Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Encryption. Show all posts
SafePay ransomware
advanced ransomware techniques Cyber Security Cyber Threats Data Encryption LockBit source code ransomware strain ransomware tactics SafePay ransomware

SafePay Ransomware: A New Threat with Advanced Techniques

 

In October 2024, cybersecurity experts at Huntress identified a previously undocumented ransomware strain named SafePay. This malware was deployed in two separate incidents and stands out for its distinctive features, including the use of .safepay as an encrypted file extension and a ransom note titled readme_safepay.txt. Despite its limited exposure, SafePay’s techniques signal a skilled operator leveraging advanced ransomware methods.

SafePay is linked to older ransomware families like LockBit, with Huntress analysts stating: “During our analysis of the ransomware binary, we began to notice a large number of similarities to the extensively analyzed LockBit samples from the end of 2022.” These parallels suggest that SafePay’s developers may have utilized leaked LockBit source code to create their malware, showcasing a blend of stealth and sophistication.

SafePay follows a systematic two-phase attack process:

  • Data Collection and Exfiltration: In one observed incident, attackers used WinRAR to archive data across multiple systems and exfiltrated it via FileZilla. Analysts remarked, “This activity looks like potential data exfiltration from the network—collected and archived with WinRAR and then possibly exfiltrated out using FTP.” Tools were uninstalled post-use to erase traces.
  • Encryption Deployment: Using Remote Desktop Protocol (RDP) access, attackers deployed ransomware scripts via PowerShell, targeting network shares. Commands such as disabling shadow copies and modifying boot configurations were executed to impede recovery. The ransom note ominously begins with: “Greetings! Your corporate network was attacked by SafePay team,” and outlines negotiation steps for data recovery.
The SafePay group operates on both the Tor network and the decentralized The Open Network (TON). Their leak site showcases victim organizations and stolen data directories. Huntress analysts discovered vulnerabilities in the site’s backend, exposing an Apache server status endpoint, offering insights into the group’s operations.

Although relatively new, SafePay’s connection to LockBit and its sophisticated techniques present significant risks across industries. As Huntress analysts concluded: “The threat actor was able to use valid credentials to access customer endpoints and was not observed enabling RDP, creating new user accounts, or establishing persistence.”

Read more »
Zero Trust
AI Models Cyber Security Data Encryption log files threats Zero Trust

Zero-Trust Log Intelligence: Safeguarding Data with Secure Access

 


Over the years, zero trust has become a popular model adopted by organisations due to a growing need to ensure confidential information is kept safe, an aspect that organisations view as paramount in cybersecurity. Zero-trust is a vital security framework that is fundamentally not like the traditional security perimeter-based model. Instead of relying on a robust boundary, zero-trust grants access to its resources after the constant validation of any user and every device they use, regardless of an individual's position within an organisation or the number of years since one first employed with the company. This "never trust, always verify" policy only grants minimum access to someone, even a long-tenured employee, about what is needed to fulfil their tasks. Because information for cybersecurity is often log file data, zero trust principles can provide better safeguarding of this sensitive information.

Log Files: Why They Are Both Precious and Vulnerable

Log files contain information that reflects all the digital interplay happening on the network, hence can indicate any vulnerability on a system for remediation purposes. For example, it's a good source where one will trace how companies' activities go regarding their performance by analysing log files for anything out of place or anomalies in systems' behaviours for speedy intervention for security lapses. At the same time, however, these log files can expose organisations to vulnerabilities when wrong hands gain access because of possible theft of confidential data or the intention of hacking or modification. The log files have to be strictly controlled and limited only for authorization, because the misuse has to be avoided for maintaining the network secure.

Collecting and Storing Log Data Securely

Zero trust can best be implemented only if gathering and storing of log file collection and storage are sound. It ensures that the real-time data is collected in an environment that has a tamper-resistant place that prevents data from unauthorised modification. Of late, there has been OpenTelemetry, which is gaining popularity due to its potential in the multiple data sources and secure integration with many databases, mostly PostgreSQL.

