Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label security measures. Show all posts
security measures
Cyber Attacks Cybersecurity Breach data security Hotel Chains Ransomware attack Restaurant Chain security measures

Panera Bread and Omni Hotels Hit by Ransomware Outages: What You Need to Know

 

In a tumultuous turn of events, Panera Bread and Omni Hotels were thrust into the chaos of ransomware attacks, unleashing a cascade of disruptions across their operations and customer services. 

Panera Bread, celebrated for its culinary delights and pioneering loyalty programs, found itself in the throes of a massive outage that paralyzed its internal IT infrastructure, communication channels, and customer-facing platforms. The ransomware strike, striking on March 22, 2024, encrypted critical data and applications, plunging employees and patrons into disarray amidst the ensuing turmoil. 

Among the litany of grievances, Panera Sip Club members were left disheartened by their inability to savour the benefits of their subscription, notably the tantalizing offer of unlimited drinks at a monthly fee of $14.99. The frustration reverberating among members underscored the profound repercussions of cyber incidents on customer experience and brand loyalty. 

As of January 23, 2024, Panera Bread and its franchise network boasted an extensive presence with 2,160 cafes sprawled across 48 U.S. states and Ontario, Canada. However, the ransomware onslaught cast a shadow over the company's expansive footprint, laying bare vulnerabilities in cybersecurity defenses and underscoring the imperative for robust incident response protocols. 

In tandem, Omni Hotels grappled with a parallel crisis as ransomware-induced IT outages wreaked havoc on reservation systems and guest services. The bygone week witnessed a flurry of disruptions, from protracted check-in delays averaging two hours to resorting to manual interventions to grant access to guest rooms. 

The financial fallout of these cyber calamities remains nebulous, yet the toll on customer trust and brand reputation is palpable. The opacity shrouding the attacks has only exacerbated apprehensions among employees and patrons alike, accentuating the exigency for fortified cybersecurity measures and transparent communication strategies.

Amidst the evolving threat landscape, organizations must fortify their cybersecurity defenses and hone proactive strategies to avert the pernicious impact of cyber threats. From regular data backups and comprehensive employee training to the formulation of robust incident response blueprints, preemptive measures are pivotal in blunting the impact of cyber onslaughts and fortifying resilience against future incursions. 

The ransomware assaults on Panera Bread and Omni Hotels serve as poignant reminders of the pervasive menace posed by cyber adversaries. By assimilating the lessons gleaned from these incidents and orchestrating proactive cybersecurity initiatives, businesses can bolster their resilience and safeguard the interests of stakeholders, employees, and patrons alike.
Read more »
security measures
Cyber Security cybersecurity incidents Malware Attack Malware prevention steps Security Guidelines security measures

Insights into Recent Malware Attacks: Key Learnings and Prevention Strategies

 

In an era where cybersecurity threats loom large, recent malware attacks have underscored the critical need for robust protective measures. Understanding the modus operandi of these attacks and learning from them can empower individuals and organizations to bolster their defenses effectively. 

Let's delve into the biggest takeaways from these incidents and explore preventive strategies to safeguard against future threats. One of the striking revelations from recent malware attacks is the evolving sophistication of malicious actors. Advanced techniques such as polymorphic malware, which can change its code to evade detection, pose significant challenges to traditional security protocols. This highlights the importance of investing in next-generation cybersecurity solutions capable of adaptive threat detection and mitigation. 

Furthermore, the rise of ransomware attacks has been particularly alarming. These attacks encrypt valuable data and demand a ransom for its release, often causing substantial financial losses and operational disruptions. Implementing a multi-layered defense strategy encompassing regular data backups, network segmentation, and employee training on phishing awareness can mitigate the risk of falling victim to ransomware extortion. 

Additionally, the proliferation of supply chain attacks has raised concerns about the interconnected nature of modern digital ecosystems. Attackers target third-party vendors and service providers to infiltrate their primary targets indirectly. Vigilance in vetting and monitoring supply chain partners, along with implementing robust access controls and encryption protocols, is paramount to mitigating this threat. Moreover, the exploitation of software vulnerabilities underscores the importance of timely patch management and software updates. 

