Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Encryption. Show all posts
User Privacy
Cyber Security Data Encryption Data Leak Message Snooping Secret Project User Privacy

Facebook Spied on Users' Snapchat Traffic in a Covert Operation, Documents Reveal

 

In 2016, Facebook initiated a secret initiative to intercept and decrypt network traffic between Snapchat users and the company's servers. According to recently revealed court filings, the purpose was to better analyse user behaviour and help Facebook compete with Snapchat. Facebook dubbed it "Project Ghostbusters," an apparent homage to Snapchat's ghost-like emblem.

On Tuesday of this week, a federal court in California disclosed fresh documents acquired during the class action case between consumers and Meta, Facebook's parent company. 

The newly revealed documents show how Meta attempted to gain a competitive advantage over its competitors, namely Snapchat and later Amazon and YouTube, by analysing network traffic to see how its users interacted with Meta's competitors. Given that these apps use encryption, Facebook had to design specific technology to get around it. 

Facebook's Project Ghostbusters is described in one of the documents. In the letter, the customers' attorneys stated that the project was a part of the company's In-App Action Panel (IAPP) programme, which employed a method for "intercepting and decrypting" encrypted app traffic from users of Snapchat, and later from users of YouTube and Amazon. 

The document includes internal Facebook emails about the project. 

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.” 

Facebook developers' idea was to employ Onavo, a VPN-like service that the company acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that the business had been secretly paying teens to use Onavo so that it could monitor all of their web activity. 

Following Zuckerberg's email, the Onavo team took on the project and proposed a solution a month later: so-called kits that can be installed on iOS and Android to intercept traffic for specific subdomains, "allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage," reads a July 2016 email. "This is a 'man-in-the-middle' approach.” 

A man-in-the-middle attack, also known as adversary-in-the-middle, is one in which hackers intercept internet communication passing from one device to another over a network. When network communication is not encrypted, hackers can read data such as usernames, passwords, and other in-app activity.

Given that Snapchat's traffic between the app and its servers is encrypted, this network research technique is ineffective. This is why Facebook developers advocated adopting Onavo, which, when engaged, scans all of the device's network data before it is encrypted and transferred over the internet. 

Sarah Grabert and Maximilian Klein filed a class action lawsuit against Facebook in 2020, alleging that the company misled about its data collecting activities and used the data it "deceptively extracted" from users to find competitors and then unfairly compete with the new firms.
Read more »
VPN security
Cyber Security Data Encryption Data protection fast VPN geo-restriction bypass Online Privacy private browsing VPN risks VPN security

Unveiling Free VPN Risks: Protecting Online Privacy and Security

 

If you're seeking enhanced security and privacy for your online activities, you might be considering the use of a Virtual Private Network (VPN). Virtual Private Networks (VPNs) are specifically crafted to accomplish this task. 

A quality VPN channels your web traffic through a secure server, masking your IP address, encrypting your data, and shielding your personal information from unauthorized access.

This software's abilities have attracted various users, ranging from activists safeguarding human rights to individuals seeking access to restricted sports events or exclusive TV shows. An abundance of VPN options exists, including free ones. However, experts advise caution when opting for free VPNs, emphasizing the importance of understanding the potential risks associated with them.

Free VPNs often offer only basic features, lacking advanced functionalities like split tunnelling, which divides internet traffic between the VPN and an open network, or the ability to bypass geo-restrictions for streaming purposes. These limitations might compromise your online experience and fall short of providing the desired level of protection.

  • Encryption Weakness: Many free VPNs use outdated or weak encryption protocols, leaving users vulnerable to cyber threats and data breaches.
  • Data Restrictions: Free VPNs usually impose data caps, restricting high-data activities and causing inconvenience to heavy users.
  • Speed Issues: Free VPNs might suffer from overcrowded servers, resulting in sluggish connection speeds, latency, and buffering, significantly affecting browsing, streaming, and gaming experiences.
  • Server Limitations: With fewer servers, free VPNs struggle to offer reliable and fast connections, limiting access to geo-restricted content.
  • Data Collection: Some free VPNs collect and sell users' browsing data to third parties, compromising privacy and resulting in targeted ads or even identity theft.
  • Advertisements: Free VPNs often bombard users with intrusive ads and pop-ups, as they rely on advertising for revenue.
  • Malware Risks: Lesser-known free VPNs may harbor malware, posing severe risks to devices and personal data, potentially leading to hacking or data theft.
It's crucial to weigh the convenience of a free VPN against the risks it poses, emphasizing the potential compromise on privacy, security, and overall online experience.
Read more »
Technology
cloud storage Data Encryption Flash drive IronKey Technology

IronKey: What is it & How Is It Different From Other Storage Drives

IronKey

The world of online cloud storage

We live in a world of online cloud storage, where all our data is accessible everywhere and on any gadget. This has made the act of having physical storage media a lesser concern than it once used to be and more like a throwaway gadget with which we can do some cool things.