Secure log storage applies blockchain technology. A decentralised, immutable structure like blockchain ensures logs cannot be altered and their records will remain transparent as well as tamper-proof. The reason blockchain technology works through multiple nodes rather than one central point makes it nearly impossible to stage a focused attack on the log data.

Imposing Least Privilege Access Control

Least privilege access would be one of the greatest principles of zero-trust security, which means that end-users would have only access to what is required to achieve their task. However, it can be challenging when balancing this principle with being efficient in log analysis; traditional access control methods-such as data masking or classification-frequently fall short and are not very practical. One promising solution to this problem is homomorphic encryption, which enables analysis of data in its encrypted state. Analysts can evaluate log files without ever directly seeing the unencrypted data, ensuring that security is maintained without impacting workflow.

Homomorphic encryption is beyond the level of the analyst. This means other critical stakeholders, such as administrators, have access to permissions but are not allowed to read actual data. This means logs are going to be secure at internal teams and thus there is a lesser chance of accidental exposure.

In-House AI for Threat Detection

Companies can further secure log data by putting in-house AI models which are run directly within their database and hence minimise external access. For instance, the company can use a private SLM AI that was trained specifically to analyse the logs. This ensures there is safe and accurate threat detection without having to share any logs with third-party services. The other advantage that an AI trained on relevant log data provides is less bias, as all operations depend on only relevant encrypted log data that can give an organisation precise and relevant insights.

Organisations can ensure maximum security while minimising exposure to potential cyber threats by applying a zero-trust approach through strict access controls and keeping data encrypted all through the analysis process.

Zero-Trust for Optimal Log Security

One of the effective log file intelligence approaches appears to be zero trust security-a security approach that uses the technologies of blockchain and homomorphic encryption to ensure the integrity and privacy of information in management. It means one locks up logs, and it is a source for valuable security insights, kept well protected against unauthorised access and modifications.

Even if an organisation does not adopt zero-trust completely for its systems, it should still ensure that the protection of the logs is considered a priority. By taking the essential aspects of zero-trust, such as having minimal permissions and secured storage, it can help organisations decrease their vulnerability to cyber attacks while protecting this critical source of data.




Read more »
western digital
Data Breach Data Encryption intellectual property patents western digital

Western Digital Fined Over $310 Million for Patent Infringement

 


In a landmark case, data storage major Western Digital has been asked to pay the highest fine of $315.7 million for violating patents associated with data encryption technology. SPEX Technologies owns these patents, having acquired them from Spyrus that developed the encryption technology. These technologies are used in older storage devices like PCMCIA and Compact Flash cards.

The jury concluded that many of Western Digital's self-encrypting storage devices infringed on these patents, which led to the hefty damages awarded. The case has been ongoing since 2016 when SPEX first sued Western Digital for using its patented technology without permission. Patents US6088802A and US6003135A, together at the heart of this case, dealt with the only plausible data encryption methods allowing secure operation of the peripherals and the host without compromising the security of the data.

Patents at the Heart of Controversy

The patents involved here deal with filed inventions in 1997 related to the protection of communication or interaction based on data in external storage that connects to computers. They have been applied in ancient standards, including PCMCIA and Compact Flash cards. Despite their patents having expired in 2017, they filed the lawsuits prior to expiration, so the case is technically valid. These patents are crafted specifically to allow encryption processes meant to safeguard the data, especially during the transfer from a peripheral device to a host computer.

Western Digital Response

Western Digital has strongly protested the allegations and clarified that it did not violate any patents. The company issued a dissent and said it would appeal after the jury verdict. Western Digital will file post-trial motions to challenge the verdict and will seek an appeal at higher courts if there is an unfavourable outcome.

This patent-related issue is not the first that Western Digital Corp. has faced. The company was recently held liable by the same court, a few months back, for violating patents on increasing capacity in hard drives. Because of this, the court ordered Western Digital to pay over $262 million in damages.

 An Ongoing Dispute

This is one more protracted case in the judicial branch that has been taking years. SPEX Technologies sued Western Digital, and as this case continues, it reminds the industry that intellectual property still is the epicentre of technology, even though the older technology has evolved with time and in its effect has shown its influence on newer technologies developed into the future. The case reminds the world of one of the financial risks that companies face when patent disputes and intellectual property rights issues happen.

