Tag Archive for: blocks

Data protection in 2023 was all about resilience – Blocks and Files

/in


Recovering from data loss and ransomware are the gifts that keep on giving … for data protection suppliers, that is.

Compared to a year ago, there is now more data to protect and more threats against it, making favorable market conditions for the suppliers. The data protection world in 2023 was dominated by dealing with cyber resilience, extending backup’s remit to cover SaaS applications, and seeking new archive technologies to fix tape’s flaws.

Virtually every backup supplier has now added security features to protect against ransomware and other malware attacks on data. Cyber resilience is the name of the backup game, and resilience is starting to look like an over-used word. For example:

  • Veeam describes itself as the home of radical resilience. 
  • Cohesity says: “Protection is one thing. Resilience is everything.”
  • Commvault claims it “gives you an unfair advantage to ensure resilience in the face of ransomware and other advanced threats in today’s hybrid world – and tomorrow’s.”
  • Druva says it is “the industry’s leading SaaS platform for data resiliency, and the only vendor to ensure data protection across the most common data risks backed by a $10 million guarantee.”
  • Rubrik greets its website visitors with this message: “Rubrik Security Cloud delivers complete cyber resilience.”
  • Veritas tells its site visitors: “We have a reputation for reliability at scale, which delivers the resilience our customers need against the disruptions threatened by cyberattacks, like ransomware.”

To keep protected data resilient, suppliers typically offer immutable backups and backup health checks, providing known good files, for example. Focus has extended from ransomware attack prevention to ransomware attack recovery, with some guarantees that such recovery is dependable.

No magic anti-malware silver technology bullet was announced in 2023 by any supplier – because there isn’t one.

SaaS app protection

Technology additions were sought by SaaS app protectors, spearheaded by HYCU. It realized that many SaaS applications stored customer data that was not protected by the provider or by data…

Source…

Backblaze warns of AI-assisted cyber threats – Blocks and Files

/in


Humans are often the weakest link in a corporate network and the entry point for ransomware attackers, a factoid that underscores the necessity for persistent vigilance against this growing cyber threat.

A stark reminder of this was today presented by cloud storage provider Backblaze in its 2023 Complete Guide to Ransomware report. The latest edition of this annual report states:

“This year’s most important update has been the rise of generative AI for increasingly sophisticated, automated phishing attempts… Text generated by models like ChatGPT help cybercriminals create very personalized messages that are more likely to have the desired effect of getting a target to click a malicious link or download a malicious payload.”

A ransomware-infected PC

Traditionally, phishing messages were relatively easy to identify, often featuring spelling errors, grammatical mistakes, and awkwardly constructed sentences. With the aid of software like ChatGPT, however, “criminals can enter a prompt to quickly receive error-free, well-written, and convincing copy that can be immediately used to target victims.”

The report provides a comprehensive review of ransomware’s prevalence, attack vectors, the sequence of events during an attack, and the necessary steps for responding to an attack. It stops short of suggesting foolproof methods to prevent attacks from breaching IT infrastructure, as no solution that is 100 percent reliable exists.

The best measures involve proactive steps: ensuring robust IT user education and having an efficient recovery system in place to restore encrypted files from uncorrupted backups. If sensitive data has been exfiltrated, however, the options are limited.

Ransomware diagram
B&F diagram

Malware attack vectors can be either human or machine-mediated, each designed to deliver malware into IT systems, encrypting files or copying them for transmission to attacker HQ. Victims someimes pay a ransom, often in cryptocurrency, to decrypt their files or prevent widespread distribution.

The caveat, of course, is that dealing with cybercriminals doesn’t guarantee a successful outcome even after paying a ransom. Backblaze’s report warns: “Paying the ransom only…

Source…

Internet services company Cloudflare blocks Kiwi Farms citing ‘targeted threats’

/in


Internet hosting and security services provider Cloudflare said Saturday that it would block Kiwi Farms, a website associated with harassment campaigns against transgender people.

The announcement puts the future of the fringe internet forum in doubt, though some of its members had already anticipated that Cloudflare could act and began to explore other options.

When attempting to visit Kiwi Farms’ website Saturday evening, an error message appeared that said: “Due to an imminent and emergency threat to human life, the content of this site is blocked from being accessed through Cloudflare’s infrastructure.”

The move comes after Cloudflare became the subject of a pressure campaign by a trans Twitch streamer who has been a target of abuse by Kiwi Farms users.

The streamer, Clara Sorrenti, known to fans as Keffals, responded Saturday in a tweet. “Cloudflare has dropped Kiwi Farms. Our campaign will put out a statement soon,” she said.

Cloudflare CEO Matthew Prince’s announced the move in a blog post and did not mention Sorrenti by name, but said that abuse from Kiwi Farms had intensified in response to her campaign.

“This is an extraordinary decision for us to make and, given Cloudflare’s role as an Internet infrastructure provider, a dangerous one that we are not comfortable with,” Cloudflare’s statement said.

“However, the rhetoric on the Kiwifarms site and specific, targeted threats have escalated over the last 48 hours to the point that we believe there is an unprecedented emergency and immediate threat to human life unlike we have previously seen from Kiwifarms or any other customer before.”

On Friday, NBC News reported that Sorrenti is one of Kiwi Farms’ growing list of targets, and that their harassment techniques could become a playbook against political enemies as the 2024 U.S. presidential election nears.

Kiwi Farms owner Josh Moon did not immediately respond to a request for comment Saturday from NBC News. A post on the Kiwi Farms Telegram account said Cloudflare’s decision was “done without any discussion.”

“The message I’ve received is a vague suspension notice. The message from Matthew Prince is unclear,” the post stated. “If there is any threat to…

Source…

Google blocks 30+ malicious domains used by hack-for-hire groups

/in


Google LLC’s Threat Analysis Group said today it has blocked more than 30 malicious domains linked to hack-for-hire groups from Russia, India and the United Arab Emirates.

The hack-for-hire firms have been actively targeting Gmail and Amazon Web Services Inc. accounts, among others, to carry out corporate espionage attacks against companies, human rights activists and journalists. The groups are said to take advantage of known security flaws when undertaking campaigns opportunistically.

Unlike commercial surveillance vendors who generally sell a capability to hack accounts to an end user to operate, hack-for-hire groups conduct the attacks themselves. Some hack-for-hire groups openly advertise their products and services to anyone willing to pay, while others work more discreetly, selling to a limited audience.

In one example, the researchers observed Indian hack-for-hire groups working with third-party private investigative services to provide data exfiltrated from a successful operation. The breadth of targets in hack-for-hire campaigns is said to stand in contrast to government-backed operations, which often have a more precise delineation of a mission and marks.

As a result of the research, all identified websites being used by the hack-for-hire groups have been added to Google’s Safe Browsing feature to protect users from further harm. The researchers also encourage users to enable Advance Protection and Google Account Level Enhance Safe Browsing to ensure that all devices are updated.

Google’s CyberCrime Investigation Group also shared the relevant details and indicators with law enforcement.

“We applaud Google’s Threat Analysis Group for taking action on these malicious domains used by hacker-for-hire groups,” Sean McNee, chief technology officer at cyber threat intelligence company DomainTools LLC, told SiliconANGLE. “These domains are a part of a larger concerted effort by APTs or other well-funded adversaries to achieve their desired outcomes via outsourced malicious activity.”

McNee explained that because hiding domain registration and infrastructure creation is becoming easier, network defenders need to move faster and be more nimble to track…

Source…