Tag Archive for: CIO

India saw 53% increase in ransomware attacks in 2022: CERT-In, ET CIO

/in


India saw a 53 per cent increase in ransomware incidents in 2022 (year-over-year) and IT and ITeS was the majorly impacted sector followed by finance and manufacturing, India’s national cyber agency CERT-In has said in its latest report.

Ransomware players targeted critical infrastructure organisations and disrupted critical services in order to pressurise and extract ransom payments in 2022, according to the “India Ransomware Report 2022”.

“Variant wise, Lockbit was a majorly seen variant in the Indian context followed by Makop and DJVU/Stop ransomware. Many new variants were observed in 2022 such as Vice society, BlueSky etc,” said CERT-In.

Last year, a massive ransomware attack disrupted the systems at the All India Institute of Medical Science (AIIMS), crippling its centralised records and other hospital services.

According to the CERT-In report, at the large enterprise level, Lockbit, Hive and ALPHV/BlackCat, Black Basta variants became major threats, whereas Conti, which was very active in the year 2021, became extinct in the first half of the year 2022.

Makop and Phobos ransomware families mainly targeted medium and small organisations. At individual level, Djvu/Stop variants continued dominance in attacks over the past few years,” the report said.

Most of the ransomware groups are exploiting known vulnerabilities for which patches are available.

Some of the product wise vulnerabilities being exploited are in tech companies like Microsoft, Citrix, Fortinet, SonicWall, Sophos, Zoho. and Palo Alto etc, said the report.

“Ransomware gangs are commonly using Microsoft Sysinternals utilities such as PsExec for lateral movements,” it added.

On an average, the restoration time is about 10 days for infections in reasonably large infrastructure networks.

“For smaller networks/infrastructure, the restoration time is around 3 days and for individual systems it is 1 day,” the CERT-In report noted.

Ransomware gangs are becoming innovative in their approach to improve attack operational efficiency.

“Ransomware builders are focusing on speed and performance. Instead encrypting the entire file, a portion of the file is getting targeted for encryption…

Source…

Ex-AWS engineer convicted of hacking data of 100 mn customers, CIO News, ET CIO

/in


FILE PHOTO: 3D printed clouds and figurines are seen in front of the AWS (Amazon Web Service) cloud service logo in this illustration taken February 8, 2022. REUTERS/Dado Ruvic/Illustration/File Photo
FILE PHOTO: 3D printed clouds and figurines are seen in front of the AWS (Amazon Web Service) cloud service logo in this illustration taken February 8, 2022. REUTERS/Dado Ruvic/Illustration/File Photo

A former female engineer of Amazon Web Services (AWS), the Cloud arm of commerce giant Amazon, has been found guilty of hacking into more than 100 million customers’ cloud storage systems and stealing data linked to the 2019 Capital One breach.

Paige Thompson, 36-year-old former tech worker, was convicted in the US District Court in Seattle of seven federal crimes connected to her scheme to hack into cloud computer data storage accounts and steal data and computer power for her own benefit.

She was arrested in July 2019 after Capital One alerted the FBI to Thompson’s hacking activity.

Thompson is scheduled for sentencing by US District Judge Robert S. Lasnik on September 15, the US Department of Justice said in a statement.

“Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,” said US Attorney Nick Brown.

“Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself,” Brown added.

Thompson was found guilty of wire fraud, five counts of unauthorised access to a protected computer and damaging a protected computer. The jury found her not guilty of access device fraud and aggravated identity theft.

“She wanted data, she wanted money, and she wanted to brag,” Assistant US Attorney Andrew Friedman said.

The intrusion to Capital One accounts impacted more than 100 million US customers. The company was fined $80 million and settled customer lawsuits for $190 million.

Source…

Interview: Washington state CIO Bill Kehoe on infrastructure, cybersecurity and more

/in


William “Bill” Kehoe, Washington state chief information officer. (State of Washington Photo)

When William “Bill” Kehoe started his current job as Washington state chief information officer this past August, he entered a gig with a plateful of problems, from cybersecurity issues to broadband equity gaps.

The Gonzaga University grad recently sat down (virtually) with GeekWire contributing editor Mike Lewis to talk about his priorities for 2022. Kehoe has years of experience managing information technology departments in state and local governments including working as CIO in Los Angeles and as King County’s information department director in Seattle.

This interview has been edited for length and clarity.

GW: The infrastructure bill, according to Sen. Patty Murray’s office, will bring a minimum of $100 million to Washington state, likely a lot more. One of the things it would fund is improving broadband access. I want to get your thoughts on broadband access in Washington state.

Kehoe: Before coming to the state of Washington, I was leading a digital equity and strategic planning exercise in L.A. County. So I have some experience in terms of what is needed to really help with the digital divide situation.

There are three pillars of the digital divide, or digital equity, that I think are really important. Broadband is one — and that’s access to the internet. That includes the last mile. Solutions for that can vary from community to community, depending on the needs.

Then the need for devices. If a household doesn’t have broadband access, they might not have devices. If they have devices, they may not understand how to utilize those devices. That’s where digital literacy and having programs available in the community also helps.

I think for broadband, our Department of Commerce will partner with us and other agencies in the state in terms of needs and I think they have some projects lined up. Then we’ll look at this kind of broader digital equity piece as well. But in terms of other uses for the (infrastructure) money, I know that we’re looking at potentially having some help around cybersecurity and our needs…

Source…

HCL Tech announces apprenticeship programme in US, IT News, ET CIO

/in


New Delhi, HCL Technologies has announced its apprenticeship programme in the US, focused on hiring high school graduates for full-time technology jobs that would otherwise be inaccessible. Upon successfully completing the program, apprentices will be offered full-time employment at HCL Technologies and have the opportunity to concurrently pursue a debt-free college education, a statement on late Wednesday said.

HCL’s apprenticeship programme provides full pay and benefits, enabling candidates to begin their technology career in software development and testing, digital and cloud services, infrastructure delivery and engineering — with positions available at multiple global innovation and delivery centers in California, Connecticut, Michigan, North Carolina, Ohio, Pennsylvania, and Texas, it added.

The HCL Apprenticeship is part of Rise at HCL, the company’s North American early career and training programme.

Applications for the first apprenticeships in Frisco, Texas, and Cary, North Carolina, already open.

“At HCL, we understand how vital it is to invest in tomorrow’s technology leaders, and we are thrilled to create opportunities for our apprentices to grow their careers at HCL,” HCL Technologies Executive Vice President Ramachandran Sundarajan said.

This programme furthers the company’s pledge to hire and train the nation’s next generation of skilled technology talent – while freeing them from the burden of education debt, Sundarajan added.

Participants will enroll in their choice of an associate or bachelor’s degree program in STEM – to be fully funded by HCL – at a college or university that is part of HCL’s nationwide academic partner network.

A key partner for the program is Southern New Hampshire University (SNHU), a private, non-profit institution and leader in online education that offers more than 200 accredited degree programs.

The HCL Apprenticeship Program complements HCL’s existing internships and graduate hiring commitments across the globe, particularly in the US, where HCL has had a significant presence for nearly three decades.

The US is the largest market for HCL, contributing more than 60 per cent of total company revenue.

Source…