The two judgments already passed against Western Digital are substantial and have placed the spotlight on its real legal and financial challenges in protecting its technology and the costs of such lawsuits. A decision in the appeals will tell whether this technology will be returned to Western Digital, or it will have to pay the announced fines.

In the meantime, this case serves as a cautionary tale for other tech companies, especially by ensuring that they remain vigilant about patent rights whenever legacy technologies are still intact and protected by law. 

Future Implications

This may bring tighter scrutiny of intellectual property and a re-examination on the part of companies of the technology that's being used in their products, even if it seems outdated. This case is being watched closely by the tech community as it may set a precedent for future litigation involving expired patents and the fast-changing world of data security.

Western Digital's troubles are far from over because it will currently have to navigate its appeal, manage its reputation, and continue operations. Sure enough, this case will command close attention in the tech industry and speak to all who operate from this new platform within patent law and data encryption technologies.


Read more »
Sensitive data
Cyber Crime Data Encryption Decryption Quantum computing Sensitive data

Why Hackers Are Collecting Encrypted Data for Future Attacks

 



The cybercrime world is ever-changing, and hackers are preparing for a future quantum computer that might make current encryption techniques useless. This is called "harvest now, decrypt later," a rising phenomenon since cybercriminals steal encrypted data with hope for the time when, decrypted, it will become easy using quantum computers. Businesses must be aware of this new threat and use measures of proaction in their data protection.

Encryption has been one of the most essential practices that organisations have been carrying out for years, keeping any of the sensitive information being used to communicate, financial records, and personal information. New advances in quantum computing, however, create a potential danger that today's encryption would be relatively easy to break in the near future. Hackers are aware of this and are more aggressively collecting encrypted data that will wait for the quantum computers' ability to break down cryptographic codes.

Already, it's the reality of cyberattacks. Today, more than 70% of ransomware attacks include exfiltration of data before encrypting it. Cybercriminals are banking on quantum computing ultimately making decryption of taken data possible, no matter how safe they are today.


Threat from Quantum Computing to Encryption

There is a fundamental difference between quantum and traditional computing. In a classical computer, a bit is either one or zero. A qubit in a quantum computer, through superposition characteristic of it, is both one and zero at the same time, so that quantum computers are enabled to calculate at unprecedented speeds on complex calculations.

For instance, it would take a classical computer trillions of years to break a 2,048-bit encryption; a quantum computer can do this in a few seconds. Quantum technology is not available on a massive scale yet, but scientists predict that it will be implemented within ten years, causing hackers to put aside the data they want to encrypt in advance-by storing it encrypted today.


What Data Are Hackers Targeting?

In general terms, hackers have historically been most interested in stealing PII, which includes names, addresses, social security numbers, and even financial information. Such details are patently valuable for identity theft purposes and far more nefarious undertakings. With quantum computing, of course, hackers will no longer be limited to stealing data from databases but rather can intercept data as it travels between the web browser and server or even exploit vulnerabilities existing within internal networks.

This effectively means that companies must be even more careful to safeguard the very foundations of their HR and financial structures, communications, and any partnerships they hold. When quantum computing becomes ubiquitous, no encrypted data will ever remain safe unless new methods impervious to quantum decryption are deployed.


The Quantum Decryption Consequences

As a result, severe consequences will be meted out to businesses if they do not prepare for the quantum era. If hackers decrypt the data, the taken data may lead to initiating account takeovers, revealing identity theft campaigns that may have begun, and running targeted cyberattacks. The average cost of a data breach already runs into millions of dollars; it has risen from $4.35 million in 2022 to $4.45 million in 2023. These figures may see a great uptrend as quantum computing becomes a reality.

On the legal side, one of the main issues is possible legal implications. Companies that cannot protect client information may face billions in penalties and damage their reputation as jurisdictions worldwide are hardening their data protection measures.


Why Begin Preparing Now?

