x
These days cloud application developers are also security engineers. There has been a push for developers to build applications at scale, meaning they are becoming ops engineers and database engineers as well as security engineers. However, most developers are not security experts. This has led to DevSecOps practices where developers are given training, tools, and processes to build and deploy more secure cloud-based applications. The emerging concept of cloud-native application protection (CNAP) is helping with this process. CNAP platforms can continuously scan workloads and configurations to find and resolve security issues.
Zloader malware, a tool often used to deliver ransomware, is now being spread through malicious Google ads, according to Microsoft. The malware is a key part of the cybercrime industry and recently popped up on the radar of Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA). CISA yesterday warned that ZLoader was being used to distribute the Conti ransomware service, which pays ransomware distributors a wage rather than a commission for new infections. According to Microsoft, ZLoader operators are buying Google keyword ads to distribute various malware strains, including the Ryuk ransomware.
Cybersecurity researchers have detailed a ransomware campaign that clearly borrows attack techniques used by nation-state-backed hacking and cyber-espionage operations. As eSentire's security research team began to investigate the incident, they said they "discovered some very curious findings, relating to both the threat group behind the attack, as well as the tools and techniques used in the attack". The attack methods used in the attempted ransomware campaign resembled techniques previously attributed to state-backed Chinese hacking operations including Emissary Panda. The low quality of the ransomware and the lack of any known ransomware breaches by this 'Hello Ransomware' raises the question of whether ransomware is the primary goal of the operators.
Marcus & Millichap, a publicly traded real estate investment firm, suffered a recent cyber attack that may have been the work of the BlackMatter ransomware gang, according to a malware sample found on Hatching Triage. The firm revealed in an 8-K filing with the SEC Monday that it "had been subject to a cybersecurity attack on its information technology systems." Marcus & Millichap claimed that the firm had seen no evidence of a data breach, and it did not identify the attack as a ransomware incident. However, a BlackMatter ransomware sample on Hatching Triage, discovered by Valéry Marchive of TechTarget sister site LeMagIT, showed a ransom note that suggested a connection between the sample and Marcus & Millichap.
The number of businesses planning to move business-critical applications from on-premises onto the cloud has spiked this year, despite growing concerns over potential cybersecurity incidents, new research has found. A report from Equinix polling 2,600 IT decision-makers across the Americas, Asia-Pacific, and EMEA found that 37% of firms currently have plans to move business-critical apps to the cloud, up 11% year-on-year. At the moment, more than half of all IT infrastructure is estimated to already be in the cloud, despite cybersecurity concerns, with almost four in five of respondents in the UK saying that moving to the cloud is a top priority.
The White House is taking additional steps to encourage ransomware victims to alert the federal government, just as the hackers behind those attacks are threatening victims from doing so. The moves mark an escalation between the Biden administration, which has vowed to crack down on criminal hackers who try to extort Americans, and ransomware gangs, which have proven resilient to efforts to stop them. The Treasury Department on Tuesday warned victims of ransomware attacks that paying off hackers may violate U.S. sanctions.
The FBI refrained for almost three weeks from helping to unlock the computers of hundreds of businesses and institutions hobbled by a major ransomware attack this summer, even though the bureau had secretly obtained the digital key needed to do so, according to several current and former U.S. officials. Deploying the key immediately could have helped the victims, including schools and hospitals, avoid millions of dollars in recovery costs, analysts estimate. But the FBI wanted to hold onto the key in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off.
Siemens Energy has launched a new solution for monitoring and responding to cyberthreats against the Industrial Internet of Things. As IoT continues to accelerate and operational technology becomes smarter, companies need to make sure they manage and secure endpoints and industrial networks to mitigate the risk of damage, data theft, and disruption caused by external entities. Siemens said a new offering, dubbed Eos.ii – not to be confused with the blockchain protocol EOS.IO – is an artificial intelligence and machine learning Security Information and Event Management (SIEM) platform that "provides CISOs with an evergreen foundation for industrial IoT cybersecurity." The platform collects and collates data flows from IIoT endpoints for use by security teams, with insights brought together in one interface.
Iowa-based provider of agriculture services NEW Cooperative Inc. has been hit by a ransomware attack, forcing it to take its systems offline. The BlackMatter group that is behind the attack has put forth a $5.9 million ransom demand. The farming cooperative is seen stating the attack could significantly impact the public supply of grain, pork, and chicken if it cannot bring its systems back online. The farming organization says its software powers about 40 percent of grain production and feed schedules of 11 million farm animals. And, as such, US federal government regulators like CISA may soon step in should the cooperative's systems not come back online soon.
Epik has now confirmed that an "unauthorized intrusion" did in fact occur into its systems. The announcement follows last week's incident of hacktivist collective Anonymous leaking 180 GB of data stolen from online service provider Epik. The leaked data dump contains 15,003,961 email addresses belonging to both Epik's customers and non-customers, and not everyone is pleased with the news. This occurred as Epik had scraped WHOIS records of domains, even those not owned by the company, and stored these records. In doing so, the contact information of those who have never transacted with Epik directly was also retained in Epik's systems. Data breach monitoring service HaveIBeenPwned has now begun sending out alerts to millions of email addresses exposed in the Epik hack.
Ransomware is one of the fastest-growing cybersecurity attacks. One of the factors that makes these threats especially intimidating is that the costs can be far-reaching. While it’s common knowledge that ransomware can be expensive for the companies victimized by them—with costs tending to focus on lost business, ransom paid, consultant fees, etc.—there are also lesser-known financial impacts. Some are not related to security, but CISOs and other security leaders need to be aware of these potential costs when it comes to justifying investments in security that could protect against ransomware. Some of these lesser-known costs include: keeping the business running, higher cyber insurance fees, loss of customer trust and marketing and PR investments.
