Tag Archive for: services

Malware Attack Can Lead To Data Loss | by PITS Global Data Recovery Services | Aug, 2023

/in


Photo by Ed Hardie on Unsplash

With the rise of technology and interconnectivity, the threat of data loss has also grown significantly. One of the most dangerous culprits responsible for data loss is malware. In this blog, we will explain the world of malware, its potential consequences, and the measures you can take to safeguard your data.

Malware, short for “malicious software,” refers to a broad category of software programs designed with malicious intent. Malware is created to gain unauthorized access to systems, steal sensitive information, disrupt computer operations, or cause harm in various ways. Malware can take many forms, including viruses, worms, Trojans, ransomware, spyware, and adware.

  1. Data Theft: One of the primary objectives of malware attacks is to steal valuable data. Cybercriminals may target personal information like login credentials, credit card details, and social security numbers. In the case of businesses, sensitive customer data, intellectual property, and financial records are often the primary targets. Once in the hands of malicious actors, this data can be sold on the dark web, used for identity theft, or leveraged for extortion.
  2. Ransomware: Ransomware is a type of malware that encrypts a victim’s data, making it inaccessible until a ransom is paid. Falling prey to a ransomware attack can lead to significant data loss, as organizations might lose access to their critical files and databases. Even if the ransom is paid, there is no guarantee that the attackers will decrypt the data, leaving victims in a devastating situation.
  3. Data Destruction: Some malware is designed explicitly to cause data destruction. These destructive malware types can wipe out entire data systems, rendering them unusable and causing severe data loss. Such attacks can lead to costly downtime, loss of productivity, and reputational damage.
  4. Disruption of Backups: Backups are essential for data recovery in the event of a data loss event. However, advanced malware can infect backup systems, compromising the ability to restore data effectively. If backups are not securely isolated from the network, they may also be subject to the same vulnerabilities as primary data storage.
Photo by

Source…

Ivanti Zero-Day Exploit Disrupts Norway’s Government Services

/in


A zero-day authentication bypass vulnerability in Ivanti software was exploited to carry out an attack on the Norwegian Ministries Security and Service Organization.

The attack affected communications networks at 12 Norwegian government ministries, according to the original statement, preventing employees in those departments from accessing mobile services and email.

The government noted that the Prime Minister’s office, the Ministry of Defense, the Ministry of Justice and Emergency Preparedness, and the Ministry of Foreign Affairs were not impacted.

What Was the Ivanti Security Vulnerability?

According to a statement posted by the Norwegian Security Authority, the flaw is a remote unauthenticated API access vulnerability (CVE-2023-35078) in the Ivanti Endpoint Manager.

The bug would allow a remote attacker to obtain information, add an administrative account, and change the device’s configuration, due to an authentication bypass. The vulnerability affects several software versions, including Version 11.4 and older; versions and releases from 11.10 are also at risk.

A statement from the US Cybersecurity and Infrastructure Security Agency (CISA) said the vulnerability allows unauthenticated access to specific API paths, which a cyberattacker can use to access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system.

Tenable senior research engineer Satnam Narang said in a blog post that an attacker could potentially utilize the unrestricted API paths to modify a server’s configuration file, which could result in the creation of an administrative account for the endpoint manager’s management interface, known as EPMM (short for Endpoint Manager Mobile), that can then be used to make further changes to a vulnerable system.

According to a post by Ivanti, the company had received information from a credible source indicating exploitation has occurred. A follow-up blog by Ivanti said that upon learning of the vulnerability, “we immediately mobilized resources to fix the problem and have a patch available now for supported versions of the product. For customers on an earlier version, we have an RPM script to assist…

Source…

Ransomware Costs Financial Services $32bn in Five Years

/in


Global financial services organizations have lost over $32bn in downtime since 2018 due to ransomware breaches, a new report has claimed.

Comparitech analyzed 225 confirmed attacks on the sector over the past five years and found that the average organization loses two weeks in downtime due to an incident.

Read more on ransomware: Financial Industry Faces Soaring Ransomware Threat

“If no specific figures were given for downtime, i.e. ‘several days,’ ‘one month’ or ‘back to 80% after 6 weeks’ were quoted, we created estimates from these figures based on the lowest figure they could be,” explained Comparitech head of data research, Rebecca Moody.

“For example, ‘several days’ were calculated as three, ‘one month’ was calculated as the number of days in the month the attack happened, and the number of weeks quoted in % recovery statements was used (e.g. six weeks per the previous example).”

The firm then worked out costs using a 2017 report which calculated downtime across 20 sectors at $8662 per minute. Moody noted that some studies have put the figure much higher, at $9.3m per hour for the banking sector. That would put total ransomware downtime losses for the vertical at a staggering $581bn over the five-year period.

Among the sub-sectors analyzed in the financial sector were credit unions, accounting companies, public and retail banks and insurers.

Of these, insurance companies recorded the highest number of attacks over the period (65).

On top of downtime-related losses, Comparitech attempted to quantify how much was paid out to online extortionists since 2018. Demands varied from $180,000 to $40m, with the average demand peaking in 2021 at $61.6m, although the figure was made public in only a few cases.

In fact, 2021 was the biggest year for ransomware attacks on finance companies, with 86 recorded in total, followed by 2020 (56).

Source…

How AI and large language models can help cybersecurity firms improve their services

/in


Just about every cybersecurity provider has an artificial intelligence-related story to tell these days.

There are many security products and services that now come with built-in AI features, offering better ways to seek out and neutralize malware. Or they have new “co-pilot” add-ons that allow human operators to work hand-in-mouse with an AI-driven assistant to screen security alerts. Or they use AI add-on tools for better phishing detection, new threat discovery or troubleshooting of network and application problems or misconfigurations.

SiliconANGLE analyzed both the good and bad sides of AI-based cybersecurity. Now, let’s examine some of the products that offer the most promise.

The spread of AI-infused security cuts across startup and established companies alike. For example, Palo Alto Networks Inc. is developing its own large language model or LLM that will use AI to improve its operational efficiencies. SentinelOne Inc. will have an LLM so that security analysts can query potential threats with a simple search box without the need to learn complex jargon or syntax. Cloudflare Inc. is using machine learning to help more quickly find and neutralize botnets. And both Blink Ops and Trend Micro Inc. will integrate AI into their tools with copilot-like features.

That’s not all. Darktrace Holdings Ltd. has already used AI to identify several cyberattacks, such as one targeting a power grid that its AI found within a few hours. BreachLock Inc.’s penetration testing as a service has been tapping AI to improve its efficiency in handling security audits and analysis services. Cybersixgill has its IQ service that amplifies its dark web scanning tools, as SiliconANGLE wrote about recently.

Then there’s Sentra Inc., which has a browser extension that will anonymize chatbot queries and block inadvertent private data transmissions. Guardz has enhanced its phishing protection with AI. Earlier this year, HiddenLayer Inc. won the RSA Conference Innovation Sandbox for best new product, a tool that can help defend against adversarial AI-based attacks. And those are by no means exhaustive.

Even companies not selling security services want to call attention to their AI…

Source…