CySecurity News - Latest Information Security and Hacking Incidents: Cyber Security

Cyber Security Cyberattacks DDOS Attacks Hackers NATO Safety Sweden

Sweden Faces Influx of DDoS Attacks Following NATO Membership

A significant uptick in distributed denial of service (DDoS) attacks has plagued Sweden as the nation navigates its path towards joining NATO, reports network performance management provider Netscout.

The onslaught commenced notably in May 2023, following a colossal 500 Gbps attack targeting Swedish government infrastructure. Subsequent to this initial strike, the frequency and intensity of DDoS assaults against Swedish entities have steadily escalated, reaching a peak in late 2023 with attacks soaring to 730 Gbps.

However, the year 2024 witnessed a further exacerbation of the situation, particularly intensifying from February onwards. On February 14, Sweden’s Foreign Minister hinted at Hungary's support for their NATO bid, serving as a catalyst for a significant event.

Netscout documented an astounding 1524 simultaneous DDoS attacks targeting Swedish organizations the subsequent day. This surge indicated a marked escalation in tensions and retaliatory actions from various politically motivated hacker groups, as underscored in Netscout's public statement.

The climax of the attacks occurred on March 4, 2024, when Netscout observed an unprecedented 2275 attacks in a single day, marking a staggering 183% increase compared to the same date in the previous year. Remarkably, this surge transpired merely three days before Sweden's formal admission into NATO.

Netscout's analysis has identified several hacker groups involved in these assaults, including NoName057, Anonymous Sudan, Russian Cyber Army Team, and Killnet, all of which are aligned with Russian interests.

Strengthening Password Security: Addressing Misconceptions and Best Practices



 

Password Security

Credential Cyber Security CyberCrime Information Security Password Password Management Password Security

Strengthening Password Security: Addressing Misconceptions and Best Practices

According to recent research by the Institution of Engineering and Technology (IET), conducted to mark World Password Day, only one in five people in the UK can correctly identify a secure password over a risky one. This alarming statistic underscores the widespread lack of awareness and understanding when it comes to password security among the public.

The study revealed that despite expressing concern about the possibility of being hacked in the future, a significant portion of the population continues to engage in risky password practices. For example, 20% of respondents admitted to using the same password for multiple websites and devices, a practice strongly discouraged by cybersecurity experts.

Additionally, many individuals rely on easily guessable passwords, such as pet names or significant dates, further compromising their online security. Despite the prevailing fear of cyber threats, there exists a notable discrepancy between public perception and best practices in password security. While 84% of respondents believe that hackers are becoming more inventive, many still hold misconceptions about what constitutes a secure password.

For instance, a significant portion of the population mistakenly believes that replacing letters with numbers in passwords enhances security, when in reality, this practice does little to deter sophisticated cyberattacks. Dr. Junade Ali, a cybersecurity expert and IET fellow, highlighted the critical importance of strong passwords in today's digital landscape. Weak and predictable passwords serve as easy targets for cybercriminals, who employ various tactics, including credential stuffing, to gain unauthorized access to multiple accounts. Credential stuffing exploits the common practice of using the same password across multiple platforms, allowing hackers to compromise multiple accounts with minimal effort.

To address these vulnerabilities, the IET has issued recommendations aimed at improving password security awareness and practices. Among these recommendations is the suggestion to create randomly generated, long, and unique passwords for each website or online service. Longer passwords are generally more resistant to brute-force attacks and provide an added layer of security against unauthorized access.

Additionally, the use of a reputable password manager is encouraged to securely store and manage passwords across various platforms. Password managers not only simplify the process of generating and storing complex passwords but also provide alerts in the event of a data breach, allowing users to take immediate action to protect their accounts.

By following these guidelines and adopting strong password security practices, individuals can significantly enhance their defenses against cyber threats and safeguard their sensitive information online. As cyberattacks continue to evolve in sophistication, proactive measures to strengthen password security are essential in mitigating the risk of unauthorized access and data breaches.

No MFA, No Defense: Change Healthcare Falls Victim to Citrix Account Hijacking



 

Ransomware

Citirix Account Cyber Security Cyberattacks CyberCrime CyberThreat Healthcare Hijacking Malware attacks MFA Ransomware

No MFA, No Defense: Change Healthcare Falls Victim to Citrix Account Hijacking

A UnitedHealth spokesperson confirmed that the black cat ransomware gang had breached Change Healthcare's network, using stolen credentials to get into the company's Citrix remote access service, which was not set up to support multi-factor authentication. It was revealed in a written statement issued by UnitedHealth's CEO Andrew Witty ahead of the hearing scheduled for tomorrow by a House Energy and Commerce subcommittee.

This incident illustrates the significance of the healthcare giant failing to protect a critical system by failing to turn on multi-factor authentication, a consequential mistake the healthcare giant made in failing to identify the source of the intrusion into Change Healthcare's system that UnitedHealth Group previously confirmed on March 13. It is clear, according to Tom Kellerman, SVP of Cyber Strategy at Contrast Security, that UnitedHealth has shown pure negligence in this incident.

According to the report, cybersecurity negligence resulted in systemic breaches throughout the U.S. healthcare industry. In his opinion, MFA would have likely prevented the attack chain that led to the breach, which will have long-term consequences. According to Casey Ellis, founder and chief strategy officer at Bugcrowd, the long-term effects of this massive breach will last for years. According to Ellis, at first glance, it appears that the software itself wasn't the issue that was causing the original access problem.

There was a threat of unauthorized access through remote access software without multi-factor authentication, and the credentials could have been leaked or guessed, leading to the most disruptive cyberattack on critical infrastructure in U.S. history. As a result of UnitedHealth Group's discovery and disclosure of the attack on Feb. 21, the medical claims and payment processing platform of Change Healthcare was paralyzed for more than one month, causing it to cease working completely.

It was in late February 2024 that Optum's Change Healthcare platform was severely disrupted by a ransomware attack, resulting in a severe disruption of Optum's Change Healthcare platform. In addition to affecting a wide range of critical services used by healthcare providers all over the country, this also caused financial damages of approximately $872 million as a result of the disruption. These services included payment processing, prescription writing, and insurance claims processing.

An exit scam was used by the BlackCat ransomware gang to steal money from UnitedHealth, which was allegedly a $22 million ransom payment made by UnitedHealth's affiliate. The affiliate claimed to still have the data shortly thereafter and partnered with RansomHub to begin an additional extortion demand by leaking stolen information in an attempt to extort the company of the affiliate. Despite recently acknowledging that it paid a ransom for people's data protection following a data breach, the healthcare organization has not released any details of the attack or who carried it.

The company has confirmed that it paid a ransom to the hackers who claimed responsibility for a cyberattack and the subsequent theft of terabytes of data due to this cyberattack, which occurred last week. As part of their ransom demand, the hackers, known as RansomHub, threatened to post part of the stolen data to the dark web, if they did not sell the information. This is the second gang to claim theft and threaten to make money from it.