However, removing movies and episodes from streaming services and continual modifications to social media and other online archives have made physical storage more necessary than anything. We've all had a flash drive at some point, and they've grown throughout time, getting larger and more reliable.

IoT and rising concerns

With more than 40 lakh attacks on IoT (Internet of Things) devices, India is among one of the Top 10 Victims Countries lists in the world. This can be a disappointment for Tech Freaks and companies that have just begun using IoT devices but don't consider protecting their IoT devices such as smart cameras. Hackers didn't even flinch while penetrating the systems. That's how simple the breakthrough was.

“Simple methods like password guessing are used for getting the entry in IoT devices. Some sufferers of these attacks set passwords as naive as 'Admin.' And now, India has made it to the index of the top 10 countries that fell prey to IoT attacks in 2019,” reported CySecurity in 2019.

When looking for external storage, you may come across the IronKey series, a pretty flashy and eye-catching name for a simple flash drive. What distinguishes these from conventional flash drives and makes them so expensive? And, more importantly, is it worthwhile? Here's your comprehensive guide on understanding the IronKey.

IronKey: What is it?

IronKey is a flash drive brand created in the early 2000s by IronKey, a Homeland Security-funded Internet security and privacy startup that was later bought by Kingston. These were designed to provide additional security for the government, military, and business clients. While they function similarly to other flash drives, IronKey's hardware encryption differentiates it (and makes it rather pricey).

Though software encryption is simple and secure for most files, it is not as extensive or as powerful as hardware encryption, which integrates a cryptoprocessor into the device. The IronKey flash drive uses 256-bit AES hardware-based encryption in XTS mode, as well as FIPS 140-2 Level 3 validation and on-device Cryptochip Encryption Key management. 

When you remove the flash drive, it senses physical tampering and immediately safeguards your data. You can use a sophisticated password or a secret phrase of up to 255 characters long to get to the files for further security, and if you fail to enter the right password ten times, the drive immediately shuts down and optionally destroys the files.

IronKey: Do you really need one?

So, do you require one? That varies on how you intend to make use of it. If you solely store schoolwork or images, paying $77 for an 8GB flash drive may be expensive. However, if you have sensitive corporate records or government secrets, it may be worth spending a bit more to avoid being the victim of a security breach.

Read more »
Vulnerability and Exploits.
Apple Devices Apple Inc. Data Encryption Decrypter Digital Landscape Identity verification iMessage iOS iPhone Public Key Cryptography QR code User Privacy Vulnerability and Exploits.

Contact Key Verification: Boosting iMessage Security

Apple has taken another significant step towards improving the security of its messaging platform, iMessage. The introduction of Contact Key Verification adds an extra layer of security to iMessage conversations, protecting user data and privacy. In this article, we will explore what Contact Key Verification is and why it matters.

iMessage is a popular messaging platform known for its end-to-end encryption, which ensures that only the sender and the recipient can read the messages. With the new Contact Key Verification feature, Apple is making iMessage even more secure by allowing users to verify the identity of the person they are messaging with.

Contact Key Verification uses public key cryptography to establish a secure connection between the sender and receiver. Each iMessage user has a unique public key, which is stored on Apple's servers. When a user sends a message, their public key is used to encrypt the message. The recipient's device then uses their private key to decrypt and read the message. This ensures that only the intended recipient can access the content.

But what Contact Key Verification does differently is that it allows users to confirm that the public key used for encryption belongs to the person they intend to communicate with. This extra layer of verification prevents man-in-the-middle attacks, where an attacker intercepts and decrypts messages meant for someone else.

The implementation of Contact Key Verification is simple. Users can access the feature by tapping on the contact's name or picture in the chat. They can then view the contact's key and verify it through various methods like scanning a QR code or comparing a series of numbers with the contact in person.

This additional security feature is essential in today's digital landscape, where data breaches and cyberattacks are increasingly common. It ensures that even if someone gains access to your device, they cannot impersonate you or read your messages without proper verification.

