Tag Archive for: Organizations

69% of Organizations Infected by Ransomware in 2023

/in


Over two-thirds (69%) of organizations experienced a successful ransomware incident in the past year, according to Proofpoint’s 2024 State of the Phish report.

This represents a rise of five percentage points compared to the previous year, according to the firm.

Close to 60% of these organizations reported four or more separate ransomware incidents in 2023, emphasizing the scale of this threat.

Over half (54%) of infected organizations admitted they paid a ransom to attackers. This marks a significant reduction on the proportion who paid in the previous year, which was 64%.

Paying a ransom was no guarantee of resolving the issue, with just 41% of organizations who paid regaining access to data after their first payment.

On February 23, 2024, Cybereason published research showing that 78% of organizations who paid a ransom demand were hit by a second ransomware attack, often by the same threat actor.

Almost all (96%) of organizations impacted by ransomware no have cyber insurance. More than nine in 10 (91%) of insurers helped with ransom payments in 2023, up from 82% in 2022.

Read here: LockBit Takedown: What You Need to Know about Operation Cronos

MFA Bypass and Other Social Engineering Trends

The Proofpoint research highlighted that attackers are increasingly using advanced techniques to bypass multifactor authentication (MFA). Typically, these techniques involve proxy servers to intercept MFA tokens, with several off-the-shelf phishing kits now including MFA bypass functionality.

For example, the company said it observes around one million phishing threats use the EvilProxy framework every month. This tool is based on a reverse proxy architecture which is designed to harvest MFA-protected credentials and session cookies.

Despite the growing availability of MFA bypass capabilities, 89% of cybersecurity professionals surveyed still consider MFA to provide complete protection against account takeover.

Attackers are evolving their social engineering techniques in a range of other ways. This includes an increase in the use of QR codes as an alternative to links or attachments in phishing messages.

The researchers noted that this technique is particularly dangerous as…

Source…

Tietoevry ransomware attack halts Swedish organizations

/in


Finnish IT software and service company Tietoevry has suffered a ransomware attack that affected several customers of one of its datacenters in Sweden.

Tietoevry ransomware

The attack

The ransomware attack took place during the night of January 19-20.

“The attack was limited to one part of one of our Swedish datacenters, impacting Tietoevry’s services to some of our customers in Sweden,” the company noted.

“Tietoevry immediately isolated the affected platform, and the ransomware attack has not affected other parts of the company’s infrastructure.”

A Swedish news outlet The Local Sweden reported that the attack impacted numerous companies including a Swedish cinema chain and several retailers. It also affected financial and healthcare systems in the Uppsala Region, the Swedish State Service Center, and more.

The company has started and investigation and recovery process and notified the affected customers, but the services remain disrupted. It has not shared the nature of the impacted data.

“Currently, we are not able to say how long it will take for systems to be restored but we are laser-focused on resolving this as soon as technically possible,” said Venke Bordal, managing partner at Tietoevry.

“The incident is being investigated by both internal and external specialists, and as a ransomware attack is a serious criminal act, it has also been reported to the police. Tietoevry is on high alert and is monitoring the situation continuously.”

Finnish companies under attack

Tietoevry also suffered a ransomware attack three years ago, which affected 25 customers in the retail, manufacturing and service-related industries in Norway.

There have been numerous reports of Akira ransomware hitting Finnish organizations throughout 2023, with increased activity at the end of the year, but whether this attack has been perpetrated by an affiliate of the group is still unconfirmed.

Source…

Sophos: Ransomware is crippling retail organizations

/in


Retail organizations faced a growing threat from ransomware attacks, with fewer managing to stop the encryption of their data. Sophos, a cybersecurity leader, revealed that only a quarter of retailers prevented data encryption during attacks in the last year, marking a decline from previous years. 

This trend indicated a struggle to intercept ongoing ransomware assaults.

“Retailers are losing ground in the battle against ransomware,” said Chester Wisniewski, director, global field CTO, Sophos. “Ransomware criminals have been encrypting increasingly greater percentages of their retail victims in the last three years, as evidenced by the steadily declining rate of retailers stopping cybercriminal attacks in progress. Retailers must up their defensive game by setting up security that detects and responds to intrusions earlier in the attack chain.” 

Sophos: Cybercriminals run contests to advance techniques
Cybercriminals scam each other — Sophos

Organizations that paid the ransom faced significantly higher recovery costs compared to those who restored their data from backups. Despite nearly half of the retail victims yielding to ransom demands, their median recovery expenses were four times greater. 

Wisniewski stressed the importance of robust defenses and rebuilding systems rather than funding cybercriminals.

Key findings outlined the escalating rate of encryption in the retail sector, with a majority falling victim to data encryption by ransomware. Although the percentage of attacks slightly decreased, the time taken for recovery varied, with fewer organizations managing swift restoration.

Boosting cyber defense

Sophos recommended various strategies to boost defenses against ransomware, including enhanced security tools, Zero Trust Network Access, adaptive technologies, and continual threat detection and response. The cybersecurity-as-a-service provider emphasized the necessity of proactive measures such as regular backups, data recovery drills, and updated incident response plans, alongside maintaining stringent security practices like timely patching and constant security tool evaluations.

The survey, participated by 3,000…

Source…

Five things organizations don’t consider before a ransomware attack

/in


Ransomware is generally considered to be one of the greatest threats facing organizations today. Following the release of the recent report on ransomware by the National Cyber Security Centre, the Rt Hon Tom Tugendhat, Minister of State, said ransomware attacks are evolving and that “the rollout of ransomware as a service means an advanced knowledge of computing is no longer needed to reap havoc; criminals are able to access software that will do much of the hard work for them.”

Despite heightened risks, awareness of the true risks posed by a ransomware attack remains low, with many organizations operating without incident response plans and rarely or never testing their cyber defenses. Many will be aware of some of the more high-profile ransomware attacks such as the MOVEit compromise, arguably the largest hack of the year, which impacted several large UK organizations, but are likely to assume that their size protects them from being targeted – particularly if they are smaller.

Source…