Search This Blog

Showing posts with label Cyber Security. Show all posts

Protect Your Online Data Now, Rather than Waiting for the Government

 

The old joke goes, "The opposite of pro is con, so the opposite of progress is Congress." Getting laws proposed and passed can be difficult even in a more relaxed political climate, but the present state of the US Congress makes most new legislation, regardless of content, a difficult sell. That is one of the challenges that government advisers from the cybersecurity industry face when urging politicians to suggest and pass federal data privacy laws. Other obstacles include inconsistent data privacy laws in some US states.

It's long past time for the United States to adopt the EU's General Data Protection Regulation (GDPR). GDPR is a set of stringent rules that govern how EU residents' data is handled, sold, and stored. GDPR protects consumers' privacy and security rights by imposing fines on companies that fail to comply.

In conversation with Wade Barisoff of the cybersecurity firm Fortra (Opens in a new window) last week about the current state of data privacy protections in the United States. Barisoff emphasized the importance of federal data privacy regulations, citing the European Union's GDPR as an effective example.

"GDPR was significant, not only because it was a unifying act that enshrined the rights of people and their digital identities to govern how their data could be handled,” Barisoff said, “but also because it was the first legislation with real teeth.”

Consumers in the United States would benefit from federal data privacy regulations that enforce severe penalties on companies that fail to comply. If you live in the United States, you may not have much control over what companies can do with your data once they have it, so lock down your accounts with multi-factor authentication and evaluate the privacy policies of your apps today.

Analyzing Data Breach Statistics

There is little recourse for victims of identity theft in the United States whose data was stolen because a company in the United States failed to report a breach. In the Identity Theft Resource Center's (ITRC) 2022 Data Breach Report(Opens in a new window), CEO Eva Velasquez noted a significant disparity between the average number of breach notices issued each business day in the US (seven) and the 356 breach notices issued daily in the EU in 2021.

"Common sense tells us that data breaches are underreported in the United States," Velasquez explained in the report. "The result is individuals are largely unable to protect themselves from the harmful effects of data compromises which are fueling an epidemic—a scamdemic—of identity fraud committed with stolen or compromised information."

Based on the Data Breach Report, since most state governments do not require companies to include factual data surrounding data breach incidents, the majority of US-based companies do not publish this information at all. According to the ITRC, businesses may choose not to include the details surrounding these incidents in order to avoid future lawsuits for failing to protect consumer data. LastPass, the embattled password management company, was singled out in the report for failing to explain the details of a 2022 attack in which cybercriminals gained access to its customers' information.

The Legal Status of Data Privacy in the United States

According to Barisoff, data privacy regulation in the United States has a long history in certain industries. In the United States, for example, the Health Insurance Portability and Accountability Act, or HIPAA, was signed into law nearly 30 years ago. It is still used to develop data privacy policies for healthcare organizations. Barisoff told me that going beyond decades-old industry guidelines is difficult because capitalism is such a powerful drug.

"We've never really climbed this mountain yet because data is worth money," Barisoff said. "Google has built its entire empire just on data and understanding what people are doing and selling that. There's more of a focus on capitalism, and there's a lot of powerful players here in the US that basically made their entire company off of private data."
 
Some state legislators are attempting to retaliate against tech companies by proposing and passing statewide data privacy legislation. According to Barisoff, these laws are a beginning, but imposing them may be difficult. "The only consistency will be that each new law is different," he noted.

This effect is already being felt. Texas sued Google last year, claiming that the company's Photos and Assistant apps violated state biometric privacy laws. In 2016, residents in Illinois filed and won a similar lawsuit against Google. According to Barisoff, the creation, and enforcement of state-by-state data privacy laws makes it more difficult for businesses to comply with regulations.

"As each state seeks to highlight how much they value their citizens’ rights over the next, we’ll see an element of 'What’s good for California isn’t good enough for Kansas' creep in,” warned Barisoff. 

"This developing complexity will have a significant impact on organizations operating across the country," he concluded.

Influence of Digitalization on IT Admins

A SaaS software business named SysKit has released a report on the impact of digital transformation on IT administrators and the present governance environment. According to the report, 40% of businesses experienced a data breach in the last year. This can have a serious impact on an organization's productivity and lead to costly fines, downtime, and the loss of clients and certifications that are essential to its operations.

The research, held out in November, included 205 US IT managers who are in charge of overseeing the IT infrastructures of their firms, and it fairly depicts the target demographic. As per SysKit, improper zero trust and full trust implementation can result in data breaches. Based on the survey, 68% of respondents believe that the zero trust approach restricts the ability to collaborate, while 50% of respondents think that the full trust approach to governance is ideal.

The majority of IT administrators (82%) agree that non-technical staff who are resource owners must be more proactive in data reviews and workspace maintenance. Furthermore, when enquired about one‘s specific IT governance skills, 50% of the respondents stated that non-tech employees do not know how to properly apply external sharing policies, 56% believed they did not know how to properly apply provisioning policies, and 30% stated that their coworkers are not taking care of their inactive content. According to SysKit, this lack of knowledge can result in data leaks, unchecked workspace sprawl, and higher storage expenses.

The survey also revealed that excessive workloads, a lack of comprehension from superiors, and a misalignment of IT and business strategy are among the main issues for IT administrators. As technology continues to develop, organizations will face new opportunities and difficulties. Future applications of AI-based technologies have not yet been defined since they are still in their initial stages. 

NordVPN Identifies the Most Risky Websites for Users' Privacy and Security

When you browse the web on a regular basis, it can be quite dangerous, but it becomes even more dangerous when you access certain types of sites. It should come as no surprise that porn, streaming, and video hosting websites top the list of services posing the greatest risk to users' privacy and security. 

Malware attacks, invasive ads, and heavy web tracking were among the threats. That is the exclusive data gathered by NordVPN, one of the best VPN services available. In December 2022 alone, the VPN provider was able to block over 344 million web trackers, 341 million intrusive ads, and 506,000 malware infections thanks to its Threat Protection tool.

"The online world is challenging people in every single move they make," said NordVPN cybersecurity advisor Adrianus Warmenhoven.

"Want to read an article? Dozens of ads and pop-ups are ready to immediately cover your screen. Another privacy threat – malware – is lurking for you on websites and in files you are about to download. Websites you browse are also full of third-party trackers that analyze your browsing history to find out what you do online. It depends on you to stop it."

NordVPN researchers wanted to know how these cyber threats were getting to users. They did this by analysing aggregated data collected by their Threat Protection system. While this did not include any personally identifiable information about users, it did assist them in depicting the scenario that everyone faces on a daily basis online.