Sonatype released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. In 2021 the world witnessed an exponential increase in software supply chain attacks aimed at exploiting weaknesses in upstream open source ecosystems.
A proposed $1 billion addition to the $3.5 trillion economic package would go to the Federal Trade Commission (FTC) for the purposes of establishing a digital division that focuses on privacy issues, cybersecurity incidents and other matters that center on online services and platforms. The full scope of the bill includes “unfair or deceptive acts or practices relating to privacy, data security, identity theft, data abuses, and related matters.” Should the measure pass, it would increase the FTC’s budget by nearly 30% over the coming decade. The agency has struggled with regulation of Big Tech at times due to a simple lack of resources.
Apple introduced a pop-up window for iPhones in April that asks people for their permission to be tracked by different apps.Google recently outlined plans to disable a tracking technology in its Chrome web browser. And Facebook said last month that hundreds of its engineers were working on a new method of showing ads without relying on people’s personal data. The developments may seem like technical tinkering, but they were connected to something bigger: an intensifying battle over the future of the internet. Driven by online privacy fears, Apple and Google have started revamping the rules around online data collection.
IBM Security X-Force published its latest Cloud Security Threat Landscape report, spanning Q2 2020 through Q2 2021. While sampling scanned cloud environments, in every case of a penetration test performed by X-Force Red, the team found issues with either credentials or policies. Two-thirds of cloud security incidents could have been avoided if the configuration of apps, databases, and security policies were correct. Misconfiguration, API errors or exposure, and oversight in securing cloud environments have also led to the creation of a thriving underground market for public cloud initial access. IBM's report also states there has been an increase in vulnerabilities impacting cloud applications, with close to half of over 2,500 reported bugs being disclosed in the past 18 months.
Quantum computing start-up IonQ has signed off a new collaboration with consulting giant Accenture, in a move that shows once more that the technology is coming further out of the lab and into the business strategies of forward-looking executives. The partnership will see IonQ and Accenture join forces to help other businesses assess how quantum computing could help improve their outcomes. The collaboration between Accenture and IonQ is reflective of increasing interest in quantum computing among businesses. According to Accenture, business spending on quantum computing will surge from $260 million in 2020 to $9.1 billion by 2030.
Year after year, the number of data breaches affecting entities in the healthcare industry rises, and 2020 was no exception. The 616 data breaches reported this past year to the US Department of Health & Human Services have resulted in the exposure or compromise of 28,756,445 healthcare records. Most of these breaches were caused by hackers and improper IT security, as ransomware gangs continue to target organizations whose security has been stretched thin even more than usual. According to the latest IBM Cost of a Data Breach report, human error accounted for approximately 30% of all healthcare breaches in 2020. To minimize that percentage in the coming years, healthcare organizations should properly train providers, nurses and administrators, as well as enact policies focused on recognizing and blocking malicious emails, credential sharing and mobile device usage.
Ransomware has become a top concern for organizations large and small as high-profile incidents have grabbed headlines. Nonprofit charitable organizations have been targeted as well – and in some cases, law enforcement has been unable to assist. According to a SonicWall threat report, ransomware attacks grew by 62 percent between 2019 and 2020, and recent events have suggested that remote and hybrid work creates new attack surfaces for ransomware to take hold. Data is paramount to the function of nonprofits. That data is often sensitive in nature, potentially including identifying information on donors and beneficiaries of services. Nonprofit leadership is a crucial piece of the puzzle and can ensure that concerns about security like ransomware are heeded throughout the organization.
Famous camera maker Olympus claims it is investigating a potential cybersecurity incident that’s affected its computers across the European, Middle East and Africa regions. However, an anonymous source familiar with the incident told TechCrunch that Olympus is grappling with a ransomware attack that began on September 8, 2021. In its statement put out on Saturday, September 11, Olympus did acknowledge that it first detected “suspicious activity” on September 8. Ransomware expert and threat analyst at Emsisoft, Brett Callow, believes the attack seems to be orchestrated by BlackMatter. BlackMatter is a new ransomware-as-a-service (RaaS) threat actor, which the cybersecurity community claims to have risen from the ashes of the notorious DarkSide RaaS operator.
Conducting an online survey of 50 C-suite and other executives in June 2021 about cyber threat detection and response, Deloitte found that almost 87% expected the number of cyberattacks targeting their organizations to increase over the next 12 months. Further, 65% of the respondents cited ransomware as their greatest security concern over the next year. However, only some are fully ready for such an attack, specifically just 33% said they've run simulated ransomware attacks to prepare themselves for this type of incident. Kieran Norton, Deloitte Risk & Financial Advisory's infrastructure security solution leader, recommends five questions to ask yourself to prepare for a ransomware attack.
Two healthcare organizations have begun sending out breach notification letters to thousands of people in California and Arizona after both revealed that sensitive information – including social security numbers, treatment information and diagnosis data – were accessed during recent cyberattacks. LifeLong Medical Care, a California health center, is sending letters to about 115,000 people about a ransomware attack that took place on November 24, 2020. Arizona-based Desert Wells Family Medicine was forced to send out a similar letter to 35,000 patients after they too were hit by a ransomware attack that exposed sensitive patient information.
Despite ransomware threats making headlines on an almost daily basis, most organizations are still clueless about how to recover from such an attack, a report from Dell Technologies has found. Its 2021 Global Data Protection Index, based on a global survey of 1,000 IT decision-makers, found that more than two-thirds aren’t confident their business-critical data could be recovered in case of a ransomware attack. A similar proportion (62%) believe their current security solutions aren’t strong enough to protect data from malware and ransomware threats, adding that the rising number of remote workers only makes it more challenging.