Apple's commitment to user privacy is evident in this move. By giving users control over their message security, they are ensuring that iMessage remains one of the most secure messaging platforms available. Moreover, the public key infrastructure used in Contact Key Verification is a proven method for securing digital communications.



Read more »
Weak Password
Cyber Security Data Encryption Data Theft Email Attacks Multi-Factor Authentication (MFA) NSA and CISA Phishing Attacks VPNS Weak Password

Top 10 Cybersecurity Misconfigurations by NSA and CISA

Protecting your organization's data is more important than ever in an era where digital dangers are pervasive and cyberattacks are increasing in frequency and sophistication. Recognizing the pressing need for heightened cybersecurity, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have joined forces to release a comprehensive list of the 'Top 10 Cybersecurity Misconfigurations.' As identified by the two agencies, these misconfigurations represent common vulnerabilities that malicious actors often exploit to infiltrate systems, steal data, or disrupt operations.

  • Weak Passwords: Passwords serve as the first line of defense against unauthorized access. Weak or easily guessable passwords are a major vulnerability.
  • Inadequate Access Controls: Failing to implement proper access controls can lead to unauthorized individuals gaining access to sensitive information.
  • Outdated Software and Patch Management: Neglecting software updates and patches can leave known vulnerabilities unaddressed, making systems susceptible to exploitation.
  • Misconfigured Cloud Storage: In the age of cloud computing, misconfigured cloud storage solutions can inadvertently expose sensitive data to the public internet.
  • Improperly Configured VPNs: Virtual Private Networks are vital for secure remote access. Misconfigurations can lead to unauthorized access or data leaks.
  • Lack of Multi-Factor Authentication (MFA): Relying solely on passwords is no longer sufficient. Implementing MFA adds an extra layer of security.
  • Neglecting Security Event Monitoring: Without proper monitoring, suspicious activities may go unnoticed, allowing potential threats to escalate.
  • Inadequate Email Security: Email remains a common vector for cyber attacks. Misconfigurations in email security settings can lead to phishing attacks and malware infections.
  • Insufficient Data Backups: Failing to regularly backup critical data can result in significant data loss during a cyber incident.
  • Unencrypted Data Transmission: Failing to encrypt data in transit can expose it to interception by malicious actors.
Organizations should take a proactive approach to cybersecurity in order to reduce these risks. This entails carrying out frequent security audits, putting in place strict access controls, and keeping up with the most recent cybersecurity risks and best practices.

Programs for employee awareness and training are also essential. An organization's overall security posture can be significantly improved by training personnel on the value of using strong passwords, spotting phishing attempts, and reporting suspicious activity.

Misconfigured cybersecurity poses a serious risk in today's digital environment. Organizations may strengthen their defenses against cyber threats and protect their digital assets by resolving the top 10 misconfigurations identified by the NSA and CISA. Keep in mind that the best kind of defense in the world of cybersecurity is frequently prevention.

Read more »
Sophos
Cybersecurity Data Encryption Enterprise security Ransomware Sophos

Ransomware Attacks on the Rise in Manufacturing Industry

Threat of Ransomware Attacks

The Growing Threat of Ransomware Attacks

According to a recent report by Sophos, a global leader in cybersecurity, more than two-thirds (68%) of manufacturing companies hit by ransomware attacks globally had their data encrypted by hackers. This is the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.

Ransomware attacks have become an increasingly common threat to businesses and organizations of all sizes. These attacks involve hackers gaining access to a company's computer systems and encrypting their data, making it inaccessible to the company. The hackers then demand a ransom payment in exchange for the decryption key.

Manufacturing Industry Hit Hard by Ransomware

The manufacturing industry has been particularly hard hit by these attacks. Despite an increase in the percentage of manufacturing organizations that used backups to recover data, with 73% of the manufacturing firms using backups this year versus 58% in the previous year, the sector still has one of the lowest data recovery rates.

This highlights the importance of companies taking proactive measures to protect themselves against ransomware attacks. This includes regularly backing up important data, keeping software and systems up to date with the latest security patches, and training employees on how to recognize and avoid phishing emails and other common attack vectors.

Protecting Against Ransomware: Best Practices for Companies

In addition to these preventative measures, companies should also have a plan in place for how to respond in the event of a ransomware attack. This includes knowing who to contact for assistance, having a communication plan for informing customers and other stakeholders and having a plan for how to restore operations as quickly as possible.