Malware is perhaps the most concerning of these threats. This is due to the ease with which such malicious software can infiltrate a device and damage or compromise tonnes of users' sensitive data. Adult content sites contain the most malware, including viruses, ransomware, spyware, and other threats. During the coverage period, over 60,000 domains were blocked. Cloud storage and entertainment platforms are next in line, with approximately 70,000 infected platforms discovered between the two categories.

Intrusive ads are any pop-ups or other ad pages that appear without being requested. These not only annoy people's online experiences, but they are also excellent at gathering information about users without their knowledge. As expected, free streaming platforms are the most involved, with more than 55 minion domains affected. Adult content and shopping websites appear to be close behind.

These findings highlight the importance of using a reliable ad-blocker every time you browse the web, especially when visiting certain types of websites.

"Ad blockers are essential for both security - because they block ads that can infect people’s devices - and privacy because annoying ads rely on collecting data from web activity and violating people’s privacy," explains Warmenhoven. "Also, if a website is loading slower than usual, you can blame intrusive ads. Free apps filled with unwanted ads could also drain your device’s battery faster.” 

Web trackers are another major cyber threat because they compromise users' online anonymity. Video hosting services were the sites with the most web trackers. The NordVPN Threat protection tool blocked over two billion domains. Tracking was also high in cloud storage, web email, and information technology sites. As per Nord, Hong Kong and Singapore have the most web trackers in the world, with an average of 45 and 33 trackers per website. Other countries with high tracking rates include the United States, Australia, the United Kingdom, Spain, and France.

NordVPN Threat Protection is a system that safeguards users from the aforementioned online threats. It accomplishes this by scanning all files you download and blocking all sites containing malware and dangerous ads before you open them.

Threat Protection is available on all NordVPN apps. This means that there is no additional cost to enjoy a safer online experience. All you have to do is follow these simple steps:
  • Launch the latest NordVPN app on your preferred device.
  • Click the shield icon on the left side of your screen.
  • Activate the Threat Protection toggle.

How ChatGPT Could Drive A Viral Crypto Narrative


AI Crypto: The next big thing 

AI crypto tokens will surely be the next big thing in the industry, an image of Metaverse mania, Defi boom, or meme coin explosion. 

ChatGPT and other AI-based technologies have been viral across social media and the business world. Will this make three altcoins stand-out winners in the next bull market?

Understanding AI Crypto: How trading narratives can bring profit

Narratives are important for incredible rallies or declines, does not matter if they are accurate or not. For instance, the last Bitcoin narrative was aggravated by its use as an inflation hedge. But when the inflation hedge surfaced, the top cryptocurrency was hit by one of its worst downtrends to date. 

Other latest narratives include Defi driving Ethereum and similar coins higher, or when Metaverse tokens rose rapidly after Mark Zuckerberg changed the parent company's name to Mera (earlier Facebook). 

NFTs also helped Ethereum and newbies like Solana. Elon Musk made meme coins go viral by just tweeting about it.

The one thing common in all these assets is that the narratives made money while being in markets, it is all that matters. For savvy cryptocurrency investors exploring the next big narrative, you don't have to look beyond two letters: AI.

AI Crypto and ChatGPT

OpenAI's ChatGPT is currently all over social media. The AI tool has already passed the Medical License Exam, Bar Exam, and MBA exam. People are using it to write articles, solve questions, and tweets, do homework, and perform tasks automatically. People are even using it for Bitcoin as various celebrities. The platform has shown sheer potential. 

Crypto AI Tokens on the edge of a new "Bull Cycle"

Although no AI crypto tokes share any resemblance with ChatGPT, projects with links with anything AI has recovered more significantly from cryptocurrency bear market lows.

For instance, Fetch.ai(FET), is up roughly 480% from its lows and is up over 200% in January 2023 itself. Ocean Protocol (OCEAN) is another great example, with a 230% recovery from lows and more than 100% year-to-date. SingularlyNet (AGIX) beats them both with a low put in three months before and more than 600% gains from the low. AGIX jumped over 460% during January 2023 with a full week still left. 

The results are surprising, but there's still a lot more to see. Jason Soni, Crypto and Currency Analyst at Elliott Wave International recently made a video on three AI-based crypto tokens that may be on the verge of a new bull cycle. 

The three cryptocurrencies analyzed in the video are AGIX, FET, and OCEAN. You can find Soni's analysis on Elliott Wave international's Crypto Trader's Classroom, which brings three new videos every week. The video explains where these altcoins are in their current market cycle and breaks down why there could be more upside in the future. 



Password Changes are Required for LastPass Customers

 


Despite being one of the most popular password managers on the market, LastPass has suffered another major breach, putting the passwords of customers risk as well as their personal information.  

It was established just over a year ago that LastPass, a popular password manager that stores customers' passwords and other sensitive information in encrypted vaults, had been compromised by cybercriminals as a result of a data breach. 

Karim Toubba, the CEO of LastPass who announced the hack, explained that the attackers took a copy of a backup of the information stored in a customer's vault as part of their intrusion. A LastPass employee used stolen cloud storage keys to access the data, which enabled them to steal keys from the company. 

There are several different ways in which the cache of customer password vaults is kept. However, the specific technical and security details of this proprietary format were not disclosed. The data is stored in both an unencrypted and encrypted format.   

It has been discovered that some of the web addresses that are stored in the vault, in the data that was not encrypted, are unencrypted. At this point, it is not known exactly when on the calendar the backups were stolen.
 
As a result of an unauthorized party gaining access to the LastPass subscriber account, it was discovered that unencrypted personal data from subscribers' accounts including LastPass user names, company names, billing addresses, email addresses, and phone numbers, as wetland l as IP addresses had been accessed by the unauthorized party. As far as Toubba is concerned, this is certainly the case. As a result of this same unauthorized party gaining access to the vault data of customers, a copy of that data was also stolen. The data stored in the vault by customers is both encrypted and unencrypted. This includes URLs of websites and usernames and passwords for all of the sites that are stored in the vault by customers. 

Password vaults on LastPass are encrypted and can be accessed only with the customer's master password. It is worth mentioning that the company has warned that the cybercriminals who are the culprits of this intrusion may try to decrypt the copies that they took of the vault data by using brute force to guess your master password. 

Besides the names, email addresses, phone numbers, and some billing information of more than 300,000 of Toubba's customers, the cybercriminals took vast amounts of information from their accounts as well. 

For storing your passwords, password managers are overwhelmingly a smart idea as they enable you to create long, complex, and unique passwords for each website or service you are using. If you do not already do so, you should. However, security incidents like this remind us that not all password managers are created equal. This may mean that different ways can be used to attack, or compromise, password managers. It is very significant to take into consideration that everyone's threat model differs, so no one's requirements will be the same as someone else's. 

There are some rare circumstances (not typos) like this in which a bad actor may be able to access encrypted password vaults of customers, and if he or she does, then “all they need is the master password” of the victim if the bad actor gets access to those vaults. It is only as strong as the encryption used to scramble a password vault that has been exposed or compromised. 

As a LastPass user, the most helpful thing you can do for yourself is to update your current master password from the one you currently have to one that is written down, preferably in a safe place and unique from the old password (or passphrase). As a result, you can rest assured that your current LastPass vault is protected. 

You must begin changing all of the passwords stored in your LastPass vault as soon as you suspect your LastPass vault might be compromised - for instance, if your master password is weak or if you have used it elsewhere - such as your master password is weak. Identify the most critical accounts first, such as your email account, your mobile phone account, your bank account, and your social media account. These are the ones that you use most frequently. Start at the top of the priority list and work your way down from there. 

There is a possibility that if you are a subscriber to LastPass, you may want to look for another password manager in light of the severity of this breach. There is a serious risk of exposing your passwords and personal information if your computer is hacked by an unauthorized person.   

Is there anything LastPass customers should do?

If you are a LastPass subscriber, here's what you need to do right now to make sure that you have the latest version: 

1. Look for a new password manager to keep track of your passwords

The severity of the latest breach and the history of security incidents with LastPass bring more reasons than ever to consider a different alternative, especially when you consider the company's history of security incidents. 

2. The most important password on your site should be changed immediately

Several passwords are frequently forgotten, such as those used for online banking, financial records, internal company logins, as well as medical records.

CNET asked LastPass to answer additional questions it had regarding the breach. However, the company failed to respond to the questions, and the company would not clarify how many users were affected by the breach. However, if you are a LastPass subscriber, you have to live with the fact that nobody knows who has access to your user and vault data. You are putting your trust in that party. 

Threat Intelligence Platform: A Tool to Mitigate Upcoming Cyber Threats

 

The reason why most cyberattacks succeed is that the attackers surprise their targets. Before you can even say, "Kevin Mitnick," the world's most famous hacker, you're dealing with the fallout from an assault. 

Knowing what hackers are aiming for, how and when they plan to attack, and anticipating cyberattacks can help you flip the coin. That's no joke. You may secure your digital assets by using information from a threat intelligence platform regarding threats to your network. To begin with, you must educate yourself on its principles, advantages, and application. 

What is a Threat Intelligence Platform (TIP)?

A threat intelligence platform (TIP) is a cybersecurity tool that finds, gathers, aggregates, arranges, and analyses threat intelligence from the deep, dark, and clear web. A TIP will gather useful information from several sources and in different formats. It will examine the data gathered to find signs of compromise using cutting-edge algorithms and machine learning (IOCs). Advanced TIP systems will also use human intelligence obtained by cybersecurity experts who speak with threat actors as they plot attacks and trade stolen and leaking data. 

Security teams can identify emerging risks from well-known malware attack types, as well as plans for upcoming attacks, using the information uncovered and surfaced by a TIP. With this knowledge, cybersecurity teams can take proactive risk management and remediation measures. 

Benefits of using TIP

The frequency of cyberattacks is on the rise, which should serve as a reminder to prioritise cybersecurity. Adopting a threat intelligence platform is a positive move since it enables you to give your digital assets a more secure environment. 

A threat intelligence platform has the following advantages.

Recognize security risks: It's best to prepare for their attack because fraudsters are constantly hunting for network vulnerabilities. What you do or don't do beforehand will affect how they affect you. Without your knowledge, your system might have a number of vulnerabilities. You can find these dangers by using a threat intelligence tool. It enables proactive cybersecurity, so you can utilise it to stop potential assaults.

Create powerful defences:  Building a strong security defence requires an understanding of the attacker profile targeting your system and the potential attack methods they may employ.

A threat intelligence platform can provide you with in-depth information about the threats to which your system is vulnerable so that you may make informed decisions and take cautious precautions against attacks. Even if your plans are successful in and of themselves, they won't shield you if there is no reliable information available.

Reduce financial losses:  If hackers gain access to your financial data, such as your banking and credit card details, it's already terrible enough that you could lose your valuable data assets. They might gain access to your money and steal everything you've worked so hard to obtain. 

If you have access to other people's money, the situation changes. You'll have to worry about giving them their money, but you might also be subject to legal action. By providing you with the knowledge required to defend your system and digital assets, a threat intelligence platform may help you avoid all of these problems.

Cut back on operational costs: A threat intelligence platform produces reports that assist you in identifying hazards as well as understanding the most effective strategies to address them. By doing this, you avoid paying expenses that you might have otherwise had to. 

The idea that knowledge is power is the foundation around which threat intelligence platforms are built. You can outwit your adversaries if you have a firm handle on their profiles and recognise their patterns. You anticipate their attack and take the appropriate security measures to foil it before they even try. Compared to preventing assaults and repairing the harm that a hacker like this might cause, this is significantly better.

Zero Trust Cybersecurity Protocols Slow Companies to "Mask Up"

 


There is only one way to find out if you can trust someone, and that is by trusting them, according to Ernest Hemingway, considering that most organizations follow zero trust policies, which were developed nearly two decades ago by John Kindervag. These policies are now the default behavior. This is not a wise piece of advice for network security. As a result, we have seen an increase in the number of cases of infection due to the Coronavirus pandemic and remote work. 

Despite this, companies are a bit slow to adopt zero trust when it is about protecting against malware and data exfiltration. By 2026, Gartner has predicted that only 10% of large enterprises will have in place a zero-trust program that is mature and measurable by the end of this decade. 

Currently, less than 1% of organizations have automated their systems with zero trust. This is according to a consulting firm. It was reported that despite zero trust is a critical strategy for reducing risk for most organizations, few had implemented the system. 

The end of Implicit Trust is Here 

In his latest commentary for Gartner's VP Analyst Series, John Watts, VP Analyst at Gartner, said that many organizations have established their infrastructures with implicit rather than explicit trust models to facilitate access and operation for workers and workloads. 

John added that in the context of zero trust, the main risk that many companies face is the possible use of implicit trust by attackers. This can give them a competitive advantage over customers. In addition, damage can be limited by segmenting access to a network. It allows the attack to have a lesser impact on resources and systems during an attack. 

When spyware or other malware is infected into an environment through a vendor's software installed within it, the damage caused can be limited to a small segment of trusted applications within the environment. 

It is pertinent to note that implicit trust refers to workloads and devices that rely on limited factors when authorizing devices, workloads, and accounts. This includes requests originating from a local IP address behind a perimeter firewall. 

Explicit trust refers to when devices, workloads, and accounts for access need to be authenticated and authorized in a way that takes into account more context (e.g., location, time, posture, successful multi-factor authentication), Watts explained. 

The Engine Should Have (or not have) a Zero-Trust Policy. 

A zero-trust framework, including zero-trust software, under which zero-trust operations can be implemented, should be able to do the following: 

  • Several services and applications are created for extended workforces that are vulnerable to exploits and scan attacks that can be identified and prevented. 
  • As an alternative to allowing open connections on a network, you should limit access to specific network resources to prevent malware from moving laterally. 
  • Developing an access management “engine” based on risk and trust is critical to controlling access. 
These engines are based on analytics built on things such as account activity, the identity strength of the user, device attributes, and several other parameters to calculate a risk score in near real-time from real-time data. A risk score higher than a certain threshold could trigger an action such as isolating a device, enabling a second factor of authentication, or suspending a user's account. This depends on what level of risk that is. 

Moveable firewalls 

Rather than implementing one large perimeter around resources like the traditional firewall model, zero trust implements many smaller perimeters. As Watts pointed out, zero trust is not the only method by which one can reduce risk. There is an imperative aspect of scope which is to ensure that not everything can be controlled by a set of zero-trust procedures. In general, legacy systems, such as mainframes, are excluded from zero-trust architectures, and this is the case for public-facing applications used by citizens and consumers. 

Sadly, Gartner analysts also warned that the majority of cyberattacks through 2026 will focus on areas not covered by zero trust controls. This is because these attacks cannot be mitigated by these controls. Due to API threats, this problem has arisen. Watts said that some threats could be encountered during zero trust implementation, such as insider attacks and account takeovers. He said that advanced analytics would help organizations mitigate the threat posed by this threat. 

A Threat Stream of APIs: Islands of Danger

In addition, Gartner forecasted earlier this month that by 2023, the total cost of computing around the globe will reach $4.5 trillion. As a result, this has resulted in a growth of 2.4% compared to 2022, though it is slightly lower than the 5.1% growth forecast for the previous quarter. 

According to the firm, less consumer purchasing power and lower device spending will contribute to a continued rise in overall enterprise IT spending. This is even as inflation continues to erode consumer purchasing power. 


Cyberwarfare Threat Looming Large on Firms Worldwide

 

Over the past ten years or so, the environment for cyber threats has undergone a significant transformation, which has accelerated in recent years. The term "cyberwar" didn't even exist until 30 years ago, and it's still somewhat debatable today. 

Once upon a time (that time being just a few years ago), the majority of private businesses had no reason for immediate concern. However, the distinctions between nation-state adversaries, cybercrime organisations, and rogue threat actors continue to become more and more hazy, making practically any company and any device fair game for cyberwarfare. The Armis State of Cyberwarfare and Trends Report: 2022-2023 examines the situation more closely and offers information on whether or not organisations are sufficiently equipped to defend themselves. 

The report focuses on the opinions of IT and security experts from around the world regarding the state of cyberwarfare today and market trends. It offers insightful information on the opportunities and challenges faced by businesses as they work to safeguard their assets and secure their networks. The study was conducted by surveying more than 6,000 IT and security professionals worldwide from all major industry verticals. 

Technology: A double-edged sword 

Technology is frequently a mixed blessing, which is one of the report's most notable findings. Anything that makes your life simpler or more convenient for you can, in theory, be used against you by attackers or expose you to a higher risk in some other way.

Technology is increasingly reliant on artificial intelligence (AI) and machine learning (ML). These technological advancements are being used to automate the detection and response to cyber threats, which is assisting businesses in better protecting their assets and networks. The report does point out, however, that there are worries about how these technologies might be misused for bad, and that more oversight and regulation are required in this area. Concerns about the potential use of generative AI tools like ChatGPT to create malicious code and exploits have recently grown. 

The Armis report highlights the growing threat that cyberattacks that target critical infrastructure pose to businesses. This includes attacks on systems that are crucial to the operation of contemporary society, such as medical equipment and industrial control systems. While these attacks don't specifically target organisations (aside from the provider of critical infrastructure), any attack that affects the critical infrastructure that businesses depend on can have disastrous effects on those businesses. In accordance with the report, these attacks are becoming increasingly sophisticated and are frequently carried out by advanced persistent threat (APT) groups, which are outfitted with the resources and technical know-how necessary to get around conventional security measures.

In the report's introduction, Nadir Izrael, CTO and co-founder of Armis, mentions that experts believe threat actors will be able to weaponize OT (operational technology) environments by 2025 in order to hurt or kill people. The shift from reconnaissance and espionage to kinetic application with tangible effects is a trend in cyberwarfare, he observes. 

“These kinetic cyberweapons have already been discovered in the wild, although none specifically have been deployed to lethal effect. For example, the Triton malware discovered in 2017 targeted and disabled safety instrumented system (SIS) controllers of a Saudi Arabian petrochemical plant which could have contributed to a plant-wide disaster had the problem not been identified. And in February 2021, a hacker attempted to poison the water supply facility of a small U.S. city in the state of Florida via remote access. We have already seen ransomware attacks against the healthcare sector result in human deaths, so the potential impact of cyberattacks—whether intentional or unintentional—is clear.” 

Can we survive cyber warfare? 

Many organisations have been caught off guard by the threat landscape's quick change. The scope of the threat is difficult for businesses of all sizes and in all sectors to comprehend, and many do not have the necessary cyber defences in place.

In a press release, Armis summarised some of the report's most important findings. These results highlight some of the major obstacles that organisations must overcome in order to adjust to the new reality. 

  • The threat of cyberwarfare is not being taken seriously by one-third (33%) of international organisations, who report being unconcerned or indifferent about how it will affect their organisation as a whole, creating security gaps. 
  • Nearly a quarter (24%) of international organisations believe they are unprepared to handle cyberwarfare. Nevertheless, preventing nation-state attacks comes in last on the IT professionals' list of security concerns (22%). 
  • The statement that "The war in Ukraine has created a greater threat of cyberwarfare" is accepted by more than three out of five (64%) IT and security professionals polled.
  • Between May 2022 and October 2022, compared to the six months before, more threat activity was reported on networks by over half (54%) of professionals who are the sole decision-makers for IT security. 
  • The majority (55%) of IT professionals polled concurred with the statement that "My organisation has stalled or stopped digital transformation projects due to the threat of cyberwarfare." In some nations, like Australia (79%), the U.S. (67%), Singapore (63%), the UK (57%), and Denmark (56%), this percentage is even higher. 
  • IT professionals around the world responded differently when asked about their company's policy on paying ransoms in the event of a ransomware attack. Twenty-four percent of respondents said their organisation always pays, 31% said their organisation only pays when customer data is at risk, 26% said their organisation never pays, and 19% said it depends. 
  • A little more than seven in ten (76%) of the IT professionals polled concur that, in response to the threat of cyberwarfare, the boards of directors are changing the organisational culture with regard to cybersecurity. 
  • Nearly 2 in 5 (37%) of the IT professionals surveyed believe it is extremely likely that their company will increase its investment in cybersecurity in light of recent and ongoing unexpected global events (such as the pandemic, the conflict in the Ukraine, etc.) 

Combating future cyberwars 

The report emphasises how crucial asset visibility is to maintaining business network security. Businesses must have a thorough understanding of the hardware and software that connect to their networks in order to identify threats quickly and take appropriate action. With the goal of becoming the "Google Maps" of the IT environment or attack surface, Armis is committed to giving its users the visibility they require. To assist them in overcoming these obstacles, they collaborate with clients like the City of Las Vegas, Takeda Pharmaceuticals, and an increasing number of governmental bodies.

Yevgeny Dibrov, the CEO of Armis, and Nadir Izrael, the CTO, were interviewed by Tony Bradley, Editor-in-Chief at TechSpective. Regarding the visibility of assets, Dibrov stated, "Every client should ask themselves, 'What are my assets? What are my assets, exactly?

In a data centre environment, a manufacturing environment, a hospital, a critical infrastructure facility, or a government facility, the most fundamental question is, "What do I have?" he continued. 

“I think cyberwarfare in general has become kind of an above board thing that nation-states do, as opposed to maybe a decade or two ago where everything was hush-hush and under the covers—like these covert attacks that were never attributable. That change is huge in our overall industry. It's huge for countries. In fact, from our perspective it paints cyberwarfare as the new terrorism,” Izrael stated. “It is the most cost-effective way of waging war on multiple levels and something that we're seeing more and more examples of as we progress.”  

Since it is unlikely that we will be able to put the genie back in the bottle in the future, it will be crucial for organisations to understand the answers to the questions Dibrov posed and have that "Google Map" of their environment to work with.

A $100 Million Theft Has Been Attributed to the Lazarus Group by the FBI

 


A $100 million cryptocurrency heist was committed by the Lazarus Group last June, which has been blamed by the FBI for the crime. Known for stealing cryptocurrency to help support the military and weapons programs of the North Korean government, this team is associated with the North Korean government. 

A statement released by the FBI on Tuesday identified Lazarus Group, which is also known as APT38, as the perpetrators of the June 24 attack on the Harmony Horizon bridge. The FBI released this information. In the course of this attack, $100 million worth of Ethereum was lost. Harmony Horizon is a bridge that allows you to connect Ethereum, Bitcoin, Binance Chain, and Harmony with the aforementioned cryptocurrency systems. The Ethereum bridge was accessed by attackers in June of this year and the cryptocurrency was stolen. 

There has been a reported theft on the Horizon bridge this morning for approximately $100MM, which was discovered by the Harmony team. At the time of the incident, Harmony said that they had begun to work with national authorities and forensic specialists to identify the perpetrator. In addition, they had begun to regain the funds that had been stolen. 

As a team, the FBI and the Department of Justice's National Cryptocurrency Enforcement Team have combined to investigate the Harmony heist, as well as several United States attorneys' offices. Earlier this week, the FBI announced that the Lazarus Group had been responsible for the attack and used its malware tool TraderTraitor as part of its operation. This malware was one of the components of the attack. 

"During the June 2022 heist, North Korean cyber actors, who used an encryption protocol known as Railgun, a privacy protocol, gained access to over $60 million worth of Ethereum (ETH) that had been stolen. It is believed that a portion of the stolen Ethereum from this theft was sent to several virtual asset services for conversion into bitcoin (BTC)," the FBI said in a statement released by the bureau. 

Lazarus Group is a North Korean security firm that has been active for several years. It is closely associated with the North Korean government and typically pursues the interests of the government. A successful attack by this group on the Bank of Bangladesh in 2016 netted it $81 million. Since then, Lazarus has continued to operate against banks and crypto exchanges to fund its operations. 

Lazarus Group is a group of companies that specialize in penetrating cryptocurrency firms and exchanges, as well as other targets. This is done with the use of their tools that are integrated into TraderTraitor. Oftentimes, these tactics begin when hackers send phishing emails to employees at a target company. They entice them to download malicious files in the hopes that they will be able to decipher what they are downloading. 

Many of these messages are disguised as recruitment efforts and offer high-paying jobs to entice recipients to download cryptocurrency applications laced with malware, also known as TraderTraitor by the U.S. government, according to a CISA advisory released in April. 

TraderTraitor is the term used to describe a series of malicious applications that are written using cross-platform JavaScript and run on the Node.js runtime running on Electron using the Node.js runtime environment. Several malicious open-source applications have been downloaded into the system, posing as tools that can help traders or price forecasters trade cryptocurrencies. TraderTraitor campaigns promote the alleged features of the applications on websites with modern designs. 

Several intrusions carried out by the Lazarus Group have used TraderTraitor as part of their investigations, and they have been quite successful in doing so. There was also another tool they used, a macOS backdoor called AppleJeus, which they implemented along with more advanced ways. 

In addition to spreading cryptocurrency trading applications modified to contain malware that facilitates cryptocurrency theft, the Lazarus Group also distributed AppleJeus trojanized cryptocurrency applications targeting individuals and companies, including cryptocurrency exchanges and financial services firms. 

According to the advisory, the North Korean regime will likely continue to exploit the vulnerabilities of cryptocurrency technology companies, gaming companies, and exchanges. This will enable it to generate and launder funds to support its regime. 

During the Harmony intrusion, the Lazarus Group moved bitcoin to several exchanges, which the FBI worked with to freeze those assets.

SOCs Face Stern Test in 2023 as Hackers Target Governments and the Media

 

The number of incidents in the government and mass media segments will increase this year, according to Kaspersky research experts' predictions for challenges in Security Operation Centers (SOCs) in 2023. SOCs in these and other industries, as well as supply chain attacks via telecommunications providers, are likely to face more recurring targeted attacks. More initial compromises through public-facing applications will be another threat to SOCs. Data destruction may occur in organisations that are threatened by ransomware attacks. 

Repeated targeted attacks by state-sponsored hackers 

The average number of incidents in the mass media sector doubled from 263 in 2021 to 561 in 2022, according to Kaspersky experts. Numerous high-profile incidents occurred over the course of the past year, one of which was when Iranian state TV broadcasting was halted due to hacker activity while the nation was in the midst of protests. Similar DDoS attacks to those that occurred in the Czech Republic also targeted media outlets. Among the 13 other analysed segments, such as industrial, food, development, financial, and others, mass media emerged as the top target for cybercriminals, following the government sector, where the average number of incidents increased by 36% in 2022. 

2023 will see a continuation of this growth along with routine targeted attacks by state-sponsored actors. While this is typically relevant for governmental organisations, the mass media sector has come under increased attack during global conflicts that are frequently accompanied by information warfare and in which the media invariably play a significant role. 

“Large businesses and government agencies have always been targets of cybercriminals and state-sponsored actors, but geopolitical turbulence increased attackers’ motivations and enlivened hacktivism, which cybersecurity specialists have not regularly encountered until 2022,” stated Sergey Soldatov, head of security operation center (SOC) at Kaspersky. “The new wave of politically-motivated attacks is especially relevant for the government and mass media sectors. To effectively protect a company, it’s necessary to implement a comprehensive threat detection and remediation provided through Managed Detection and Response services.” 

Supply chain assault 

Attacks on telecommunications firms by perpetrators could lead to an increase in supply chain strikes in 2023. The telecom sector experienced a disproportionate number of high severity incidents in 2021 for the first time. Although the average proportion of high severity incidents decreased in 2022 (from 79 per 10,000 systems monitored in 2021 to about 12 in 2022), these businesses continue to be prime targets for cybercriminals. 

Ransomware destroyers 

In 2022, Kasperksy noticed a new ransomware trend that will persist in 2023: ransomware actors will both encrypt and destroy corporate data. This is pertinent to organisations that experience politically motivated attacks. More initial compromises through applications with a public facing pose a threat to SOCs. Compared to phishing, penetration from the perimeter requires less preparation, and outdated vulnerabilities are still available. 

Mitigation tips

Kaspersky researchers advise taking the following precautions to guard against the pertinent threats: 

  • Keep all of your devices' software updated to stop hackers from breaking into your network by taking advantage of flaws. Patches for fresh vulnerabilities should be applied as soon as possible. Threat actors are no longer able to exploit the vulnerability once it has been downloaded. 
  • High-profile attacks can be defended against with dedicated services. Before the intruders succeed in their objectives, the Kaspersky Managed Detection and Response service can assist in locating and stopping intrusions in their early stages. If an incident occurs, Kaspersky Incident Response service will assist you in responding and reducing the effects. In particular, locate the compromised nodes and safeguard the infrastructure from future intrusions. 
  • Utilize the most recent Threat Intelligence data to keep abreast of the TTPs that threat actors are actually employing. 
  • Select a trustworthy endpoint security product with behavior-based detection and anomaly control features, like Kaspersky Endpoint Security for Business, for efficient defence against known and unknowable threats.

How to Prevent Home Network Hackers? Here's all you Need to Know

 

Your home Wi-Fi network may not be as secure as you believe. Internet crime costed Americans more than $6.9 billion in 2021. Personal data breaches were also significant, in addition to phishing and scams. Many personal data breaches could have been avoided with a little home network security. The average household in the United States has more than ten devices connected to its home Wi-Fi network. 

The number of devices ranging from laptops and tablets to phones, smartwatches, and streaming devices can quickly grow, and each is potentially vulnerable to hacking. With so much data stored on those devices – credit card numbers, bank records, login credentials, and other personal and private information – you want to make sure you're protected from hackers if your network is compromised.

A secure home network minimizes the risk of being hacked and having someone gain access to sensitive information. Furthermore, it will keep unwanted or unauthorized users and devices from slowing down your connection or freeloading on the internet service you pay for.

How to Protect Your Home WiFi Network

Here are the fundamentals for safeguarding your home Wi-Fi network. 

1. Make a strong Wi-Fi password and change it frequently.
It is critical to creating a unique password for your Wi-Fi network in order to maintain a secure connection. Avoid passwords or phrases that are easily guessed, such as someone's name, birthday, phone number, or other common information. Simple Wi-Fi passwords are easy to remember, but they are also easy for others to figure out

2. Activate the firewall and Wi-Fi encryption.
Most routers include a firewall to prevent outside hacking and Wi-Fi encryption to prevent eavesdropping on data sent between your router and connected devices. Both are usually turned on by default, but you should double-check to make sure.

Now that you know how to access your router's settings, double-check that the firewall and Wi-Fi encryption are turned on. Turn them on if they're turned off for any reason. Your network security will appreciate it.

3. Turn off remote router access.
Anyone who is not directly connected to your Wi-Fi network can access the router settings via remote router access. There should be no reason to enable remote access unless you need to access your router while away from home (for example, to check or change the configuration of a child's connected device).

Remote access can be disabled in the router's admin settings. Disabling remote router access may not be the default, unlike other security measures.

While, even with the most up-to-date and effective methods of protecting your home network, security is never guaranteed. Hackers and cybercriminals will find ways to exploit the internet as long as it exists. However, by following the tips above, you can better protect your network from anyone attempting to use your connection or access your data.

Mousetrapping: What is it & how to Safeguard Against it?

 

Mousetrapping works in the identical way that a traditional mousetrap does: you unknowingly walk into a trap designed to keep you trapped for as long as possible. Operators who utilize mousetraps actively market their products or services. They may even attempt to steal your personal details. So, how do you know when you've stepped into a trap? 

Mousetrapping is an unethical practice used by some website operators to keep you on their site for longer than necessary. It is a technique that traps you in an endless loop of pages and pop-ups, preventing you from leaving a website.

Some operators will even open the new page you've been redirected to in a new window. You can't access the taskbar, toolbar, or browser menu while in this window, making it difficult to close. These websites may even deactivate the web browser's back or exit buttons, trapping you on the page until you exit the browser. In such cases, the only actionable buttons that work are those in pop-ups that force you to perform whatever action the website owner dictates.

"Your phone is hacked. Download this Antivirus Software Now.
99% of android users have this app on their phone.
Your government is tracking your phone. Install this VPN."

When you visit a website with mousetraps, you will encounter a lot of messages like this: pop-ups requesting you to download an app, visit another site, or even enter your phone number. Clicking the exit button on these pop-ups usually results in more call-to-action messages. Executing these actions and downloading the files will almost certainly result in the installation of malware on your computer and the theft of sensitive information.

How to Recognize a Mousetrap

The first step in making a mousetrap is to closely mimic the URL of a legitimate popular website. It could be a celebrity's official website or your favorite newspaper. The malicious site could end up on a search engine with a simple misspelling and a line of code. Because the code and content closely resemble that of the authentic website, the link to the site ends up on search engines.

It is sometimes difficult to tell if a website is legitimate until you click on a link. Fortunately, there are methods for determining whether a website is genuine. The mousetraps are designed by the owners of these websites in order to capture as many clicks as possible from unwitting visitors. When you realize you've been duped, you immediately attempt to exit the site by clicking on a broken back button.

The logical next step would be to press the forward button or search the toolbar for an escape route. It is already too late at this point. It is nearly impossible to leave this way because the site owner has included lines of code that will open one ad banner after another for every click you make.

That isn't all. Because pop-ups appear quickly, you may need to open multiple windows in order to evade them. You must close each pop-up one by one, and the more clicks you have, the more benefit the site owner receives. The close button on pop-ups does not always work, resulting in more ads, banners, and redirects.

Mousetrapping isn't just for clicks. Some threat actors use these traps to keep their victims occupied. The pop-ups and windows are designed to keep you on the page while malware is downloaded onto your system.

How to Get Out of a Mousetrap

The obvious escape, like most traps, will most likely lead you deeper into the trap. The back button you rush to click will simply open an ad in another window or launch a barrage of banners, further frustrating you. Despite this, there are a few ways to get out of mousetraps.

1. Input Another URL Address
2. Disable JavaScript
3. Use Keyboard Shortcuts

It's difficult to spot a malicious website, especially if it's a carbon copy of a popular platform. When you realize you've been trapped and windows and pop-ups are appearing with every click, go to the URL bar and enter a new address. You should be able to close the opened windows using keyboard shortcuts.

However, prevention is always preferable to cure. Use web browsers that have add-ons and plug-ins that prevent redirects, advertisements, and unauthorized window openings. Another option is to disable JavaScript. Many site features, including pop-ups and banners, would be disabled.

DoControl: Growing its SaaS Security Platform

DoControl offers an integrated, automated, and risk-aware SaaS Security Platform that protects apps and data which are essential to corporate operations promotes operational efficiency and boosts productivity. Protecting data and business-critical SaaS apps through automated remediation is DoControl's key strength.

DoControl's newest module adds shadow SaaS application identification, monitoring, and remediation to build on earlier advancements that target mission-critical use cases and better defend companies from SaaS supply chain assaults. By establishing machine identities that are frequently overprivileged, unapproved of, and unmonitored, SaaS application-to-application communication capabilities raise the risk. To address regulatory gaps and automatically close supply chain-based attack vectors, DoControl's SaaS Security Platform extension offers total control and transparency across all authorized and unauthorized SaaS apps.

One service platform that delivers unified security across various apps is required by the industry as a result of the rapid expansion of SaaS applications, the need to integrate them, or the economic pressures to integrate vendors. DoControl has established itself as the end-to-end SaaS security platform supplier, including CASB, DLP, Insider Risk, and Workflows, so now Shadow Apps enable security teams to accomplish more with less effort.

Extensive shadow application governance is aided by the DoControl SaaS Security Platform's expansion:

Facts and Awareness: All interlinked  SaaS applications within a company's estate can be found by organizations, both sanctioned and unsanctioned. Businesses can spot issues of non-compliance and comprehend the high-risk SaaS platforms, apps, or users vulnerable inside the SaaS estate with rigorous surveying and inventories.

Analyze and Operate: Utilizing pre-approval rules and workflows that demand end users present a business explanation for acquiring new apps, companies can conduct app reviews with business users. Security staff can also place suspect applications in quarantine, limit a user's access rights, and revoke such privileges.

Automated Cleanup: Organizations can automate the application of security policies throughout the entire SaaS application stack by using low-code/no-code solutions. Through automated patching of various threat vectors, DoControl's Security Workflows limit vulnerability brought on by third-party apps and stop unauthorized or high-risk app usage.

Data security is essential, but several systems lack the level of specificity and set of capabilities modern businesses require to secure sensitive data and operations, particularly in the intricate and linked world of SaaS apps. DoControl finds every SaaS user, partner company, asset, and metadata, as well as OAuth applications, groups, and activity events. Without hindering business enablement, DoControl helps to lower risk, prevent data breaches, and manage insider risk.


Cybersecurity in 2023: Russian Intelligence, Chinese Espionage, and Iranian Hacktivism


State-sponsored Activities 

In the year 2022, we witnessed a number of state-sponsored cyber activities originating from different countries wherein the tactics employed by the threat actors varied. Apparently, this will continue into 2023, since government uses its cyber capabilities as a means of achieving its economic and political objectives. 

Russian Cyber Activity will be Split between Targeting Ukraine and Advancing its Broader Intelligence Goals 

It can be anticipated that more conflict-related cyber activities will eventually increase since there is no immediate prospect of an end to the conflict in Ukraine. These activities will be aimed at degrading Ukraine's vital infrastructure and government services and gathering foreign intelligence, useful to the Russian government, from entities involved in the war effort. 

Additionally, organizations linked to the Russian intelligence services will keep focusing their disinformation campaigns, intelligence gathering, and potentially low-intensity disruptive attacks on their geographical neighbors. 

Although Russia too will keep working toward its longer-term, more comprehensive intelligence goals. The traditional targets of espionage will still be a priority. For instance, in August 2022, Russian intelligence services used spear phishing emails to target employees of the US's Argonne and Brookhaven national laboratories, which conduct cutting-edge energy research. 

It is further expected that new information regarding the large-scale covert intelligence gathering by Russian state-sponsored threat actors, enabled by their use of cloud environments, internet backbone technology, or pervasive identity management systems, will come to light. 

China Will Continue to Prioritize Political and Economic Cyber Espionage 

It has also been anticipated that the economic and political objectives will continue to drive the operation of China’s intelligence-gathering activities. 