Neglecting to patch known vulnerabilities provides attackers with an entry point to exploit systems and compromise sensitive data. Establishing a proactive patch management framework that prioritizes critical vulnerabilities and expedites the deployment of patches can significantly enhance cybersecurity posture. Social engineering tactics remain a prevalent avenue for malware dissemination, emphasizing the crucial role of user education and awareness. Phishing emails, fraudulent websites, and deceptive messages continue to lure unsuspecting individuals into inadvertently downloading malware or divulging sensitive information. 

Educating users on recognizing and reporting suspicious activities, coupled with implementing email filtering and web security solutions, can mitigate the effectiveness of social engineering attacks. Furthermore, the emergence of fileless malware represents a significant paradigm shift in cyber threats. By residing solely in system memory without leaving a footprint on disk, fileless malware evades traditional antivirus detection mechanisms. Deploying endpoint detection and response (EDR) solutions capable of behavior-based anomaly detection and memory analysis can effectively identify and neutralize fileless malware threats. 

In conclusion, recent malware attacks serve as potent reminders of the evolving threat landscape and the imperative of proactive cybersecurity measures. By staying abreast of emerging threats, investing in cutting-edge security technologies, fostering a culture of cybersecurity awareness, and adopting a multi-faceted defense approach, individuals and organizations can fortify their resilience against malicious actors. As the digital landscape continues to evolve, continuous vigilance and adaptation are essential to staying one step ahead of cyber adversaries.
Read more »
Tips
Cyber Security Cybersecurity Defense hack Microsoft Prevention proactive Protection safeguard security measures Tips

Protect Yourself: Tips to Avoid Becoming the Next Target of a Microsoft Hack

 

The realm of cybersecurity, particularly within the Microsoft 365 environment, is in a constant state of evolution. Recent events involving major tech firms and cybersecurity entities underscore a crucial truth: grasping security best practices for Microsoft 365 isn't synonymous with effectively putting them into action.

According to Kaspersky, 2023 witnessed a significant 53% surge in cyber threats targeting documents, notably Microsoft Office documents, on a daily basis. Attackers increasingly employed riskier tactics, such as surreptitiously infiltrating systems through backdoors. 

For instance, in one scenario, a non-production test account lacking multifactor authentication (2FA/MFA) fell victim to exploitation, while in another case, a backdoor was implanted into a file, initiating a supply chain attack. These incidents serve as stark reminders that even seemingly low-risk accounts and trusted updates within Microsoft 365 can serve as conduits for security breaches if not adequately safeguarded and monitored.

Despite the profound expertise within organizations, these targeted entities succumbed to advanced cyberattacks, highlighting the pressing need for meticulous implementation of security protocols within the Microsoft 365 realm.

The domain of artificial intelligence (AI) has experienced exponential growth in recent years, permeating nearly every aspect of technology. In this era dominated by AI and large language models (LLMs), sophisticated AI models can enhance cloud security measures. AI is rapidly becoming standard practice, compelling organizations to integrate it into their frameworks. By fine-tuning AI algorithms with specialized domain knowledge, organizations can gain actionable insights and predictive capabilities to preemptively detect and address potential security threats. These proactive strategies empower organizations to effectively safeguard their digital assets.

However, the proliferation of AI also heightens the necessity for robust cloud security. Just as ethical practitioners utilize AI to advance technological frontiers, malicious actors leverage AI to unearth organizational vulnerabilities and devise more sophisticated attacks. Open-source LLM models available online can be utilized to orchestrate intricate attacks and enhance red-team and blue-team exercises. Whether wielded for benevolent or malevolent purposes, AI significantly influences cybersecurity today, necessitating organizations to comprehend its dual implications.

Ways to Enhance Your Security

As digital threats grow increasingly sophisticated and the ramifications of a single breach extend across multiple organizations, the imperative for vigilance, proactive security management, and continuous monitoring within Microsoft 365 has never been more pronounced.

One approach involves scrutinizing access control policies comprehensively. Orphaned elements can serve as goldmines for cybercriminals. For example, a departing employee's access to sales-related data across email, SharePoint, OneDrive, and other platforms must be promptly revoked and monitored to prevent unauthorized access. Regular audits and updates of access control policies for critical data elements are indispensable.

Moreover, reviewing delegations and managing permissions consistently is imperative. Delegating authentication credentials is vital for onboarding new programs or personnel, but these delegations must be regularly assessed and adjusted over time. Similarly, ensuring segregation of duties and deviations is crucial to prevent any single individual from wielding excessive control. Many organizations grapple with excessive permissions or outdated delegations, heightening the risk of cybersecurity breaches. Emphasizing delegation and segregation of duties fosters accountability and transparency.

