Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Qantas Airways
Cyber Security Cybersecurity cybersecurity news FBI cyber alert Qantas Airways

Qantas Hit by Cyberattack Days After FBI Warning on Airline 2FA Bypass Threat

 

Just days after the FBI warned airlines about a surge in 2FA bypass attacks by the hacker group Scattered Spider, Australian airline Qantas has confirmed a major cybersecurity incident. The breach, which targeted a third-party platform used for customer service, has potentially exposed personal data—including names, emails, birth dates, and frequent flyer details—of up to six million customers. 

The attack exploited social engineering tactics, a signature method of Scattered Spider, where attackers impersonate staff to deceive IT help desks into granting unauthorized access. Brett Winterford of Okta described the group as a loosely organized, profit-driven collective that thrives on peer recognition and repeated attacks across successful sectors. In a July 4 statement, Qantas Group CEO Vanessa Hudson assured that no credit card, passport, or financial data was compromised, and Qantas’ core systems remain secure. 

The airline said it contained the breach on July 1 and is working with cybersecurity experts to complete a forensic investigation. Affected customers began receiving email notifications from July 3, with further updates promised on the exact data exposed. Hudson emphasized the company’s commitment to transparency and robust response efforts, saying, “We are treating this incredibly seriously and have implemented additional security measures.” 

Cybersecurity professionals, including ex-FBI agent Adam Marrè and OPSWAT's James Neilson, stressed the need for heightened vigilance in the aviation sector, especially during peak travel periods. Marrè urged organizations to strengthen supply chain defenses and advised consumers to verify all communications from airlines. 

Graylog’s Ross Brewer, a Qantas customer himself, noted that clear and precise communication from the airline is critical to avoiding unnecessary panic and maintaining public trust. With airlines holding vast stores of sensitive data, experts warn the industry is an increasingly attractive target for cybercriminals. The Qantas breach reinforces the FBI’s call for all sectors to evaluate their cybersecurity hygiene and response strategies without delay.
Read more »
User Privacy
Cyber Security Mass Surveillance Palantir Trump Administration User Privacy

US Government Secretly Builds Enormous Database Tracking Citizens

 

An explosive story regarding the Trump administration's collaboration with Palantir, which could result in the creation of a master database containing data on every American, was released by the New York Times last month. If such a "master list" was created, the Times claims, it would grant the president "untold surveillance power." 

President Donald Trump signed an executive order earlier this year allowing the federal government to exchange data on Americans among multiple organisations. However, we now have a better idea of how the administration plans to accomplish this. Trump has hired Palantir, a software startup co-founded by Trump and Republican megadonor Peter Thiel, to carry out these initiatives. 

According to the New York Times, Palantir's technology would allow for the compilation of sensitive information from agencies such as the Department of Homeland Security, Immigration and Customs Enforcement, and the Internal Revenue Service. Various government databases already have information on Americans' bank account numbers, medical claims, disabilities, student loan levels, and other details, though not in one location. 

In order to boost government efficiency and save hard-earned public cash, the Trump administration has stated that it wants to "eliminate information silos and streamline data collection across all agencies." The threat of a central database, however, is a nightmare for privacy advocates and has even prompted security and privacy worries from former Palantir staff members. 

Palantir controversial role

Despite its reputation for being extremely covert about its data mining and spying activities, Palantir positions itself as a data and analytics firm. Additionally, Palantir has been under fire for offering information services to support the Israeli military during the Israel-Hamas conflict in 2023. The IDF receives intelligence services from Palantir, as CEO Karp has previously revealed.

Palantir has responded by defending its collaboration with Israel and refuting claims that it is supporting war crimes, as its most vocal detractors claim. As part of the Trump Administration's contentious policing and deportation initiatives, Palantir has also been called upon to assist U.S. Immigration and Customs Enforcement (ICE) in tracking immigrants in the United States. 

Why would the Trump Administration use Palantir to acquire data?

Palantir has already been contracted by the federal government for several years. For example, Palantir previously collaborated with Health and Human Services to track the COVID-19 pandemic. However, Palantir's stock and revenue have soared since Trump's inauguration earlier this year. To date, the federal government has given Palantir around $113 million in 2025.

Furthermore, last week, Palantir was given a $795 million contract by the Department of Defence. In 2024, Palantir earned $1.2 billion from the U.S. government, according to the company's last quarterly report. Furthermore, Thiel, a co-founder of Palantir, is a key Republican fundraiser. In addition to giving $1.25 million to Trump's 2016 campaign, he has contributed tens of millions of dollars to Republican congressional campaigns over the years.
Read more »
Quishing Campaign
Cyber Fraud Cybersecurity measures Cybersecurity Warning Drivers QR code QR Code Phishing QR code scams QR code security Quishing Quishing Campaign

Parking Meter QR Code Scam Grows Nationwide as “Quishing” Threatens Drivers

 

A growing scam involving fake QR codes on parking meters is putting unsuspecting drivers at risk of financial fraud. This deceptive tactic—called “quishing,” a blend of “QR” and “phishing”—relies on tampered QR codes that redirect people to bogus websites designed to steal sensitive information like credit card details or vehicle data. 

The scam works in a surprisingly simple but effective way: fraudsters cover official QR codes on parking meters with nearly identical stickers that feature malicious codes. When scanned, the QR code does not lead to the authorized parking service’s payment portal but instead sends users to a counterfeit site. These phishing websites often look nearly identical to legitimate services, making them difficult to identify as fraudulent. Once there, victims are prompted to enter personal data that can later be misused to withdraw funds or commit identity theft.  

Recent reports have confirmed the presence of such manipulated QR codes on parking infrastructure in multiple cities, and similar schemes have also been spotted on electric vehicle charging stations. In one documented case, a victim unknowingly lost a four-figure amount after entering their payment information on a fake page. According to police authorities in Lower Saxony, Germany—where the scam has seen a surge—this type of attack is rapidly spreading and becoming a nationwide concern. 

Unlike phishing emails, which are often flagged by security software, QR codes are processed as images and generally bypass traditional cybersecurity defenses. This makes “quishing” harder to detect and potentially more dangerous, especially for users with outdated smartphone software. Because these scams exploit visual deception and technical limitations, the responsibility often falls on users to scrutinize QR codes closely before scanning.  

Experts recommend taking a few precautions to stay safe. First, inspect the QR code on the meter to ensure it hasn’t been tampered with or covered by a sticker. If anything appears off, avoid scanning it. For added security, users should download the official parking service app from an app store and enter location details manually. Using third-party QR code scanner apps that reveal the destination URL before opening it can also help prevent falling for a fake link. 

Anyone who believes they may have been scammed should act immediately by contacting their bank to block the card, reporting the incident to local authorities, and monitoring accounts for unauthorized activity. Law enforcement is urging users to stay alert as these scams become more common, especially in urban areas where mobile parking and EV charging stations are widely used.
Read more »
stolen personal data
Data Breach identity theft protection Kelly Benefits data breach notification payroll security breach protect financial information stolen personal data

Kelly Benefits Data Breach Balloons to Over Half a Million Victims—What You Need to Know

 

When a business experiences a significant data breach, understanding the full impact can take a long time. That’s exactly the situation Kelly Benefits is now facing.

According to a report by BleepingComputer, Kelly & Associates Insurance Group—widely known as Kelly Benefits—has disclosed that a cybersecurity incident from December 12–17 last year has affected far more people than initially believed.

Originally, the company reported in April that 32,234 individuals had been impacted after hackers infiltrated its systems and accessed sensitive information. Over the past three months, however, the number has continued to climb. The latest figures show that 553,660 people are now at risk because of this breach.

In a public notice, Kelly Benefits explained that 46 companies relying on its services were caught up in the incident. Even if you haven’t worked directly with Kelly Benefits, you may still be affected if your employer or insurance carrier uses their benefits consulting, payroll management, or enrollment technology.

Some of the prominent organizations named in the breach notification include:

  • Wawa
  • United Healthcare
  • Aetna Life Insurance Company (CVS Health)
  • Humana Insurance ACE
  • CareFirst BlueCross BlueShield
  • Mutual of Omaha Insurance Company
  • The Guardian Life Insurance Company of America

To help people understand the risks, Kelly Benefits has sent personalized letters outlining exactly what data was exposed. The compromised information varies by person but could include full names, Social Security numbers, tax ID numbers, birth dates, health and medical insurance details, and financial account information.