The threat of ransomware attacks is not going away anytime soon. By taking proactive steps to protect themselves, companies can reduce their risk of falling victim to these attacks and minimize the impact if an attack does occur.

Read more »
Threat Landscape
Cyber Security Data Encryption Data Leak RaaS Ecosystem Ransomware Threat Landscape

The Rate of Rorschach Ransomware is Increasing; Here's How to Safeguard Yourself

 

Staying ahead of threat actors is a game of cat and mouse, with hackers frequently having the upper hand. LockBit was the most widely used ransomware strain in 2023. In the previous year, LockBit was recognised to be the most active global ransomware organisation and RaaS supplier in terms of the number of victims claimed on their data leak site. 

New strains of malware emerge as the threat of ransomware grows. The current ransomware strain, Rorschach, is proof of this. It is one of the most rapidly spreading variants on the ransomware market today. 

Check Point tested 22,000 files on a 6-core machine and found that all files were partially encrypted in 4.5 minutes. In comparison to LockBit, which was previously thought to be one of the fastest ransomware outbreaks, Rorschach quickly compromised a machine. 

What is the purpose of the partial encryption of the files? A novel encryption approach known as intermittent encryption encrypts only a portion of the material, rendering it unusable. 

By drastically reducing the time required to encrypt files, security software and personnel have only a limited amount of time to thwart an attack. The outcome is the same: the victim is unable to access their files. 

The speed with which encryption is performed is critical since it limits the amount of time available for a user or IT organisation to respond to a security breach. This improves the chances of a successful attack. 

Rorschach ransomware, for example, can construct a Group Policy that spreads the ransomware to all machines in the domain if it is successful, even if the attack originally targets just one system. 

So, what are the best practises for defending against ever-increasing threats? The three actions listed below are critical for defending yourself and your organisation from Rorschach assaults.

Access control 

One of the first stages in safeguarding your organisation is to ensure that each user has only the access they require. Implementing RBAC (Role-Based Access Control) or ABAC (Attribute-Based Access Control) procedures ensures that no user or compromised account can access data outside of its bounds.

With suitable controls in place, you can audit when an account does an action that exceeds its permitted permissions, and fast onboarding and offboarding enable swift responses to security events. 

Account policy

Accounts are supported by a strong password policy. This may include following industry standards such as NIST 800-63B or verifying for previously hacked account passwords. Industry requirements and breached password protection are tough to meet, but software like Specops Password Policy with Breached Password Protection can help. 

Ensuring that a user changes their password in accordance with the policy and does not use a previously hacked password guarantees that your organisation is secure.

Data backup 

Having good, thorough data backups that cover your entire infrastructure is essential, even in the event of a ransomware attack. If the worst happens, you will be able to quickly rebuild your infrastructure and ensure that you can bring back services and functioning. You can lessen the effects of a successful ransomware attack and discover what may have been compromised by swiftly recovering. 

Bottom line 

While the three measures above cannot ensure foolproof security, they can guard you against increasingly complex dangers like Rorschach. There will probably be numerous improvements in the future, even though this ransomware uses special programming to speed up encryption.

Enforcing a tighter password policy helps deter these criminals from looking for easy targets, which is what they frequently do when targeting passwords that have already been obtained. 

Additionally, you may use a free download to search your Active Directory for more than 940 million compromised credentials. Make sure no one is using credentials that have already been stolen.
Read more »
User Privacy
1Password Manager Authentication Cyber Security Data Encryption Hackers LastPass User Privacy

Upgrading Online Security with Password Managers

Online security has become a major concern for individuals and businesses alike, as cyber-attacks become more sophisticated and prevalent. Passwords play a critical role in protecting online security, but the traditional method of using passwords has become inadequate due to the increasing number of online accounts people use, making it challenging to remember multiple passwords.

According to TechRadar, the use of password managers has emerged as a solution to this problem. These tools generate complex and unique passwords for each account, securely store passwords, and autofill passwords, making them convenient to use. The article suggests that password managers have become essential for enhancing online security. 

Password managers not only provide a higher level of security but also make managing passwords easier. "With the ever-increasing number of accounts people hold, there is a higher risk of password reuse, which makes users more vulnerable to cyber-attacks. A password manager can help overcome this issue," says tech writer Ashwin Bhandari. 

Android Police highlights the advantages of using password managers, including the ability to generate secure passwords and store them securely. The tool also helps users avoid the risk of weak passwords or using the same password for multiple accounts, which could make them vulnerable to cyber-attacks. 

CyberNews has compiled a list of the best password managers available, including LastPass, Dashlane, and 1Password. These password managers use strong encryption methods to protect user passwords and employ multi-factor authentication to provide an additional layer of security.

"Multi-factor authentication is the best way to protect your account from unauthorized access. While a password manager can generate and store passwords, enabling multi-factor authentication can prevent hackers from gaining access to your account even if they have your password," says cybersecurity expert John Smith.

Password managers have become a crucial tool for maintaining online security, to sum up. Users can prevent the risk of using weak passwords or the same password for many accounts by utilizing them since they make it convenient to generate and save complex passwords securely. Password managers can help people and businesses increase their internet security and defend against cyberattacks.
Read more »
User Privacy
cloud storage Data Encryption Data Storage Dropbox Encrypto iCloud MacPaw OneDrive Privacy Sensitive data User Privacy

What Must You Do Before Uploading Your Sensitive Data to the Cloud?


Cloud storage has emerged as a prominent tool when it comes to managing or storing users’ data. Prior to the establishment of cloud storage technology, more than a decade ago, emailing individual files to yourself or saving them to an external drive and physically moving them from one computer to another were the two most popular methods for backing up documents or transferring them between devices. 

But now data storage has witnessed a massive breakthrough in technology, thanks to cloud storage solutions. Some of the prominent cloud storage services like Google Drive, Microsoft OneDrive, Dropbox, and Apple iCloud Drive made it dead simple to back up, store, and keep our documents synced across devices. 

Although, this convenience came to the users at a cost of privacy. When we use any of the Big 4's major cloud services, we theoretically give them—or anybody who can hack them—access to whatever we keep on their cloud, including our financial and health information, as well as our photos, notes, and diaries. 

One of the major reasons why user privacy is at stake is because all four prominent cloud service providers meagerly encrypt the documents while uploading. Since these documents are not end-to-end encrypted, it indicates that the user is the only one with the ability to decrypt. 

Minimal encryption would mean that the service provider too holds the key to decrypt users’ documents, and is capable of doing so at all times. Moreover, in some severe instances, a hacker may as well get hold of the decryption key. 

Out of the four major cloud services, Apple is the only service provider with Advanced Data Protection for iCloud, launched recently, which enables users to choose to have their documents end-to-end encrypted when stored in iCloud Drive. This makes Apple void of any access to the files, ensuring the user’s privacy. However, this setting is still optional, making the merely encrypted iCloud Drive a default setting. 

Since the remaining three major cloud storage providers are yet to provide users with the choice of end-to-end encryption and taking into consideration the exploded usage of such personal cloud services in recent years, billions of users are currently at risk of getting their sensitive documents exposed to the third party. 

Encrypt First, Then Upload to the Cloud 

It is possible to use the popular cloud storage services while preventing anyone who gains access to your account from seeing the files stored therein by encrypting those files prior to uploading them. The best part? You do not require a computer scientist or a security developer to do so. With the numerous applications, that are available for free, one could encrypt any file on one's own. 

What is Encrypto?

One such well-known encryption program is Encrypto, sponsored by a company called MacPaw. You may drag a file into the program, give it a password, and then encrypt it using industry AES-256 encryption. The software then enables you to save a file with an encrypted version (.crypto file type). 

After encrypting the files, the user can now upload the encrypted version of the file to their preferred cloud storage provider rather than the original file containing sensitive data. If your cloud storage is then compromised, the attacker should be unable to open the Crypto file without knowing the password the user has established for it. 

Encrypto is a cross-platform tool that works on both Macs and Windows PCs, despite the fact that MacPaw is known for producing Mac-specific utility apps. The recipient merely needs to download the free Encrypto app to be able to open sensitive documents that have been sent to them over email and have been encrypted using Encrypto (and you need to let them know the password, of course). 

Another nice feature that the app possesses is that it enables users to set different passwords for each file they create. One can even include a password hint in the encrypted file to remind what password is being used in the file. Users are advised to establish a password that would be difficult to decipher through brute force or something that would be difficult to guess. 

This being said, no matter the choice of app, encrypting the files yourself before uploading them to Google Drive Microsoft OneDrive, Dropbox, or iCloud Drive adds an additional layer of encryption and security to the sensitive data while still maintaining to reap the numerous benefits of cloud storage.  

