Tag Archive for: companies

Cyber money heist: Why companies paying off hackers fuels ransomware crimes


80 PER CENT OF VICTIMS PAY RANSOM

Analysts told CNA that it is common for companies to pay up in a bid to protect their data, with Forbes reporting about 80 per cent of 1,200 victims surveyed decided to do so.

More than 72 per cent of businesses were affected by ransomware attacks as of 2023, Mr Backer told CNA, noting that it was an increase from the previous five years and was by far the highest figure reported.

Predictions also indicate ransomware will cost victims roughly US$265 billion annually by 2031, he added.

“In the heat of the moment and with pressures mounting, the decision to pay a ransom is definitely not an easy one,” said Mr Flores.

“Many choose to opt for this route for a few reasons, with the most common one being faster recovery time. With business operations and continuity at stake, paying the ransom and obtaining the decryption tool in return is sometimes the quicker option to resume activity.”

According to media reports in 2019, ride-hailing platform Uber allegedly paid a US$100,000 ransom and had the hackers sign non-disclosure agreements in exchange for the payment.

This shows that organisations are worried, noted Mr Backer.

Regarding banks like ICBC paying ransoms, he said such information is not usually disclosed to the public due to the sensitive nature of the incidents.

“Many organisations, including banks, may not disclose this due to concerns about reputation, legal implications, and the encouragement of further attacks.”

However, Dr Kerrison noted that the intention behind companies paying ransoms “might not always be to keep it a secret”. 

“Rather, it’s the best option available to them in the circumstances,” he said.

Mr Backer added that claims by attackers should be “treated with caution” as they might not always accurately reflect the reality of the situation.

Analysts also told CNA the rise of the ransomware-as-a-service (RaaS) model is one of the driving factors in the increase in ransom payment.

“RaaS made it possible for low-skilled cybercriminals to join the illicit industry ultimately contributing to the surge in the number of victims,” said He Feixiang, an adversary intelligence research lead at Group-IB.

The RaaS business…

Source…

All Companies Have Them—And Need To Secure Them


Alon Jackson is the CEO and cofounder of Astrix Security, a leading enterprise solution securing app-to-app interconnectivity.

In modern development environments, “secrets” are authentication keys that are created by research and development teams to allow access to and between different resources and data. Secrets also allow services and non-human identities, such as third-party apps, to connect to your system, enhancing overall productivity and operations for the business.

To keep pace with the competition, it’s essential—and also inevitable—that we continue integrating non-human identities and generative AI tools into our systems, ones that will help with everything from email writing to lead generation insight.

Secrets are created almost on a daily basis, but securing them is a difficult task. In fact, wondering whether these secrets are actually safe and not exposed can keep security teams up at night.

Internal Vs. External Secrets

Secrets are typically bucketed into two categories: external and internal.

External secrets are secrets (API keys, OAuth tokens, SSH keys) that you don’t own or have possession of, usually used by operating systems, i.e., plug-ins, add-on extensions and third-party applications that are connected to core critical systems like Salesforce, GitHub, and Microsoft365.

Internal secrets are API keys and other tokens created by R&D teams within the organization. These “internal” secrets are sometimes shared, however, with external entities that often haven’t gone through proper security vetting and now have the same access to sensitive information—without your security team’s knowledge.

Securing secrets is difficult to understand, and ultimately manage. Oftentimes, DevOps and R&D teams own them but are not responsible for securing them. This leaves ample room for missteps, which results in secrets being leaked by human error, such as if an employee unintentionally shares a secret through a different channel or portal, a ticket or a Slack message.

The latest Microsoft breach, for example, occurred when a key was leaked in between processes. Ultimately, this allowed the attackers to download the memory and the secret key…

Source…

FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies


Sep 30, 2023THNRansomware / Cyber Threat

Ransomware

The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023.

“During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal,” the FBI said in an alert. “Variants were deployed in various combinations.”

Not much is known about the scale of such attacks, although it’s believed that they happen in close proximity to one another, ranging from anywhere between 48 hours to within 10 days.

Cybersecurity

Another notable change observed in ransomware attacks is the increased use of custom data theft, wiper tools, and malware to exert pressure on victims to pay up.

“This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments,” the agency said. “Second ransomware attacks against an already compromised system could significantly harm victim entities.”

It’s worth noting that dual ransomware attacks are not an entirely novel phenomenon, with instances observed as early as May 2021.

Last year, Sophos revealed that an unnamed automotive supplier had been hit by a triple ransomware attack comprising Lockbit, Hive, and BlackCat over a span of two weeks between April and May 2022.

UPCOMING WEBINAR

Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.

Supercharge Your Skills

Then, earlier this month, Symantec detailed a 3AM ransomware attack targeting an unnamed victim following an unsuccessful attempt to deliver LockBit in the target network.

The shift in tactics boils down to several contributing factors, including the exploitation of zero-day vulnerabilities and the proliferation of initial access brokers and affiliates in the ransomware landscape, who can resell access to victim systems and deploy various strains in quick succession.

Organizations are advised to strengthen their…

Source…

Protecting Companies and Their Customers According to Realtimecampaign.com


PRESS RELEASE

Published July 22, 2023

With cyber threats abounding, businesses need to be more aware of the dangers they’re facing than ever before. Though numerous cybersecurity solutions are available, antivirus software remains a crucial component in safeguarding businesses against the ever-evolving threat of cyberattacks. In today’s digital age, where businesses heavily rely on technology, data, and interconnected networks, protecting sensitive information and ensuring uninterrupted operations have become paramount.

Understanding the Importance of Antivirus Protection

First and foremost, antivirus software helps detect and prevent malware infections. Malware, such as viruses, worms, Trojans, ransomware, and spyware, can infiltrate systems through various points, including malicious websites, email attachments and infected downloads. Once inside a business network, malware can cause significant damage, leading to data breaches, financial losses, and reputation damage. Antivirus software scans files, programs, and incoming data, identifying and eliminating malicious code before it can wreak havoc. Companies that are concerned about this threat can dig this for further details.

Providing Real-Time Protection

Antivirus software provides real-time protection against ongoing dangers. It constantly monitors systems, proactively identifying and neutralizing emerging threats. With the rapid pace at which new malware variants are created, having up-to-date antivirus software is crucial to stay ahead of cybercriminals. Real-time protection ensures that businesses can detect and respond to threats swiftly, minimizing the potential impact on operations and data integrity.

Preventing Data Breaches

Antivirus software also plays a vital role in mitigating the risk of data breaches. Businesses store vast amounts of sensitive and confidential information, including customer data, financial records, and intellectual property. A successful data breach can have severe consequences, ranging from regulatory penalties to loss of customer trust. Antivirus software helps establish a robust defense mechanism, preventing unauthorized access and safeguarding sensitive data from theft or compromise.

Source…