Karakurt Data Extortion Group – A New Approach to Ransomware
by William DePalma on July 7, 2022 at 2:45 PM
You may be growing tired of hearing the word “ransomware” by now, but this critical threat is unfortunately only continuing to grow at an exponential speed. The Verizon Business 2022 Data Breach Investigations Report (2022 DBIR) notes that ransomware breaches increased by thirteen per …
A True Story and Yet Another Cyberattack Victim
by John Conroy on April 22, 2022 at 1:45 PM
Cybercriminals can act alone, but increasingly we are witnessing cyber gangs (who operate like a small business and are also often referred to as ransomware gangs), with leaders, developers, system administrators, intrusion experts, data exfiltration experts, and monetary experts work …
Weighing Your Multi-Factor Authentication Options
by Jeffrey Torrance on April 14, 2022 at 2:30 AM
At this point most of us have heard that securing our accounts with only passwords, no matter how complex, is not enough. Do not get me wrong, requiring strong passwords (14 or more characters, composed of uppercase and lowercase letters, and including symbols and numbers) is essentia …
Receiving a Scam Text… From My Own Phone Number
by Nicholas Foisy on March 30, 2022 at 5:00 PM
Throughout my years working in the IT security and compliance field I have had the opportunity to learn about dozens of different social engineering attack strategies that malicious actors will utilize to achieve their goals. This past weekend, I had the unique opportunity to witness …
It (Should) Be an MFA World, We Are Just Living in It
by Derek Boczenowski on March 24, 2022 at 3:15 PM
Last week I was working in front of my laptop (happily, for any Compass staff reading) when I got an incoming text message. It was from Verizon. They had received my service request and were working on it. It was quickly followed by another text saying I could check the status of my r …
Recommendations from CISA's Recent “Shields Up” Warning
by Jesse Roberts on March 10, 2022 at 2:00 PM
On February 26th, 2022, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued immediate Shields Up actions for organizations to take in response to the ongoing conflict with Russia. The basic guidelines are as follows: