’s ransomware increase was mainly “driven by a number of new strains taking in large sums from victims,” and other “pre-existing strains drastically increasing earnings.” Chainalysis’ report also clarified that ransomware strains “don’t operate consistently, even month-to-month.”

The report added that the number of ransomware strains active throughout 2020 may “give the impression that there are several distinct groups carrying out ransomware attacks, but this may not be the case.” As reported by Chainalysis, many of these ransomware strains function on a model that affiliates “rent” usage of a strain “from its creators or administrators, in exchange for a cut of the money from each successful attack.”

Many ransomware-as-a-service or RaaS affiliates tend to “migrate between strains,” indicating that the entire ransomware ecosystem is significantly smaller than one might expect or think “at first glance.” Cybersecurity researchers also “believe that some of the biggest strains may even have the same creators and administrators, who publicly shutter operations before simply releasing a different, very similar strain under a new name,” the Chainalysis report noted.

The report also mentioned that “with blockchain analysis, we can shed light on some…

Source…

The Cyber Warfare Market was valued at USD 33.01 billion in 2019, and it is expected to reach USD 102.63 billion by 2025, registering a CAGR of 21.16%, during the forecast period (2020 – 2025) – GlobeNewswire

/in

The Cyber Warfare Market was valued at USD 33.01 billion in 2019, and it is expected to reach USD 102.63 billion by 2025, registering a CAGR of 21.16%, during the forecast period (2020 – 2025)  GlobeNewswire
“cyber warfare news” – read more

The Cyber Warfare Market was valued at USD 33.01 billion in 2019, and it is expected to reach USD 102.63 billion by 2025, registering a CAGR of 21.16%, during the forecast period (2020 – 2025) – Yahoo Finance UK

/in

The Cyber Warfare Market was valued at USD 33.01 billion in 2019, and it is expected to reach USD 102.63 billion by 2025, registering a CAGR of 21.16%, during the forecast period (2020 – 2025)  Yahoo Finance UK
“cyber warfare news” – read more

As Expected, US Surveillance Of Social Media Leads To EU Court Of Justice Rejecting EU/US Privacy Shield

/in

This one sounds boring, but stick with it because it’s important. Because the US and the EU have vastly different privacy regulation regimes, there has always been some conflict over how (mainly) US internet companies handle data from the EU. For years, this was “settled” by a weird and mostly useless “EU-US data protection safe harbor” agreement, in which US companies would have to get “certified” that they kept EU-originated data protected at an “equivalent” level to how it would be protected in the EU when transferring it across the Atlantic to US-based data centers. It was a bit of a nuisance as a company (we went through the process ourselves), but in 2015 the entire safe harbor agreement was invalidated by the EU Court of Justice because of the NSA’s ongoing snooping on data from those internet companies, as revealed by Ed Snowden.

The EU and US freaked out, and had a frantic negotiation to come up with a new “safe harbor” agreement with the catchier name of “Privacy Shield,” but as we pointed out when it was announced, the problem wasn’t the text of the agreement, but rather the NSA’s surveillance practices with regards to internet data. Here’s what I wrote four years ago:

The real issue here is mass surveillance overall. The only real way to fix this issue is to stop mass surveillance and go back to saying that intelligence agencies and law enforcement need to go back to doing targeted surveillance using warrants and true oversight. But, instead, the EU and the US keep trying to paper over this by coming up with a new agreement.

Since then, the Privacy Shield was challenged and the challenge took its sweet time to go through the courts — again brought by Max Schrems, whose lawsuit had sunk the original safe harbor as well. And, now, finally, four years later exactly what we expected to happen has happened. The CJEU has invalidated the Privacy Shield agreement, by basically saying “hey, the US surveillance regime remains the same, and that was the problem all along.” You can read the full decision if you want to get deep into the details.

But the short summary is that while the Privacy Shield framework offered a few ways for EU residents to seek redress from some forms of surveillance, the CJEU says that’s not nearly enough:

While individuals, including EU data subjects, therefore have a number of avenues of redress when they have been the subject of unlawful (electronic) surveillance for national security purposes, it is equally clear that at least some legal bases that U.S. intelligence authorities may use (e.g. E.O. 12333) are not covered. Moreover, even where judicial redress possibilities in principle do exist for non-U.S. persons, such as for surveillance under FISA, the available causes of action are limited … and claims brought by individuals (including U.S. persons) will be declared inadmissible where they cannot show “standing” …, which restricts access to ordinary courts …

As you may recall, Executive Order 12333 is the tool under which the US does most of its foreign surveillance totally outside of the oversight of Congress. This has always been a massive problem, and here the CJEU is basically saying “if the US doesn’t do wholesale surveillance reform, there’s going to be a serious problem with transferring data from the EU to the US.”

Now, there is some argument here that EU surveillance is just as bad, and it’s perhaps more than a little silly that the CJEU basically ignores that as if it’s not important.

Either way, the key point to all of this is that if US companies want to be able to transfer data over from the EU to the US long term (there are ways they can do it for now), the US government needs to vastly reform its surveillance practices. Well, assuming there was a competent government that actually cared about these things. I’m a bit worried that the current administration will just ignore this or use it to attack the EU, which would be somewhat disastrous for US internet companies.

I’ve seen some people saying that this is a ruling against the internet companies and their data collection practices, but that’s not really accurate. The problem is not so much that — it’s how the NSA spies on people with that data (with or without cooperation of the companies). This really should lead to the US internet industry pressuring the US government to stop mass surveillance — just like we said four years ago.

Techdirt.