☕ Ransomware goes corporate

To:Brew Readers

IT Brew // Morning Brew // Update

December 28, 2022

TOGETHER WITH

Happy Wednesday! We at IT Brew hope you got everything you wanted this year—even that $350 transparent keyboard that makes your computer look like an aquarium. May your 2023 be filled with fast networks, few help-desk requests, and the hardiest of hardware.

In today’s edition:

Hacker of the month

The worst defense

—Billy Hurley, Tom McKay, Patrick Lucas Austin

RANSOMWARE

Hack in at 9, hack out at 5

A person uses a computer in a darkened office.

Fangxianuo/Getty Images

When the average ransomware payment is over $900k, one might expect a degree of organization among cybercriminals to handle that kind of cash. What might not be expected: an arrangement that resembles your office—complete with HR and an employee-of-the-month award.

A March 2022 report from the cybersecurity services provider Check Point revealed the inner workings of the Conti ransomware group. Leaks showed that Conti—an active crew in the first half of 2022—handled their affairs with familiar corporate features, including a hiring process, salaries, and bonuses.

The office-like approach demonstrates that ransomware has become a professional, team-coordinated enterprise—one that supports malicious hackers with easier-than-ever ways of deploying attacks.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

TOGETHER WITH DELL

IT’s almost midnight

The bubbly’s flowin’ and the midnight countdown is startin’. Maybe you’ve even got a special someone to smooch. But what about your biz’s tech infrastructure? Is it ready to support next year’s growth (and challenges)?

It should be, and Dell can help. They’ll revamp your IT stack with top-of-the-line servers built to help you accelerate digital growth, improve customer experience, and stay ahead of the new year.

Even if your IT setup isn’t stuck in the past, there’s always room for improvement, whether you’re running a single server or a data center. Dell’s servers take away the tech headaches so you can grow and scale.

Don’t toss your New Year’s resolutions to the back burner. Revamp your IT infrastructure with products and solutions from Dell Technologies, powered by Intel® here.

RISK MANAGEMENT

Defense pretense

A clip from the movie War Games showing a computer monitor asking if anyone wants to play a game of global thermonuclear war.

War Games/United Studios via Giphy

The vast majority of US defense contractors are failing to meet bare-minimum cybersecurity requirements imposed five years ago, according to a Merrill poll commissioned by managed security provider CyberSheath.

The 2017 Defense Federal Acquisition Regulation Supplement (DFARS) considers a contractor to be in perfect compliance with the federal government’s cybersecurity expectations if they have a score of 110 on a scale called the Supplier Performance Risk System (SPRS). Virtually none of them are even close, the poll of 300 Department of Defense contractors found.

In fact, less than 13% reported an SPRS score of 70 or above. That’s the number the company says is commonly referred to within the industry as “good enough.” The average score was −23 out of a lowest possible rating of −203, presenting “significant opportunity for improvement.”

According to the survey, defense contractors have failed to implement basic standards. A sampling:

30% have security information and event management (SIEM)
27% have an endpoint detection response solution (EDR)
20% have a vulnerability management solution
21% have multi-factor authentication (MFA)

It should go without saying that the defense sector is one of the top targets for hacking campaigns.

“The world’s largest supply chain—that is, defense contractors supporting the Department of Defense—is largely noncompliant with their mandatory cybersecurity requirements,” CyberSheath CEO Eric Noonan told IT Brew.

Keep reading here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

TOGETHER WITH DELL

Break out the bubbly. Another 365 days for the record books! It’s time to celebrate. What better way to ring in the new year than revamping your IT infrastructure? Dell can help you modernize your tech to drive innovation, increase security, level up your customer experience, and stay ahead of 2023. Learn more about Dell Technologies products and solutions, powered by Intel® here.

PATCH NOTES

picture of data with "Clean Me" written on it + bottle of cleaner in front of it

Francis Scialabba

Today’s top IT reads.

Stat: 78%. That’s the percentage of business leaders who plan to invest in tech for their companies next year. (IBM)

Quote: “They knew my name before I told them...And they told me I was not allowed to be there.”—the mother of a Girl Scout who was escorted from a Rockettes Christmas show after being recognized by facial recognition software as working at a law firm “pursing active litigation” against the owner of Radio City Music Hall, Madison Square Garden Entertainment (NBC New York)

Read: This is what happens when ChatGPT writes your AP English assignment. (the Wall Street Journal)

WHAT ELSE IS BREWING

Okta’s source code was reportedly stolen from private GitHub repositories.
This eye-catching keyboard has its own screen.
A new strain of ransomware bypasses Exchange blocking rules.
Apple has added a feature to AirTags to “minimize the risk from stalkers.”

ICYMI

Check out the IT Brew stories you may have missed.

SHARE THE BREW

Share IT Brew with your coworkers, acquire free Brew swag, and then make new friends as a result of your fresh Brew swag.

We're saying we'll give you free stuff and more friends if you share a link. One link.

Your referral count: {{profile.vars.referral_count}}

Click to Share

Or copy & paste your referral link to others:
morningbrew.com/it/r/?kid={{profile.vars.referral_code}}

Written by Billy Hurley, Tom McKay, and Patrick Lucas Austin

Was this email forwarded to you? Sign up here

{if !contains(profile.lists,"Marketing Brew") || !contains(profile.lists,"Future Social") || !contains(profile.lists,"CFO Brew") || !contains(profile.lists,"HR Brew") || !contains(profile.lists,"EmTech Brew") || !contains(profile.lists,"IT Brew") || !contains(profile.lists,"Retail Brew") || !contains(profile.lists,"Healthcare Brew")}

Take The Brew to work

{/if}

Marketers: {if !contains(profile.lists,"Marketing Brew")} Marketing Brew {/if} {if !contains(profile.lists,"Future Social")} Future Social {/if}
Corporate: {if !contains(profile.lists,"CFO Brew")} CFO Brew {/if} {if !contains(profile.lists,"HR Brew")} HR Brew {/if}
Tech: {if !contains(profile.lists,"EmTech Brew")} Emerging Tech Brew {/if}
Retailers: Retail Brew
Healthcare: Healthcare Brew

{if !contains(profile.lists,"Daily Business") || !contains(profile.lists,"Money Scoop") || !contains(profile.lists,"Money With Katie")}

Get smarter in just 5 minutes

{/if}

Business News: Morning Brew
Money & Career: {if !contains(profile.lists,"Money Scoop")} Money Scoop {/if} {if !contains(profile.lists,"Money With Katie")} Money With Katie {/if}

Business education without the BS

Programs in Business Essentials, Analytics, and Leadership

Interested in podcasts?

Check out ours here

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.