Tag Archive for: shows

Zscaler 2023 Ransomware Report Shows a Nearly 40% Increase in Global Ransomware Attacks

/in


Zscaler, Inc.

Zscaler, Inc.

Annual ThreatLabz Ransomware Report Tracks Trends and Impacts of Ransomware Attacks Including Encryption-less Extortion and Growth of Ransomware-as-a-Service

Key Findings:

  • Ransomware impact is felt most acutely in the United States, which was the target for nearly half of ransomware campaigns over the last 12 months.

  • Organizations in the arts, entertainment, and recreation industry experienced the largest surge in ransomware attacks, with a growth rate over 430%.

  • The manufacturing sector remains the most targeted industry vertical, accounting for nearly 15% of total ransomware attacks. It is followed by the services sector, which experienced approximately 12% of the total quantity of ransomware attacks last year.

  • 25 new ransomware families were identified as using double extortion or encryption-less extortion attacks this year.

SAN JOSE, Calif., June 28, 2023 (GLOBE NEWSWIRE) — Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the release of the 2023 ThreatLabz Ransomware Report. This year’s report tracks the ongoing increase in complex ransomware attacks and spotlights recent ransomware trends, including the targeting of public entities and organizations with cyber insurance, growth of ransomware-as-a-service (RaaS), and encryption-less extortion. Since April 2022, ThreatLabz has identified thefts of several terabytes of data as part of several successful ransomware attacks, which were then used to extort ransoms.

“Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks,” said Deepen Desai, Global CISO and Head of Security Research, Zscaler. “Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration. Organizations must move away from using legacy point products and instead migrate to a fully integrated zero trust platform that minimizes their attack surface, prevents compromise, reduces the blast radius in the event of a successful attack, and prevents data exfiltration.”

The evolution of ransomware is characterized by the inverse relationship between attack sophistication and barrier of entry for new…

Source…

Ransomware attacks have room to grow, Verizon data breach report shows

/in


Ransomware attacks now make up an huge chunk of all recorded security incidents, the Log4j vulnerability was used in 3 in 4 digital espionage campaigns and employees continue to pose more of a practical cyber threat to most organizations than the Russian GRU or Chinese Ministry of State Security.

Those are some of the conclusions gleaned from the latest annual Verizon Data Breach Investigations Report released this morning.

Verizon’s findings are drawn from 16,000 security incidents over the past year, including over 5,000 data breaches from Nov. 1, 2021 to Oct. 31, 2022.

A plurality of 15,000-plus incidents (42%) were distributed-denial-of-service (DDoS) attacks, which can disrupt service from or access to websites and other systems.

There are solid indicators that DDoS attacks are getting worse, or at least more intense, as the internet of things (IoT) give attackers billions of zombie devices to hijack and incorporate into botnets. Over the past two years, companies like Cloudflare and Yandex have observed increasingly larger and record-breaking  DDoS attacks, while the U.S. Department of Justice recently highlighted its interest in the problem when it targeted and seized 13 domains used in various “DDoS for hire” operations earlier this year.

Ransomware holding steady

A number of threat intelligence and cybersecurity firms have said their internal data, gleaned from customers and incident responses, indicate that ransomware activity dropped off in 2022, before jumping back up in the first half of 2023. Verizon’s data shows a similar trend, with reported ransomware incidents plateauing over the past 24 months at 24%, after years of steady growth.

After steady growth since 2019, reported ransomware activity has plateaued over the past two years.(Source: Verizon Data Breach Investigations Report 2023)
After steady growth since 2019, reported ransomware activity has plateaued over the past two years.(Source: Verizon Data Breach Investigations Report 2023)

However, if someone does break into your system, the most likely cause will be ransomware. Encryption and extortion overall have risen to 15.5% of all reported cybersecurity incidents, the second most frequently reported action after DDoS. It’s also the No. 1 most-frequent action taken by hackers during incidents system intrusion incidents.

These results are “staggering,” and…

Source…

Top 9 hacker and cybersecurity movies and TV shows

/in


Watching hacker and cybersecurity movies and TV shows can be both entertaining and informative. These pieces of media can provide a glimpse into the world of cybersecurity, hacking and cybercrime, which can be fascinating and thought-provoking.

Also, these films and shows frequently emphasize the value of cybersecurity and the possible repercussions of a security breach. Insights into the strategies and methods employed by hackers and cybersecurity experts may also be gained from them.

One can learn more about the present state of cybersecurity and the difficulties that people and companies encounter when attempting to safeguard their data and systems by watching these films and shows. Also, viewers can learn more about the possible risks of technology use and the significance of taking precautions to safeguard their online identity.

Here are the top nine hacker and cybersecurity movies and TV shows to watch and learn about the consequences of technology.

Related: How to mitigate the security risks associated with crypto payments

WarGames (1983)

A young hacker inadvertently accesses a military computer system and almost triggers a nuclear war, leading to a thrilling race against time to stop the impending disaster. This movie helped shape public perception of the dangers of computer networks and the need for better cybersecurity measures to protect against potential threats.

Sneakers (1992)

A group of former hackers is hired to steal a powerful encryption device, but they soon discover that they’re being manipulated by a mysterious organization with ulterior motives. It also highlighted the potential consequences of data breaches and the need for ethical hacking and cybersecurity expertise to prevent such incidents.

Hackers (1995)

This cult classic follows a group of teenage hackers who get caught up in a high-stakes corporate espionage plot after they hack into a major corporation’s computer system. It increased public awareness of computer networks’ vulnerabilities and the need for greater cybersecurity measures. A generation of computer enthusiasts and cybersecurity experts were also motivated by the film.

The Matrix (1999)

This classic sci-fi film features a dystopian future where…

Source…

T-Mobile’s New Data Breach Shows Its $150 Million Security Investment Isn’t Cutting It

/in


Yesterday, mobile giant T-Mobile said that it suffered a data breach beginning on November 26 that impacts 37 million current customers on both prepaid and postpay accounts. The company said in a US Securities and Exchange Commission filing that a “bad actor” manipulated one of the company’s application programming interfaces (APIs) to steal customers’ names, email addresses, phone numbers, billing addresses, dates of birth, account numbers, and service plan details. The initial intrusion occurred at the end of November, and T-Mobile discovered the activity on January 5.  

T-Mobile is one of the US’s largest mobile carriers and is estimated to have more than 100 million customers. But in the past 10 years, the company has developed a reputation for suffering repeated data breaches alongside other security incidents. The company had a mega breach in 2021, two breaches in 2020, one in 2019, and another in 2018. Most large companies struggle with digital security, and no one is immune to data breaches, but T-Mobile seems to be approaching companies like Yahoo in the pantheon of repeated compromises.

“I’m certainly disappointed to hear that, after as many breaches as they’ve had, they still haven’t been able to shore up their leaky ship,” says Chester Wisniewski, field chief technical officer of applied research at the security firm Sophos. “It is also concerning that the criminals were in T-Mobile’s system for more than a month before being discovered. This suggests T-Mobile’s defenses do not utilize modern security monitoring and threat hunting teams, as you might expect to find in a large enterprise like a mobile network operator.”

Because of limits on the API (an interface that facilitates communication between two software programs), the attacker did not gain access to Social Security numbers or tax IDs, driver’s license data, passwords and PINs, or financial information like payment card data. Such data has been compromised in other recent T-Mobile breaches, though, including one in August 2021. In July 2022, T-Mobile agreed to settle a class action suit about that breach in a deal that included $350 million to customers. At the time, the company also committed to a…

Source…