Tag Archive for: Businesses

Nigerian Businesses Face Growing Ransomware-as-a-Service Trade

/in


Ransomware-as-a-service looks set to fuel an increase in cyberattacks in Nigeria in the coming year, even as operational disruptions and recovery efforts already cost billions of Nigerian naira, or millions of US dollars, in 2023.

The National Cyber Threat Forecast 2024 from the Cyber Security Experts of Nigeria (CSEAN), a nonprofit championing cybersecurity awareness in Nigeria, reports that ransomware groups and other malware variants — such as ALPHV, 0XXX Virus, DJVU, and the Cobalt Strike exploit toolkit — affected big swathes of both public- and private-sector organizations in the African country in 2023.

For example, one “notable regulatory agency” fell victim to the Mallox ransomware, “exploiting a Microsoft vulnerability in their public-facing digital systems,” the study noted, although there was no detail on which agency it was.

Ransomware-as-a-Service

Ransomware-as-a-service (RaaS) is a business model where ransomware developers sell or lease their variants to other cybercriminals, known as affiliates, who do the grunt work of planting malware by either exploiting software vulnerabilities or phishing.

RaaS allows would-be cybercriminals to launch sophisticated cyberattacks, according to the report. “Factors like the use of outdated or unpatched software and systems, reliance on cracked software, insufficient proactive monitoring, and unaddressed security vulnerabilities contributed to the success of these attacks,” CSEAN noted. “The accessibility of ransomware-as-a-service and the success of previous campaigns suggest a persistent and growing threat.”

Potential mitigations in the face of an increased threat of ransomware attacks include prompt patching, avoiding unauthorized software and rolling out stronger monitoring practices through intrusion detection systems.

“Adopting these proactive cybersecurity measures is essential to lessen the anticipated impact of the expected surge in ransomware attacks,” according to CSEAN.

CSEAN is not the first cybersecurity organization to report that Nigeria has become a hub of ransomware attacks. During the first half of 2023, Nigeria saw a 7% increase in ransomware attack attempts on individual and corporate users compared with the…

Source…

Strategies for Businesses in the Phase of Growing Cyber Extortion Threats

/in


In the rapidlyadvancing digital age, businesses find themselves in an ongoing struggle against an invisible adversary called ransomware attacks. As cyber threats become more sophisticated and frequent, organizations are under increasing pressure to fortify their defenses and develop robust strategies to counter the growing menace of cyber extortion.

Ransomware, malicious software designed to block access to a computer system or files until a ransom is paid, has evolved into a pervasive and lucrative method for cybercriminals to exploit vulnerabilities in organizational networks. The consequences of falling victim to such attacks go beyond financial losses, encompassing severe operational disruptions, reputational damage, and compromised sensitive data. In fact, human error stands out as a primary entry point for ransomware attacks.

Therefore, in order to mitigate the risk, organizations are investing in comprehensive cybersecurity awareness training for employees. They are educating staff about the dangers of phishing emails and suspicious links, as well as the importance of robust password practices to reduce the risk of falling victim to ransomware.

Mr. Pallav Agarwal, Founder and CEO, HTS Solutions Pvt. Ltd., believes that ransomware resilience has become a significant concern as businesses navigate an era marked by escalating cyber threats. The growing sophistication of cybercriminals demands a proactive approach to safeguarding sensitive data and critical systems. As a result, in order to combat the menace of ransomware, businesses must adopt multi-faceted strategies. This is where updating and patching software, operating systems, and security applications regularly surfaced as significant ways to close the potential entry point for ransomware attackers.

Automated patch management systems streamline this process, ensuring timely updates and a more secure digital infrastructure. Furthermore, putting strong endpoint security in place—including cutting-edge antivirus and anti-malware software—offers a crucial line of defense against constantly changing cyber threats. Having current, safe backups is crucial in case of a ransomware attack. Thus, by regularly backing up important…

Source…

The Impact Of Ransomware On South African Businesses In 2023

/in


On top of everything else South African businesses have to worry about, ransomware attacks are becoming more and more of a problem. And an expensive one.

An independent survey commissioned by Sophos reveals that a staggering 78% of South African organisations fell victim to ransomware attacks in the past year, marking a substantial increase from the 51% reported in the previous year’s survey.

This surge surpasses the global average of 66%, highlighting the pressing need for businesses in the region to address the ransomware threat effectively.

Ransomware root causes and attack vectors

Exploited vulnerabilities emerged as the predominant root cause of ransomware attacks in South African organisations, contributing to 49% of incidents. Compromised credentials followed closely, constituting the second most common attack vector, affecting 24% of organisations.

These findings underscore the critical importance of regularly patching vulnerabilities and implementing robust identity and access management practices to mitigate these threats effectively.

A concerning 89% of ransomware attacks in South Africa resulted in data encryption, surpassing the global average of 76%. Furthermore, data theft occurred in 35% of these cases, exceeding the global average of 30%.

However, there is a silver lining: 100% of South African organisations successfully retrieved their encrypted data, slightly outperforming the global average of 97%. This emphasises the importance of maintaining secure and accessible backups.

Ransom payments and recovery

While 45% of South African organisations opted to pay the ransom, this rate showed a slight decline from the previous year’s 49%. Globally, the average ransom payment rate in 2023 stood at 47%. Notably, 24% of South African organisations adopted multiple recovery methods simultaneously, demonstrating the importance of having diversified recovery strategies in place.

One revelation of particular note from the survey was the disclosure of a ransom exceeding $5 million (R97.3 million) paid by one organisation (although it wasn’t named). Excluding ransom payments, the average cost for South African organisations to recover from ransomware attacks…

Source…

Stop that hack: Cybersecurity tips for individuals and small businesses

/in


Big casinos aren’t the only ones that stand to lose from a cyberattack.

“It is inevitable,” says Russell Short, owner of Las Vegas-based cybersecurity company SYN Cyber.

“With the advent of AI technology, that’s going to help [hackers] craft more sophisticated phishing emails. And that’s the number one way of getting in,” he explains, adding that the popularity of working from home also brings new network vulnerabilities to businesses.

Short’s company is a managed service provider that helps with network and cloud security, IT support and security awareness training. He shared a few tips to protect yourself and your business from getting hacked.

Know how to spot phishing and bad links

The No. 1 method of attack is phishing, Short says, which is why awareness is so important. Phishing is a form of social engineering that attempts to get users to give up personal information or click a link that contains malware. It can take the form of an email that appears to be from a legitimate sender, a phone call or text.

Even when surfing the web, users should always verify that a link will take them where they want to go.

“Say you’re looking for espn.com, or Amazon. It’s good to hover over the link and then in the bottom left corner, it’ll show the URL you’re going to. Double-verify to make sure that it is indeed going to amazon.com and not ‘amaz0n’ with a zero instead of an O, or misspelled words.”

The same goes for a link in an email—verify that it will take you where you want to go by hovering over the link and looking at the bottom left corner of the screen.

Strong passwords

You’d be surprised just how easy it is to hack an account with a weak password, Short says. Certified Ethical Hackers like SYN Cyber have tools that can be used to test the strength of passwords: “If they have a weak password—just a dictionary word and a number and one exclamation point—we crack those in under two seconds.”

Short recommends having a password with 10-15 characters that is not a dictionary word and has upper and lowercase characters and numbers. “If you remember your passwords, they’re not strong enough,” he says, adding that people should not recycle…

Source…