Brett Callow
@BrettCallow
Followers
9K
Following
4K
Media
2K
Statuses
11K
Managing Director, Cybersecurity & Data Privacy Communications @FTIConsulting
Canada
Joined June 2009
The 'IT Army' announced by by Minister for Digital Transformation of Ukraine Mykhaylo Fedorov has released its target list. h/t @Cyberknow20 1/2
20
299
683
Maastricht University paid a €200k ransom in 2019. Some of the funds were recovered in 2020 and returned to the university - but, due to the increased value of BTC, it actually got €500k back.
14
87
289
So @UPS_Canada sent me a letter about phishing and smishing. Turns out it wasn't simply intended to be educational. In the 4th paragraph, it became apparent that it was actually a data breach notification. 1/2
14
62
292
The Conti #ransomware operation sides with Russia and threatens attacks on critical infrastructure.
26
152
256
Unlike many companies, it seems #BreachForums had an emergency plan. 1/3
Dark Web #BreachForums Operator Charged With Computer Crime <-- Cyberbaddies: was your opsec up to snuff? If not .
7
51
254
A poster at a Russian-language cybercrime forum is concerned that the #Medibank hackers may have killed the market for #ransomware in Australia, and possibly in other countries too.
8
48
238
The FBI has released its 2021 Internet Crime Report. With adjusted losses of ~$49.2 million, #ransomware is not among the top 6 threats in terms of its cost. For comparison, romance scams caused >$950 million in losses. Unfortunately . 1/2 .
3
94
207
The U.S. Department of Justice is adding a new section to its National Security Division that will focus on prosecuting malicious foreign cyber activity. Via @martinmatishak .
7
95
176
If you're looking for a new file sharing service, here's one you'll definitely not want to consider. #LockBit. 1/2
11
40
202
Somebody is selling patient info that was stolen from HCA Healthcare. This may be one of the biggest healthcare-related breaches of all time. #HCA 1/3
1
55
182
An employee of a ransomed company altered the note in an attempt to have the ransom payment directed to his own wallet. #ransomware .
6
45
174
BlackMatter - aka Darkside, the gang responsible for the attack on Colonial Pipeline - had a massive drop in revenue. This is why, via @nicoleperlroth. Big, big thanks to @CISAJen's awesome team and all the other public/private sectors orgs which helped.
4
59
149
#Okta now state that up to 2.5% of its customers were impacted by the Lapsus$ incident. According to its website, Okta has >15k customers which means 375 or more companies have been impacted. *How* they’ve been impacted remains unclear. 1/2.
3
72
153
An unnamed group is demanding $70 million - yup, *million* - from a W-Va school district. The previous biggest ask from an SD was the $50 million Conti demanded from Broward County. Morgan County is the 56th SD to be hit this year.
27
89
141
"There is a journalist who will help intimidate them for 5% of the payout." Via #Conti leak.
5
38
137
Costa Rica has now published its declaration of a state of national emergency following the ransomware attack by Conti (via Google Translate).
0
51
127
It'd certainly be nice if companies were to let customers know that their personal information had been compromised before the ransomware criminals did.
5
25
119
"A man charged with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, made his initial appearance and was arraigned today in the Northern District of Texas.".
2
45
112
Alphv has created a @haveibeenpwned-like site on the clearnet where the employees and customers of a victim organization can check if their personal info. has been compromised. 1/3
4
43
116
If REvil has been permanently disrupted, it'll mark the end of a group which has been responsible for >360 attacks on the US public and private sectors this year alone.
5
41
88
"Russian hackers have disrupted contact between Nato and military aircraft providing aid to victims of the Turkish-Syrian earthquake which has claimed at least 28,000 lives.".
2
73
86
The U.K.'s National Crime Agency (NCA) revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations. <- Via @billtoulas .
5
60
91
An excellent, albeit enormously long, report from @Jon__DiMaggio. If you have a few hours to spare, it's well worth a read. 1/3 .