HP released an HP Wolf Security report titled "Rebellions & Rejection." The findings detail employee pushback due to company cybersecurity policies and operational drawbacks for IT teams overseeing these networks. 76% of respondent IT teams said "security took a back seat to continuity during the pandemic," 91% felt "pressure to compromise security for business continuity" and 83% believe remote work has "become a 'ticking time bomb' for a network breach." The switch to remote work has also led companies to adopt new policies regarding telecommuting with these rules ranging from home office requirements to internet speeds and security standards.
Amazon today announced the general availability of Amazon EKS Anywhere, a deployment option for Amazon EKS that enables companies to create and operate Kubernetes clusters on-premises using VMware vSphere. EKS Anywhere provides an installable software package for creating and operating Kubernetes clusters on-premises, as well as automation tooling for cluster lifecycle support. EKS Anywhere also provides the ability to integrate with third-party tools in other areas, like networking and security.
Microsoft plans on spending $20 billion in cybersecurity over the next five years. However, there’s a Catch-22 in the fact that more spending hasn’t meant better defense. Microsoft president Brad Smith is focused on spending more as a way to deal with cybersecurity’s big spending problem. One of the biggest reasons cited by Smith and other cyber experts for the disconnect between cyber spending and return on investment in the form of better protection comes down to labor. The lack of cybersecurity professionals is not a tech sector problem but a significant problem across all major industries.
The UK's National Cyber Security Centre (NCSC) this week said zero trust has become a "very fashionable term" in the tech world. To address the slipperiness of its definition, NCSC has outlined a few traps and pitfalls that organizations running a zero trust migration should be mindful of. NCSC acknowledges that not every organization will be ready to adopt a zero trust architecture. It also stressed it isn't a standard or specification, but rather "an approach to designing a network" — meaning it can be difficult to know if you're doing it right. NCSC also lays out five reasons why zero trust might be a good philosophy to adopt.
While much of The European Union’s General Data Protection Regulations (GDPR) have been incorporated into UK law, it’s still important to consider what has changed in terms of how companies – particularly UK-based ones – ensure compliance to data protection regulations. It was argued in 2017 by Index Engines that GDPR puts personal data back in the hands of citizens. No matter what has changed, one challenge will remain: organizations’ ability to find business and legal-critical information within their vast unstructured data stores. With this top of mind, there is arguably a need for Wide Area Network acceleration to gain the ability to find and move data around at high speed by mitigating latency and packet loss.
Most of the data economy underpinning common products and services is invisible to shoppers. As your data gets passed around between countless third parties, there aren’t just more companies profiting from your data, but also more possibilities for your data to be leaked or breached in a way that causes real harm. Data ends up being used in surprising ways—intentionally or not—such as in targeting ads or adjusting interest rates based on race. Consumer data privacy laws can give individuals rights to control their data, but if poorly implemented such laws could also maintain the status quo.
Italy has faced a barrage of cyberattacks in recent weeks. Ransomware campaigns have hit big corporations such as the energy company Enel Group, Campari, Geox, Tiscali, Luxottica, and hospitals such as the Spallanzani in Rome and the San Raffaele in Milan – albeit with limited results. These, and other episodes, have been a wake-up call for Italian politicians and common citizens alike on the necessity to improve the country's cyber defenses. Thanks to the EU-funded National Recovery and Resilience Plan, this is set to change. Total funding for the plan amounts to €261 billion.
The number of ransomware attacks surged by 288% between the first and second quarters of 2021 as double extortion attempts grew, according to the latest data from NCC Group. Analyzing incidents dealt with by its own Research Intelligence and Fusion Team (RIFT) throughout 2021, the firm claimed nearly a quarter of data leaks in the second quarter came from the Conti group. Conti typically gains initial network access to victim organizations via phishing emails, it claimed. Next came Avaddon, which accounted for 17% of incidents, although this variant is now thought to be inactive. Unsurprisingly, 49% of victims with known locations in Q2 were based in the US, followed by 7% in France and 4% in Germany.
Researchers discovered a novel ransomware emerging on the heels of the ProxyShell vulnerabilities discovery in Microsoft Exchange servers. The threat, dubbed LockFile, uses a unique “intermittent encryption” method as a way to evade detection as well as adopting tactics from previous ransomware gangs. Discovered by researchers at Sophos, LockFile ransomware encrypts every 16 bytes of a file, which means some ransomware protection solutions don’t notice it because an encrypted document looks statistically very similar to the unencrypted original.
Bangkok Airways has apologized for a data breach involving passport information and other personal data in a statement to customers. The company said that it discovered a "cybersecurity attack which resulted in unauthorized and unlawful access to its information system" on August 23. The company said an investigation revealed that the names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, partial credit card information and special meal information for passengers of the airline had been accessed. The attackers were not able to affect Bangkok Airways' operational or aeronautical security systems, according to the statement, and the Royal Thai police have been notified of the incident.
APIs today prove their value by driving new digital business revenue growth and transforming decades-old business models. Such APIs have also become a fast-growing threat vector and a nexus of what Forrester calls “API insecurity.” The enterprise needs to approach APIs from a zero-trust security paradigm. As real-time APIs displace traditional approaches to integration and development, it is important to work toward a zero-trust approach that does not rely on perimeter-based security methods. Forrester’s recent API Insecurity: The Lurking Threat In Your Software report points out that protecting APIs with perimeter-based security fails to stop attacks’ increasing severity and sophistication.
Another cybercriminal gang notorious for ransomware attacks has shut down, publishing its decryptor online to allow victims unlock and recover files. The Ragnarok gang, also known as Asnarok, closed up shop this week, publishing the news to their public website, according to a post published Thursday by analyst firm Recorded Future’s The Record, among other sources. As a parting “gift,” the group released their decryptor, hardcoded with a master decryption key, for free as well on the portal. Previously, the site was primarily the place where Ragnarok would publish data from victims who refused to pay ransom. Several security researchers have confirmed that the Ragnarok decryptor works, according to the post. It’s currently being analyzed and researchers will eventually release a clean version that is safe to use on Europol’s NoMoreRansom portal.
Ransomware attacks are going to get worse – and one could eventually take out the infrastructure of an entire 5G-enabled smart city, a cybersecurity expert has warned. Cyber criminals deploying ransomware regularly target government services. Not only do public sector IT budgets mean networks are less secure against attacks, but said networks are also used to provide vital services to the community. While connected cities have the potential to improve urban services, any lack of security in IoT devices could make them a very appealing target for ransomware attacks – and, given the current ransomware climate, it's not a matter of if, but when.
Some of the world's leading technology companies, including Google and Microsoft, have earmarked billions of dollars to help raise the cybersecurity stance of the industry as a whole following a meeting with US President Joe Biden. Earlier this week, the President met with CEOs from over two dozen companies from various sectors, ranging from insurance to IT, to solicit their help in beefing up cybersecurity efforts. In addition to setting up a cybersecurity task force, the administration has also asked law enforcement agencies to treat ransomware attacks no different from terrorist attacks.
Most ransomware attacks begin with a compromised employee email account, something that in turn happens through some combination of phishing and social engineering. An enterprising ransomware gang in Nigeria appears to be skipping this messy step, simply making a direct pitch to employees of target companies to join in on the attack for a cut of the profits. The group has offered employees $1 million in bitcoin as part of a proposed $2.5 million ransom, asking them to install the DemonWare ransomware on the organization’s Windows computers or servers using their privileged credentials. Employees appear to be solicited via their LinkedIn profiles, and are not sent the full pitch unless they reply to an initial message indicating interest.
The Federal Bureau of Investigation's Cyber Division has issued a flash warning over an organized cyber-criminal gang calling itself OnePercent Group. In a TLP: WHITE alert published Monday, the FBI said the group has been targeting companies in the United States since November 2020. OnePercent's modus operandi is to use the threat emulation software Cobalt Strike to perpetuate ransomware attacks. The infection process begins in the victim's inbox. After accessing a victim's computer, OnePercent encrypts their data and exfiltrates it from the network using rclone. A virtual ransom note is left that tells the victim they have one week from the date of infection to make contact with the ransomware group.
A recent Synack Report claims that combining cybersecurity talent and AI-enabled technology results in 20x more effective attack surface coverage than traditional methods. It’s common knowledge that AI can analyze colossal quantities of data at speed and augment under-resourced security operations. Yet, people also know the dangers that AI can pose, which explains why 96% of CEOs have already started preparing for AI-powered cyber-attacks, according to an MIT Tech Review report. To adequately explain AI’s actual value in the cybersecurity industry, it’s necessary to comprehend current cybersecurity challenges.
The number of data breaches in Australia arising out of ransomware attacks grew by 24% during the first half of 2021, underscoring the growing threats posed by the global proliferation of ransomware in recent years. According to the Office of the Australian Information Commissioner’s (OAIC) latest Notifiable data breaches report, the number of data breaches arising from ransomware incidents increased from 37 notifications in the last reporting period to 46. In total, the OAIC received 446 data breach notifications from January to June 2021, with 43% of these breaches resulting from cyber security incidents.
Phishing may be the most common cybersecurity threat in the UK, but it could be only a matter of time before ransomware snatches the crown, a report from cybersecurity firm CybSafe suggests. Analyzing data provided by the Information Commissioner’s Office (ICO), CybSafe noted that phishing was to blame for most incidents so far this year, making up 40 percent of all cases reported to the ICO. At the same time, ransomware attacks made up 22 percent of all incidents reported, surging from 11 percent last year. Of all the different industries, the education sector seems to have it worst, as ransomware accounted for 32 percent of all attacks in H1 2021, up from 11 percent a year ago. CybSafe believes education became a prime target due to remote learning. Education aside, retail and manufacturing firms are still prime targets, accounting for 20 percent of all reported incidents.
Researchers are warning of a new ransomware variant spreading globally via exploitation of the “PetitPotam” vulnerability partially patched by Microsoft last week. Symantec said the “LockFile” variant was first spotted on July 20 in an attack on a US financial services organization and has subsequently targeted at least ten corporate victims around the world up to August 20. Attacks begin by accessing victims’ Microsoft Exchange servers, although this vector isn’t yet clear. First discovered by a French researcher around a month ago, PetitPotam is an NTLM relay attack vulnerability that an attacker can use with low privileges to take over a domain controller. It’s been reported that Microsoft’s Patch Tuesday fix for the bug has not fully patched the vulnerability.
The Barracuda Network has just released a report that notes ransomware attacks have increased by 64% this year. This might be a result of the increased vulnerabilities occurring due to COVID-19 and the like, and a lot of these attacks are targeting places like hospitals, where the frequency with which attacks are occurring on critical infrastructure is increasing quite a bit. It is important to note that about 57% of ransomware attacks were corporations that worked on things like infrastructure, financial services and travel. The number was just around 18% last year, which means that the people behind these attacks are focusing more on corporations and industries that work in these sectors with all things having been considered and taken into account.
Australian businesses are not keeping up with the data privacy expectations of their customers when digitising their offering, according to a new Heart Matters study announced by SAP Southeast Asia. The study reports that when it comes to data protection, organizations fall short of expectations by up to 50%. More than four in five consumers want transparency into how their personal data is being used, but only 34% have been shown accountability. The study adds that the expectation among Australians is higher than the APAC average expectations of three quarters (74%). The majority (84%) of Australians expect that organizations will not share their data with a third party. However, only just over a third believe that the information they shared with a business has kept it secure.
The lure of quickly making large sums of money is attracting interest from across the cyber-criminal spectrum, from sophisticated gangs specialising in ransomware attacks, to affiliate schemes where wannabe ransomware kingpins can lease out ransomware as a service in exchange for a cut of the profits. It has also attracted low-level cyber criminals, who see an opportunity to grab a slice of the ransomware pie – even if they have little idea what they're doing. Cybersecurity researchers at Abnormal Security have detailed an amateur ransomware campaign using social engineering in an attempt to fool employees into installing DemonWare ransomware on their organization's network, in return for a slice of the payout.
Ransomware attacks increased 64% over the past year, targeting municipalities, health care, education, infrastructure, and more, according to Barracuda Network’s annual ransomware report. Ransomware attacks have surged in 2021. Cybercriminals are also expanding their targets, shifting focus to critical infrastructure and deep-rooted software supply chain attack campaigns, which can cause long-lasting devastation. In the past 12 months, Barracuda researchers have identified and analyzed 121 ransomware incidents, a 64% increase in attacks, year over year.
The SynAck ransomware group, which recently changed its name to El_Cometa, has released the master decryption keys to its ransomware that was used to infect victims from 2017 to early 2021. Creator of the ID Ransomware service and malware analyst at Emsisoft, Micheal Gillespie, confirmed the authenticity of the master decryption keys by using them to decrypt files from previous SynAct attacks. The group decided to release the master decryption keys for its old victims because it is in the process of winding down its SynAck operation as it ramps up work on its new ransomware strain, El_Cometa.
Nearly half of US hospitals have disconnected their networks in the past six months due to ransomware, according to a new study from Philips and CyberMDX. Respondents who admitted to shutting down networks due to ransomware were a mix of those who did so proactively to avoid a damaging breach and those forced to do so because of severe malware infection. Respondents who admitted to shutting down networks due to ransomware were a mix of those who did so proactively to avoid a damaging breach and those forced to do so because of severe malware infection.
A new report from cybersecurity company Mimecast found the increasing use of email brings the potential for a rise in cyberattacks. The report states that almost two-thirds of financial services organizations believe it’s either likely, extremely likely, or inevitable that they will suffer an email-borne attack this year. In the past twelve months, email volume at financial services companies rose 81 percent, and the number of attacks rose in tandem. Despite the obvious threat, companies are doing very little to protect themselves. Less than half organize security awareness training for their employees at least once a month, and 47 percent said they don't have a cyber-resilience strategy.
A recent report from HHS cited a total of 82 ransomware incidents so far this year worldwide with 60% of them impacting the United States health sector. Hospitals now account for 30% of all large data breaches at an estimated cost of $21 billion in 2020 alone. The study surveyed 130 hospital executives in IT and information security roles, as well BioMed technicians and engineers. 48% of hospital executives reported either a forced or proactive shutdown in the last 6 months as a result of external attacks or queries. However, more than 60% of hospital IT teams have “other” spending priorities and less than 11% say cybersecurity is a high priority spend.
Ransomware attacks have skyrocketed, and ransomware payments are the comet trails that have followed them skyward. The average ransomware payment spiked 82 percent year over year, now over half a million dollars. Researchers found what’s helped to intensify extortion payments is the fact that cybercriminals have been pouring money into highly profitable ransomware operations, including a new, disturbing trend – the rise of quadruple extortion. Researchers observed ransomware groups commonly using as many as four techniques to turn the thumbscrews on victims: encryption, data theft, DoS, and harassment.
Password reuse is still widespread among employees across the globe and training initiatives are only making a “negligible difference”, a new report from identity and access management company My1Login suggests. My1Login found that almost two-thirds of employees use the same passwords for both private and business accounts. Furthermore, the company found that almost all workers know what a strong password looks like, but just half use one. After receiving training, 85 percent of employees still reuse the same passwords, compared to 91 percent of those without training.
Accenture, counted amongst the world’s largest IT consultancy firms, has confirmed that its network has been breached by the LockBit ransomware. The news of the attack, first reported by CNBC Senior Washington correspondent Eamon Javers on Twitter, has since been confirmed by Accenture itself. Accenture is the latest of the high-profile victim of ransomware operators who are now actively targeting billion-dollar corporations. In fact the number of ransomware attacks in 2021 has already surpassed last years’ total since businesses aren’t averse to paying the threat actors to prevent data leaks. Notably, while LockBit didn’t initially put up any proof of the stolen data, Javers tweeted that the group published over two thousand documents after the expiry of the initial countdown.
Organizations have become more security conscious over the course of the pandemic, leading them to invest heavily in zero trust, according to a study from identity firm Okta. The report surveyed over 600 global security leaders about their initiatives and found that remote work has led to a change in how organizations view the importance of zero trust, with financial services, healthcare organizations and the software industry seeing the most significant progress. 78% of companies globally say that zero trust has increased in priority and nearly 90% are currently working on a zero trust initiative.
Blockchain platform Poly Network has fallen victim to what is likely to be the largest cryptocurrency heist in history, with hackers making away with over $610 million worth of Ether, Binance, and USDC tokens. The attack, which took place on Tuesday, saw cyber criminals exploit a vulnerability in Poly Network’s contract system. The hacker exploited a vulnerability between contract calls and the exploit was not caused by the single keeper as rumoured. The hacker took advantage of the _executeCrossChainTx function in order “to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract.”
When looking to steal data, cybercrime groups rarely care about the organization’s size, and as time goes by, the cost of these data breaches only rises. However, while large enterprises may survive the financial fallout of a major data breach, that can’t be said for most small and medium-sized businesses. A new report from cybersecurity experts Acronis claims the average cost of a data breach is now roughly $3.56 million. At the same time, the average ransomware payment rose by a third, to more than $100,000.
When government lockdowns forced workers to stay home en masse for much of 2020, one technology was there to pick up the pieces. Without the three main cloud computing models, software-, platform- and infrastructure-as-a-service, it’s unlikely many organizations would have survived those dark days. But as data and users migrated to the cloud in vast numbers, those same platforms quickly became a major target for attack. According to one study, 90 percent of global CXOs reported an increase in cyberattacks in the early days of the pandemic, and 98 percent saw an increase in security challenges in the first two months of the shift to remote work. Much of this will undoubtedly have been cloud-related.
A cyberattack has brought down an Italian COVID-19 vaccine-scheduling website. Italian authorities said cybercriminals attacked the technology systems of the Italian region of Lazio. The attack appears to be part of a supply-chain campaign that also affected other companies in Italy. Cybercriminals have recognized that the demand for COVID vaccines presents a wealth of opportunities due to the number of people flocking to be protected and the personal data required even to book a time and date to receive the vaccine.
Advanced Technology Ventures, a Silicon Valley venture capital firm with more than $1.8 billion in assets under its management, was hit by a ransomware attack in July that saw cybercriminals steal personal information on the company’s private investors, or limited partners (LPs). ATV believes the names, email addresses, phone numbers and Social Security numbers of the individual investors in ATV’s funds were stolen in the attack.
Businesses are growing increasingly reliant on Amazon Web Services (AWS), but with all the good, businesses must also face the bad. This is according to a new report from threat detection and response company Vectra AI, which says that the rise of cloud means greater complexity and more security blind spots. Basing its conclusions on a poll of 317 IT executives using AWS, most of which came from organizations with at least 1,000 employees, Vectra AI says 64 percent of DevOps respondents are deploying new workload services weekly, if not faster.
We have moved from worms in the early 2000s, to botnets and cyber weapons like Stuxnet in the period to 2012, and are now facing a huge rise in ransomware as a service, alongside nation-state-sponsored attacks, organised crime, hacktivists, and disgruntled insiders or angry customers. This ever-adapting horizon forced the National Cyber Security Center – a part of GCHQ – to refresh its 10 Steps to Cyber Security guidance in May. The publication assists FTSE 350 companies, and others, in understanding the upcoming challenges and how to deal with them.
In just half a year, the entire ransomware volume for 2020 has been met and exceeded, a new report from cybersecurity company SonicWall states. According to the report, global ransomware volume hit 304.7 million in the first half of 2021, surpassing last year's full total of 304.6 million. Most of the time, the malicious actors targeted government (917 percent increase), education (615 percent), healthcare (594 percent) and retail (264 percent). However, malicious actors also came up with new tools. SonicWall says it identified “record numbers” of never-before-seen malware.
Ransomware attempts continue to accelerate this year with the attacks on Colonial Pipeline, Kaseya, and JBS Meat Packing signaling bad actors’ intentions to go after large-scale infrastructure for cash. Patch management techniques lack contextual intelligence and historical data needed to model threats based on previous breach attempts. As a result, CIOs, CISOs, and the teams they lead need a more data-driven approach to patch management that can deliver adaptive intelligence reliably at scale. The White House recently released a memo encouraging organizations to use a risk-based assessment strategy to drive patch management and bolster cybersecurity against ransomware attacks.
Attacks on the oil and gas industry have increased over the last quarter with the Colonial Pipeline ransomware incident being a key driver. According to a new report by Obrela Security Industries, the oil and gas sector was one of the only industries to experience a consistent increase in attacks on its systems. The industry saw an 18% increase in attacks on its users and endpoints, a 22% increase in attacks on its cloud environments, and a 12% increase in attacks on its IT infrastructure. There was also a 29% increase in attacks on its system and perimeter defenses, a 14% increase in web attacks, and a 22% increase in APT and malware attacks.
Sontiq released the Mid-Year 2021 Cybercrime Report, which highlights five key trends and the 2021 data breaches that pose the highest level of risk to victims. This report analyzes more than 1,300 data points of a data breach to assess the risk level and assign a 1 through 10 score. The top five trending cybercrimes found were: small business threats, attack methods, incident types, senior targeting, and family protection. Sontiq’s BreachIQ also identified nine data breaches as the most serious of the year thus far and rated them on a scale of 1 through 10.
A new analysis of platforms including AWS, Google and Salesforce, involving 200,000 identities and hundreds of millions of cloud assets reveals that 43 percent of all cloud identities sit abandoned and unused. The report from Varonis points out that this also means they are exposed and vulnerable, making an organization a target for account takeovers.
Data breaches now cost companies a total of $4.24 million per incident on average, according to the Cost of a Data Breach Report, conducted by Ponemon Institute and analyzed by IBM Security. The global study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year. The new findings suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.
Hackers accessed Mint subscribers’ account information and ported mobile numbers to another carrier, the company disclosed. Mint notified the affected customers through a data breach notification, dating the compromise between June 8, 2021, and June 10, 2021. The company, however, claimed that only a small number of Mint mobile subscribers were affected.
A team of researchers at Rensselaer Polytechnic Institute is creating new artificial technology techniques that protect algorithms from vulnerabilities such as contaminated data, malicious attacks, or independent algorithm interference to improve patient care.
Saudi Aramco has admitted to indirectly leaking sizable amounts of data pilfered from one of its third-party contractors in a cyberattack, which surprisingly doesn’t appear to involve the use of malware like ransomware. In an emailed statement to the Financial Times, the world’s largest oil producer confirmed a breach had occurred earlier this week, but added the incident did not originate on its computers, and has had no impact on their operations.
The Lake County Health Department and Community Health Center (LCHD) in Illinois is currently notifying over 700 individuals impacted by a recent healthcare data breach exposing protected health information (PHI), including COVID-19 vaccination status. On July 9th, LCHD started notifying the 705 individuals about the data breach, according to a statement.