Maintaining oversight over the cloud environment is another imperative. Solutions supporting cloud governance can enforce stringent security policies and streamline management processes. When selecting a cloud governance provider, organizations must exercise discernment as their chosen partner will wield access to their most sensitive assets. Security should be viewed as a layered approach; augmenting layers enhances governance without compromising productivity or workflows.

Given the alarming frequency of security breaches targeting Microsoft 365, it's evident that conventional security paradigms no longer suffice. Gone are the days when basic antivirus software provided ample protection; technological advancements necessitate significant enhancements to our defense mechanisms.

Implementing rigorous security measures, conducting regular audits, and upholding governance can markedly fortify an organization's defense against cyber threats. By remaining vigilant and proactive, it's feasible to mitigate security risks and shield critical data assets from potential breaches before they inflict harm on organizations or their clientele.
Read more »
security measures
Axie Infinity co-founder crypto community cryptocurrency theft Cyber Security Cybersecurity Breach Digital Assets Hackers personal accounts security measures

Hackers Steal Nearly $10 Million from Axie Infinity Co-founder’s Personal Accounts

 

A significant amount of cryptocurrency, valued at nearly $10 million, has been reported stolen from personal accounts belonging to Jeff "Jihoz" Zirlin, one of the co-founders associated with the video game Axie Infinity and its affiliated Ronin Network.

According to reports, Zirlin's wallets were compromised, resulting in the theft of 3,248 ethereum coins, equivalent to approximately $9.7 million. Zirlin took to social media to confirm the incident, stating that two of his accounts had been breached. 

However, he emphasized that the attack solely targeted his personal accounts and did not affect the validation or operations of the Ronin chain or Axie Infinity,as reiterated by Aleksander Larsen, another co-founder of the Ronin Network.

The method through which the intruders gained access to Zirlin's wallets remains unclear. The Ronin Network serves as the underlying infrastructure for Axie Infinity, a game renowned for its play-to-earn model based on ethereum, particularly popular in Southeast Asia. 

Notably, the system had previously fallen victim to a $600 million cryptocurrency heist in March 2022, an attack attributed by U.S. prosecutors to the Lazarus Group, a cybercrime operation allegedly backed by North Korea.

Analysts tracking the recent theft traced the stolen funds to activity on Tornado Cash, a cryptocurrency mixer designed to obfuscate the origin of funds. It's worth noting that Lazarus had previously utilized this mixer to launder proceeds from the 2022 hack. The U.S. government, in response, had separately imposed sanctions on Tornado Cash.

Blockchain investigator PeckShield described the incident as a "wallet compromise," indicating a breach in security measures. Despite the breach, Zirlin assured stakeholders of the stringent security protocols in place for all activities related to the Ronin chain.
Read more »
Sophos report
Cyber Attacks cybercriminals Cybersecurity Ransom Payment Ransomware recovery cost Retail Industry security measures Sophos report

Report: Retailers Face Challenges in Coping with Ransomware Attacks

 

In a disconcerting revelation, a recently released report suggests that retailers are finding themselves increasingly outmatched in the ongoing battle against ransomware operators. Conducted by cybersecurity experts Sophos, the survey enlisted the perspectives of 3,000 IT and cybersecurity leaders from small and medium-sized businesses (SMBs) and enterprises worldwide, with a particular focus on 355 respondents hailing from the retail sector. 

The findings are rather sobering, indicating that a mere 26% of retailers were successful in thwarting a ransomware attack before succumbing to having their valuable data encrypted. This figure represents a noticeable decline from the preceding year's 28%, and even more starkly from the 34% recorded two years prior.

Chester Wisniewski, the Director of Global Field CTO at Sophos, sounds a cautionary note, deeming the survey a resounding wake-up call for organizations within the retail industry. His message is clear: retailers must urgently fortify their security measures in the face of the escalating ransomware threat.

The report also sheds light on the protracted recovery process faced by victims who opt to meet the ransom demand. Among those who acquiesced, the median recovery cost, excluding the ransom payment itself, surged to four times that of those with a functional backup, reaching a staggering $3 million compared to $750,000. 

