Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Businesses. Show all posts

Growing Threat of Cyberattacks Puts Businesses at Risk

 

In an era defined by digital advancements, businesses face an escalating peril: cyberattacks. While the digital age has opened up unprecedented opportunities, it has also ushered in a formidable threat to businesses' financial stability, data integrity, and reputation.

Recent years have witnessed a surge in both the frequency and sophistication of these attacks, leaving a trail of financial losses and reputational damage. Notably, small enterprises with fewer than ten employees have seen an alarming rise in cyberattacks, jumping from 23% to 36% over the past three years, according to a report from Hiscox, an insurance company.

The pandemic exacerbated vulnerabilities, with hospitals becoming frequent targets of ransomware attacks, jeopardizing patient well-being. A prevalent form of cybercrime, payment diversion fraud, affected one in three businesses within the last year, as highlighted by Eddie Lamb, Cyber Education and Advisory expert at Hiscox.

This form of attack involves cybercriminals attempting to redirect or steal payments meant for legitimate recipients. Ransomware attacks persist, as evidenced by a recent breach targeting the Greater Manchester police force. Additionally, data theft remains a persistent threat, with confidential information and intellectual property being prime targets.

According to Lamb, the average cost of an attack stands at €15,000, but one in eight afflicted businesses faced losses exceeding €238,000. Shockingly, one in five respondents stated that the cyber attack they endured posed a significant threat to the future viability of their business.

Beyond financial repercussions, cyberattacks also inflict intangible harm. Lamb emphasized that the damage extends to elements like brand reputation and the erosion of consumer trust, potentially leading to enduring consequences.

This is particularly evident in data breaches, where sensitive information beyond email lists may be compromised. For instance, in 2020, US cybersecurity firm FireEye fell victim to a highly sophisticated attack, possibly orchestrated by a nation-state, resulting in the loss of a critical toolkit.

While such large-scale attacks are infrequent, businesses of all sizes must fortify their defenses. Lamb stressed that while there's no foolproof safeguard, implementing modern anti-virus technology with endpoint detection and response (EDR) is crucial. EDR enables real-time threat monitoring and can autonomously take measures to prevent or mitigate harm.

Other protective measures include adopting multifactor authentication and biometrics. The UK National Cyber Security Centre also underscores the importance of robust data backups in its cyber security guide for small businesses. Online training resources and check tools tailored for small-sized businesses offer further support.

Recognizing that human error is a significant vulnerability, educating and training employees on best cybersecurity practices is essential. As cybercrime tactics evolve, staying updated on the latest trends is paramount.

Lamb urged businesses to be proactive, emphasizing that cyberattacks are a matter of "when" rather than "if". He stressed that the pivotal factor lies not in experiencing a breach, but in the response to it. Consequently, clear and comprehensive security policies, including an incident response plan, are crucial. Additionally, having a dedicated cyber defense team or individual is pivotal, ensuring a swift and coordinated response to minimize downtime.

Ransomware Remains a Major Cyber Threat for Organizations Worldwide

 

Trellix, the cybersecurity firm delivering the future of extended detection and response (XDR), has published 'The Threat Report: Fall 2022,' examining cybersecurity patterns and attack techniques from the first quarter of the year. 

The threat report includes evidence of malicious activity linked to ransomware and state-linked advanced persistent threat (APT) hackers. The researchers examined proprietary data from its sensor network, open-source intelligence, and investigations by the Trellix Advanced Research Center. Here are some of the report’s key findings: 

• Transportation was the second most active sector globally, following telecom. APTs were also detected in transportation more than in any other sector. 

• Ransomware attacks surged 32% in Germany in Q3 and contributed 27% of global activity. Germany also experienced the most threat detections related to malicious hackers in Q3, with 29% of observed activity. In the United States, ransomware activity increased 100 % quarter-over-quarter in the transportation and shipping industries for Q3 2022. 

• Mustang Panda, a China-linked APT group, had the most identified threat indicators in Q3, followed by Russian-associated APT29 and Pakistan-linked APT36. 