Based on statistics collected by the Identity Theft Resource Center, personal data breaches this quarter have risen 38% over last quarter, from 355 compromises to nearly 500. Conversely, the number of individuals impacted has fallen 20%. The most popular threat vectors were phishing, ransomware, or malware attacks, and the healthcare and finance sectors were the hardest hit. Next in line was the manufacturing and utility industry, likely due to an increase in automation and IOT tech in this sector, giving intruders numerous points of entry.
Morgan Stanley reported that hackers accessed its customers’ sensitive information in a third-party data breach. In a July 2 letter to the New Hampshire Attorney General’s office, the bank disclosed that hackers had accessed customers’ records in the Accellion hack. Morgan Stanley is among the hundreds of customers compromised via the Accellion FTA vulnerability first reported in December 2020.
Since GDPR came into effect in May 2018, 43% of UK businesses have been reported to the Information Commissioner’s Office over a breach, either actual or potential. This is according to a new report from encrypted storage company, Apricorn. The company found that a third of the companies notified the ICO themselves, while a tenth were reported by somebody else. A further 9% of the respondents said they didn’t know if the breach had been reported or not.
Cyber watchers are stuck with more questions than answers after the notorious REvil ransomware gang, which had become a locus of U.S.-Russia conflict, mysteriously dropped offline. The disappearance came less than two weeks after the Russia-based criminal group took credit for the mammoth Kaseya attack, which locked up the information of up to 1,500 organizations over the Fourth of July weekend.
Despite high adoption rates of cloud native technologies in recent years, enterprises have yet to cross the chasm to full adoption, but they’re quickly moving in that direction, according to initial results of a survey released by Canonical. The survey found that while 45.6 percent of respondents report using Kubernetes in production, only 15.7 percent use Kubernetes exclusively. The report, which is still open for participation, has surveyed 1,200 global IT professionals so far on more than 40 topics about their usage of Kubernetes, bare metal, VMs, containers, and serverless applications.
The pandemic paved the way for expanded remote work possibilities, but companies looking to ensure employees remain on the job while at home have led some to consider technologies to digitally monitor worker activity, in some cases through AI. Those initiatives come laden with thorny privacy concerns, legal landmines and, more than likely, stiff resistance from employees themselves—a recent report from IT research firm Gartner indicates 10% of workers would try to trick AI-driven tracking systems.
Twitter today has shared a few more ideas it’s thinking about in terms of new features around conversation health and privacy. This includes a one-stop “privacy check-in” feature that would introduce Twitter’s newer conversation controls options to users, and others that would allow people to be more private on the service, or to more easily navigate between public and private tweets or their various accounts.
Hybrid and multi-cloud architectures are all the rage in enterprise IT infrastructure. But enabling the flexibility to deploy the right tool for each task requires a complex set of technologies that interlinks all the varied assets. That creates a bigger attack surface for hackers. The more services you rely on to run your business, the harder it is to keep track of how secure they all are.
Data leaks happen once every few months at least. Millions of users can have their phone number, address, and Social Security Number smeared across the internet in a matter of seconds. Your online browsing behavior is also sold legally by tech companies to the highest bidder. By using services geared towards privacy, we can jointly prevent both sources of danger to our private information – that is, data leaks and data harvesting.
In mid-June, Senator Kirsten Gillibrand reintroduced a new version of her bill, the Data Protection Act of 2021, that would create a new independent, executive-level government agency, the Data Protection Agency (DPA). The DPA would "protect Americans' data, safeguard their privacy, and ensure data practices are fair and transparent." In addition to creating privacy rules and enforcing federal-level rules, the DPA would reach out to organizations to promote data protection and encourage the adoption of model privacy and data protection standards, guidelines and policies.
Failing to keep company secrets such as credentials, API tokens and SSH keys secure is costing organizations millions each year according to a new report from the business password management company 1Password. The high-tech ecosystems used by today's businesses involve thousands of vulnerable secrets which are often spread out across multiple services with little or no visibility or auditability. To avoid falling victim to a data breach, these secrets must be encrypted and delivered to machines and services safely. However, 1Password's report shows there is still a lot of progress to be made when it comes to securing secrets
Since the onset of the pandemic, hybrid working has become an almost universal phenomenon. The sudden and unforeseen shift to hybrid working has had profound implications on the cyber-threat landscape. When an organization moves data and/or applications into the cloud, security teams have to reshape their security policies. In the last 12 months, there were more data breaches than in the last 15 years combined. Fortunately, there are various robust strategies to help organizations shift to hybrid working safely.
According to Kaseya's newly released 2021 IT Operations Report, the top three priorities for tech professionals are improvement of security, cloud migration and automation to increase IT productivity. The report surveyed nearly 1,000 IT professionals worldwide between April and May 2021 about their top priorities and challenges. The main three challenges are cybersecurity and data protection, lack of IT budgets and resources to meet demands, and legacy systems hampering growth and innovation.
With ransomware attacks skyrocketing, companies are assessing all the potential cyber vulnerabilities they have. Employees are the weakness in most companies' protection, and less-experienced employees are often the most likely to open organizations up to an attack. The problem, according to NTT CEO Matt Gyde, isn't that they don't understand the need for cybersecurity; for younger workers, cybersecurity is ingrained. Rather, their recklessness stems more from their fast-paced approach to work and life.
Every business, large or small, is a target of cybercriminals and should look at minimizing security risks, not simply preventing them. This is essential as more businesses move to the cloud and organizations in Asia largely still lack an urgency in addressing security. Unlike their peers in the US, where enterprises across most sectors consider security as part of their business process, Asia-Pacific companies have yet to do so, said Paul Hadjy, CEO and co-founder of Horangi. Likely distracted by having to keep the business running and day-to-day management, Hadjy noted that Asia-Pacific organizations generally did not regard security as topmost on their agenda.