Approximately 43% of victims opted to pay the ransom, prompting Wisniewski to caution against shortcuts, underscoring the imperative of rebuilding systems to prevent cybercriminals from reaping the rewards of their malicious activities.

While there is a glimmer of optimism for retailers in the report - the percentage of firms targeted by ransomware threats dropped from 77% to 69% compared to the previous year - the recovery times have taken a hit. The proportion of companies able to recover in less than a day dwindled from 15% to a mere 9%, while those grappling with recovery periods exceeding a month increased from 17% to 21%.

Ransomware, as the report highlights, typically gains entry through the actions of unwitting employees, such as downloading malware or inadvertently providing attackers access to crucial endpoints. 

Consequently, the report underscores the critical importance of comprehensive employee education regarding the perils of cyberattacks. In addition to fostering employee awareness, safeguarding against ransomware necessitates strategic measures such as regular backups of critical systems and data, coupled with the implementation of robust endpoint protection services. The call to action is clear - retailers must fortify their cybersecurity defenses comprehensively to navigate the evolving threat landscape successfully.
Read more »
USA
Cyber Security GSRA Security Law security measures USA

US Government Surveillance Reform Act (GSRA), What It Will Change?

 

A cross-party group of U.S. legislators has put forth fresh legislation aimed at limiting the extensive surveillance authority wielded by the FBI. They argue that the bill addresses the gaps that currently enable officials to access Americans' data without obtaining a warrant. This move comes after over ten years of discussions surrounding the surveillance powers granted in the aftermath of September 11, 2001. 

These powers permit domestic law enforcement to conduct warrantless scans of the immense volumes of data collected by America's foreign surveillance systems. If the Surveillance Reform Act (GSRA), gets approved, would compel law enforcement agencies to secure a legitimate warrant prior to conducting searches under Section 702 of the Foreign Intelligence Surveillance Act (FISA)

Opponents argue that the present absence of a warrant prerequisite for accessing the 702 database represents an unconstitutional circumvention of Americans' Fourth Amendment safeguards. This proposed legislation arrives as the culmination of a year-long, intense struggle over the fate of profoundly contentious surveillance practices, scheduled to conclude on December 31. 

Section 702 was enacted in 2008, it was originally presented as a tool for foreign surveillance, primarily aimed at tracking terrorists. However, due to antiquated and inadequately defined language in the policy, intelligence agents and law enforcement have been provided with a covert means to amass extensive volumes of U.S. communications. 

Subsequently, these private exchanges are routinely subjected to surveillance without the need for a warrant, and in certain instances, are even utilized as evidence in criminal proceedings. This creates a significant policy gap, allowing law enforcement to gather personal communications of American citizens that would typically be safeguarded by the Fourth Amendment. 

The paramount objective of the 206-page GSRA bill's proposed reforms is to bring about a modernization and enhancement of U.S. surveillance capabilities. This aims to align privacy safeguards and basic rights with the rapid technological progress that has significantly streamlined data acquisition processes. 

"We're introducing a bill that protects both Americans' security and Americans' liberty," Senator Ron Wyden - a Democrat and a longtime critic of government surveillance reported at a press conference on Tuesday. 

Officials in the executive branch have consistently emphasized the importance of the expiring surveillance authority, asserting its critical role in combatting foreign espionage and terrorism. They have actively advocated for its reauthorization.
Read more »
WiFi
Airport Security Cyber Security Hackers IT Network Public Network security measures Sensitive Information VPN WiFi

Navigating the Risks: Is Airport Wi-Fi Safe for Travelers?

Airport Wi-Fi has become a need for travelers in a time when keeping connected is crucial. It acts as a lifeline for anything from last-minute travel adjustments to professional correspondence. However, worries about its security have led some people to wonder whether utilizing public networks comes with any inherent risks.

According to a report by Explore.com, accessing airport Wi-Fi networks might not be as secure as one would hope. The convenience it offers often comes at the cost of compromised cybersecurity. Cybercriminals can exploit vulnerabilities in these networks, potentially gaining access to sensitive information.

Aura, a cybersecurity company, emphasizes that travelers should exercise caution when connecting to airport Wi-Fi. "Public networks are prime targets for cyberattacks. It's like leaving your front door unlocked in a high-crime area," warns their security expert. Hackers can employ various techniques, such as "Man-in-the-Middle" attacks, to intercept data transmitted over these networks.

