Dateline reports for CISOs and IT security teams covering ransomware, zero day vulnerabilities, DDoS attacks, password breaches, cyberwarfare activity, and more. Credit: Thinkstock Global cybercrime damages are predicted to exceed $6 trillion annually by 2021, up from $3 trillion in 2015. The first quarter cybercrime diaries, published by Cybersecurity Ventures, have hit the stands, breaking down cybercriminal activity by category.Reading through the diaries, one might wonder if the $6 trillion figure is an underestimate. The cybercrime diaries are a series of blogs that provide CIOs, CSOs, CISOs and IT security teams with bulleted datelines and high-level summary commentary on the most noteworthy cybercriminal activity in a quarterly period.CyberwarfareWikiLeaks dumped confidential documents from the CIA on the internet and the NSA was stung by the indictment of one of its former contractors who stole 500 million pages of documents, according to the Cyberwarfare.com diary.News about Russian hacking of the 2016 U.S. presidential election forced the President’s national security adviser to resign and the U.S. Attorney General to recuse himself from any investigations into Russian election meddling. A Microsoft executive called on nations to hold a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace.More… Data breachesFast food chains Arby’s and McDonald’s Canada were among the prominent brands hit by data breaches during the first three months of 2017 – and Wendy’s was the target of a lawsuit stemming from a data breach, according to the Data Breach Report diary.Neiman Marcus settled a data breach lawsuit for $1.6 million and Home Depot settled one for $25 million.The largest breaches in early 2017 included the compromise of the voting records of 55 million Filipinos, the leak of 33.7 million email addresses from Dun & Bradstreet and news that 6 million accounts were hacked at South African cinema company Ster-Kinekor.Meanwhile, IBM reported that 4 billion records were exposed worldwide in 2016, more than the previous two years combined.More…DDoS attacksDDoS attacks plagued schools, governments, web hosts, media sites, and organizations globally in the first quarter of 2017, according to the DDoS Attack Diary. Researchers at one vendor discovered 3,700 DDoS attacks per day. Another vendor reports the U.S. is ranked No. 1 and accounts for 24 percent of DDoS attacks globally.Multi-vector attacks are the most complex type of DDoS attack, and they are on the rise. They use a combination of different DDoS attack tools and approaches which are merged together to halt the target. Cyber defenders should expect a proliferation of multi-vector attacks in the coming months.Most disconcerting is the increased throughput of DDoS attacks, leading to greater downtime and damages on the victims.More… Hack blotterCybercrime arrests lead to more prison sentences for hackers globally, according to the Hack Blotter diary.Arrests and convictions for cyberattacks on citizens, email and social media accounts, banks, retailers, and airports persisted in the first quarter of 2017.Numerous perpetrators were nabbed in connection with ATM hacks, which continue to be a lucrative target for cybercrooks.Local police and government cybercrime squads continue to invest heavily into the pursuit, capture, and arrest of hackers.More…Password hacksPassword hacks and stolen identities remain at the epicenter of security breaches, according to the Password News diary.A surge of new developments in biometrics aim to offer solutions to the password problem, but there are no breakthroughs yet. Behind every fingerprint, there’s a passcode credential.Many local media outlets have stepped up their identity theft coverage in order to help consumers understand how to stay safe online.Password management applications, once trusted ways of storing and creating passwords prove that no software application is impervious to attacks.More…RansomwareThe increasingly competitive ransomware ecosystem keeps spawning novel attack vectors, according to the Ransomware Report diary. A series of large-scale extortion campaigns targeted thousands of MongoDB, CouchDB, Hadoop and MySQL servers in the first quarter of 2017.Some crooks have come to make emphasis on customer support, as is the case with the new Spora ransomware. Android crypto infections are starting to employ dropper techniques that used to be isolated to Windows only.To top it all off, police departments, county governments, libraries, schools, hotels and CCTV systems are still as susceptible to ransomware attacks as before.More…Zero-day vulnerabilitiesMicrosoft, Google, and the commercial sector continues to struggle with zero-day vulnerability disclosure policies, according to the Zero Day Diary.Rather than having vendors and tech companies warring with each other, some leaders in the security industry have called for the establishment of industry-wide policies to expedite the discovery, reporting, and patching of zero-day bugs.Short of having a uniform policy, companies like Google follow their own rules.Meanwhile, cybercriminals are earning enormous profits selling zero-day bugs on the black market while governments continue to hoard their knowledge, leaving the commercial sector to fend for itself.More…Cybersecurity Ventures will be releasing the first editions of the IoT Crime Diary and the Dark Web Diary next week.Stay tuned for the Q2 Cybercrime Diaries!Put your diary entry on our Facebook page. Related content feature Cyber NYC boosts the Big Apple's cybersecurity industry New York City Economic Development Corp. launches Cyber NYC to foster public-private partnerships focused on building a vibrant cybersecurity community and talent pool in the largest U.S. city. By Steve Morgan Feb 06, 2018 6 mins Internet Security IT Skills Careers opinion Young girls are society's future cyber crime fighters There are lots of opportunities for girls in cybersecurity. The problem is they don't know what those opportunities are. Parents and guidance counselors can help. By Steve Morgan Feb 05, 2018 5 mins Internet Security IT Skills Careers analysis Why healthcare cybersecurity spending will exceed $65B over the next 5 years Hospitals and healthcare providers remain under cyber attack, causing organizations to spend more to protect their systems and patient data. By Steve Morgan Feb 02, 2018 15 mins Data Breach Cyberattacks Hacking news Cybersecurity M&A deal flow: List of 200 transactions in 2017 Rising tide of mergers and acquisitions in the trillion-dollar cybersecurity market. By Steve Morgan Jan 26, 2018 35 mins Data and Information Security Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe