Tag Archive for: Lead
Malware Attack Can Lead To Data Loss | by PITS Global Data Recovery Services | Aug, 2023
With the rise of technology and interconnectivity, the threat of data loss has also grown significantly. One of the most dangerous culprits responsible for data loss is malware. In this blog, we will explain the world of malware, its potential consequences, and the measures you can take to safeguard your data.
Malware, short for “malicious software,” refers to a broad category of software programs designed with malicious intent. Malware is created to gain unauthorized access to systems, steal sensitive information, disrupt computer operations, or cause harm in various ways. Malware can take many forms, including viruses, worms, Trojans, ransomware, spyware, and adware.
- Data Theft: One of the primary objectives of malware attacks is to steal valuable data. Cybercriminals may target personal information like login credentials, credit card details, and social security numbers. In the case of businesses, sensitive customer data, intellectual property, and financial records are often the primary targets. Once in the hands of malicious actors, this data can be sold on the dark web, used for identity theft, or leveraged for extortion.
- Ransomware: Ransomware is a type of malware that encrypts a victim’s data, making it inaccessible until a ransom is paid. Falling prey to a ransomware attack can lead to significant data loss, as organizations might lose access to their critical files and databases. Even if the ransom is paid, there is no guarantee that the attackers will decrypt the data, leaving victims in a devastating situation.
- Data Destruction: Some malware is designed explicitly to cause data destruction. These destructive malware types can wipe out entire data systems, rendering them unusable and causing severe data loss. Such attacks can lead to costly downtime, loss of productivity, and reputational damage.
- Disruption of Backups: Backups are essential for data recovery in the event of a data loss event. However, advanced malware can infect backup systems, compromising the ability to restore data effectively. If backups are not securely isolated from the network, they may also be subject to the same vulnerabilities as primary data storage.
Social Engineering Gains Lead to Spiraling Breach Costs
A full three-quarters of data breaches in the last year (74%) involved the human element, mainly caused by employees either falling for social engineering attacks or making errors, with some misusing their access maliciously.
Social engineering incidents have almost doubled since last year to account for 17% of all breaches, according to Verizon’s 2023 Data Breach Investigations Report (DBIR) released June 6 (which analyzed more than 16,312 security incidents, of which 5,199 were confirmed data breaches). The report noted that this preponderance of human fallacy within incidents comes along with findings that the median cost of a ransomware attack has doubled since last year, reaching into the million-dollar range. The evidence taken together points to a gaping need for organizations to get in control of the security basics — or else face a spiraling cycle of inflation when it comes to data breach costs.
Chris Novak, managing director of cybersecurity consulting at Verizon Business, noted that in order to rein in the trend, organizations need to focus on three things: employee security hygiene, implementing true multifactor authentication, and collaboration across organizations on threat intelligence. The first is perhaps the most impactful issue, he said.
“The fundamentals need to improve, and organizations need to be focusing on cyber hygiene,” he said, during a press event in Washington DC. “It’s probably the least sexy recommendation I can give you, but it is one of the most fundamentally important things that we see organizations still missing, and of all shapes and sizes. And it’s usually because they want to focus on the new flashy technology in the industry, and they forget the basics.”
Financially Motivated External Attackers Double Down on Social Engineering
In addition to social engineering growing in volume, the median amount stolen from these attacks hit $50,000 this past year, according to the DBIR. Overall, there were 1,700 incidents that fell into the social media bucket, 928 with confirmed data disclosure.
Phishing and “pretexting,” i.e. impersonation of the sort commonly used in business email compromise (BEC) attacks, dominated the social engineering scene, the…
Vehere Takes the Lead With Tracking Its First-ever Zero-day Vulnerability and Subsequent Responsible Disclosure
SAN FRANCISCO, May 30, 2023–(BUSINESS WIRE)–Vehere’s research wing, Dawn Treader, has announced its recent discovery of a zero-day vulnerability, marking a significant achievement for the cyber network intelligence organization. This is the first time Vehere has made such a discovery, showcasing the efficiency and capability of the research team. The identification of this vulnerability is a major milestone for the organization, and demonstrates their commitment to staying at the forefront of the ever-evolving cybersecurity landscape.
The vulnerability, identified through fuzzing, was a heap buffer overflow in MagickCore/quantum-import.c and affects ImageMagick versions 7.1.1-6. It allows attackers to exploit a crafted file and trigger an out-of-bound read error, resulting in an application crash and denial-of-service. The vulnerability was responsibly disclosed to ImageMagick, which promptly released a patch addressing the issue by ensuring proper memory allocation. RedHat has released an advisory to warn users about this vulnerability, assigning it a CVSS score of 5.5 and a CVE ID of CVE-2023-2157.
Read Dawn Treader’s exclusive blog post and discover further details about this zero-day vulnerability:
https://vehere.com/threat-severity-high/breaking-down-the-imagemagick-cve-2023-2157-vulnerability-dawn-treaders-findings/
Speaking on this impactful discovery, Vehere’s co-founder Praveen Jaiswal said, “Vehere’s successful identification and ethical disclosure of the vulnerability highlight our commitment to proactively identify and address potential threats. We are extremely proud that we are one of the few Indian companies to identify a zero-day vulnerability, and it serves as a testament to the expertise and dedication of our research team, Dawn Treader.”
Vehere is a revolutionary cybersecurity company that is boldly merging the realms of national security and enterprise security through a single, powerful platform. With a strong global presence and unparalleled expertise in cyber network intelligence, Vehere is radically changing the way organizations and governments protect themselves from cyber threats. Established in 2006, Vehere is a global corporation with offices in San…