MarketSplash echoes these concerns, urging travelers to take proactive measures. Using a Virtual Private Network (VPN) is one of the most effective ways to secure online activities. A VPN creates a secure tunnel between the device and the internet, encrypting data and making it significantly harder for cybercriminals to intercept.

Additionally, it's advised to avoid accessing sensitive information, like banking accounts or private emails, while on public Wi-Fi. Instead, it's safer to use cellular data or wait until connecting to a trusted network.

While these warnings might sound alarming, it's important to note that not all airport Wi-Fi networks are equally risky. Some airports invest heavily in cybersecurity measures, offering safer browsing experiences. As a rule of thumb, using well-known airports and verifying the network's legitimacy can reduce risks.

Airport Wi-Fi is a useful tool for travelers, but it's important to be aware of any security hazards. One can find a balance between staying connected and remaining secure by taking steps like using a VPN and avoiding important tasks on public networks. Better safe than sorry, as the saying goes. Travelers can avoid future hassles by making a minor investment in cybersecurity.
Read more »
User Privacy
Crypto Crypto Exchange cryptocurrency Data Breach FTX MFA Protocols security measures User Privacy

FTX Reinforces Security Measures After Recent Cyber Breach

 

A notable cryptocurrency exchange called FTX recently experienced a security compromise that briefly caused its gateway to be unavailable. The event sparked worries about the security of users' assets on the network among users and the larger crypto community. To strengthen its defenses against potential attacks, FTX quickly implemented stronger security measures as a response.

FTX CEO, Sam Bankman-Fried, assured users that their funds were safe and that the breach was quickly contained. He stated, "Our team acted promptly to isolate the breach and secure the affected systems. No user funds were compromised, and we have taken steps to prevent such incidents in the future."

Following the breach, FTX collaborated closely with cybersecurity experts to conduct a thorough investigation. The findings led to the identification of vulnerabilities that were promptly addressed. The exchange has now implemented additional security protocols, including multi-factor authentication and advanced intrusion detection systems.

Cybersecurity experts lauded FTX's swift response and proactive approach to fortifying their platform. Dr. Emily White, a leading cybersecurity analyst, commended FTX's efforts, saying, "FTX's rapid response and commitment to shoring up their security measures demonstrate a proactive approach to safeguarding user assets. This incident serves as a reminder of the evolving nature of cyber threats and the importance of continuous vigilance."

In the wake of the breach, FTX has taken steps to enhance communication with its user base. The exchange has established a dedicated channel for updates on security-related matters, providing users with real-time information and transparency about any potential risks.

The incident at FTX serves as a wake-up call for the entire cryptocurrency industry. As the digital asset space continues to grow, exchanges must prioritize security measures to protect user funds and maintain trust in the ecosystem.

The FTX response to the latest security issue emphasizes how crucially important strong cybersecurity procedures are in the cryptocurrency business. FTX has proven its dedication to protecting user assets by quickly fixing vulnerabilities and deploying improved security processes. This incident should serve as a reminder to all exchanges to emphasize security and keep lines of communication open with their user base.


Read more »
User Security
Australian Supermarket Cyber Security Data Privacy security measures User Security

Security Changes at Australian Supermarket Raise Privacy Concerns

 

Our daily lives have been infused with technology, yet the ease and advancements it brings are not without drawbacks. A few of them even have effects on privacy.

It is difficult to ignore a situation like this, especially in light of recent reports that Coles supermarket is testing "innovative" security measures including "smart gateway technology" in an effort to minimise the theft issue at its stores. 

Australia's two largest supermarkets have begun to implement a variety of tough security measures, which have been described as a necessary action to tackle the theft problem, which costs $9 billion annually. However, some experts have expressed concerns about a background of "trauma" or even "distrust" for some customers while in businesses.

Coles has integrated a number of cutting-edge devices into its stores nationwide in an effort to deter crime and safeguard employees from an apparent rise in aggressive conduct. Among them are 'smart gates' that automatically lock if customers attempt to leave without paying for their purchases, artificial intelligence (AI)-enabled cameras at checkouts, and overhead cameras intended to monitor shoppers' every move. 

Body-worn cameras, which some Woolworths customers are already accustomed to seeing on police officers and bouncers, are a recent Coles tactic that has also been adopted by other retailers. The purpose of this action is to protect Coles' employees against violence of any kind in all of their "high-risk" locations. 

