April 2024
DHS’s Cyber Safety Review Board has taken Microsoft to task for security failures that allowed a mid-2023 cyber attack by Chinese hackers that compromised government email accounts.
February 2024
US Pharmacy Outage Triggered by ‘Blackcat’ Ransomware at UnitedHealth Unit
Hackers gained access to Change Healthcare’s information technology systems, leading to disruptions in prescription deliveries at pharmacies across the United States.
January 2024
Russian Spies Brute Force Senior Microsoft Staff Accounts
The compromised email accounts were not protected with multi-factor authentication – a major oversight for those involved. A password spray attack was used to gain access to accounts.
January 2024
LoanDepot Breach: 16.6 Million People Impacted
Lender LoanDepot (NYSE: LDI) said Monday that roughly 16.6 million people were impacted by a ransomware attack earlier this month. As part of its incident response, the company shut down certain systems and launched an investigation.
October 2023
MGM, Caesars face 9 lawsuits in wake of cyberattacks
Two major casino-resort operators face federal lawsuits in the wake of social engineering cyberattacks that exposed the personal information of thousands of customers. Lawsuits allege negligence and failure to follow FTC guidelines
August 2023
Tesla Says Insiders Leaked Employees’ Data
In a striking example of insider threat, a breach notification letter reveals that Tesla experienced a data leak involving personal information on more than 75,000 employees, including addresses, phone numbers, and Social Security numbers.
June 2023
Amazon Duped Millions in Prime Enrollment Scam, Says FTC
The FTC has filed a complaint accusing Amazon of tricking consumers into enrolling in its automatically-renewing Prime membership program while also making its cancellation process complicated and difficult for consumers to cancel.
February 2023
Two U.S. School Districts Hit with Ransomware Attacks This Week
School districts in Tucson, Arizona, and Nantucket, Massachusetts, are working to mitigate the impact of ransomware attacks on their networks, with Nantucket schools forced to close. Schools have been targeted with these attacks for years due to IT budget constraints.
January 2023
Media Apps Most Likely to Be Targeted by Threat Actors, Says Study
Apps used by the media industry to carry out jobs were found to be more than four times likely than average to have a “critical vulnerability,” according to research by penetration testing company Software Secured. Data and analytics industry apps came in second.
November 2022
Cybercrime Is Being Commercialized to Mimic Corporations
Ransomware operators are adopting best business practices, allowing the cyber threat landscape to reach new levels of commercialization and convenience for attackers. Barriers to entering cybercrime are disappearing, with attackers of any skill level finding easy entry.
August 2022
WTI is honored and excited to announce that we have been awarded a Federal Aviation Administration (FAA) Electronic FAA Accelerated and Simplified Tasks (eFAST) Master Ordering Agreement contract. We are so grateful for the hard work, expertise, and superior performance of our team at WTI.
July 2022
The action is pursuant to the Department of Justice’s Civil Cyber-Fraud Initiative, announced in October 2021, that holds individuals or entities accountable for putting U.S. information or systems at risk, including through the misrepresentation of their cybersecurity practices or protocols.
March 2022
Why Vendors Can’t Wait for CMMC to Raise Their Cyber Standards
In the wake of the Russian invasion of Ukraine, officials from the Department of Defense and security agencies are urging U.S. companies to bolster their cybersecurity postures and increase vigilance.
December 2021
Criminal Hackers Are Now Going After Phone Lines, Too
The digital telecommunications industry is scrambling to protect itself from attacks from criminal groups threatening to flood digital phone lines with traffic to take them offline unless targeted companies pay a ransom.
December 2021
Russian Group Behind SolarWinds Incident Ramping up Hacking Efforts, Analysis Says
The group known as “Nobelium” or “UNC2452,” responsible for one of the largest cyber espionage incidents in US history, has intensified its efforts and continued to target governments and businesses.
November 2021
CMMC 2.0 to Pare Down Cybersecurity Requirements for Contractors
Following nine months of internal review, the Department of Defense has revamped its Cybersecurity Maturity Model Certification, with major changes announced to the structure, scope and requirements of the program.