Since the onset of the pandemic, the FBI has seen cyberattacks jump by at least 300%. As the office space entered the home, more workers became lax with their cyber precautions. Twenty percent of U.S. companies reported a security breach tied to a remote worker, according to a report by Malwarebytes. The May attack on the Colonial Pipeline is believed to have originated through the compromising of an employee password that allowed hackers to infiltrate company accounts. This method continues to serve as a hacking model, with Nobelium, the Russian group responsible for the SolarWinds attack, targeting more than 150 other organizations using malicious email downloads.
New data security rules governing how money changes hands in the US have gone into effect today, forcing major digital money processors to render deposit account information unreadable in electronic storage. Starting on June 30, if an account number is used for any ACH payment – consumer or corporate – it must be rendered unreadable while stored electronically, according to NACHA, which added that any place where account numbers related to ACH entries are stored is in the rule's scope.
As more and more consumers embrace new methods of payment on e-commerce sites, questions over cybersecurity have become even more critical for businesses. In a Mastercard survey on new payments, conducted across 18 markets globally, a majority of consumers polled said they were willing to consider emerging payment methods such as digital or mobile wallets, QR codes and even cryptocurrencies. Threats over cyber security have become a growing concern as more people turn to online payments.
Major gaps in skills and tools are leaving enterprise-run 5G networks open to security risks, according to a new report. The latest Securing 5G Era Private Networks report, published by the GSMA, found that 48% of surveyed operators cite not having enough knowledge or tools to discover and solve security vulnerabilities as a top challenge. According to the report, a quarter of enterprises that haven’t amended their cyber security practices don’t feel security concerns are their responsibility.
When you plan a cloud strategy, you probably think about factors such as cost, performance, and security. Cloud data sovereignty should be an equally important consideration when planning to move to the cloud–but it’s also one that can complicate cloud strategies in ways businesses don’t fully anticipate. Cloud data sovereignty is the concept that data stored in the cloud is subject to the laws and regulations of the country or other jurisdiction that has authority over the relevant cloud infrastructure.
Data from 700 million LinkedIn users is now up for sale on the dark web, according to a report by RestorePrivacy. The personal information comes from a major breach of the social network, the second incident of this kind this year. The data breach leaves affected people at risk of phishing attacks, identity theft, and other security-related issues. RestorePrivacy reports that a hacker advertised data from 700 million LinkedIn users on June 22, 2021. The same hacker also posted a sample of the data from one million people to show its authenticity.
Concentric, a data security company, captured user data in production deployments from companies in the technology, financial, and healthcare sectors to reveal how organizations create, use, and manage data. The number of overshared files rose 450 percent compared to the same quarter in 2020, highlighting the significant impact of the pandemic and remote work on data security. The company scanned more than 110 million unstructured data files to discover business-critical and sensitive documents that are overshared via link sharing, inappropriate external sharing, internal permission misconfigurations, and incomplete/incorrect document classifications.
A misconfigured cloud database exposed over 800 million records linked to WordPress users before its owner was notified, according to Website Planet. Security researcher Jeremiah Fowler explained that the trove was left online with no password protection by US hosting provider DreamHost. The 814 million records he found were traced back to the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018.
President Biden's executive order on cybersecurity outlined an ambitious agenda, propelled forward by a flood of concern over a series of critical system compromises — but turning ideas into implementation will be heavy work. Federal agencies will need to develop clear, actionable standards on a breathtakingly fast timeline, said panelists convened yesterday by public policy research nonprofit R Street Institute. Officials will also have to overcome historic wariness around information sharing if they wish to improve collaboration with the private sector.
Splunk delved deeper into the security realm this week when it released its new Splunk Security Cloud, a security operations platform that consists of security analytics, automated security operations, and integrated threat intelligence. The move to a cloud-based platform reflects Splunk’s recognition that the migration to remote work last year caught many companies off-guard, leaving security teams struggling to keep up with an “evolving threat landscape and disparate tools and skill sets,” said Jane Wong, vice president of product management and security at Splunk.
The work-from-home revolution ushered in by COVID-19 has created new challenges for businesses looking to monitor their employees’ productivity and behavior without violating their privacy. Of 1,249 global IT and security professionals recently surveyed by Ponemon Institute, 65% of respondents said their organizations have increased their monitoring of remote workers due to the perceived risk they pose to sensitive data. Furthermore, only 31% of respondents said their organizations have been effective or very effective at protecting sensitive information while still achieving their operational goals.
It has been widely accepted by now that cloud computing is not just computing for the future but is the most effective computing for now in terms of easy deployment, flexibility and even costs. The result is that most enterprises over the past 5 years have moved to the cloud and access whatever applications they need through private or public clouds. Notwithstanding the advantages of cloud, it also leaves a lot of enterprises with a lot of legacy applications that cannot be just ripped out or decommissioned by many of them to still play a significant role in the enterprise or contact data reservoirs that have not been migrated to the cloud.
Virtually all businesses experienced at least one cloud data breach in the past 18 months, a new survey has claimed. Conducted by IDC on behalf of cloud infrastructure security company, Ermetic, the survey discovered that 98% of the surveyed companies admitted to experiencing at least one cloud data breach in the past 18 months, compared to 79% last year. More worryingly, a sizable majority (67%) reported experiencing upwards of three such cloud breaches.
Security operations teams have a data management problem: The volume of security alerts they have to process is so high they can miss signs of an attack. In the first Voice of SecOps report from security vendor Deep Instinct, 86% of respondents said tools driven by data science — which includes artificial intelligence, machine learning, and deep learning — would make a significant impact in preventing unknown threats and reducing false positives. Deep Instinct’s Voice of SecOps report explored strategic threats, overarching priorities, and day-to-day challenges experienced through the lens of security operations teams.