Privacy advocates, however, have not been slow to criticise these developments. Dr. Mary Ilias, a senior lecturer in criminology at Deakin University, has warned of a culture of fear sparked by excessive surveillance and suggested that such surveillance could burden consumers unnecessarily.

According to Dr. Illias, those who are vulnerable may also have "exacerbated feelings of trauma and mistrust" as a result of the cameras. She voiced concern about innocent people being unfairly singled out—those who might seem uneasy or unsure owing to medical or mental conditions—and creating unnecessary suffering. 

Retailers argue that if customers were not satisfied with the technology, it would not have been implemented.

"New technology such as body cameras is being tested by some stores here and overseas and is being done so within privacy laws and with careful attention to staff and customer feedback," Paul Zahra, Australian Retailers Association Chief Executive explained.

"It's in retailers' interests to keep their customers comfortable and at ease in stores and this kind of technology is first and foremost to keep frontline retail staff and customers safe," Zahra added.

Coles and Woolworths representatives assured customers that their cameras comply with Australian privacy regulations and that video from these cameras would only be preserved for "a few weeks."
Read more »
Surveillance Tool
Cybersecurity Hackers Human rights Israel Malicious actor Ransomware Attacks. security measures Spyware Surveillance Tool

Israeli Cyber Firms Unveil Groundbreaking Spyware Tool


Israeli cybersecurity companies have made an unparalleled spyware tool available, which has shocked the whole world's computer sector. This new breakthrough has sparked discussions about the ethics of such sophisticated surveillance equipment as well as worries about privacy and security.

According to a recent article in Haaretz, the Israeli cyber industry has unveiled a cutting-edge spyware tool that has been dubbed InsaneT.This highly advanced technology reportedly possesses capabilities that make it virtually impervious to existing defense mechanisms. As the article states, "Israeli cyber firms have developed an insane new spyware tool, and no defense exists."

The tool's sophistication has caught the attention of experts and cybersecurity professionals worldwide. It has the potential to reshape the landscape of cyber warfare and espionage, making it both a remarkable achievement and a significant cause for concern.

The InsaneT spyware tool's capabilities remain shrouded in secrecy, but it is said to be capable of infiltrating even the most secure networks and devices, bypassing traditional security measures with ease. Its existence highlights the ever-evolving arms race in the world of cybersecurity, where hackers and defenders constantly vie for the upper hand.

While the Israeli cyber industry boasts about this technological breakthrough, ethical concerns loom large. The Register, in their recent report on InsaneT, emphasizes the need for a robust ethical framework in the development and deployment of such powerful surveillance tools. Privacy advocates and human rights organizations have already expressed their apprehension regarding the potential misuse of this technology.

As the world becomes increasingly interconnected, issues related to cyber espionage and surveillance gain prominence. The introduction of InsaneT raises questions about the balance between national security interests and individual privacy rights. Striking the right balance between these two conflicting priorities remains an ongoing challenge for governments and technology companies worldwide.

An important turning point in the history of cybersecurity was the appearance of the spyware tool InsaneT created by Israeli cyber companies. Considering the ethical and security ramifications of such cutting-edge technology, its unmatched capabilities bring both opportunities and risks, highlighting the necessity of ongoing discussion and international cooperation. Governments, corporations, and individuals must manage the complexity of cybersecurity as we advance in the digital era to ensure that innovation does not compromise privacy and security.


Read more »
USA
Cyber Security FBI Hive Ransomware security measures Technology Threats USA

How the FBI Hacked Hive and Saved Victims

Earlier this year, the FBI achieved a significant milestone by dismantling Hive, a notorious cybercrime group, employing an unconventional approach. Instead of apprehending individuals, the agency focused on outsmarting and disrupting the hackers remotely. This marks a notable shift in the FBI's strategy to combat cybercrime, recognizing the challenges posed by international borders where many cybercriminals operate beyond the jurisdiction of U.S. law enforcement. 

In the past, Hive gained infamy as a highly active criminal syndicate, renowned for its acts of disrupting American schools, businesses, and healthcare institutions by disabling their networks and subsequently demanding ransoms for restoration. However, FBI field agents based in Florida successfully dismantled the group using their cyber expertise. 