A company that makes close to $100 billion in revenue every year, UnitedHealth said earlier this month that the company has suffered a $800 million loss due to the ransomware attack, which took place in the first quarter of 2017

Safeguarding Reproductive Health Workers: Addressing Risks Posed by Data Brokers and Doxxing



 

Personal Data

Cyber Security Data Brokers data security Doxxed Health health care industry Information Security Personal Data

Safeguarding Reproductive Health Workers: Addressing Risks Posed by Data Brokers and Doxxing

In today's interconnected digital landscape, the acquisition and dissemination of personal data have reached unprecedented levels, posing significant risks to individuals across various sectors, including reproductive health workers. At the forefront of this modern dilemma are entities known as data brokers, whose operations remain relatively unregulated, amplifying the potential dangers of doxxing — a malicious practice where private contact information is exposed to facilitate harassment. This alarming trend underscores the urgent need for enhanced data protection measures and stricter regulations to safeguard individuals' privacy and security.

Data brokers, often operating discreetly in the background, specialize in the collection, aggregation, and sale of personal information obtained from various sources, including public records, online activities, and commercial transactions. While their activities may seem innocuous on the surface, the sheer volume and scope of data amassed by these entities raise profound concerns about privacy and security.

Reproductive health workers, in particular, face heightened risks in this digital age. As individuals dedicated to providing essential healthcare services, they often find themselves targeted by those seeking to exploit personal information for nefarious purposes. From medical professionals offering reproductive health services to counselors providing support and guidance, these professionals are entrusted with sensitive information about their clients, making them potential targets for doxxing and harassment.

The danger of doxxing lies in its ability to weaponize personal information, turning it into a tool for intimidation, harassment, and even physical harm. By exposing individuals' contact details, including home addresses, phone numbers, and email addresses, doxxers can subject their targets to a barrage of malicious activities, ranging from harassing phone calls and threatening messages to real-world stalking and violence. For reproductive health workers, whose work often intersects with contentious social and political issues, the risks associated with doxxing can be particularly acute.

Compounding the problem is the lax regulatory environment surrounding data brokers. Unlike other industries subject to stringent privacy regulations, such as healthcare and finance, data brokers operate in a largely unregulated space, with minimal oversight and accountability. This lack of regulation not only enables data brokers to continue their operations unchecked but also exacerbates the risks associated with doxxing and data breaches. Addressing the challenges posed by data brokers and doxxing requires a multifaceted approach.

Firstly, there is a pressing need for stronger privacy regulations and oversight mechanisms to rein in the activities of data brokers and protect individuals' personal information. By imposing stricter guidelines on the collection, storage, and dissemination of personal data, regulators can help mitigate the risks of doxxing and safeguard individuals' privacy rights.

Additionally, organizations and individuals must take proactive steps to enhance their data security practices and protect against potential threats. This includes implementing robust cybersecurity measures, such as encryption, firewalls, and access controls, to safeguard sensitive information from unauthorized access and exploitation.

Moreover, fostering a culture of privacy and security awareness among employees and stakeholders can help mitigate the risk of data breaches and ensure that personal information is handled responsibly and ethically.

The rise of data brokers and the proliferation of doxxing pose significant challenges to individuals' privacy and security, particularly for reproductive health workers. To address these challenges effectively, concerted efforts are needed to strengthen privacy regulations, enhance data security practices, and promote awareness of the risks associated with doxxing. By taking proactive steps to protect personal information and hold data brokers accountable, we can create a safer and more secure digital environment for all.

Qlik Sense Servers Prone To Cactus Ransomware Threats



 

Qlik Servers

Backups Cactus ransomware Cyber Security Data Theft Qlik Servers

Qlik Sense Servers Prone To Cactus Ransomware Threats

Security experts are urgently warning about the vulnerability of thousands of Qlik Sense servers to potential ransomware attacks by the troubling Cactus group. Despite prior disclosures of vulnerabilities by Qlik, many organisations remain at risk due to unpatched systems.

Qlik, an eminent player in data visualisation and business intelligence, disclosed two critical vulnerabilities, known as CVE-2023-41266 and CVE-2023-41265, in August last year. These flaws, when exploited together, enable remote attackers to execute arbitrary code on vulnerable systems. Additionally, a subsequent disclosure in September, CVE-2023-48365, revealed a bypass of Qlik's initial fix, leaving systems vulnerable to exploitation.

Recent reports highlight the active exploitation of these vulnerabilities by the Cactus ransomware group to infiltrate target environments. Despite warnings from security vendors like Arctic Wolf, ongoing attacks persist. A recent scan by Fox-IT uncovered over 5,000 internet-accessible Qlik Sense servers, with a significant portion still vulnerable to exploitation.

Countries such as the US, Italy, Brazil, Netherlands, and Germany face a concerning number of vulnerable servers, elevating the risk for organisations in these regions. In response, security organisations like Fox-IT and the Dutch Institute for Vulnerability Disclosure (DIVD) have launched efforts under Project Melissa to disrupt Cactus group operations.

Upon identifying vulnerable servers, Fox-IT and DIVD have actively notified affected organisations, urging immediate action to mitigate the risk of a ransomware attack. Joining the effort, the ShadowServer Foundation emphasises the urgent need for remediation to prevent compromise.

To assist organisations in identifying potential compromise, specific indicators such as the presence of unusual font files, qle.ttf and qle.woff, have been highlighted. These files, not standard in Qlik Sense installations, may indicate unauthorised access or remnants of previous security incidents.

In recognizing the gravity of the situation, Fox-IT stressed the need for proactive measures to address the potential risks of ransomware attacks. These measures include promptly patching vulnerable systems to fix known security issues and conducting thorough security assessments to identify and resolve any existing weaknesses in the network infrastructure.

Additionally, organisations are encouraged to implement robust cybersecurity measures, such as deploying intrusion detection and prevention systems, enhancing network segmentation to limit the impact of potential breaches, and enforcing strong access controls to prevent unauthorised access to sensitive data.

Regular employee training and awareness programs play a crucial role in identifying and mitigating security risks, including phishing attacks or social engineering attempts. By educating employees about the latest cybersecurity threats and best practices, organisations can strengthen their overall security posture and reduce the risk of successful ransomware attacks.

Moreover, maintaining up-to-date backups of critical data is essential to ensure data integrity and facilitate recovery in the event of a ransomware attack. Organisations should establish a comprehensive backup strategy that includes regular backups, secure storage of backup data, and testing of backup restoration procedures to ensure their effectiveness.

Given these developments, the collective efforts of security organisations, alongside proactive measures by organisations, are critical in mitigating the risk posed by the Cactus ransomware group and similar threats.