While quantum computing may not be commercially available yet, businesses cannot wait. It may take many years before the average hacker gets his hands on quantum technology, but well-funded groups-nation-states or corporate competitors-will probably soon get to use it. Companies should act now, not just to avoid losing money but to get ahead of advanced cyber threats.

Also, the development in quantum computer technology speeds up quickly. Although current quantum computers are of high price and complexity, a recent breakthrough came from a Chinese startup regarding portable consumer-grade quantum computers; this means that such quantum computers might appear more useful even sooner than thought.


Protecting Businesses Against Quantum Computing Threats

As quantum computing rapidly evolves, businesses need to take decisive actions to protect their data from future risks. Here are key steps to consider:

1. Adopt Post-Quantum Cryptography: Organisations should prioritise implementing encryption methods that are resistant to quantum computing, following the guidelines from the National Institute of Standards and Technology (NIST). By transitioning to post-quantum cryptographic standards as soon as they become available, businesses can secure their data from potential quantum-powered attacks.

2. Improve Breach Detection: Strengthening breach detection capabilities is essential. By monitoring for indicators of compromise, businesses can identify potential attacks early, allowing security teams to respond quickly. This could involve changing compromised passwords or encrypting sensitive data before hackers can exploit it.

3. Use Quantum-Safe VPNs: As quantum-safe virtual private networks (VPNs) are developed, they can provide an additional layer of security by protecting data in transit. These VPNs will ensure that hackers cannot intercept sensitive communications or steal data while it is being transmitted between systems.

4. Move Sensitive Data to Secure Locations: Business leaders should evaluate whether decrypted data poses significant risks and move critical information to secure offline storage if necessary. For highly sensitive data, businesses may need to implement segmented networks, strict access controls, or even revert to paper-based systems to protect it from potential quantum threats.


The Time to Act Is Now

With quantum computing on the horizon, businesses must begin preparing for a future where these technologies could be used to break traditional encryption. By adopting quantum-resistant cryptography, improving breach detection, and securely storing sensitive data, companies can reduce the risk of falling victim to quantum-driven cyberattacks. While quantum computers may still be years away, the consequences of failing to prepare could be disastrous. Now is the time for decision-makers to take proactive measures to protect their data before it's too late.


Read more »
Technology
Cryptography Data Encryption data security Indian Security Researchers Quantum communication quantum cryptography Technology

Raman Research Institute’s Breakthrough in Quantum Cybersecurity

 

Scientists at the Raman Research Institute have achieved a significant breakthrough in cybersecurity by developing a novel method for generating truly unpredictable random numbers. This development is essential for strengthening encryption in quantum communications, addressing one of the most pressing challenges in data security today. Traditional encryption methods depend on algorithms and computational complexity to protect data. 
However, with the rise of cyber threats and the imminent advent of quantum computing, there is an increasing demand for more robust and reliable encryption techniques. Quantum computing, in particular, poses a threat to conventional encryption methods as it has the potential to break these systems with ease. Thus, the need for advanced cryptographic solutions has never been more urgent. The team at the Raman Research Institute has created a user-friendly approach to generate random numbers that are genuinely unpredictable. 

This is a critical component for secure encryption because predictable random numbers can compromise the integrity of cryptographic systems. By ensuring that these numbers are entirely random, the new method significantly enhances the security of data transmissions. The unpredictability of these random numbers makes it exponentially harder for potential attackers to predict encryption keys, thereby fortifying data protection. Quantum communication, which relies on the principles of quantum mechanics, offers unparalleled security by making it theoretically impossible for an eavesdropper to intercept and read the transmitted data without being detected. 

However, the effectiveness of quantum communication systems hinges on the quality of the random numbers used in encryption. The breakthrough achieved by the Raman Research Institute addresses this need by providing a reliable source of high-quality random numbers. This advancement not only bolsters current encryption standards but also paves the way for more secure quantum communication networks. 