November 2021
Ransomware Attacks Increased 148% in Q3 2021, Showing No Signs of Slowing
Ransomware attacks continued on an upward trend through 2021, with year-end totals for attacks predicted to be near 714M. This aggressive growth makes 2021 the most active year on record for ransomware attacks.
November 2021
Why Companies Don’t Test Their Readiness for Cyberattacks More Often – But Should – November 2021
Limited budgets and penetration testing inefficiencies cause obstacles for companies to perform the cybersecurity testing they require, but with emerging cyber threats, the pressure is on to prioritize a security strategy.
July 2021
Kaseya Says up to 1,500 Businesses Compromised in Massive Ransomware Attack
Kaseya stated that 50 of their direct customers were breached in the attack with hundreds more companies impacted through Kaseya’s IT services. The ransomware gang REvil demanded a $70M payment to restore data.
June 2021
One Password Allowed Hackers to Disrupt Colonial Pipeline
A legacy Virtual Private Network (VPN) system lacking 2-factor authentication left the company’s infrastructure highly vulnerable to the ransomware attack that led to gas shortages in portions of the South and the East Coast.
November 2020
National Oceanic and Atmospheric Administration (NOAA)
WTI is thrilled and honored to announce that we have been awarded a National Oceanic and Atmospheric Administration (NOAA) Mission Information Technology Services (NMITS) Multiple-Award Blanket Purchase Agreement contract. We are extremely grateful for the hard work, complementary IT expertise, and powerful past performance of our incredible team.
November 2020
GSA Includes CMMC Requirements in Governmentwide Acquisition Contracts
The General Services Administration (GSA) will be including Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) requirements in the new Polaris small business governmentwide contract (GWAC), the second of GSA’s large contracting vehicles to include them, following 8(a) STARS III. The GSA’s concept is that CMMC will not be a firm requirement for the GWAC, but the language allowing the option to require CMMC will be included at the master contract level so that DoD customers can incorporate CMMC requirements in individual task orders. This will allow DoD customers to continue to utilize GSA GWACs as CMMC is rolled out over the next several years.
August 2020
Ransomware Attack Jeopardizes Production of 300 COVID-19 Ventilators Per Day
Boyce Technologies, Inc., an FDA-approved manufacturer of ventilators during the COVID-19 pandemic, has been attacked with DoppelPaymer ransomware. The ransomware gang has threatened to leak stolen data from the company, including purchase orders, assignment forms and other sensitive data, unless an undisclosed ransom is paid by the firm. Ransomware and file encrypting malware attacks on companies serving the healthcare sector have been on the rise since the beginning of the COVID-19 pandemic. Prior to this attack, Boyce Technologies was producing around 300 ventilators a day that have been used in New York and increasingly in other areas. This attack potentially puts production of the ventilators – and lives – at risk.
June 2020
Cybersecurity Maturity Model Certification (CMMC)
While the Cybersecurity Maturity Model Certification (CMMC) is still a work in progress, the CMMC Accreditation Body (CMMC-AB) is coming close to finalizing its processes for training and accreditation, and action will soon be underway. WTI is staying in communication with the CMMC-AB, following the rapidly updated information coming from the CMMC-AB through its National Conversations series, and readying our assessors to begin the training and certification process so that our company can begin taking the lead as a CMMC Certified Third-Party Assessment Organization (C3PAO). In the meantime, we are helping defense industrial base (DIB) contractors with gap analyses, documentation inventories, policy assessments, and plans for remediation so that they will be prepared for certification as soon CMMC goes into play.
May 2020
Cybersecurity Trends
In 2020, mobile devices are becoming the prime phishing attack vector as hackers increasingly employ machine learning techniques and view the cloud as a fertile ground for compromise.
March 2020
CDC, IRS and Other Government Sites Hit by Phishing Scams
Phishing campaigns to lure citizens to fake websites are nothing new, but in our current environment, fraudsters are launching targeted efforts to spoof Americans into handing over their banking credentials in return for pandemic relief payments.