Defense-in-Depth: A Layered Approach for Modern Cybersecurity



 

Threat Landscape

Business Security Cyber Security Multi-Layer Security Threat Intelligence Threat Landscape

Defense-in-Depth: A Layered Approach for Modern Cybersecurity

The cybersecurity landscape has shifted dramatically in recent years. Malware, phishing attempts, and data breaches have grown in frequency and scope, prompting organisations to invest more time and money into enhancing their cybersecurity strategies. Organisations should be aware of the shifting threat landscape, asking themselves what issues they face today and what specific steps they can take to mitigate the risks of cybercrime.

This was the topic of discussion between cybersecurity expert Jon Bernstein and John Shier, field CTO commercial at Sophos, as they analysed how the security landscape is moving with increasingly sophisticated crime and what this implies for the future of business security.

Shier highlighted multiple critical takeaways, including the evolution of cybercrime professionalisation and specialisation. Firewalls and multilayering defences, such as multi-factor authentication (MFA), have become critical additions to current organisational security layers in order to react to changing hacker techniques.

“We are getting better at detection, and are able to catch these people in the act sooner, but they know that. They know we’re better at detection, we have better tools and services, to aid in this quest of detecting them sooner and so they move faster, naturally,” noted Shier. “The faster we attack, the more we start to prevent these attacks, then the faster we can break their cadence and get in the way.”

Shier also reviewed Sophos' recent research, 'Stopping Active Adversaries,' which identifies the most prevalent and emerging ways hackers infiltrate organisations. The study, which is based on an evaluation of 232 large cyber incidents managed by Sophos X-Ops incident responders, provides helpful suggestions for security strategy.

Among its primary results are that compromised credentials and exploited vulnerabilities remain the most common entry points, and attacks are becoming faster. Ransomware dwell duration was reduced to five days in 2023, down from larger levels in previous years, and 91% of ransomware assaults occurred outside of business hours, highlighting the necessity for organisations to invest in round-the-clock protection.

Three steps to enhance security

Shier highlights the need of three elements for organisations in combating these threats: security, monitoring, and response. "Securing means increasing friction wherever possible, using strong levels of multifactor authentication. "That is critical, and it should be applied wherever possible," Shier added.

Shier warns that cybercriminals will only adapt when absolutely necessary. He suggests raising the bar so high that some cybercriminals' tactics "won't be worth it anymore," but reminds businesses that they no longer need to navigate their cybersecurity journey alone, and can rely on beneficial partnerships to maintain airtight security for their organisation and employees.

“Getting security right can be difficult and time-consuming, it’s resource-consuming and expensive,” Shier added. “When you find yourself in a situation where you think, I’m having trouble doing this on my own, go ask for help. There are plenty of organisations out there, whether it’s people you can partner with for your IT infrastructure or vendors that can help you, ask for help, we’re here to help, and we’ve got the experience to keep you safe.”

During this extensive discussion, Shier offere more insightful details and recommendations to help organisations create a thorough cybersecurity plan. The dynamic landscape of cybercrime and security underscores the significance of implementing multi-layered defences and the necessity for constant protection. Businesses can keep their digital assets safe and remain ahead of cyber threats by taking proactive measures to secure, monitor, and respond.

Banish Browser Clutter: How to Easily Remove Junk Files on Android



 

junk files

Android Browser Cche Cookies Cyber Security Cyberattacks CyberThreat Firefox Google Chrome junk files

Banish Browser Clutter: How to Easily Remove Junk Files on Android

A web browser on users' Android phones may collect data, such as cookies and cache, that can be useful, but can also be unwanted and may pose a security risk to their privacy. It is recommended that users clear these data regularly so that junk can be removed from their devices and that unknown data trackers will not be able to store extraneous information on their devices.

It is important to know that cleaning cache and cookies depends on the type of browser users use, such as Google Chrome, Samsung Internet, or Mozilla Firefox. The process of clearing this data varies from browser to browser and usually involves entering the browser settings and choosing the data that users wish to delete.

By clicking on the More button in Google Chrome and navigating to History, users can clear their browser's cookies and cache. Deletes can be done in a variety of ways with this browser, such as by deleting browsing history, cookies and site information, cached images and files, or selecting a time range during which they should be deleted.

It is possible to delete browsing data, cookies, and cache on the Samsung Internet browser app or through the phone's settings menu, just as Samsung Internet offers similar options. As far as Mozilla Firefox is concerned, there are several ways to clear browsing data, including the Open tabs, Browsing History, Site Data, and Downloads folder, as well as the Cookies and Cached images and files. Most of the junk that builds up inside the device's cache and cookies is just plain junk. Some of it could have come from a single site a user visited.

As a result of this tracking, some companies are showing their users advertisements based on the items they are buying or watching on the internet. Other companies are tracking their browsing history on an active basis, helping them show them advertisements based on those items. As a result, it is essential to clear out the cache frequently. The tool enables users to remove any data they no longer need on their phone, especially if they have a cookie in their phone that contains a cookie from a known data tracker.

Users will have to log back into some of their favourite websites after clearing the cache, but this is a small price to pay to make sure their phone does not accumulate unnecessary data by doing so. It is important to note that the steps vary slightly depending on the kind of phone and web browser that the user is using.

In the Android version of Google Chrome, users can delete cookies and cache by first tapping the More button at the top right of the browser, which is indicated by a column of three dots. They can then tap History, and then they can delete their cookies and cache. Chrome users can also access this by clicking the Privacy and Security menu in their Chrome Settings. As well as removing browsing history, cookies, and site data, Chrome offers two advanced settings to clear users' cached files and images.

The user can select which time ranges to delete from the drop-down menu when selecting whether he/she wants to delete the entire history or select a selection from anywhere within the past 24 hours to within the last four weeks. When users tap on the Advanced tab, users can also access additional options such as deleting saved passwords, auto-complete information for forms, and site settings.

When they have selected the items they want to delete, tap the blue Clear data button at the bottom of the screen. If Chrome determines that certain websites are "important" to its users, they might receive a prompt asking them to confirm before clearing the cache, if Chrome deems that particular website to be "important" to the user. Similar to the Chrome browser for Android, the Mozilla Firefox Android app also allows users to clear their cache from within the application.

It is possible to access this feature by tapping on the More button that is located to the right of the address bar, also indicated by three vertically aligned dots. In the Settings menu, tap the Delete browsing data option. Then scroll down and select the option. There is a lot of freedom in Firefox when it comes to the Delete browsing data menu compared to the other three browsers mentioned here, in that it allows users to delete all current open tabs, their browsing history, their site data, their permissions, and even their Downloads folder, along with their Cookies and Cached files and images.