As BleepingComputer highlighted, criminals armed with this data could attempt phishing scams, identity theft, or other fraudulent schemes. Under U.S. law, companies must notify you about what specific information was stolen. These notices typically arrive via postal mail, not by email or text. So if your employer works with Kelly Benefits, keep an eye on your mailbox in the coming weeks.

To mitigate the damage, Kelly Benefits is providing affected individuals with a year of complimentary identity theft protection from IDX. The notification letters include an enrollment code to activate this service. If you receive one, it’s highly recommended you sign up—it can help you recover your identity or reclaim stolen funds if fraud occurs.

In the meantime, be proactive:
  1. Monitor all your financial accounts for suspicious activity
  2. Consider placing a credit freeze with Equifax, Experian, and TransUnion to prevent new loans from being opened in your name
  3. Watch for phishing attempts targeting your stolen information

Even if you do everything right, you can still become a victim of a data breach simply because a company you trust relies on a third party. That’s why it’s essential to take immediate action if your personal or financial data has been compromised.

With cyberattacks and security incidents becoming more frequent, early vigilance and continuous monitoring are your best defenses against identity theft and fraud.
Read more »
USA
Ahold Delhaize Cyberbreach CyberCrime Cyberleak CyberThreat Data Breach Data Sfety Global Footprint USA

Ahold Delhaize USA Faces Data Breach Exposing Sensitive Information

In an announcement published by Ahold Delhaize, a leading global food retailer, the company confirmed that a significant data breach has compromised the personal information of over 2.2 million people across several countries. 

With nearly 10,000 stores located across Europe, the United States, and Indonesia, the company serves more than 60 million customers every week from all over the world, employing approximately 400,000 people. The office of the Maine Attorney General received a formal disclosure from Ahold Delhaize USA on Thursday, which stated that 2,242,521 individuals had been affected by a cybersecurity incident but did not disclose the extent of the breach to date. 

According to preliminary indications, the breach may have affected a wide range of sensitive personal information aside from usernames and passwords. Information that is potentially compromised may include the full name, residential address, date of birth, identification numbers issued by the government, financial account information, and even protected health information. 

Clearly, the scale and nature of this incident demonstrate that large multinational retailers are faced with a growing number of risks and that there is a need for improved cybersecurity measures to be taken in the retail industry. There was a cyber incident in late 2024 that was officially acknowledged by Ahold Delhaize USA last week. Ahold Delhaize USA has acknowledged this incident, revealing that the personal data of more than 2.2 million individuals may have been compromised as a result. 

According to an official FAQ, based on current findings, the company does not believe that the intrusion affected its payment processing systems or pharmacy infrastructure, which are critical areas often targeted by high-impact cyberattacks. As further support for the disclosure, documentation submitted to the Maine Attorney General's Office indicated that approximately 100,000 Maine residents were affected by the breach as a whole. 

As Ahold Delhaize USA operates multiple supermarket chains under the Hannaford brand in this region, this state-specific detail has particular significance, especially since the Hannaford brand is one of the most prominent supermarket brands in the region. It is not known yet how much or what type of data was exposed by the company, however, the widespread scope of the incident raises significant concerns about the potential misuse of personal information and the implications that could have on many individuals across multiple states. 

As far as cyberattacks targeting Ahold Delhaize USA are concerned, this incident can be attributed to a broader pattern of rising threats within the grocery distribution and food industry in general. On November 8, 2024, the parent company of the retailer publicly acknowledged the security breach, and later in April 2025, the company's parent company confirmed that the attackers had accessed sensitive data related to individuals in the Netherlands, where the company is headquartered. 

It was imperative that Ahold Delhaize USA temporarily disable portions of its internal systems during the initial stage of the incident as a precautionary measure. In addition to maintaining a significant global footprint, Ahold Delhaize operates more than 9,400 stores in Europe, the United States, and Indonesia. It is a leading multinational retailer and wholesale conglomerate with more than 9,000 stores worldwide. 

It serves approximately 60 million consumers every week both physically and digitally through its network of more than 393,000 employees. By the year 2024, the company will report annual net sales of more than $104 billion, driven by a diverse portfolio of well-known retail brands that are part of a broad range of well-known retail brands. As an example of these, in the United States, users will find Food Lion, Stop and Shop, Giant Food, and Hannaford, while in Europe, it is represented by Delhaize, Maxi, Mega Image, Albert, Bol, Alfa Beta, Gall & Gall, and Profi among a variety of banners. 

In November 2024, the company first announced its breach, stating that certain U.S.-based brands and operations, including pharmacy operations and segments of its e-commerce infrastructure, had been compromised as a result of the breach. According to a formal filing filed with the Maine Attorney General's Office on Thursday, cyberattackers gained unauthorized access to Ahold Delhaize USA’s internal business systems on November 6, 2024, and this resulted in sensitive data belonging to 2,242,521 individuals being compromised.

Although the company has not yet confirmed whether customer information was among the stolen data, it has confirmed that internal employment records were also stolen as part of the theft. Ahold Delhaize USA and its affiliated companies may have collected and stored personal information about current and former employees, raising concerns about the possibility of misuse of personal identifying information as well as employment information, among other things. 

It is evident from the scale of this breach that large, interconnected retail networks face increasingly dangerous vulnerabilities, which underscores the need to enforce robust cybersecurity practices at all levels of an organisation. It has been discovered through further investigation into the breach that the compromised files might have contained very sensitive personal information in a wide variety of forms. 

Ahold Delhaize USA Services has made it clear that the data could be potentially exposed includes the full names of individuals, their contact information (such as postal addresses, telephone numbers, and email addresses) along with their dates of birth and numerous forms of government-issued identification number, such as Social Security numbers, passport numbers, or driver’s license numbers. 

The company also reported that, besides information about financial accounts, such as bank account numbers and medical information, which can be contained within employment files, there was also potentially confidential information concerning workers' compensation records and medical records. An unauthorised party has been able to gain access to employment-related records related to current and former employees. 

After receiving a formal notification from the Attorneys General of California, Maine, and Montana regarding the breach on June 26, 2025, the company began sending notification emails to those affected by the breach. Ahold Delhaize USA Services has stated that those individuals who receive confirmation that their personal information has been compromised may be eligible for compensation under this policy. 

Whenever such a data breach occurs, the effects can be far-reaching, as sensitive personal data may be used for identity theft, financial fraud, or malicious activities. It is widely understood by security experts that companies that collect and store sensitive information are bound by legal and ethical obligations to protect that information from unauthorised access. There is a possibility that affected individuals may be able to sue for damages that result from the misuse or exposure of their personal information when proper safeguards are not observed. 

In light of the increasing frequency of these breaches, the importance of strengthening corporate data protection frameworks and swiftly addressing incidents is increasing. An organisation known as Inc Ransom, formerly linked with sophisticated ransomware campaigns, claimed responsibility for the cyberattack. It has been found that the group has participated in the cyberattack, raising further concerns about the methods used and the possibility that the stolen data may be exploited in the future. 

There has been another cyberattack which has recently struck United Natural Foods, Inc., which coincided with the timing of Ahold Delhaize USA's complete disclosure of the exposure of personal information. In the wake of this breach, UNFI, a major grocery distributor in the United States, was forced to temporarily shut down several online systems, disrupting the fulfilment process and causing delays in delivering groceries to retailers.

After containing the incident, UNFI has also restored its electronic ordering and invoicing capabilities. These back-to-back breaches highlight the growing cybersecurity vulnerabilities in the retail sector and the supply chain sector, making it increasingly important for companies to develop coordinated defensive strategies to protect sensitive consumer and business data, both of which are in urgent need.

Read more »
North Korea
AI Artificial Intelligence Cloud Cyber Crime Data Deepfakes Extortion Internet lazarus North Korea

Amid Federal Crackdown, Microsoft Warns Against Rising North Korean Jobs Scams

Amid Federal Crackdown, Microsoft Warns Against Rising North Korean Jobs Scams

North Korean hackers are infiltrating high-profile US-based tech firms through scams. Recently, they have even advanced their tactics, according to the experts. In a recent investigation by Microsoft, the company has requested its peers to enforce stronger pre-employment verification measures and make policies to stop unauthorized IT management tools. 

Further investigation by the US government revealed that these actors were working to steal money for the North Korean government and use the funds to run its government operations and its weapons program.  

US imposes sanctions against North Korea

The US has imposed strict sanctions on North Korea, which restrict US companies from hiring North Korean nationals. It has led to threat actors making fake identities and using all kinds of tricks (such as VPNs) to obscure their real identities and locations. This is being done to avoid getting caught and get easily hired. 