Read more »
User Security
Cyber Attacks Data Encryption Extortion Scheme Ransom Payment ransomware attacks User Security

Ransomware Gangs are Starting to Forego Encryption

 

Criminal organisations are now employing a new strategy to ensure ransomware payouts: they skip the step of encrypting target companies' systems and instead go straight to demanding the ransom payment for the company's valuable data.

Malicious hackers are constantly looking for less-flashy but still effective ways to continue their ransomware attacks as law enforcement's focus on the problem grows.

Typically, a ransomware attack begins with the installation of malware that encrypts files onto a company's networks, followed by the appearance of a ransom note on each screen.

By concentrating only on data extortion, hackers can launch their attacks more quickly and without the need for encryption tools, which can occasionally go down in the middle of an attack. 

According to Drew Schmitt, a principal threat analyst at GuidePoint Security, law enforcement is also more interested in looking into attacks that use encryption because it results in more damage.

Schmitt added that businesses that have strong endpoint security tools, firewalls, ongoing monitoring, and security plans that restrict employees' access to internal files will be the most successful at thwarting ransomware attacks.

Security leaders must know how to lessen the effects of a ransomware attack. Here are a few of our suggestions: 

  • Keep encrypted backups of your data offline and make sure that your team consistently performs backups. Additionally, your team should prioritise restoring all crucial systems and data first and routinely test backups to determine how long data restoration efforts will take. 
  • Make it a company-wide rule that no device should be used to store corporate data locally. Unlike data stored in the cloud, if a device is infected, you risk losing all locally stored data. 
  • To prevent ransomware from spreading to other network devices, immediately isolate the infected device.
  • If at all possible, determine the type of ransomware used and/or the threat actors who carried out the attack to see if a decryption key may already be in existence. Engage an external incident response provider with digital forensics capabilities to lead the charge if you lack the expertise to carry out this investigation internally. 
  • Your team should have the relevant source code or executables backed up in addition to system images (or escrowed, have a licence agreement to obtain, etc.) so that you don't lose the application code entirely if the ransomware infection affects it. 
Read more »
Ransomware
Cyber Security Data Encryption Healthcare Industry Ransom Ransomware

Ransomware Attacks Forced Organizations to Shut Down Operations Completely

 

Ransomware attacks have evolved constantly and now the spike in attacks is causing a massive concern for thousands of organizations worldwide. Hackers are taking advantage of security vulnerabilities and encrypting data belonging to all sorts of organizations: from private firms to healthcare facilities and governments. 

What motivates the ransomware attackers to become even more sophisticated and demand tens of millions of dollars is that numerous firms agree to pay the ransom and not reveal the attack. It usually happens because they are afraid of the devastating social consequences. 

Earlier this week, Trend Micro, a global cybersecurity leader, disclosed that a quarter of healthcare organizations hit by ransomware attacks were forced to shut operations completely. The study also revealed that 86% of global healthcare organizations impacted by ransomware attacks suffered operational outages. 

More than half of the global HCOs (57%) acknowledged being hit by ransomware attacks over the past three years. Of these, 25% were forced to shut down their operations, while 60% disclosed that some business processes were affected by an attack. 

On average, it took most responding organizations days (56%) or weeks (24%) to fully restore these operations. In a survey of 145 healthcare business and IT professionals, 60 percent of HCOs also suffered a data breach, potentially increasing compliance and reputational risk, as well as investigation, remediation, and clean-up costs. 

The good news is that most (95%) HCOs say they regularly update patches, while 91% limit email attachments to thwart malware risk. Many also employed detection and response tools for their network (NDR) endpoint (EDR) and across multiple layers (XDR). 

"In cybersecurity, we often talk in abstractions about data breaches and network compromise. But in the healthcare sector, ransomware can have a potentially genuine and very dangerous physical impact," Trend Micro Technical Director Bharat Mistry stated. 

"Operational outages put patient lives at risk. We can't rely on the bad guys to change their ways, so healthcare organizations need to get better at detection and response and share the appropriate intelligence with partners to secure their supply chains." 

The study published by cybersecurity firm Sophos in June revealed that HCOs spend nearly $1.85 million to recover systems after a ransomware attack, the second-highest across all sectors. The average ransom paid by healthcare organizations surged by 33% in 2021, an almost threefold increase in the proportion of victims paying ransoms of $1 million or more.
Read more »
Subscribe to: Posts (Atom)