As with Chrome, users have the option to select a time range, however, they can be more specific regarding the type of data that they wish to remove, as opposed to merely picking a time range. As a bonus, Firefox also comes with an option that allows users not to retain their browsing data after they have signed up for the application but before they begin using it.

There is an option within the Settings tab that instructs Firefox to delete any combination of these settings every time the user quits the browser. This will eliminate any combination of these settings every time the user quits the browser. If users want to remain tidy with their browser history, this functionality can be quite useful since they can avoid accidentally handing their browsing history over to a person who may have stolen the phone from them or gained access to it in some other way.

Apple ID Shuts Down: Users Panic While Trying to Reset Password



 

macOS

Apple Cyber Security iCloud iPhone macOS

Apple ID Shuts Down: Users Panic While Trying to Reset Password

Apple IDs serve as the gateway to our digital ecosystem. They unlock access to our beloved photos, messages, apps, and more. But what happens when that gateway suddenly slams shut, leaving us confused outside?

Recently, Apple users have been struggling with this very issue, as widespread reports of forced password resets have surfaced.

Locked out of your Apple ID? Here’s what you need to know

If you've been locked out of your Apple ID in the last day or so without warning, you're not alone

Apple users have been suffering a wave of forced lockouts, with some indicating that they have been forced to reset their passwords to regain access.

The lockouts have resulted in customers losing access to their devices, but there appears to be no root cause or anything in common across incidents, and Apple has yet to comment on the matter.

The company's System Status website indicates that all services are "operating normally," with Apple ID services particularly listed as "available."

The lockout mystery

If your Apple ID has locked you out, you might panic and try your usual password, but it’s useless. You’re left staring at the blank “Incorrect Password” message. What gives?

The cause behind these lockouts remains hidden in mystery. Experts believe it’s a security measure triggered by suspicious activity, while others suspect a glitch in the matrix. Regardless, the concern is real. Users have taken to social media, sharing their stories of being shut.

Have you had your password reset?

If your Apple ID has been blocked out and you must change your password, any app-specific passwords you may have created will also need to be reset. That's something you'll have to do whether you utilize apps like Spark Mail, Fantastical, or any number of others.

It could potentially cause significant issues if you use iOS 17.3's Stolen Device Protection. You'll need to use biometrics on your iPhone, such as Face ID or Touch ID, to access your account or use Apple Pay.

Apple’s silence

As the lockout story falls out, Apple has remained silent. No official statements, no explanations. The tech giant continues to operate, but the users are panicking to regain control of their digital lives. Is it a glitch? A security enhancement? At this moment, we can only wait for Apple’s response

What can you do?

1. Reset Your Password: Change the password. But remember the app-specific ones too.

2. Biometrics: If you’ve set up Face ID or Touch ID, use them to reclaim your digital ID.

3. Stay Tuned: Keep an eye on Apple’s official channels.

Why Shouldn't You Upload Files So Readily On Your Browser?



 

Ransomware

Chrome Cyber Security Files Firefox Ransomware

Why Shouldn't You Upload Files So Readily On Your Browser?

The digital society we live in has made it abundantly clear that being cautious about online activities goes beyond avoiding suspicious links. Recent findings by cybersecurity researchers have surfaced a new ransomware threat that exploits web browsers, potentially putting users' files at risk.

The Rising Threat

Modern web browsers like Google Chrome and Microsoft Edge offer advanced functionalities, allowing users to seamlessly interact with various online services, from email to multimedia streaming. However, these capabilities also open doors for hackers to manipulate browsers and gain unauthorised access to users' local file systems.

What Is The Risk?

The File System Access API, utilised by browsers, enables web applications to interact with users' files. This means that uploading files to seemingly benign online tools could inadvertently grant hackers access to personal data stored on the user's computer.

The Implications

Imagine using an online photo editing tool. Uploading files for editing could inadvertently expose your entire file system to malicious actors, who could then encrypt your files and demand ransom for decryption.

The Scale of the Issue

Ransomware attacks have become increasingly prevalent, targeting individuals and organisations across various sectors. In 2023 alone, organisations paid over $1.1 billion in ransomware payments, highlighting the urgent need for robust cybersecurity measures.

Addressing the Threat

Researchers at the Cyber-Physical Systems Security Lab at Florida International University have been investigating this new breed of ransomware. Their findings, presented at the USENIX Security Symposium, underscore the severity of the threat posed by browser-based ransomware.

Recommended Practices

The research team proposed three defence approaches to mitigate the risk of browser-based ransomware. These strategies focus on detecting and preventing malicious activity at the browser, file system, and user levels, offering a multi-layered defence mechanism against potential attacks.

1. Temporarily Halting Web Applications:

This approach involves temporarily suspending a web application's activity within the browser to detect any suspicious behavior related to file encryption. By monitoring the application's actions, security systems can identify and interrupt potential ransomware activity before it causes significant damage. This measure enables users to maintain control over their files and prevent unauthorised access by any threat actors.

2. Monitoring Web Application Activity:

In addition to halting web applications, this defense strategy focuses on continuously monitoring their activity on users' computers. By analysing patterns and behaviours associated with ransomware attacks, security systems can easily detect and respond to any anomalous activities. This real-time monitoring ensures timely intervention and minimizes the impact of browser-based ransomware on users' systems.

3. Introducing Permission Dialog Boxes:

To empower users with greater control over their file system access, this approach proposes the implementation of permission dialogue boxes. When a web application requests access to the user's local files, a dialogue box prompts the user to approve or deny the request, along with providing information about the associated risks and implications. By promoting user awareness and informed decision-making, this measure ensures security posture and reduces the likelihood of inadvertent file exposure to ransomware threats.

As technology continues to transform, so do the tactics employed by cybercriminals. By staying informed and implementing proactive cybersecurity measures, users can safeguard their digital assets against threats like browser-based ransomware.

5 Attack Trends Your Company Should Be Aware Of



 

Organization security

Attack Trends Cyber Security End User Microsoft Organization security

5 Attack Trends Your Company Should Be Aware Of

Cybersecurity is always evolving and demands ongoing awareness

Every day, Microsoft analyzes over 78 trillion security signals to gain a deeper understanding of the current threat pathways and methodologies. Since last year, we've seen a shift in how threat actors scale and use nation-state backing. It's apparent that companies are facing more threats than ever before, and attack chains are becoming more complicated. Dwell times have decreased, and tactics, techniques, and procedures (TTPs) have evolved to be more agile and evasive.

Based on these findings, here are five attack trends that end-user organizations should be watching regularly.

1. Gaining Stealth by avoiding custom tools and malware

Some threat actor organizations prioritize stealth by using tools and processes that are already installed on their victims' systems. This enables attackers to fly under the radar and go undiscovered by concealing their operations among other threat actors that use similar approaches to launch assaults.

Volt Typhoon, a Chinese state-sponsored actor, is an example of this trend, having made news for targeting US critical infrastructure using living-off-the-land practices.

2. Blending cyber and influence operations for greater results

Nation-state actors have also developed a new type of tactics that blends cyber and influence operations (IO) techniques. This hybrid, known as "cyber-enabled influence operations," combines cyber methods such as data theft, defacement, distributed denial-of-service, and ransomware with influence methods such as data leaks, sockpuppets, victim impersonation, misleading social media posts, and malicious SMS/email communication to boost, exaggerate, or compensate for weaknesses in adversaries' network access or cyberattack capabilities.

For example, Microsoft has noticed various Iranian actors trying to use bulk SMS texting to increase and psychologically impact their cyber-influence activities. We're also seeing more cyber-enabled influence operations attempt to imitate alleged victim organizations or key figures inside those organizations to lend legitimacy to the impacts of the malware or compromise.

3. Developing Covert Networks Using SOHO Network Edge Devices

The increased use of small-office/home-office (SOHO) network edge devices is especially relevant for distributed or remote employees. Threat actors are increasingly using target SOHO devices—such as the router at a local coffee shop—to assemble hidden networks.

Some adversaries will even employ programs to locate susceptible endpoints around the world and identify potential targets for their next attack. This approach complicates attribution by having attacks appear from almost anywhere.

4. Quickly Implementing Publicly Disclosed Proofs of Concept for Initial Access and Persistence

Microsoft has noticed an increase in the number of nation-state subgroups using publicly released proof-of-concept (POC) code to exploit vulnerabilities in Internet-facing apps.

This tendency can be seen in threat groups such as Mint Sandstorm, an Iranian nation-state actor that quickly exploited N-day vulnerabilities in common corporate systems and launched highly focused phishing attacks to get speedy and effective access to target environments.

5. Prioritizing Specialization in the Ransomware Economy

We've noticed a persistent trend toward ransomware expertise. Rather than conducting an end-to-end ransomware campaign, threat actors are focusing on a limited set of skills and services.

This specialization has a breaking effect, distributing components of a ransomware attack across different vendors in a complicated underground market. Companies can no longer think of ransomware attacks as originating from a single threat actor or group.

Instead, they might be attacking the entire ransomware-as-a-service ecosystem. In response, Microsoft Threat Intelligence now tracks ransomware providers individually, identifying which groups deal in initial access and which supply additional services.

As cyber defenses seek better ways to strengthen their security stance, it is critical to look to and learn from past trends and breaches. By examining these occurrences and understanding different attackers' motivations and preferred TTPs, we can better prevent such breaches in the future.

Deceptive npm Packages Employed to Deceive Software Developers into Malware Installation



 

Threat actors

Cyber Security Cybersecurity Deceptive npm packages malware installation North Korean social engineering campaign Software Developers Threat actors

Deceptive npm Packages Employed to Deceive Software Developers into Malware Installation

A persistent scheme aimed at software developers involves fraudulent npm packages disguised as job interview opportunities, with the intention of deploying a Python backdoor onto their systems.

Securonix, a cybersecurity company, has been monitoring this campaign, dubbed DEV#POPPER, which they attribute to North Korean threat actors.

"During these fraudulent interviews, the developers are often asked to perform tasks that involve downloading and running software from sources that appear legitimate, such as GitHub," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said. "The software contained a malicious Node JS payload that, once executed, compromised the developer's system."

Details of this campaign surfaced in late November 2023, when Palo Alto Networks Unit 42 revealed a series of activities known as Contagious Interview. Here, the threat actors masquerade as employers to entice developers into installing malware such as BeaverTail and InvisibleFerret during the interview process.

Subsequently, in February of the following year, Phylum, a software security firm, uncovered a collection of malicious npm packages on the registry. These packages delivered the same malware families to extract sensitive information from compromised developer systems.

It's important to distinguish Contagious Interview from Operation Dream Job, also linked to North Korea's Lazarus Group. The former targets developers primarily through fabricated identities on freelance job platforms, leading to the distribution of malware via developer tools and npm packages.

Operation Dream Job, on the other hand, extends its reach to various sectors like aerospace and cryptocurrency, disseminating malware-laden files disguised as job offers.

The attack sequence identified by Securonix begins with a GitHub-hosted ZIP archive, likely sent to the victim during the interview process. Within this archive lies an apparently harmless npm module housing a malicious JavaScript file, BeaverTail, which serves as an information thief and a loader for the Python backdoor, InvisibleFerret, retrieved from a remote server. This implant can gather system data, execute commands, enumerate files, and log keystrokes and clipboard activity.

This development underscores the continued refinement of cyber weapons by North Korean threat actors, as they update their tactics to evade detection and extract valuable data for financial gain.

Securonix researchers emphasize the importance of maintaining a security-conscious mindset, particularly during high-pressure situations like job interviews, where attackers exploit distraction and vulnerability.

Safeguarding Your Digital Future: Navigating Cybersecurity Challenges



 

Supply Chain

AI Attacks Cyber Security Cyber Security awareness digital safety Information Security Online Privacy Supply Chain

Safeguarding Your Digital Future: Navigating Cybersecurity Challenges

In the ever-expanding realm of technology, the omnipresence of cybercrime casts an increasingly ominous shadow. What was once relegated to the realms of imagination has become a stark reality for countless individuals and businesses worldwide. Cyber threats, evolving in sophistication and audacity, have permeated every facet of our digital existence. From cunning phishing scams impersonating trusted contacts to the debilitating effects of ransomware attacks paralyzing entire supply chains, the ramifications of cybercrime reverberate far and wide, leaving destruction and chaos in their wake.

Perhaps one of the most alarming developments in this digital arms race is the nefarious weaponization of artificial intelligence (AI). With the advent of AI-powered attacks, malevolent actors can orchestrate campaigns of unparalleled scale and complexity. Automated processes streamline malicious activities, while the generation of deceptive content presents a formidable challenge even to the most vigilant defenders. As adversaries leverage the formidable capabilities of AI to exploit vulnerabilities and circumvent traditional security measures, the imperative for proactive cybersecurity measures becomes ever more pressing.

In this rapidly evolving digital landscape, the adoption of robust cybersecurity measures is not merely advisable; it is indispensable. The paradigm has shifted from reactive defense mechanisms to proactive strategies aimed at cultivating a culture of awareness and preparedness. Comprehensive training and continuous education serve as the cornerstones of effective cybersecurity, empowering individuals and organizations to anticipate and counter emerging threats before they manifest.

For businesses, the implementation of regular security training programs is essential, complemented by a nuanced understanding of AI's role in cybersecurity. By remaining abreast of the latest developments and adopting proactive measures, organizations can erect formidable barriers against malicious incursions, safeguarding their digital assets and preserving business continuity. Similarly, individuals can play a pivotal role in fortifying our collective cybersecurity posture through adherence to basic cybersecurity practices.