• Phobos, ransomware sold as a complete kit in the cybercriminal underground, accounted for 10% of global detected activity and was the second most used ransomware detected in the US. 

• The infamous LockBit remained the most propagated ransomware in the third quarter of 2022, generating over a fifth (22%) of detections 

• Years-old security loopholes continue to remain a perfect target spot for threat actors. Threat analysts detected Microsoft Equation Editor vulnerabilities CVE-2017-11882, CVE-2018-0798, and CVE-2018-0802 to be the most abused among malicious emails received by users during Q3. 

• Cobalt Strike, an authentic third-party tool, was employed in 33% of detected global ransomware activity and in 18% of APT detections in Q3. 

“So far in 2022, we have seen unremitting activity out of Russia and other state-sponsored groups. This activity is compounded by a rise in politically motivated hacktivism and sustained ransomware attacks on healthcare and education. The need for increased inspection of cyber threat actors and their methods has never been greater,” John Fokker, Trellix head of threat intelligence, stated. 

Earlier this year, Trellix announced its partner program to include multiple latest features along with 10 new technology associates and technology integrations with its flagship platform. The partner additions bring Trellix’s ecosystem to some 800 partners associated with its XDR platform.

North Korean Hackers Employ H0lyGh0st Ransomware to Target Businesses

 

Researchers from Microsoft’s Threat Intelligence Center (MSTIC) this week claimed that the North Korean hackers are employing the H0lyGh0st ransomware to target small and midsize businesses worldwide. 

The hacking group, which calls itself H0lyGh0st and is tracked by Microsoft as DEV-0530, has been employing ransomware since at least June 2021 and has successfully exploited multiple businesses since September 2021. 

The activities of DEV-0530 are similar to other ransomware gangs out there. The group engages in double extortion, threatening to publish personal data stolen from victims unless a ransom is paid. 

In recent years, North Korean hackers have siphoned hundreds of millions of dollars from foreign businesses to help their country which is struggling economically due to the U.S. sanctions and the COVID-19 pandemic. However, it is equally possible that the hackers are employing ransomware for personal gain, which could explain an “often-random selection of victims.” 

According to Microsoft, the activities of DEV-0530 are partially linked to a group known as Plutonium (also known as DarkSeoul or Andariel). Both groups have been spotted operating from the same infrastructure, employing custom malware controllers with similar names, and emailing accounts belonging to each other. 

“MSTIC has observed known DEV-0530 email accounts communicating with known PLUTONIUM attacker accounts. MSTIC has also observed both groups operating from the same infrastructure set, and even using custom malware controllers with similar names,” Microsoft says. 

The researchers also identified that the hacker’s activities are consistent with the UTC+9 time zone employed in North Korea. DEV-0530’s first malicious payload was spotted in June last year, BLTC_C.exe, which was classified as SiennaPurple, despite its lack of complexity compared to other variants in the same ransomware family. More powerful derivatives of the malware were released later, between October 2021 and May 2022, and were based on the Go programming language. 

In November 2021 DEV-0530 successfully exploited several small-to-midsized businesses in the manufacturing, finance, education, and event and meeting planning sectors in multiple nations. Likely opportunistic, the attacks exploited vulnerabilities such as CVE-2022-26352 on public-facing web assets for initial access. 

Subsequently, the hackers would steal “a full copy of the victims’ files” and then shift to encrypt the contents on the system, appending the .h0lyenc extension to impacted files. In addition to dropping a ransom note, the attackers emailed the victim to inform them that their data was stolen and encrypted by H0lyGh0st. 

“Based on our investigation, the attackers frequently asked victims for anywhere from 1.2 to 5 Bitcoins. However, the attackers were usually willing to negotiate and, in some cases, lowered the price to less than one-third of the initial asking price. As of early July 2022, a review of the attackers’ wallet transactions shows that they have not successfully extorted ransom payments from their victims,” Microsoft researchers explained.