Tag Archive for: storage

Tank storage company Vopak hacked, Ransomware groups report

/in


Several parties monitoring hacker groups reported that the tank storage company Vopak has been the victim of the hostage software Ransomware in Malaysia. The attack was reportedly exceeded by a hacking group linked to Russia, RTL Nieuws wrote . Key business information, including the company’s tank infrastructure and systems, was allegedly captured. However, Vopak claimed that its business operations in the Netherlands have not been compromised.

On Twitter the tank storage company wrote that “We can confirm that at Pengerang Independent Terminals (PTSB) in Malaysia there is an IT incident that resulted in the unauthorized access of some data. The terminal continues to operate. The incident is being investigated. We apologise for any inconvenience.”

“Unauthorized persons have gained access to our data”, confirmed Vopak. “The incident is being investigated, we apologize for any inconvenience,” RTL Nieuws reported.

Apparently, Vopak got hacked by the Ransomware group BlackCat, which has become known for publishing stolen images of breast cancer patients, according to the television programme.

Vopak is known for storing fossil fuels such as oil and liquefied natural gas (LNG). The listed company, whose history dates back to 1616, operates in the Netherlands with terminals in the port of Rotterdam and Eemshaven in Groningen. It also operates in dozens of countries worldwide.

The so-called “hostage software” ransomware is used by hackers to lock down companies’ systems. If they do not pay, those systems will not be unlocked or the captured information will be sold or published. This week, it also became known that the KNVB football association was a victim of such a hack.

Source…

Staff’s home computer was hacked to access cloud storage

/in


The hacker implanted keylogger malware to learn the employee’s master password, which gave access for months before it was detected.

LastPass has shared more details on the recent cyberattack that saw customer data stolen from the company’s cloud storage.

The password management platform confirmed it suffered a data breach last December, after an “unknown threat actor” accessed its customer vault by using source code and technical information obtained from an earlier cyberattack in August.

In a recent incident report, LastPass said the threat actor was able to decrypt the information it had stolen in August by targeting a DevOps engineer. This engineer was one of four staff members that had access to the decryption keys needed to access the cloud storage service.

LastPass said the hacker achieved this goal by targeting the engineer’s home computer and exploiting a “vulnerable third-party media software package”, which allowed the threat actor to implant keylogger malware.

“The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault,” LastPass said.

The hacker then used the data from this vault to access and steal data from a LastPass cloud storage environment. This activity occurred for two months, between 12 August and 26 October last year.

LastPass said it was difficult for investigators to differentiate between threat actor activity and ongoing legitimate activity, due to the hacker’s use of valid engineer credentials.

The company said it has upgraded its security measures in response to the breach, including additional logging and alerting across the cloud storage environment.

LastPass said it also assisted the DevOps engineer in hardening the security of their personal devices and home network.

The data breach led to customer information being stolen such as company names, user names and email addresses, along with encrypted sensitive information such as passwords.

LastPass owner GoTo also had some of its customer data stolen from the breach. This company also warned that the…

Source…

3 Storage Technology Trends We Saw in 2022

/in


The storage and backup landscape has gone through major changes this year, some due to economics, some to cyberthreats, and some to modernization.

Three trends stood out. First, the threat of ransomware continued shape the offerings of backup and storage vendors. Second, many organizations reevaluated how they distributed workloads between cloud and on-premises storage. Finally, container adoption heated up.

Vendors Became More Serious About Ransomware

Related: Ransomware Security for IT Pros: 2022 Report

Now that 2022 is drawing to a close, it’s official: Backup and storage continue to be attractive ransomware bait for hackers. A clear sign that ransomware remains a dilemma is how vendors actively added new features to their products to thwart hackers. Vendors also began offering guarantees of ransomware recovery to customers.

Backup and recovery vendor Rubrik led the charge of ransomware recovery warranties, promising to reimburse companies up to $5 million for its Enterprise Edition and Cloud Vault products as long as customers follow the rules. Other vendors have since followed, including Druva and AvePoint.

Related: 6 Tips for Controlling Your Cloud Costs in a Recession

The fact that backup companies now provide ransomware recovery warranties is a sign that ransomware protection is now table stakes for companies, said Brent Ellis, a senior analyst at Forrester Research.

And it’s not just backup vendors. While storage vendors have stopped short of offering guarantees (at least for now), they have begun adding ransomware detection into their storage systems. In addition, they have built in workflows that use storage snapshots to recover from ransomware before it gets to the backup phase. Dell, for example, announced in May that it will build in workflows that use snapshots. Other vendors, including Pure Storage, IBM, and TrueNAS SCALE, have also addressed ransomware in major ways.

In all these cases, these additions can drastically reduce the response time for mass encryption events. “That’s a big deal, because it means there is less time for a particular piece of malware to propagate across the network, and it…

Source…

Proton Drive’s Secure Cloud Storage Finally Lands on Android, iOS

/in


Proton today launched Android(Opens in a new window) and iOS(Opens in a new window) apps for its Proton Drive secure cloud storage service—a service it claims is “the most private and secure” available today.

The Swiss company is best known for its encrypted mail service Proton Mail launched in 2014, but has also launched Proton VPN (2017), Proton Calendar (2019), and most recently Proton Drive in 2020 for secure file storage. Now Proton Drive is finally coming to mobile devices(Opens in a new window).

Thousands of Proton community members participated in the beta test of Drive for iPhone, iPad, and Android devices. With the apps now available, users can upload files and photos from their smartphones and tablets, or access existing files stored in their Drive. The apps include an offline mode, allowing a user to activate offline access for a file or folder and retain access to it even if there’s no mobile signal or Wi-Fi connection available.

Recommended by Our Editors

Security comes in the form of Proton’s open-source and publicly-audited end-to-end encryption, which automatically protects the contents of files from prying eyes, and Proton can’t access the contents of files either. All data is stored on servers located in Switzerland and Germany, which Proton says ensures “strong legal and hardware protections.”

PCMag Logo Beskar Ingot Bits and Bytes! Hands On With Seagate’s Mandalorian-Themed Hard Drive and M.2 SSD

Get Our Best Stories!

Sign up for What’s New Now to get our top stories delivered to your inbox every morning.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Source…