As cyber threats continue to evolve, the ability to generate truly random numbers will play a crucial role in maintaining the integrity and security of digital communications. This development is particularly significant for industries that rely heavily on data security, such as finance, healthcare, and government sectors. The method developed by the scientists is not only efficient but also practical for real-world applications. It can be integrated into existing systems with minimal modifications, ensuring that organizations can enhance their security measures without significant overhauls. The research team at Raman Research Institute is optimistic that this innovation will set a new standard in cryptographic practices and inspire further advancements in the field. 

The Raman Research Institute’s new method for generating truly unpredictable random numbers marks a significant step forward in cybersecurity. This breakthrough is vital for the development of stronger encryption techniques, particularly in the realm of quantum communications, ensuring that data remains secure in an increasingly digital world. As we move towards more interconnected and data-driven societies, such advancements in cybersecurity are essential to protect sensitive information from sophisticated cyber threats.
Read more »
Open Source System
Cyber Security Data Encryption data security database enterprise cybersecurity Enterprise security Open Source Open Source System

Why Enterprise Editions of Open Source Databases Are Essential for Large Organizations


With the digital age ushering in massive data flows into organizational systems daily, the real value of this data lies in its ability to generate critical insights and predictions, enhancing productivity and ROI. To harness these benefits, data must be efficiently stored and managed in databases that allow easy access, modification, and organization. 

Open-source databases present an attractive option due to their flexibility, cost savings, and strong community support. They allow users to modify the source code, enabling custom solutions tailored to specific needs. Moreover, their lack of licensing fees makes them accessible to organizations of all sizes. Popular community versions like MySQL, PostgreSQL, and MongoDB offer zero-cost entry and extensive support. 

However, enterprise editions often provide more comprehensive solutions for businesses with critical needs.  Enterprise editions are generally preferred over community versions for several reasons in an enterprise setting. A significant advantage of enterprise editions is the professional support they offer. Unlike community versions, which rely on forums and public documentation, enterprise editions provide dedicated, around-the-clock technical support. This immediate support is vital for enterprises that need quick resolutions to minimize downtime and ensure business continuity and compliance. 

Security is another critical aspect for enterprises. Enterprise editions of open-source databases typically include advanced security features not available in community versions. These features may encompass advanced authentication methods, data encryption, auditing capabilities, and more granular access controls. As cyber threats evolve, these robust security measures are crucial for protecting sensitive data and ensuring compliance with industry standards and regulations. Performance optimization and scalability are also key advantages of enterprise editions. They often come with tools and features designed to handle large-scale operations efficiently, significantly improving database performance through faster query processing and better resource management. 

For businesses experiencing rapid growth or high transaction volumes, seamless scalability is essential. Features such as automated backups, performance monitoring dashboards, and user-friendly management interfaces ensure smooth database operations and prompt issue resolution. Long-term stability and support are crucial for enterprises needing reliable database systems. Community versions often have rapid release cycles, leading to stability issues and outdated versions. 

In contrast, enterprise editions offer long-term support (LTS) versions, ensuring ongoing updates and stability without frequent major upgrades. Vendors offering enterprise editions frequently provide tailored solutions to meet specific client needs. This customization can include optimizing databases for particular workloads, integrating with existing systems, and developing new features on request. Such tailored solutions ensure databases align perfectly with business operations. 

While community versions of open-source databases are great for small to medium-sized businesses or non-critical applications, enterprise editions provide enhanced features and services essential for larger organizations. With superior support, advanced security, performance optimizations, comprehensive management tools, and tailored solutions, enterprise editions ensure that businesses can rely on their databases to support their operations effectively and securely. For enterprises where data integrity, performance, and security are paramount, opting for enterprise editions is a wise decision.
Read more »
software supply chain attacks
BlackBerry report Cyber Security cybercriminal strategy Data Encryption IT infrastructure compromise software supply chain attacks

Software Supply Chain Attacks: A Major Strategy for Cybercriminals

 

A new research indicates that software supply chain attacks are becoming an increasingly effective method for cybercriminals to compromise large organizations and disrupt their IT infrastructure.

A report by BlackBerry revealed that a significant majority (74%) of companies have received notifications of attacks or vulnerabilities in their software supply chain within the past year.