Recently, the threat actors have started using spoof tactics such as voice-changing tools and AI-generated documents to appear credible. In one incident, the scammers somehow used an individual residing in New Jersey, who set up shell companies to fool victims into believing they were paying a legitimate local business. The same individual also helped overseas partners to get recruited. 

DoJ arrests accused

The clever campaign has now come to an end, as the US Department of Justice (DoJ) arrested and charged a US national called Zhenxing “Danny” Wanf with operating a “year-long” scam. The scheme earned over $5 million. The agency also arrested eight more people - six Chinese and two Taiwanese nationals. The arrested individuals are charged with money laundering, identity theft, hacking, sanctions violations, and conspiring to commit wire fraud.

In addition to getting paid in these jobs, which Microsoft says is a hefty payment, these individuals also get access to private organization data. They exploit this access by stealing sensitive information and blackmailing the company.

Lazarus group behind such scams

One of the largest and most infamous hacking gangs worldwide is the North Korean state-sponsored group, Lazarus. According to experts, the gang extorted billions of dollars from the Korean government through similar scams. The entire campaign is popular as “Operation DreamJob”. 

"To disrupt this activity and protect our customers, we’ve suspended 3,000 known Microsoft consumer accounts (Outlook/Hotmail) created by North Korean IT workers," said Microsoft.

Read more »
Qantas Airways
Australia Cyber Attacks Data Leak OAIC Personal Data Qantas Airways

Qantas Investigates Cyber Attack That May Have Affected Millions of Customers

 



Qantas Airways has revealed that a cyber attack on one of its third-party service platforms may have compromised the personal data of up to six million customers. The breach was linked to a customer service tool used by a Qantas-operated call centre, and the airline confirmed that suspicious activity was detected earlier this week.

In an official statement, Qantas said a malicious actor gained access to this external platform, but the intrusion has since been contained. Investigations are ongoing to determine how much customer data was exposed, though initial findings suggest the impact could be significant.

The company confirmed that the exposed information may include customer names, contact numbers, email addresses, dates of birth, and frequent flyer membership numbers. However, Qantas clarified that no financial data—such as credit card details, bank information, or passport numbers—was stored on the affected system.

The airline also confirmed that sensitive account credentials, such as passwords, login PINs, and security information, were not accessed. Flight operations and the safety of air travel have not been affected by this breach.

Qantas Group CEO Vanessa Hudson addressed the incident, expressing regret over the situation. “Our customers place their trust in us to protect their personal data, and we deeply regret that this has occurred. We are contacting affected individuals directly and are committed to offering them full support,” she said.

To assist impacted customers, Qantas has launched a dedicated help centre offering expert guidance on identity protection. The support service is reachable at 1800 971 541 or +61 2 8028 0534 for international callers. Customers with upcoming flights have been assured that they do not need to take any action regarding their bookings.

Australian authorities have been notified, including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner (OAIC), and the Australian Federal Police. Qantas has pledged full cooperation with the agencies involved in the investigation.

Shadow Minister for Cyber Security Melissa Price commented on the breach during an interview with ABC, calling it a serious wake-up call for all Australian companies. She emphasized the need for transparency and continuous updates to the public when incidents of this scale occur.

This breach adds to a growing list of cybersecurity incidents in Australia. Other major organizations, including AustralianSuper and Nine Media, have also suffered data leaks in recent months.

Earlier this year, the OAIC reported that 2024 saw the highest number of recorded data breaches since tracking began in 2018. Australian Privacy Commissioner Carly Kind warned that the risks posed by cyber threats are growing and called on both private companies and public agencies to strengthen their defences.

As data breaches become more frequent and complex, cybersecurity remains a critical issue for businesses and consumers alike.

Read more »
trending cybersecurity news
Data Breach Data Leakage Data Theft News Ransomware trending cybersecurity news

Chaos Ransomware Strikes Optima Tax Relief, Leaks 69GB of Sensitive Customer Data

 

In a significant cybersecurity incident impacting the financial services sector, U.S.-based tax resolution firm Optima Tax Relief has reportedly suffered a ransomware attack orchestrated by the Chaos ransomware group. The attackers have allegedly exfiltrated and leaked approximately 69GB of data, including confidential corporate records and sensitive personal tax files.