From practicing stringent password hygiene to exercising discretion when sharing sensitive information online, every individual action contributes to the resilience of the digital ecosystem. However, the battle against cyber threats is not a static endeavor but an ongoing journey fraught with challenges and uncertainties. As adversaries evolve their tactics and exploit emerging technologies, so too must our defenses adapt and evolve. The pursuit of cybersecurity excellence demands perpetual vigilance, relentless innovation, and a steadfast commitment to staying one step ahead of the ever-evolving threat landscape.

The spectrum of cybercrime looms large in our digital age, presenting an existential threat to individuals, businesses, and society at large. By embracing the principles of proactive cybersecurity, fostering a culture of vigilance, and leveraging the latest technological advancements, we can navigate the treacherous waters of the digital domain with confidence and resilience. Together, let us rise to the challenge and secure a safer, more resilient future for all.

Is Online Banking Truly Safe? Understanding the Safety Loopholes in Bank Websites



 

Online Banking

2FA Banking Security Cyber Security CyberCriminal data security Mobile App Online Banking

Is Online Banking Truly Safe? Understanding the Safety Loopholes in Bank Websites

In today's increasingly digital landscape, ensuring the security of online banking platforms is paramount. With cyber threats evolving and becoming more sophisticated, financial institutions face the constant challenge of fortifying their systems against unauthorized access and data breaches.

Recently, Which?, a respected consumer advocate, conducted an extensive investigation into the security measures implemented by major current account providers. This evaluation carried out with the assistance of independent computer security experts, aimed to scrutinize the efficacy of banks' online banking systems in safeguarding customer data and preventing fraudulent activities.

The assessment, conducted over two months in January and February 2024, focused on examining the apps and websites of 13 prominent current account providers. While the evaluation did not encompass testing of back-end systems, it honed in on four critical areas essential for ensuring robust security protocols: security best practices, login processes, account management, and navigation & logout functionalities.

Through rigorous testing, the investigation revealed significant variations among providers, with some demonstrating commendable security measures while others fell short of expectations. Among the findings, TSB and the Co-operative Bank emerged as the lowest-ranked institutions in both mobile app and online security.

Notably, TSB's app exhibited a serious vulnerability, allowing sensitive data to be accessed by other applications on the device, raising concerns about data integrity and privacy. Similarly, the Co-operative Bank's failure to enforce two-factor authentication (2FA) on a test laptop highlighted potential weaknesses in their security infrastructure, necessitating urgent attention and remediation.

Conversely, NatWest and Starling emerged as frontrunners in online banking security, earning an impressive score of 87%. Their robust security protocols and stringent authentication processes set them apart as leaders in safeguarding customer information.

Meanwhile, HSBC and Barclays led the pack in mobile banking security, with HSBC notably eschewing SMS-based login verification, opting for more secure alternatives to protect user accounts. In addition to holding financial institutions accountable for maintaining rigorous security standards, consumers must also take proactive steps to protect their financial data when banking online.

Which? recommends six essential tips for enhancing online security, including protecting mobile devices, using strong and unique passwords, and promptly reporting any suspicious activity. By adopting these best practices and remaining vigilant, consumers can mitigate the risks associated with online banking and thwart the efforts of cybercriminals seeking to exploit vulnerabilities.

In an era where digital transactions are ubiquitous, prioritizing security is imperative to safeguarding personal and financial information from unauthorized access and fraudulent activities.

Revived Ransomware HelloKitty Returns with Rebranding, Leaks CD Projekt and Cisco Data



 

rebrand

CD Projekt Cisco data Cyber Security Cybersecurity HelloKitty Ransomware reanimation rebrand

Revived Ransomware HelloKitty Returns with Rebranding, Leaks CD Projekt and Cisco Data

HelloKitty, a notorious ransomware that became defunct in late 2023 after its developer leaked both the builder and source code on a hacker forum, has resurfaced under a new name and a fresh data leak website. According to reports from BleepingComputer, the ransomware and its associated dark web portal have been rebranded as HelloGookie, likely in reference to the developer and operator, Gookee/kapuchin0, who was behind the original HelloKitty ransomware.

Originally created and maintained by a hacker known as Guki, HelloKitty was infamous for its targeting of large organizations and corporations since its establishment in late 2020. One of its notable breaches occurred in February the following year when it infiltrated CD Projekt Red, a renowned Polish game studio famous for titles like the Witcher series and Cyberpunk 2077.

The Witcher series alone has sold over 50 million copies globally, while Cyberpunk 2077 boasts approximately 25 million sales. Both games, being open-world RPGs, have garnered numerous accolades, with Witcher 3 often hailed as one of the greatest RPGs ever developed.

During the attack on CD Projekt Red, HelloKitty pilfered about 450GB of uncompressed source code, which included files for an unreleased version of Witcher 3 purportedly featuring ray tracing, a cutting-edge rendering technique that simulates realistic lighting effects in computer graphics.

This technique was eventually integrated into Witcher 3 via a 2022 update. In a bid to mark its resurgence, the operator of the ransomware released the pilfered data from the CD Projekt Red breach, along with data acquired from a 2022 attack on Cisco. Additionally, four private decryption keys were made public to facilitate the unlocking of files encrypted by HelloKitty.

As of now, there have been no new data leaks on the HelloGookie website, nor any indication of ongoing attacks. HelloKitty once held a significant position in the ransomware landscape, and it remains to be seen whether HelloGookie will achieve similar levels of success as its predecessor.

HelloKitty Ransomware Renames to 'HelloGookie,' Unveils CD Projekt and Cisco Data



 

Threat actor

CD Projekt data Cisco breach Cyber Security Cybersecurity Dark Web Data Leak digital decryption keys HelloGookie rebrand HelloKitty ransomware Threat actor

HelloKitty Ransomware Renames to 'HelloGookie,' Unveils CD Projekt and Cisco Data

The operator behind the HelloKitty ransomware has rebranded it as 'HelloGookie,' with passwords for previously leaked CD Projekt source code, Cisco network data, and decryption keys from earlier attacks being released.

Identified as 'Gookee/kapuchin0,' the threat actor claims to be the original creator of the now-defunct HelloKitty ransomware, coinciding the rebranding with the launch of a new dark web portal for HelloGookie. To mark the occasion, four private decryption keys were disclosed, enabling the recovery of files from previous attacks, alongside internal data stolen from Cisco in 2022 and passwords for leaked CD Projekt source code.

Developers have already utilized the leaked Witcher 3 source code to compile the game, showcasing screenshots and videos of development builds. The leaked source code contains binaries to launch a developer build of Witcher 3, with efforts underway to compile the game from the source.

HelloKitty, initially launched in November 2020, garnered attention for targeting corporate networks, encrypting systems, and stealing data. Notably, the ransomware group breached CD Projekt Red in February 2021, encrypting servers and pilfering source code, including for Witcher 3.