As the risk of such attacks grows, companies are ramping up their efforts to mitigate it. The report highlighted that over half (54%) of the surveyed companies have implemented data encryption, and nearly half (47%) are regularly training their staff on cybersecurity. Additionally, 43% have deployed multi-factor authentication (MFA).

Despite these efforts, most IT leaders (68%) believe that their software suppliers' cybersecurity policies are at least as strong, if not stronger (31%), than their own. Nearly all respondents (98%) expressed confidence in their suppliers’ ability to identify and prevent the exploitation of vulnerabilities.

A software supply chain attack essentially turns a software supplier into an unintentional Trojan horse for the targeted organization. As enterprises have enhanced their cybersecurity measures, direct attacks have become more challenging. 

However, software suppliers may not have equivalent security standards, making them easier targets for cybercriminals. Once compromised, these suppliers can inadvertently introduce malicious code into the software, granting hackers access to the organization’s systems.

The report also found that operating systems (32%) and web browsers (19%) are the most impactful targets for these attacks.

Organizations that fall victim to software supply chain attacks experience significant consequences, including financial losses (62%), data breaches (59%), reputational damage (57%), and operational disruptions (55%). Nearly 38% of affected companies take up to a month to fully recover.
Read more »
Windows 11 Recall
AI-powered feature Cyber Security Cybersecurity Data Encryption data security Microsoft Online Safety Privacy Concerns Threat actors User Privacy Windows 11 Recall

Microsoft's Windows 11 Recall Feature Sparks Major Privacy Concerns

 

Microsoft's introduction of the AI-driven Windows 11 Recall feature has raised significant privacy concerns, with many fearing it could create new vulnerabilities for data theft.

Unveiled during a Monday AI event, the Recall feature is intended to help users easily access past information through a simple search. Currently, it's available on Copilot+ PCs with Snapdragon X ARM processors, but Microsoft is collaborating with Intel and AMD for broader compatibility. 

Recall works by capturing screenshots of the active window every few seconds, recording user activity for up to three months. These snapshots are analyzed by an on-device Neural Processing Unit (NPU) and AI models to extract and index data, which users can search through using natural language queries. Microsoft assures that this data is encrypted with BitLocker and stored locally, not shared with other users on the device.

Despite Microsoft's assurances, the Recall feature has sparked immediate concerns about privacy and data security. Critics worry about the extensive data collection, as the feature records everything on the screen, potentially including sensitive information like passwords and private documents. Although Microsoft claims all data remains on the user’s device and is encrypted, the possibility of misuse remains a significant concern.

Microsoft emphasizes user control over the Recall feature, allowing users to decide what apps can be screenshotted and to pause or delete snapshots as needed. The company also stated that the feature would not capture content from Microsoft Edge’s InPrivate windows or other DRM-protected content. However, it remains unclear if similar protections will apply to other browsers' private modes, such as Firefox.

Yusuf Mehdi, Corporate Vice President & Consumer Chief Marketing Officer at Microsoft, assured journalists that the Recall index remains private, local, and secure. He reiterated that the data would not be used to train AI models and that users have complete control over editing and deleting captured data. Furthermore, Microsoft confirmed that Recall data would not be stored in the cloud, addressing concerns about remote data access.

Despite these reassurances, cybersecurity experts and users remain skeptical. Past instances of data exploitation by large companies have eroded trust, making users wary of Microsoft’s claims. The UK’s Information Commissioner's Office (ICO) has also sought clarification from Microsoft to ensure user data protection.

Microsoft admits that Recall does not perform content moderation, raising significant security concerns. Anything visible on the screen, including sensitive information, could be recorded and indexed. If a device is compromised, this data could be accessible to threat actors, potentially leading to extortion or further breaches.

Cybersecurity expert Kevin Beaumont likened the feature to a keylogger integrated into Windows, expressing concerns about the expanded attack surface. Historically, infostealer malware targets databases stored locally, and the Recall feature's data could become a prime target for such malware.

Given Microsoft’s role in handling consumer data and computing security, introducing a feature that could increase risk seems irresponsible to some experts. While Microsoft claims to prioritize security, the introduction of Recall could complicate this commitment.

