Tag Archive for: increasingly

Why Hackers are Increasingly Targeting Digital Supply Chains

/in


For a large majority of the world, the SolarWinds hack in December 2020 was the first real introduction to digital supply chains and their vulnerabilities. But the reality is that hackers increasingly have been vested in software supply chain attacks, which increased 650% from July 2019 to May 2020 alone.

Likewise, data from Netscout’s 2H 2021 Threat Intelligence Report shows that hackers remain laser-focused on attacking the digital supply chain. Specifically, there was a 606% increase in attacks against software publishers from 1H 2021, as well as a 162% increase in attacks on computer manufacturers and a 263% increase against computer storage manufacturing. 

When hackers focus so much attention on attacking a particular area, it’s important to understand what it is and how your company can protect against such attacks.

Why Hackers Attack Supply Chains

A supply chain attack enables malefactors to compromise enterprise networks by attacking connected applications or services owned or used by outside partners, such as suppliers. Using the SolarWinds attack as an example, hackers focused their attentions on SolarWinds in order to gain access to a list of lucrative suppliers and customers.

In other words, a supply chain attack may start several companies removed from the intended target, making it harder to spot. Such attacks also are becoming harder to trace because many are carried out using open-source tools that are publicly available.

Perhaps more frustratingly, companies often don’t consider the risk serious enough to protect themselves against it. In a survey of executives from leading companies in the UK, 91% said cyberattacks are a high or very high risk to their business. Nevertheless, nearly a third admit to taking no action on supply chain security, and only 69% say they’re actively managing supply chain risks.

In its November 2021 report on supply chain cybersecurity, the UK’s Department for Digital, Culture, Media & Sport (DCMS) found that the biggest challenges to acting on digital supply chain risks were establishing control of the supply chain (86%) and the need to improve, evolve, and maintain security (85%). Likewise,…

Source…

Hackers increasingly target Canada key infrastructure: Spy agency | Cybersecurity News

/in


Agency reports 235 ransomware attacks on Canadian targets this year, half of which were key infrastructure providers.

Global ransomware attacks increased by 151 percent in the first half of 2021 compared with 2020, Canada’s signals intelligence agency has reported, as hackers become increasingly brazen.

Key Canadian infrastructure has regularly been targeted in ransomware attacks in which hackers essentially hold computer information hostage until they are paid, the Communications Security Establishment (CSE) said in a report published on Monday.

The agency said it knew of 235 ransomware incidents against Canadian targets from January 1 to November 16 of this year. More than half were critical infrastructure providers, including hospitals.

“Ransomware operators will likely become increasingly aggressive in their targeting, including against critical infrastructure,” said the report issued by the Canadian Centre for Cyber Security, a unit of CSE.

The average total cost of recovery from a ransomware incident more than doubled to $1.8m globally in 2021, the Reuters news agency reported.

CSE reiterated that actors from Russia, China and Iran posed a serious threat to the cyber-infrastructure of countries such as Canada.

“Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals, either through association or recruitment, and allow them to operate with near impunity as long as they focus their attacks against targets located outside Russia,” CSE said.

SolarWinds hack anniversary

The Canadian government report came as a US cybersecurity firm warned that attacks by elite Russian state hackers have barely eased up since last year’s massive SolarWinds cyber-espionage campaign targeting US government entities, including the Justice Department, and companies.

On the anniversary of the public disclosure of the SolarWinds intrusions, US cybersecurity firm Mandiant said hackers associated with Russia’s SVR foreign intelligence agency continued to steal data “relevant to Russian interests”.

The hacking campaign was named SolarWinds after the US software company whose product was exploited in the first-stage infection of…

Source…

Hackers are increasingly targeting Apple products. Here’s how to protect your device :: WRAL.com

/in


By Monica Laliberte, WRAL 5 On Your side executive producer/reporter

Apple has marketed its computers and phones as devices invincible to malware.

But hackers are finding ways around Apple’s built-in protection and breaking into Mac computers and iPhones.

Earlier this year, Apple found significant vulnerabilities in its security system. A recent Apple update hopes to make its iOS software better at protecting users from malware.

Any device you have connected to the internet is at-risk of being compromised, according to Consumer Reports.

“Don’t ignore operating system and app updates. This is where known security flaws are fixed, but it’s up to you to install them,” said Bree Fowler, Consumer Reports’ Tech Editor.

Here are some steps you can take to secure your Apple device.

Make sure your device has the latest software update installed

To make sure your iPhone or iPad is up to date, go to: Settings -> General -> then Software Update.

On a Mac computer go to: Launchpad -> System Preferences -> then Software Update.

Cyber security concerns rise for online learning after intruder hack

If your device is not getting iOS updates because it’s too old, it’s time to replace it.

Set a strong passcode, password

Apple says you should set a passcode on your iPhone. It’s the best way to safeguard your device, Apple says.

Setting a passcode also turns on data protection, which encrypts your iPhone data.

And no matter what brand of device you use, protecting it and all your online accounts with a strong password is critical.

Cii Technology : Spotlight : home security

Experts recommend using a long string of random words, numbers and special characters.

Consider using a password manager, so you don’t have to remember a long list of passwords.

Turn on Find my iPhone

Apple says that Find My iPhone helps you find your device if it’s lost or stolen.

That feature also prevents any one else from activating or using your iPhone if its missing.

Virtual wallet risks in digital transactions

Be aware of phishing attempts

Phishing attempts are one of the most common ways hackers get the goods! Scammers send emails that appear to come from trustworthy sources, and tell you to click on links in order to “rectify some problem,” according to…

Source…

SMBs increasingly vulnerable to ransomware, despite the perception they are too small to target

/in


Acronis released a report which gives an in-depth review of the cyberthreat trends the company’s experts are tracking. The report warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year.

SMBs ransomware

Ransomware greatly impacting SMBs

The report revealed that during the first half of 2021, 4 out of 5 organizations experienced a cybersecurity breach originating from a vulnerability in their third-party vendor ecosystem. That’s at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33% to more than $100,000.

While that represents a major financial hit to any organization, those amounts would sound the death-knell for most SMBs, which is a major concern for the second half of 2021.

“While the increase in attacks affects organizations of all sizes, something that’s under-reported in the coverage of current cyberthreat trends is the impact on the small business community,” explained Candid Wüest, Acronis VP of Cyber Protection Research.

“Unlike larger corporations, small and medium-sized companies don’t have the money, resources, or staffing expertise needed to counter today’s threats. That’s why they turn to IT service providers – but if those service providers are compromised, those SMBs are at the mercy of the attackers.”

By utilizing supply-chain attacks against managed service providers (MSPs), attackers gain access to both the MSP business and all of its clients. As seen in the SolarWinds breach last year and the Kaseya VSA attack earlier in 2021, one successful attack means they can breach hundreds or thousands of SMBs downstream.

Other common attacks

Beyond the high-profile attacks that have dominated the headlines during the past six months and the concerns raised about the impact on MSPs and small businesses, the report also noted:

  • Phishing attacks are rampant. Using social engineering techniques to trick unwary users into clicking malicious attachments or links, phishing emails rose 62% from Q1 to Q2. That spike is of particular concern since 94% of malware is delivered by email. During the same…

Source…