They initially gained unauthorized access to Hive's network in July 2022 and subsequently countered the syndicate's extortion activities by aiding the targeted organizations in independently regaining access to their systems. 

According to Adam Hickey, a former Deputy Assistant Attorney General in the Justice Department's national security division during the Hive operation, the FBI's method proved effective and saved victims worldwide approximately $130 million. After conducting thorough investigations, the FBI discovered that Hive had rented its primary attack servers from a Los Angeles data center. 

Acting swiftly, the FBI seized the servers within two weeks and subsequently announced the takedown. This rapid action was motivated by the agency's recognition of an opportunity to halt Hive's activities, which had previously been difficult to preempt. However, while the announcement marked a significant milestone, Special Agent Smith and Director Crenshaw emphasized that the case is far from over. 

Hickey, who is now a partner at Mayer Brown law firm, stated that relying solely on arrests to combat cyber threats would be an oversimplified approach. He emphasized the need for a broader perspective and alternative strategies to address the evolving cyber threat landscape. 

The FBI initially became aware of Hive in July 2021 when the group, which was still relatively unknown at the time, targeted and encrypted the computer network of an undisclosed organization in Florida. This occurred during a period when prominent ransomware groups were carrying out severe attacks on gas pipelines and meat processors in the United States. 

In the following 18 months, Hive conducted more than 1,500 attacks worldwide, resulting in the collection of approximately $100 million in cryptocurrency from the victims, as estimated by U.S. law enforcement. The group's rapid expansion can be attributed, in part, to its strategic utilization of ruthlessness as a catalyst for growth. 

They targeted organizations, including hospitals and healthcare providers, that other cybercriminals had refrained from attacking. Data gathered by researcher Allan Liska, reveals that despite the FBI's covert presence within Hive, the group continued to carry out attacks at a consistent rate. 

On a hidden website where Hive disclosed the identities and sensitive details of victims who refused to pay, they listed seven victims in August, eight in September, seven in October, nine in November, and 14 in December. These numbers remained similar to the group's attack patterns before the FBI's infiltration. 

Hive members are still at large, and the seized servers could potentially aid in exposing the network of affiliates who collaborated with Hive during the 18-month period. As a result, the takedown has the potential to lead to additional arrests in the future.
Read more »
SecurityScorecard
CISA Critical Organizations Cyber Attacks Manufacturing Organization security measures SecurityScorecard

Critical Manufacturing Organizations Face Significant Risk of Cyber Attacks


Recent years have seen an alarming increase in the number of cyberattacks against critical infrastructure, many of which involved ransomware. Particularly in terms of cyber resilience, the industrial industry appears to be falling behind. 

Statistics 

Research by SecurityScorecard shows that the vast majority of the Global 2000 Forbes list's essential manufacturing organizations have high-severity vulnerabilities in their systems that have not been patched. 

  • Over 75% of manufacturing organizations have high-severity vulnerabilities in their systems that have not been patched. 
  • In 2022, early 40% of manufacturing companies reported malware infections, which is a considerable percentage. 
  • Around half of the critical manufacturing organizations, i.e. 48% obtained low-security ratings. The platform considers a number of important risk criteria, including DNS health, IP reputation, network security, web application security, leaked information, hacker chatter, endpoint security, and patching schedule. 
  • Unpatched high-severity vulnerabilities increased by 38% in the critical industrial sector year over year, and 37% of companies experienced malware infestations. 

Underlining the Trend 

  • Last week, CISA published numerous advisories cautioning the ICS industry of critical security flaws impacting products from organizations like GE Digital, Mitsubishi Electric, and Contec. 
  • Another advisory advised against flawed products from Sewio, Siemens, Sauter Controls, and InHand Networks. 

Advisories and Reports Underlining the Trend

CISA last week published multiple advisories warning the ICS industry of critical security vulnerabilities impacting products from GE Digital, Mitsubishi Electric, and Contec. Another advisory warned against flawed products from Sewio, Siemens, Sauter Controls, and InHand Networks.

Researchers from Trend Micro identified the Agenda ransomware group developing a new version of their ransomware in Rust, during the same month. The ransomware group has been targeting manufacturing and IT sectors in multiple different countries and made off with $550 million in earnings. 