3
48
88
Blame the phished employee? Utter bollocks. Security should be planned around the fact that humans make mistakes. If anybody is to be blamed, it's DCAD for failing to implement MFA (which could have prevented the incident.) 2/
2
27
85
The sites are up, but appear to be geo-blocked to IPs outside Russia.
5
28
78
Australia will set up a permanent operation comprising around 100 police and defence personnel to “hack the hackers”, with an immediate priority to target ransomware groups. <- Via @rycrozier .
7
30
79
Yet more #Conti Jabber logs have been leaked - and, as they're dated today, it would seem that the leaker still has access. #OpsecFail
5
21
73
Krebs. Martin. Perlroth. Doctorow. Streetman. Just some of the fine folks who kindly shared the cybersecurity predictions for the year ahead. Thanks to everybody!.
3
25
73
If you've seen @CISAgov and @NCSC alerts lately, they're advising biz go #ShieldsUp to prep for possible cyberattacks related to the Russian invasion of Ukraine. This is our advice on how orgs can prioritize actions and resources, w/ tips for leaders at all levels.
0
37
71
The problem with the misinfo around the (in)security of public WiFi - which has been propagated by VPN providers and others - is that it can be weaponized by scammers.
1
18
75
Lapsus$ claim responsibility for the hack on Nvidia - and also claim that Nvidia successfully hacked back.
4
23
73
There has been no increase in #ransomware attacks on US local governments since Russia invaded Ukraine. The number of incidents has actually decreased. 1/2
1
25
74
While the report said the attackers demanded "$70 million dollars from the school system," it seems this was a Kaseya-related incident, so the $70 million was the amount REvil demanded to unlock all ~1,500 victims. Hat-tip to @PogoWasRight for noticing.
1
22
62
I'm honoured to have been asked to join the advisory board for the Royal United Services Institute's 'Ransomware Harms' project. The 'harms' is an aspect we understand too little about.
7
4
68
Guess who's back, back again.Darkside's back, tell a friend 1/4.
2
21
68
Conti denies being behind the new Black Basta ransomware,and implies they have the ability to turn off the water and lights in Peru.
3
27
65
#Cl0p has listed #NortonLifeLock and multiple others companies. By my count, 82 organizations are now known to have been impacted by #MOVEit. Cl0p claims there are hundreds.
4
29
67
#Snatch claims they will release details of how attacks against non-paying victims succeeded in the hope that insurers will decide that the incidents should not be covered by insurance #ransomware
3
31
68
The #Optus hacker has released 10k records, and claims that another 10k will be released each day for the next 4 days. 1/2
23
22
66
This is not what a data breach notification should look like. They should immediately make clear what they are or else people will do what I almost did and put them in the recycling unread. 2/2
0
5
67
". we discovered a then-employee had improperly accessed security reports for personal gain. The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties.".
2
31
62
Really? A fucking hospice? Vice Society is probably the most abhorrent of the current ransomware operations.
3
8
64
Medusa has uploaded a ~51 minute video to Vimeo which shows screenshots of the data they claim to have stolen from #MPS. It's the first time recall seeing this particular tactic. #ransomware
2
25
65
In other news, hyperinflation in Russia will mean soldiers effectively get paid nothing. If they get paid at all, that is.
Zelensky just said he’s going to pay Ukranian soldiers 100,000 hryvnia per month. That’s about $3,300, more than 6x avg income: “Not just in order to say “Thank you”, but to show how truly indebted Ukraine is to them. And it will remain this way until the war ends.”.
3
14
53
Conti statement re: REvil and the gang's "Honestly earned money."
5
23
61
LockBit has released a transcript of a chat negotiation - presumably in response to what was perceived to be an unacceptable offer. 1/2
5
16
61
Seems @CISAgov is on Mastodon: @cisacyber@infosec.exchange. Is it the first government agency to create an account?