In a pledge to prioritize security, Microsoft CEO Satya Nadella stated, "If you're faced with the tradeoff between security and another priority, your answer is clear: Do security." This statement underscores the importance of security over new features, emphasizing the need to protect customers' digital estates and build a safer digital world.

While the Recall feature aims to enhance user experience, its potential privacy risks and security implications necessitate careful consideration and robust safeguards to ensure user data protection.
Read more »
User Privacy
Cyber Security Data Encryption Data Leak Message Snooping Secret Project User Privacy

Facebook Spied on Users' Snapchat Traffic in a Covert Operation, Documents Reveal

 

In 2016, Facebook initiated a secret initiative to intercept and decrypt network traffic between Snapchat users and the company's servers. According to recently revealed court filings, the purpose was to better analyse user behaviour and help Facebook compete with Snapchat. Facebook dubbed it "Project Ghostbusters," an apparent homage to Snapchat's ghost-like emblem.

On Tuesday of this week, a federal court in California disclosed fresh documents acquired during the class action case between consumers and Meta, Facebook's parent company. 

The newly revealed documents show how Meta attempted to gain a competitive advantage over its competitors, namely Snapchat and later Amazon and YouTube, by analysing network traffic to see how its users interacted with Meta's competitors. Given that these apps use encryption, Facebook had to design specific technology to get around it. 

Facebook's Project Ghostbusters is described in one of the documents. In the letter, the customers' attorneys stated that the project was a part of the company's In-App Action Panel (IAPP) programme, which employed a method for "intercepting and decrypting" encrypted app traffic from users of Snapchat, and later from users of YouTube and Amazon. 

The document includes internal Facebook emails about the project. 

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.” 

Facebook developers' idea was to employ Onavo, a VPN-like service that the company acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that the business had been secretly paying teens to use Onavo so that it could monitor all of their web activity. 

Following Zuckerberg's email, the Onavo team took on the project and proposed a solution a month later: so-called kits that can be installed on iOS and Android to intercept traffic for specific subdomains, "allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage," reads a July 2016 email. "This is a 'man-in-the-middle' approach.” 

A man-in-the-middle attack, also known as adversary-in-the-middle, is one in which hackers intercept internet communication passing from one device to another over a network. When network communication is not encrypted, hackers can read data such as usernames, passwords, and other in-app activity.

Given that Snapchat's traffic between the app and its servers is encrypted, this network research technique is ineffective. This is why Facebook developers advocated adopting Onavo, which, when engaged, scans all of the device's network data before it is encrypted and transferred over the internet. 

Sarah Grabert and Maximilian Klein filed a class action lawsuit against Facebook in 2020, alleging that the company misled about its data collecting activities and used the data it "deceptively extracted" from users to find competitors and then unfairly compete with the new firms.
Read more »
VPN security
Cyber Security Data Encryption Data protection fast VPN geo-restriction bypass Online Privacy private browsing VPN risks VPN security

Unveiling Free VPN Risks: Protecting Online Privacy and Security

 

If you're seeking enhanced security and privacy for your online activities, you might be considering the use of a Virtual Private Network (VPN). Virtual Private Networks (VPNs) are specifically crafted to accomplish this task. 

A quality VPN channels your web traffic through a secure server, masking your IP address, encrypting your data, and shielding your personal information from unauthorized access.

This software's abilities have attracted various users, ranging from activists safeguarding human rights to individuals seeking access to restricted sports events or exclusive TV shows. An abundance of VPN options exists, including free ones. However, experts advise caution when opting for free VPNs, emphasizing the importance of understanding the potential risks associated with them.

Free VPNs often offer only basic features, lacking advanced functionalities like split tunnelling, which divides internet traffic between the VPN and an open network, or the ability to bypass geo-restrictions for streaming purposes. These limitations might compromise your online experience and fall short of providing the desired level of protection.

