Tag Archive for: demand

Rising ransomware attacks on education demand defense readiness


Key points:

Ransomware attacks continue to wreak havoc on the education sector, hitting 80 percent of lower education providers and 79 percent of higher education providers this year. That’s a significant increase from 56 percent and 64 percent in 2022, respectively.

As “target rich, cyber poor” institutions, schools store massive amounts of sensitive data, from intellectual property to the personal information of students and faculty. Outdated software, limited IT resources and other security weaknesses further heighten their risk exposure. In a ransomware attack, adversaries exploit these vulnerabilities to infiltrate the victim’s network and encrypt their data, effectively holding it hostage. After encryption, bad actors demand ransom payment in exchange for the decryption key required to retrieve their files.

But the ramifications of ransomware extend beyond the risk of data exposure and recovery costs; attacks can also result in downtime that disrupts learning for students. The impact of ransomware has grown so severe that the Biden Administration has even committed to providing ongoing assistance and resources to support schools in strengthening their cyber defenses.

So, while ransomware in the education sector isn’t a new phenomenon, the stakes remain high. And with both higher and lower education institutions reporting the highest rates of attacks among all industries surveyed in a recent study, the need for increased defense readiness in the education sector has never been more evident.

3 ransomware trends disrupting classrooms in 2023

Cybercriminals have refined the ransomware-as-a-service (RaaS) model in recent years, enabling adversaries to specialize in different stages of attack. Amid the current ransomware surge, IT and security leaders in education must remain aware of the evolving threat landscape so they can effectively safeguard their networks and systems.

Here are some trends from The State of Ransomware in Education 2023 report that demand attention now:

1. Adversaries are leveraging compromised credentials and exploited vulnerabilities. More than three-quarters (77 percent) of attacks against higher education…

Source…

Ransomware Gang Leaks 43GB Of Boeing Data After Demand To Pay Up Doesn’t Fly


boeing has files leaked by lockbit ransomware gang

The Lockbit ransomware group has breached a number of high-profile organizations and companies, such as TSMC in Taiwan, which is effectively the global leader in silicon production. Most recently, though, the international aeronautic and telecommunications company Boeing seemingly fell victim to the group, and subsequently failed to pay ransom. As such, Lockbit has since published the data, which totals 43GBs.

Toward the end of October, the Lockbit group posted that they had compromised Boeing and made off with a significant amount of sensitive data. The deadline to complete negotiations was November 2nd before the group would leak said data. At first, it seemed that Boeing was engaging with the threat actors after the listing was pulled down. However, Boeing was relisted on November 7th, and six days later, the data was published.

lockbit boeing has files leaked by lockbit ransomware gang

The data, which is now available through Lockbit’s website, includes what appears to be primarily backup files from a handful of different systems, such as Citrix Xen Desktop, Ivanti Service Management, and others. We have not gone through what is available, but this sort of information provides threat actors invaluable insights into the inner workings of Boeing’s network. With that, other threat actors might have an easier time getting into Boeing, especially if any new relevant vulnerabilities crop up in the future.

files boeing has files leaked by lockbit ransomware gang

At the end of the day, this is only one breach in a long list of breaches, especially from LockBit, as these sorts of threat actors work to outpace efforts to prevent the attacks. In this case, though, we hope the Boeing breach will serve as a good reminder to the company and others to stay on top of cybersecurity, to prevent future attacks due to leaked internal infrastructure knowledge. We will have to see, so stay tuned to HotHardware for coverage of Boeing’s breach and other cybersecurity events.

Source…

Hackers demand ransom for stolen Metro data


ST. LOUIS — A hacking group stole confidential data from the St. Louis area’s transportation agency in a cyberattack earlier this month and is threatening to publish it if officials do not pay a ransom.

Neither transportation officials nor the hackers have specified how much data was stolen or how much money is being demanded. The hackers claim they stole information related to the regional transportation system Metro Transit, including passports, Social Security numbers and tax information.

A Metro Transit official said no customer data has been compromised, but the investigation is ongoing.

Brett Callow, an analyst with the New Zealand-based cybersecurity company Emsisoft, shared screenshots with the Post Dispatch that show the hackers threatening to publish the data if transportation officials don’t pay up. The screenshots were published on an unregulated part of the internet called the dark web, which is often used by hackers to publish ransom threats.

People are also reading…

The same hacking group hit several other public agencies over the past year, including the City of Oakland and the San Bernardino Sheriff’s Office in California, and government agencies in the United Kingdom and Germany, security analysts say. The San Bernardino Sheriff’s Office paid the group a $1.1 million ransom.

Metro Transit, the regional transit system operated by Bi-State Development, was first hit by the cyberattack on Oct. 2. Phone and computer services for its paratransit service named Call-A-Ride were still disrupted as late as last week.

The agency took its computer systems offline after the attack, and it has since restored transit operations and secured its financial and payroll systems, said Bi-State President and CEO Taulby Roach.

Roach confirmed the attack included a ransom demand, but he said the agency is still trying to determine if…

Source…

Everyone wants to make AI chips, UK antitrust hawks eye cloud providers, and MGM rebuffs ransom demand


Generative artificial intelligence continued to dominate the news this week as Anthropic reportedly is raising an additional $2 billion from Google and others, and reports indicated that gen AI partners OpenAI and Microsoft are each looking to design their own AI chips during a severe shortage of graphics processing units from Nvidia.

Meanwhile, U.K. antitrust authorities zeroed in on cloud computing providers, in particular Amazon Web Services and Microsoft. On this side of the pond, the Justice Department’s antitrust case against Google plodded ahead, though some have doubts about the Federal Trade Commission’s similarly sweeping case against Amazon.

On the cybersecurity front, MGM Resorts International declined to pay a ransom following a costly attack that took out its systems, a contrast to Caesar’s Entertainment’s decision to pay $30 million after an attack last month.

Finally, chipmaking giant Intel keeps spinning things out, this time its programmable-chip business, to shore up its finances.

Hear more about this and other news in theCUBE Pod, John Furrier’s and Dave Vellante’s weekly podcast, out now on YouTube. And don’t miss Vellante’s weekly Breaking Analysis, coming Saturday, in which he will dig into how higher interest rates may depress tech spending for longer than many people may assume.

So here’s the news we reported this week:

AI everywhere

It appears Google isn’t out of the Anthropic AIverse yet: Anthropic seeks huge investment from Google just days after Amazon invested billions It’s quite a bit behind OpenAI on revenue apparently, but its enterprise focus and seemingly more open partnership strategy would seem to bode well.

Billions of dollars burning a hole in OpenAI’s pocket? Maybe, but they gotta get more compute somewhere: Report: OpenAI could develop custom AI chips

And late-breaking Friday, Microsoft also may do its own AI chip.

More fun with more realistic weird images: Microsoft integrates OpenAI’s DALL-E 3 into Bing for enhanced image creation

And just a whole heck of a lot of new gen AI-powered business applications — but aren’t they all today?:

Dell enhances its generative AI hardware and software portfolio…

Source…