The newly re-elected president Xi Jinping and his Chinese Communist Party will continue to employ its intelligence infrastructure to assist in achieving more general economic and social goals. It will also continue to target international NGOs in order to look over dissident organizations and individuals opposing the Chinese government in any way. 

China-based threat actors will also be targeting high-tech company giants that operate in or supply industries like energy, manufacturing, housing, and natural resources as it looks forward to upgrading the industries internally. 

Iranian Government-backed Conflicts and Cybercrimes will Overlap 

The way in which the Iranian intelligence services outsource operations to security firms in Iran has resulted in the muddled difference between state-sponsored activity and cybercrime. 

We have witnessed a recent incident regarding the same with the IRGC-affiliated COBALT MIRAGE threat group, which performs cyber espionage but also financially supports ransomware attacks. Because cybercrime is inherently opportunistic, it has affected and will continue to affect enterprises of all types and sizes around the world. 

Moreover, low-intensity conflicts between Iran and its adversaries in the area, mainly Israel, will persist. Operations carried out under the guise of hacktivism and cybercrime will be designed to interfere with crucial infrastructure, disclose private data, and reveal agents of foreign intelligence. 

How Can Organizations Protect Themselves from Opportunistic Cybercrime?

The recent global cyber activities indicate that opportunistic cybercrime threats will continue to pose a challenge to organizational operations. 

Organizations are also working on defending themselves from these activities by prioritizing security measures, since incidents as such generally occur due to a failure or lack of security controls. 

We have listed below some of the security measures organizations may follow in order to combat opportunistic cybercrime against nations, states, and cybercrime groups : 

  • Organizations can mitigate threats by investing in fundamental security controls like asset management, patching, multi-factor authentication, and network monitoring. 
  • Maintaining a strong understanding of the threat landscape and tactics utilized by adversaries. Security teams must also identify and safeguard their key assets, along with prioritizing vulnerability management. 
  • Traditional methods and solutions, such as endpoint detection and response, are no longer effective in thwarting today's attacks, so it is crucial to thoroughly monitor the entire network, from endpoints to cloud assets. However, in order to identify and effectively address their most significant business concerns, and prioritize threats in order to combat them more efficiently.  

Info-stealing Ads Spread by Malvertising

HP Wolf Security's cybersecurity researchers have issued a warning about various ongoing activities that aim to use typosquatting domains and malicious advertising to spread different types of malware to unwitting victims.

Additionally, the scammers paid various ad networks to broadcast ads promoting these bogus websites. Search engines can end up presenting harmful versions of the websites alongside trustworthy ones when users search for these programs in this manner. Users risk being misdirected if they are not careful and double-check the URL of the website they are viewing.

Bogus installers

A total of 92 domains that look like other software and may have been used to spread IcedID were found. If victims do find themselves in the incorrect location, they would not likely notice the difference.

The websites are meticulously created to resemble the real ones in practically every way. In the context of Audacity, the website hosts a malicious.exe file that poses as the installation for the program. 'audacity-win-x64.exe' is the file's name, and it is larger than 300MB in size. The attackers strive to avoid detection by being this large, in addition to antivirus software. The researchers found that several antivirus products' automatic scanning functions do not check really huge files.

According to Cyble security experts, Rhadamanthys was used to steal data from web browsers, crypto wallets, and messaging apps. It was spread using Google Ads that imitated AnyDesk, Zoom, Bluestacks, and Notepad++.

Another issue involved DEV-0569 abusing Google Ads to distribute BatLoader, according to Microsoft researchers. As part of the spreading process, the group imitated LogMeIn, Adobe Flash Player, and Microsoft Teams.

Due to their extensive capabilities, info-stealers are now a common type of malware utilized by hackers. The demand for this malware is so great that it rules many underground market forums.

Increased sales of victim data on the dark net will result from selling these new malware strains and the accessibility of info-stealer malware source code.

Users should double-check the integrity of these websites before downloading any installers as the most recent assault campaign mostly uses bogus websites that look legal to distribute malware. To reduce the risk of info-stealer malware, it is also advised to deploy MFA across all accounts.




Threat from Cyberspace Pushing Data Budgets Up and Delaying Digital Transformation

 

A new report has revealed that the cost of data backup is rising due to the growing threat from cybercrime. This includes the requirement to guarantee the consistency and dependability of hybrid cloud data protection in order to counteract potential losses from a ransomware attack. 

More than 4,300 IT leaders were polled for the Data Protection Trends Report, and many of them claimed that there was a "availability gap" between how quickly their businesses needed a system to be recovered and how quickly IT could get it back online. This issue is serious because, according to the survey, 85% of respondents experienced a cyberattack in the previous year. 

Making sure the data protection provided by Infrastructure as a Service and Software as a Service solutions corresponds with that provided by workloads focused on data centres was one of the top priorities for IT leaders polled for the survey this year.

More than half of those surveyed in the study, which was commissioned by data protection software vendor Veeam, also mentioned a "protection gap" between the amount of data they can lose and the frequency with which IT protects it. These gaps, according to more than half of those surveyed, have led them to consider switching primary data protection providers this year.

Many of those surveyed claimed that ransomware is "winning," with cyberattacks causing the most significant outages for businesses in 2020, 2021, and 2022, despite all of these efforts to increase backup reliability and spend on cybersecurity tools. 

Hackers' increasing threat to data budgets

In the past 12 months, at least 85% of all study participants reported experiencing an attack, up from 76% the year before. Data recovery was noted as a major concern, with many claiming that only 55% of encrypted data was recoverable following a ransomware attack.

This was partially due to the increase in attacks. Due to the strain that ransomware protection and recovery put on budgets and staff, it is also harder to implement digital transformation. Resources intended for digital transformation initiatives have been diverted as IT teams must concentrate on the unstable cyber security landscape. 

According to Veeam's researchers, cyberattacks "not only drain operational budgets from ransoms to recovery efforts, but they also reduce organisations' ability to modernise for their future success, forcing them to pay for prevention and mitigation of the status quo."

With 52% of respondents already using containers and 40% of organisations planning to do so soon, Kubernetes is proving to be one of the major forces behind bettering data security strategies. Despite this, the report's authors discovered that most organisations only protect the underlying storage rather than the workloads themselves. 

The CTO and senior vice president of product strategy at Veeam, Danny Allan, stated that "IT leaders are facing a dual challenge. They are building and supporting increasingly complex hybrid environments, while the volume and sophistication of cyberattacks is increasing. This is a major concern as leaders think through how they mitigate and recover business operations from any type of disruption.”