In 2022, Yanluowang's data leak site was allegedly hacked, revealing conversations linking the group closely to the HelloKitty developer. Gookee/kapuchin0 subsequently leaked the HelloKitty builder and source code, signaling the end of operations. However, rebranded as HelloGookie, the threat actor has not disclosed new victims or evidence of recent attacks but released stolen data from prior breaches.

The leaked data includes NTLM hashes from Cisco's breach, indicating a closer relationship between HelloGookie and Yanluowang. Cisco acknowledged the incident, referring to a 2022 blog post by Cisco Talos detailing the security breach.

The future success and notoriety of HelloGookie remain uncertain, contrasting with the operational achievements of HelloKitty.

Here's How to Remove Unnecessary Files from Your Android Phone's Web Browser



 

Web browser

Android Phone Cyber Security fast removal junk files Safety SEO-friendly Web browser

Here's How to Remove Unnecessary Files from Your Android Phone's Web Browser

The web browser on your Android phone collects a significant amount of data from the websites you visit, much of which is unnecessary to keep on your device. Regardless of whether you use Google Chrome, Mozilla Firefox, or Samsung Internet, this data, stored in cookies and cache, serves various purposes, such as enabling faster website loading and maintaining login sessions. However, a considerable portion of this data is superfluous and poses privacy risks.

Frequent clearing of your browser's cookies and cache is advisable due to the accumulation of unnecessary data, including transient junk and active tracking mechanisms from websites. These trackers often contribute to targeted advertising, where your browsing history influences the ads you encounter. For instance, after browsing online stores, you might notice advertisements tailored to your recent activities, like offers for eyeglasses or reminders of items in your shopping cart on Amazon.

Regularly clearing your cache helps eliminate unwanted data from your phone, especially if there are unidentified data trackers among your browser's cookies. Though clearing your cache may require you to log back into some websites, it's a minor inconvenience compared to the benefits of maintaining your phone's cleanliness and privacy.

The process for clearing cookies and cache varies depending on your phone's model and the web browser app you use. For Google Chrome, Samsung Internet, and Mozilla Firefox on Android devices, specific steps can be followed to clear this data effectively.

In Google Chrome, access the option to clear browsing data through the More menu or the Settings menu. For Samsung Internet, you can clear browsing data within the app or through your phone's Settings app, with options to delete various types of data, including cache and cookies. Mozilla Firefox offers extensive options for clearing browsing data, allowing users to delete specific types of data such as open tabs, browsing history, site permissions, and downloads, in addition to cookies and cached images and files. Additionally, Firefox provides an option to automatically delete browsing data upon quitting the app, enhancing privacy.

Both Chrome and Firefox offer basic and advanced settings for clearing browsing data, including options to specify the time range for deletion and to delete saved passwords and autofill form data. Chrome may prompt users regarding the importance of certain websites before clearing data, providing an opportunity to confirm the action.

Regularly clearing cookies and cache in your Android web browser is essential for maintaining privacy and optimizing device performance.

Drop in ransomware payment, 2024 Q1 sees a record low of 28%



 

Ransomware Threat

2024 cyber crimes Chainalysis Coveware CVE CVE vulnerability Cyber Security Ransomware attack Ransomware Threat

Drop in ransomware payment, 2024 Q1 sees a record low of 28%

Ransomware actors have encountered a rocky start in 2024, as indicated by statistics from cybersecurity firm Coveware. Companies are increasingly refusing to acquiesce to extortion demands, resulting in a record low of only 28% of companies paying ransom in the first quarter of the year. This figure marks a notable decrease from the 29% reported in the previous quarter of 2023. Coveware's data underscores a consistent trend since early 2019, showing a diminishing rate of ransom payments.

The decline in ransom payments can be attributed to several factors. Organizations are implementing more sophisticated protective measures to fortify their defenses against ransomware attacks. Additionally, mounting legal pressure discourages companies from capitulating to cybercriminals' financial demands. Moreover, ransomware operators frequently breach promises not to disclose or sell stolen data even after receiving payment, further eroding trust in the extortion process.

Despite the decrease in the payment rate, the overall amount paid to ransomware actors has surged to unprecedented levels. According to a report by Chainalysis, ransomware payments reached a staggering $1.1 billion in the previous year. This surge in payments is fueled by ransomware gangs targeting a larger number of organizations and demanding higher ransom amounts to prevent the exposure of stolen data and provide victims with decryption keys.

In the first quarter of 2024, Coveware reports a significant 32% quarter-over-quarter drop in the average ransom payment, which now stands at $381,980. Conversely, the median ransom payment has seen a 25% quarter-over-quarter increase, reaching $250,000. This simultaneous decrease in the average and rise in the median ransom payments suggest a shift towards more moderate ransom demands, with fewer high-value targets succumbing to extortion. Examining the initial infiltration methods used by ransomware operators reveals a rising number of cases where the method is unknown, accounting for nearly half of all reported cases in the first quarter of 2024.

Among the identified methods, remote access and vulnerability exploitation play a significant role, with certain CVE flaws being widely exploited by ransomware operators. The recent disruption of the LockBit operation by the FBI has had a profound impact on the ransomware landscape, reflected in Coveware's attack statistics. This law enforcement action has not only disrupted major ransomware gangs but has also led to payment disputes and exit scams, such as those witnessed with BlackCat/ALPHV.

Furthermore, these law enforcement operations have eroded the confidence of ransomware affiliates in ransomware-as-a-service (RaaS) operators, prompting many affiliates to operate independently. Some affiliates have even opted to exit cybercrime altogether, fearing the increased risk of legal consequences and the potential loss of income. Amidst these developments, one ransomware strain stands out as particularly active: Akira.

This strain has remained the most active ransomware in terms of attacks launched in the first quarter of the year, maintaining its position for nine consecutive months. According to the FBI, Akira is responsible for breaches in at least 250 organizations and has amassed $42 million in ransom payments. Implementing robust protective measures, staying informed about emerging threats, and fostering collaboration with law enforcement agencies are essential strategies for mitigating the risks posed by ransomware attacks and safeguarding sensitive data from malicious actors.

Numerous LastPass Users Fall Victim to Highly Convincing Scam, Losing Master Passwords



 

password managers

Cyber Security Cybersecurity Digital Security Hackers master passwords password managers

Numerous LastPass Users Fall Victim to Highly Convincing Scam, Losing Master Passwords

The hackers now have their eyes set on a crucial target: master passwords. These passwords serve as the gateway to password managers, where users store all their login credentials in one secure location. While these managers provide convenience by eliminating the need to remember numerous passwords, they also pose a significant risk. If hackers obtain the master password, they gain access to all associated accounts, potentially wreaking havoc on users' digital lives.