The rising cases of cyberattacks against critical infrastructure have made it necessary for policymakers and business professionals to have an in-depth understanding of the security measures in place for their manufacturing environment. It is being advised to strive for a more collaborative and integrated approach to cybersecurity resilience, that would bring together the public and commercial sectors to safeguard critical infrastructure all across the world.  

Read more »
United Kingdom
Cyber Security IT system NCSC security measures United Kingdom

In Q2 2022, NCSC Plans to Launch a New Assurance Scheme for IR and SimEx

 

In Q2 2022, the National Cyber Security Centre (NCSC) plans to implement a new assurance scheme for incident response (IR) and simulated exercises (SimEx), which might be a game-changer in the security sector. This will essentially result in the standardization of IR and SimEx across the board, as well as the expansion of commercial reach, opening up new markets for assured suppliers. Previously, the NCSC only offered the Cyber Incident Response (CIR) Service – shortly to be renamed CIR Level 1 – to UK Central Government and major corporations with complex IT systems that were regarded to have "national significance" networks. 

The new CIR service will dramatically broaden its reach to include local businesses, major businesses, and SMEs, while the new Cyber Incident Exercising Service will target large and medium organizations, as well as central and regional UK government. Because of the scope of the undertaking, the NCSC aims to hire Assured Scheme Partners to assess and onboard Assured Service Providers to police the scheme. 

The government agency is presently selecting its Assured Scheme Partners, with whom it will collaborate to develop the operating model and define how it will execute its technical standards across both services. 

SimEx can range from simple desktop exercises to full-fledged simulations, allowing corporate teams to respond to a given attack scenario. They could take the shape of a ransomware or phishing assault, DDoS simulation, or sensitive data being released on the dark web. A simulated exercise's purpose is to practise, analyze, or enhance the IR plan, so the true learning comes from how effectively the incident response process functions. 

Although it is unclear how the new Cyber Incident Exercising Service can support this wide range of activities, the NCSC has announced that it will include table-top and live-play formats. It will likely provide a sliding scale of increasingly complicated services, bringing much-needed clarity to the market. 

One of the main difficulties with SimEx today is that once the business considers testing its IR, prices may quickly escalate, so a formal framework with multiple techniques would help teams know precisely what they've signed up for and how much bang for their buck they're getting. 

Rather than the organization blindly investing in technology and presuming that its policies are being followed, these tests evaluate the effectiveness of security protocols by using attack scenarios that the organization is likely to face in the current threat landscape, informing the business of what is/isn't working and where the disparities are so that future spend can be focused.
Read more »
security measures
Coronavirus COVID-19 Cyber Security security measures

Some useful Cybersecurity tips every Work-from-home Employee must know


Amid the Coronavirus (COVID-19) panic, numerous corporates and organizations have told their employees to work from home as a safety concern for the employees' health. This precautionary step indeed is a good measure to take care of the employees' health while maintaining the work productivity in balance, but it also brings up concerns about the cybersecurity or the company's networks and data. It would be the 1st time for many companies to start this work-from-home initiative, which means that these organizations lack the precautionary measure to prevent their company's networks and data from potential cyberattacks from hackers. Incidents of cyberattacks have already appeared amid the coronavirus outbreak.

How to protect your system while working from home

Password Manager
Password Management Systems are a great way to keep all the online passwords encrypted. This way, your team's online accounts, and passwords are safe. This feature allows safe sharing of the password, which means that the team can securely log in to the accounts without the risk of exposing the password.

2-Step Authentication
Most of the organizations work on a cloud platform, which means the employees have collaborative access. However, using cloud also exposes your network to cybercriminals if you have weak passwords, as they can pretend to be the user and gain access to your company's network. This is why 2 step verification is crucial for cloud-based software, and therefore it should be made a standard login protocol for all the work-from-home employees.

Inform your employees about the security of devices
Safety of the employees' devices is crucial while working from home, as the devices can be stolen or lost. Therefore, it is very important to keep your devices safe as it can provide cybercriminals access to your company's network. Follow these steps to ensure device safety:

  •  Always use lock screens and passwords on your device.
  •  Don't plug your untrusted USB into your device. 
  • Keep a regular backup of your device. 
  • Always use 'find my device' option, just in case your device gets lost. 
  • Encrypt important data and files
 Don't use Unsecured and Public Wifi networks
Avoid using public wifi at all costs as it can make your device vulnerable to cyberattacks.
Read more »
Subscribe to: Posts (Atom)