Tag: storage | Page 3

The Storage Manager’s Quick-Guide to Ransomware Resiliency

September 18, 2022/in Internet Security

Part 1: Why Storage Managers Need to Prepare for the Ransomware Scourge

Certain parts of the enterprise are more concerned about ransomware than others. The security, networking, and help desk teams are very much in tune with the threat that ransomware poses on a daily basis.

Storage managers, however, don’t tend to pay as much attention based on the belief that their systems lie at the backend and don’t pose the same level of risk as other layers of IT. Research from Continuity, however, makes it clear that this is not the case. Any enterprise storage device has 15 vulnerabilities / security misconfigurations on average. 3 can be considered high or critical risk. Therefore, it is vitally important that storage managers understand the magnitude of the ransomware menace and what they need to do about it.

Let’s begin with a few facts about ransomware. An Enterprise Strategy Group (ESG) study found that cybersecurity has replaced cloud and artificial intelligence (AI) as the top area for IT spending. With almost two-thirds of organizations intending to increase IT spending this year, 69% said they are spending more on security this year compared to last. Only 2% said they will pay less for cybersecurity in 2022 compared to 2021.

According to the study, 54% of respondents said the main driver of technology spending was the achievement of stronger cybersecurity and improved resiliency against cyberattacks. Why?

ESG discovered that 48% had been the victim of at least one successful ransomware attack. Two thirds of those attacked had paid a ransom to recover access to their data, applications, and systems.

Despite all the attention given to digital transformation, the transition to the cloud, and the need to deploy analytics and AI to extract real-time insights from organizational data, 22% of businesses named ransomware protection as their top business priority. Another 46% named it among their top five priorities.

These finding are corroborated by another research study by Arcserve and Dimension Research. It found that 50% of organizations worldwide had been targeted by ransomware. These attacks are continuing at a high frequency, yet most organizations are unprepared.

The…

Source…

Facebook Messenger is testing secure storage for end-to-end encrypted chats

August 13, 2022/in Mobile Security

What you need to know

Meta is testing secure backups for end-to-end encrypted Messenger chats.
Messenger will also make chats E2E encrypted by default for some people.
The company is also rolling out more tests on its E2E encrypted messages.

Meta is rolling out a number of tests to make end-to-end encryption a dominant security feature in Facebook Messenger, including secure storage to back up your end-to-end encrypted chat history.

This week, Facebook began testing a secure storage feature that makes it easier to access your Messenger conversation history if you lose your device or want to restore chat history on a new phone.

Currently, end-to-end encrypted chats are stored on your device. With secure storage, you can choose to restore your messages with two end-to-end encrypted options. One method is to create a PIN or generate a code. You can also choose to use third-party cloud services such as Google Drive to restore your chat history.

Sara Su, Meta’s product management director for Messenger Trust, wrote in a blog post (opens in new tab) that this feature “will be the default way to protect the history of your end-to-end encrypted conversations on Messenger.”

This experimental secure storage is rolling out on Android phones and iOS devices. However, the feature is not available yet on Messenger’s desktop site or application, nor is it available in chats that are not end-to-end encrypted. There is no need for you to take any action if you are a member of the test group. This will also be true when the feature is made available to everyone in 2023.

(Image credit: Meta)

In addition to secure storage, Meta is rolling out updates to Messenger’s end-to-end encrypted features.

Currently, Messenger’s end-to-end encryption is opt-in, which means you’ll need to choose to enable it. The service is now testing default end-to-end encrypted chats with some users.

Messenger is also experimenting with syncing deleted messages across your devices and verifying the authenticity of your web code when accessing the platform’s desktop site. It’s also testing the ability to unsend messages and bringing end-to-end encrypted chat features to group chats and other countries.

Meta also intends to discontinue…

Source…

Pegasus spyware observed in Thailand. New North Korean ransomware group. Cozy Bear uses online storage services.

July 19, 2022/in Internet Security

At a glance.

Pegasus spyware observed in Thailand.
New North Korean ransomware group.
Cozy Bear uses online storage services.
A new technique against air-gapped systems.

Pegasus spyware observed in Thailand.

Researchers at the University of Toronto’s Citizen Lab have observed the Pegasus spyware being used in “an extensive espionage campaign targeting Thai pro-democracy protesters, and activists calling for reforms to the monarchy.” The spyware targeted at least thirty people between October 2020 and November 2021, and coincided with pro-democracy protests in Thailand. Citizen Lab doesn’t definitively attribute the campaign to the Thai government, but they believe it’s unlikely that another nation-state would be interested in these targets:

“Conducting such an extensive hacking campaign against high profile individuals in another country is risky and runs the possibility of discovery, especially given the well-known previous cases where Pegasus infections were publicly discovered and publicly disclosed.

“In addition, the victimology, and in some cases the timing of the infections, reflects information that would be easily available to the Thai authorities, such as non-public relationships and financial activity, but substantially more challenging for other governments to obtain.”

New North Korean ransomware group.

Microsoft warns that a North Korean threat actor that calls itself “H0lyGh0st” is targeting small and midsize businesses in several countries with ransomware. The victims include “manufacturing organizations, banks, schools, and event and meeting planning companies.” Microsoft tracks the threat actor as DEV-0530, and notes that it’s not clear if Pyongyang is behind the operation or if North Korean government employees are acting independently for their own financial gain:

“The first possibility is that the North Korean government sponsors this activity. The weakened North Korean economy has become weaker since 2016 due to sanctions, natural disasters, drought, and the North Korean government’s COVID-19 lockdown from the outside world since early 2020. To offset the losses from these economic setbacks, the North Korean government could have sponsored cyber actors stealing from…

Source…