The latest threat, known as CryptoChameleon, has caught the attention of cybersecurity experts. Unlike many cyberattacks, CryptoChameleon doesn't blanket the internet with its malicious activities. Instead, it selectively targets high-value entities like enterprises. David Richardson, vice president of threat intelligence at Lookout, notes that this focused approach makes sense for attackers aiming to extract maximum value from their efforts. For them, gaining access to a password vault is a goldmine of sensitive information ripe for exploitation.

CryptoChameleon's modus operandi involves a series of sophisticated manoeuvres to deceive its victims. Initially, it appeared as just another phishing kit, targeting individuals and organizations with tailored scams. However, its tactics evolved rapidly, culminating in a highly convincing impersonation of legitimate entities like the Federal Communications Commission (FCC). By mimicking trusted sources, CryptoChameleon managed to lure even security-conscious users into its traps.

One of CryptoChameleon's recent campaigns targeted LastPass users. The attack begins with a phone call from a spoofed number, informing the recipient of unauthorized access to their account. To thwart this breach, victims are instructed to press a specified key, which leads to further interaction with a seemingly helpful customer service representative. These agents, equipped with professional communication skills and elaborate scripts, guide users through a series of steps, including visiting a phishing site disguised as a legitimate support page. Unbeknownst to the victims, they end up divulging their master password, giving the attackers unrestricted access to their LastPass account.

Despite LastPass's efforts to mitigate the attack by shutting down suspicious domains, CryptoChameleon persists, adapting to evade detection. While the exact number of victims remains undisclosed, evidence suggests that the scale of the attack could be larger than initially estimated.

Defending against CryptoChameleon and similar threats requires heightened awareness and scepticism. Users must recognize the signs of phishing attempts, such as unsolicited calls or emails requesting sensitive information. Additionally, implementing security measures like multifactor authentication can provide an additional layer of defense against such attacks. However, as demonstrated by the experience of even seasoned IT professionals falling victim to these scams, no defense is foolproof. Therefore, remaining vigilant and promptly reporting suspicious activity is paramount in safeguarding against cyber threats.

Trust in Cyber Takes a Knock as CNI Budgets Flatline



 

Trust

Critical Infrastructure Cyber Security Organization security State Actors Trust

Trust in Cyber Takes a Knock as CNI Budgets Flatline

Trust in cybersecurity technologies has become one of the most difficult hurdles for critical national infrastructure (CNI) providers as sophisticated nation-state threats grow, according to a recent Bridewell assessment.

The Trust Deficit

The IT services firm's most recent Cyber Security in Critical National Infrastructure report is based on interviews with over 1000 CISOs and equivalents from CNI providers in the United States and the United Kingdom.

It found that over a third (31%) identified "trust in cybersecurity tools" as a key challenge this year, up 121% from the 2023 edition of the survey.

Confidence in tools took a hit last year when the UK joined the US and other nations in warning providers of key services about China-backed action against CNI, according to the research.

74% of respondents expressed fear about Chinese state actors, which is comparable to 73% anxiety about Russian state operatives.

These worries are likely to have been heightened recently, with the United States warning in February that Chinese agents have pre-positioned themselves in several CNI networks to unleash damaging strikes in the event of a military conflict.

Budget Constraints

Budgets have declined in tandem with trust in tooling. According to the research, the share of IT (33%) and OT (30%) budgets set aside for cybersecurity has dropped drastically from 44% and 43% the previous year, respectively.

The dramatic reduction is evident across the board, from new recruits to training and risk assessments to technological investments.

Despite these financial challenges, nearly a third (30%) of CNI respondents who were victims of a ransomware attack last year informed Bridewell that they paid the extortionists.

Bridewell cautioned that, in addition to the fees, CNI enterprises could face legal consequences.

Ransom payments could, for example, be sent to persons facing legal repercussions from the United Kingdom, the United States, or the European Union. The UK's Office of Financial Sanctions Implementation has warned that payments may violate the law in other jurisdictions, according to the report.

Interestingly, more than a quarter (27%) of respondents reported that ransomware intrusions had a psychological impact on employees.

The Way Forward

Bridewell CEO Anthony Young expressed sympathy for those firms that do wind up paying.

If the firm is unable to recover, paying the ransom may be the only viable alternative for resuming operations short of reinstalling its systems from the start, he argued.

However, this tough decision can be avoided by implementing a security plan that reduces the possibility of threat actors obtaining access and moving through your systems without being detected and effectively removed.

Are Emergency Services Vulnerable to Cyber Threats?



 

ransomware attacks

911 service Cyber Security DHS Pennsylvania Personal Information ransomware attacks

Are Emergency Services Vulnerable to Cyber Threats?

In recent warnings issued by the Department of Homeland Security (DHS), a concerning trend has emerged: emergency services are increasingly vulnerable to cyber-attacks, particularly ransomware incidents. These attacks pose significant risks not only to operational efficiency but also to public safety and the security of personal information.

Ransomware attacks, for those unfamiliar, involve hackers infiltrating computer systems and encrypting data, demanding payment for its release. Emergency services, including police departments and 911 call centres, have become prime targets for these attacks, leading to severe disruptions in critical operations. Picture a scenario where accessing emergency services during a crisis becomes impossible due to system outages—it's a frightening reality that stresses upon the urgency of addressing cybersecurity vulnerabilities.

The repercussions extend beyond mere operational disruptions. Cybercriminals gain access to highly sensitive personal information and police records, which can be exploited for various illicit activities, including identity theft and extortion. Such breaches not only compromise individuals' privacy but also undermine law enforcement's ability to effectively respond to emergencies, posing a significant threat to public safety.

One of the primary challenges in combating these cyber threats lies in the lack of resources and expertise at the local level. Many state and local governments, responsible for managing emergency service networks, struggle to keep pace with the rapidly expanding aspects of cybersecurity. Outdated technology systems and a shortage of cybersecurity personnel exacerbate the problem, leaving critical infrastructure vulnerable to exploitation by malicious actors.

Recent incidents in Bucks County, Pennsylvania, and Fulton County, Georgia, serve as stark reminders of the vulnerabilities within emergency services. In Bucks County, dispatchers were compelled to resort to manual processes after a cyberattack paralysed the 911 system, while Fulton County endured widespread disruption to government services following a cyber intrusion.

To address these challenges effectively, collaboration and preparedness are the key. Communities must prioritise cybersecurity measures, investing in modern technology systems, and providing comprehensive training for personnel to identify and respond to cyber threats promptly.

As society continues to rely increasingly on digital foundation, safeguarding critical services, particularly emergency response systems, becomes imperative. By remaining vigilant and proactive, we can fortify our communities against cyber threats, ensuring that emergency assistance remains readily accessible, even in the face of malicious cyber activity.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Showing result(s) for