4
15
59
I'm re-upping this prioritized to-do list from @C_C_Krebs/@KrebsStamos. If you haven't already checked this and CISA's #ShieldsUp advice, now's the time to do it.
0
32
47
0
1
59
The TSA No Fly List has been shared on a hacker forum - or, at least, what's purported to be the No Fly List. 1/2
4
11
62
#AlphV files an SEC complaint against #MeridianLink for not disclosing a breach to the SEC #Ransomware.
4
25
63
So, to summarize the #Alphv #ransomware situation . their leak site initially looked like this. 1/
3
20
57
Costa Rica has seemingly declared a national emergency as a result of the ransomware attack for which Conti has claimed responsibility. 1/3.
#EnDesarrollo El presidente @RodrigoChavesR declara emergencia nacional por los ciberataques en sistemas informáticos de varias instituciones del país
2
37
55
4
22
56
I think it'd be more appropriate to have categories such as, "Most likely to kill a child by attacking a hospital for kids" #ransomware .
6
5
54
The nature of the leaked data became public knowledge because a parent who works in cybersecurity and two reporters decided to examine it. That doesn’t usually happen and districts aren't necessarily transparent - see link, for example. 2/.
1
7
48
I'm super-excited to be joining this awesome team!.
We are delighted to welcome renowned cybersecurity communications expert @BrettCallow to our Cybersecurity & Data Privacy Communications team, to bolster our growing global practice and advisory capabilities on complex cybersecurity matters. Learn more:
9
2
54
In a post dated the 17th, names and email addresses allegedly associated with 1.1 million #Optus mobile numbers were put up for sale.
3
24
51
#vxunderground has met the same fate as #BreachForums - and about time too. Kudos to the Cybercrime Unit of the canton of Vaud and all the other agencies involved in the action. #TangoDown .
7
9
55
Another #ransomware operation sides with Russia. #CoomingProject.
4
24
49
AI-based predictive policing. What could possibly go wrong?.
Toronto police are moving quickly to employ A.I. tech for predictive policing. Together w @LEAFNational, @citizenlab's @KateRobertson_ @Cyn_K & @caparsons have made a submission to the Toronto Police Services Board recommending legal restraints & caution.
1
20
44
The hackers who allegedly breached the security at #MGM’s casinos this month originally planned to manipulate the software running the slot machines, and “recruit mules to gamble and milk the machines”. #ScatteredSpider.
4
22
52
A cyber terrorist has taken control of the nation’s healthcare system. Communications are down, bringing hospital and medical operations to a grinding halt. Enter Portage County’s ham radio group.
0
21
51
What's claimed to be a database of #RaidForums users is being shared on Exposed. Some users have supposedly been removed. Who and why is not clear, and nor is it clear where the database came from.
2
17
49
#Cl0p has listed TD #Ameritrade and claims that data from both it and #EY will be published on Monday (presumably, Monday 10th July). #MOVEit stats:. Victim count: 214.Individuals impacted: 17,589,273. 1/2
1
22
50
New #ransomware report from @enisa_eu. 623 incidents analyzed between May 2021 and June 2022.~10TB exfiltrated/month.>58% of leaks had GDPR personal data.>60% may have paid ransom.Lack of reliable data = problem.
0
22
48
The URL for REvil's old leak site now redirects to a new one, which lists both old and seemingly new victims. And they're recruiting. h/t @pancak3lullz @S0ufi4n3 1/2
2
17
51
The data that was leaked in the #MPS #ransomware incident included "campus rape cases, child abuse inquiries, student mental health crises and suspension reports." 🧵1/.
2
29
44
A #ransomware operation phoned a victim and subsequently published the audio as well as a copy of the negotiation. #dragonforce
3
16
48
As a reminder, #Conti has cockroach-like survival skills and has bounced back from security scares in the past [unfortunately].
2
10
45
It seems the Cronos team plan to release the identity of LockbitSupp on 2024-02-23 at 07:00:00 UTC.
4
1
47