The exposed information reportedly includes Social Security numbers, home addresses, phone contacts, and banking details — all highly valuable to identity fraudsters. Given the nature of tax records, cybersecurity experts caution that the risks for affected individuals could extend for years, as this type of data cannot simply be changed like passwords.

Chaos Group Increases Aggression 

The ransomware group behind the attack, known as Chaos, has been active since March 2025 and is rapidly gaining notoriety for targeting organisations with vast stores of personally identifiable information (PII). Unlike the earlier Chaos ransomware builder seen in 2021, this iteration appears to be a more organised threat actor, employing a strategic approach in selecting its victims. This isn’t their first major claim. In May, Chaos asserted responsibility for a breach involving The Salvation Army, though that incident has yet to be independently verified. 

Silence from Optima Raises Questions 

Optima Tax Relief has yet to release a public statement or acknowledge the breach, prompting concerns among cybersecurity professionals and affected customers. It is still unclear whether the company has reported the incident to federal authorities or regulators. The lack of transparency is drawing criticism over potential lapses in consumer notification, data handling, and compliance with data protection regulations. 

Recommendations for Affected Individuals For anyone who has previously engaged Optima's services, cybersecurity analysts recommend treating their personal information as compromised. Immediate protective steps include: 

1. Enrolling in identity theft protection services that offer credit and SSN monitoring 

2. Reviewing bank statements and credit card activity for suspicious transactions 

3. Requesting credit freezes or fraud alerts from financial institutions 

4. Using data removal tools to reduce digital exposure Installing reputable antivirus software to fend off phishing or malware threats 

5. Enabling two-factor authentication on all financial and sensitive accounts 

A Warning for the Financial Sector 

This breach is part of a growing pattern in which ransomware groups are aggressively targeting organisations that store large volumes of sensitive consumer data — particularly in tax, legal, and healthcare sectors. Experts point out that financial firms, especially those involved in tax resolution, remain prime targets due to their often under-resourced cybersecurity infrastructure.

As investigations continue, pressure is mounting on Optima Tax Relief to disclose the extent of the damage and take accountability for customer safety moving forward.
Read more »
two-factor authentication
FIDO Alliance Microsoft Authenticator app online security updates Passkeys password autofill ending Technology two-factor authentication

Microsoft Phases Out Password Autofill in Authenticator App, Urges Move to Passkeys for Stronger Security

 

Microsoft is ushering in major changes to how users secure their accounts, declaring that “the password era is ending” and warning that “bad actors know it” and are “desperately accelerating password-related attacks while they still can.”

These updates, rolling out immediately, impact the Microsoft Authenticator app. Previously, the app let users securely store and autofill passwords on apps and websites you visit on your phone. However, starting this month, “you will not be able to use autofill with Authenticator.”

A more significant shift is just weeks away. “From August,” Microsoft cautions, “your saved passwords will no longer be accessible in Authenticator.” Users have until August 2025 to transfer their stored passwords elsewhere, or risk losing access altogether. As the company emphasized, “any generated passwords not saved will be deleted.”

These moves are part of Microsoft’s broader initiative to phase out traditional passwords in favor of passkeys. The tech giant, alongside Google and other industry leaders, points out that passwords represent a major security vulnerability. Despite common safeguards like two-factor authentication (2FA), account credentials can still be intercepted or compromised.

Passkeys, by contrast, bind account access to device-level security, requiring biometrics or a PIN to log in. This means there’s no password to steal, phish, or share. The FIDO Alliance explains: “passkeys are phishing resistant and secure by design. They inherently help reduce attacks from cybercriminals such as phishing, credential stuffing, and other remote attacks. With passkeys there are no passwords to steal and there is no sign-in data that can be used to perpetuate attacks.”

For users currently relying on Authenticator’s password storage, Microsoft advises moving credentials to the Edge browser or exporting them to another password manager. But more importantly, this is a chance to upgrade your key accounts to passkeys.

