Tag Archive for: Record

How governments can win the cyber war – Technology Record

/in


When cybercriminals launched a ransomware attack on Kalix Kommun one night, they infiltrated the Swedish municipality’s entire IT database and shut down systems managing everything from communications to finances, medical records and heating and ventilation in municipal buildings. The blackout impacted more than 1,600 employees and around 16,000 citizens.   


The City of Saint John in New Brunswick, Canada, faced a similar situation when its IT environment was breached and held hostage for multiple millions of dollars. Meanwhile, a two-pronged nation state attack on the Government of Albania caused 1,118 e-services to go down for three days. 


While all three government organisations were able to rapidly prevent widespread damage and regain control of their IT systems with the help of Microsoft technology, their experiences give a small insight into the extent of the cyber warfare being waged on government agencies around the world. In fact, the Microsoft Digital Defense Report 2023 found that 53 per cent of the “dramatically increasing” number of cyberattacks in more than 100 countries and territories were focused specifically on critical infrastructure and government organisations. 


“Governments are prime targets for ransomware and nation state attacks because they hold a lot of valuable data and they operate the critical infrastructure and services that keep countries running and people safe and healthy,” says Kirk Arthur, worldwide government solutions lead at Microsoft, who previously led data breach investigations for the US Secret Service. “They’re also plagued by challenges such as patched and siloed legacy IT systems, insufficient password control and authentication policies, limited financial resources, and a lack of personnel with the skills and knowledge to implement robust cybersecurity measures.” 


Governments must strengthen their defences to combat such attacks because they compromise far more than just devices, data and networks; they endanger the public and pose serious risks to society.  


“Attacks on critical infrastructure such as power grids, transport networks, water supply or healthcare systems can paralyse…

Source…

Cyber Security Today, Dec. 27, 2023 – A record year for ransomware

/in


A record year for ransomware.

Welcome to Cyber Security Today. It’s Wednesday, December 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

 

 

The year isn’t quite over but it’s clear that 2023 hit a record for ransomware attacks. Researchers at NCC Group say that as of the end of November the total number of attacks around the world hit 4,276 — slightly more than twice as many as last year. And December’s numbers haven’t been added.

More year-end numbers to consider: More than 26,000 vulnerabilities were discovered this year, according to researchers at Qualys. However, less one per cent of them were high risk — about 7,000. And of them, only 206 had weaponized code available. These are the ones information security professionals have to pay attention to, because they are the most likely to be exploited. By the way, of those 206 vulnerabilities, just over 32 per cent were involved network infrastructure or web applications. High-risk holes need to be patched or mitigated fast. According to the research, the mean time to exploit vulnerabilities this year was 44 days. However, many times threat actors were able to create an exploit the same day a vulnerability was publicized.

Speaking of the need for fast patching of critical applications, here’s something to ponder: On a podcast earlier this month I reported that a vulnerability in JetBrains’ TeamCity application development platform was being exploited by a Russian-based group. According to a new report from ReversingLabs, a patch for that hole was released in September. But by this month only two per cent of TeamCity administrators had installed it.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Source…

Ransomware, Vendor Hacks Push Breach Number to Record High

/in


Cybercrime
,
Fraud Management & Cybercrime
,
Ransomware

Report: 2.6 Billion Personal Records Exposed in the Last 2 Years

Marianne Kolbasuk McGee (HealthInfoSec) •
December 7, 2023    

Ransomware, Vendor Hacks Push Breach Number to Record High
Data breaches in the U.S. have hit an all-time high thanks to hacking incidents, including ransomware and vendor attacks, says a new study released by Apple and MIT. (Image: Getty)

The number of data breaches in the U.S. has hit an all-time high amid mounting attacks against third party vendors and aggressive ransomware attacks, says a report from Apple and a Massachusetts Institute of Technology researcher.

See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge

Data breaches have more than tripled between 2013 and 2022, compromising 2.6 billion personal records in just the past two years – and that trend has continued to worsen in 2023, says the report written by MIT professor Stuart Madnick and published Thursday.

In the first eight months of 2023, more than 360 million people were affected by corporate and institutional data breaches, and 1 in 4 people in the U.S. had their health data exposed in data breaches.

More ransomware attacks were reported through January to September 2023 than in all of 2022, the report said. In the first three quarters of 2023, the number of ransomware attacks increased by nearly 70% compared to the same period in 2022.

A 2023 survey of 233 IT and cybersecurity professionals across 14 countries working in the healthcare sector found that 60% of organizations have faced a ransomware attack, which is…

Source…

Ukraine Tracks a Record Number of Cyber Incidents During War

/in


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime

Hackers Steal CCTV Footage to Study Efficacy of Missile Strikes and Drone Attacks

Mathew J. Schwartz (euroinfosec) •
November 16, 2023    

Ukraine Tracks a Record Number of Cyber Incidents During War
The aftermath of a Russian drone attack on a Kyiv energy facility on Oct. 27, 2022 (Image: State Emergency Service of Ukraine)

The tempo of cyberattacks against Ukrainian critical infrastructure has intensified this year – the second year in which Kyiv is fending off a Russian war of conquest.

See Also: OnDemand | Ransomware in the Cloud: Challenges and Security Best Practices

In the first 10 month of this year, Ukraine’s national computer emergency response team, CERT-UA, logged 2,054 cyber incidents, compared to 2,194 for the entirety of 2022, said Viktor Zhora, deputy chairman of Ukraine’s State Service of Special Communications and Information Protection. Three-quarters of the incidents involved civilian infrastructure, Zhora told a cybersecurity conference in Dublin on Thursday.


Hackers’ top goals are to steal information on the disposition of forces, infiltrate organizations that provide critical infrastructure services and steal people’s personal information from organizations across a number of sectors, including insurance and healthcare, said Zhora, who addressed the IRISSCON conference, held by IRISSCERT – short for the Irish Reporting and Information Security Service – via video link.


Since Russia launched an all-out invasion on Feb. 24, 2022, the most dangerous hacking incidents have typically traced to Russia’s GRU military intelligence group, he said. The greatest number of attacks this year appear to have been launched by the Federal Security…

Source…