Authenticator will continue to support passkeys going forward. Microsoft advises: “If you have set up Passkeys for your Microsoft Account, ensure that Authenticator remains enabled as your Passkey Provider. Disabling Authenticator will disable your passkeys.”
Read more »
Ransomware
Artificial Intelligence Cyber Security Digital Landscape insurance Internet Ransomware

How Ransomware Has Impacted Cyber Insurance Assessment Approach

How Ransomware Has Impacted Cyber Insurance Assessment Approach

Cyber insurance and ransomware

The surge in ransomware campaigns has compelled cyber insurers to rethink their security measures. Ransomware attacks have been a threat for many years, but it was only recently that threat actors realized the significant financial benefits they could reap from such attacks. The rise of ransomware-as-a-service (RaaS) and double extortion tactics has changed the threat landscape, as organizations continue to fall victim and suffer data leaks that are accessible to everyone. 

According to a 2024 threat report by Cisco, "Ransomware remains a prevalent threat as it directly monetizes attacks by holding data or systems hostage for ransom. Its high profitability, coupled with the increasing availability of ransomware-as-a-service platforms, allows even less skilled attackers to launch campaigns."

Changing insurance landscape due to ransomware

Cyber insurance is helping businesses to address such threats by offering services such as ransom negotiation, ransom reimbursement, and incident response. Such support, however, comes with a price. The years 2020 and 2021 witnessed a surge in insurance premiums. The Black Hat USA conference, scheduled in Las Vegas, will discuss how ransomware has changed businesses’ partnerships with insurers. Ransomware impacts an organization’s business model.

At the start of the 21st century, insurance firms required companies to buy a security audit to get a 25% policy discount. Insurance back then used to be a hands-on approach. The 2000s were followed by the data breach era; however, breaches were less common and frequent, targeting the hospitality and retail sectors. 

This caused insurers to stop checking for in-depth security audits, and they began using questionnaires to measure risk. In 2019, the ransomware wave happened, and insurers started paying out more claims than they were accepting. It was a sign that the business model was inadequate.

Questionnaires tend to be tricky for businesses to fill out. For instance, multifactor authentication (MFA) can be a complicated question to answer. Besides questionnaires, insurers have started using scans. 

Incentives to promote security measures

Threats have risen, but so have assessments, coverage incentives like vanishing retention mean that if policy users follow security instructions, retention disappears. Safety awareness training and patching vulnerabilities are other measures that can help in cost reductions. Scanning assessment can help in premium pricing, as it is lower currently. 

Read more »
Swiss Government
Data Breach Data Leak Radix Ransomware attack Swiss Government

Swiss Health Foundation Ransomware Attack Exposes Government Data

 

The Swiss government is announcing that a ransomware assault at the third-party company Radix has affected sensitive data from multiple federal offices.

The Swiss authorities claim that the hackers obtained information from Radix systems and then posted it on the dark web. The nation's National Cyber Security Centre (NCSC) is assisting in the analysis of the leaked data to determine which government agencies are affected and to what extent. 

“The foundation Radix has been targeted by a ransomware attack, during which data was stolen and encrypted,” the Swiss government noted. “Radix’s customers include various federal offices. The data has been published on the dark web and will now be analyzed by the relevant offices.” 

Radix is a Zurich-based non-profit focused on health promotion. It operates eight competence centres that carry out projects and services for the Swiss federal government, cantonal and municipal corporations, and other public and private organisations. 

According to the organization's statement, Sarcoma ransomware affiliates penetrated its systems on June 16. Sarcoma is a newly emerging ransomware outfit that began operations in October 2024 quickly became one of the most active, claiming 36 victims in its first month. One notable example was an attack on PCB giant Unimicron. 

Phishing, supply-chain attacks, and outdated flaws are some of the ways Sarcoma gains access. Once RDP connections are exploited, the hackers usually proceed laterally across the network. The threat actor may encrypt the data in addition to stealing it in the final phase of the attack. On June 29, the ransomware outfit uploaded the stolen Radix data on their leak portal on the dark web, most likely after extortion attempts failed. 

Personalised alerts were sent to affected individuals, according to Radix, which also states that there is no proof that critical information from partner organisations was compromised. Radix advises potentially vulnerable users to be on guard over the next few months and to be cautious of attempts to obtain their account credentials, credit card details, and passwords in order to mitigate this risk. 

In March 2024, the Swiss government confirmed it had experienced a similar exposure via third-party software services provider Xplain, which was attacked by the Play ransomware gang on May 23, 2023. As a result of that incident, 65,000 Federal Administration documents were leaked, many of which included private and sensitive data.
Read more »
Subscribe to: Comments (Atom)