  • Encryption Weakness: Many free VPNs use outdated or weak encryption protocols, leaving users vulnerable to cyber threats and data breaches.
  • Data Restrictions: Free VPNs usually impose data caps, restricting high-data activities and causing inconvenience to heavy users.
  • Speed Issues: Free VPNs might suffer from overcrowded servers, resulting in sluggish connection speeds, latency, and buffering, significantly affecting browsing, streaming, and gaming experiences.
  • Server Limitations: With fewer servers, free VPNs struggle to offer reliable and fast connections, limiting access to geo-restricted content.
  • Data Collection: Some free VPNs collect and sell users' browsing data to third parties, compromising privacy and resulting in targeted ads or even identity theft.
  • Advertisements: Free VPNs often bombard users with intrusive ads and pop-ups, as they rely on advertising for revenue.
  • Malware Risks: Lesser-known free VPNs may harbor malware, posing severe risks to devices and personal data, potentially leading to hacking or data theft.
It's crucial to weigh the convenience of a free VPN against the risks it poses, emphasizing the potential compromise on privacy, security, and overall online experience.
Read more »
Technology
cloud storage Data Encryption Flash drive IronKey Technology

IronKey: What is it & How Is It Different From Other Storage Drives

IronKey

The world of online cloud storage

We live in a world of online cloud storage, where all our data is accessible everywhere and on any gadget. This has made the act of having physical storage media a lesser concern than it once used to be and more like a throwaway gadget with which we can do some cool things.

However, removing movies and episodes from streaming services and continual modifications to social media and other online archives have made physical storage more necessary than anything. We've all had a flash drive at some point, and they've grown throughout time, getting larger and more reliable.

IoT and rising concerns

With more than 40 lakh attacks on IoT (Internet of Things) devices, India is among one of the Top 10 Victims Countries lists in the world. This can be a disappointment for Tech Freaks and companies that have just begun using IoT devices but don't consider protecting their IoT devices such as smart cameras. Hackers didn't even flinch while penetrating the systems. That's how simple the breakthrough was.

“Simple methods like password guessing are used for getting the entry in IoT devices. Some sufferers of these attacks set passwords as naive as 'Admin.' And now, India has made it to the index of the top 10 countries that fell prey to IoT attacks in 2019,” reported CySecurity in 2019.

When looking for external storage, you may come across the IronKey series, a pretty flashy and eye-catching name for a simple flash drive. What distinguishes these from conventional flash drives and makes them so expensive? And, more importantly, is it worthwhile? Here's your comprehensive guide on understanding the IronKey.

IronKey: What is it?

IronKey is a flash drive brand created in the early 2000s by IronKey, a Homeland Security-funded Internet security and privacy startup that was later bought by Kingston. These were designed to provide additional security for the government, military, and business clients. While they function similarly to other flash drives, IronKey's hardware encryption differentiates it (and makes it rather pricey).

Though software encryption is simple and secure for most files, it is not as extensive or as powerful as hardware encryption, which integrates a cryptoprocessor into the device. The IronKey flash drive uses 256-bit AES hardware-based encryption in XTS mode, as well as FIPS 140-2 Level 3 validation and on-device Cryptochip Encryption Key management. 

When you remove the flash drive, it senses physical tampering and immediately safeguards your data. You can use a sophisticated password or a secret phrase of up to 255 characters long to get to the files for further security, and if you fail to enter the right password ten times, the drive immediately shuts down and optionally destroys the files.

IronKey: Do you really need one?

So, do you require one? That varies on how you intend to make use of it. If you solely store schoolwork or images, paying $77 for an 8GB flash drive may be expensive. However, if you have sensitive corporate records or government secrets, it may be worth spending a bit more to avoid being the victim of a security breach.

Read more »
Vulnerability and Exploits.
Apple Devices Apple Inc. Data Encryption Decrypter Digital Landscape Identity verification iMessage iOS iPhone Public Key Cryptography QR code User Privacy Vulnerability and Exploits.

Contact Key Verification: Boosting iMessage Security

Apple has taken another significant step towards improving the security of its messaging platform, iMessage. The introduction of Contact Key Verification adds an extra layer of security to iMessage conversations, protecting user data and privacy. In this article, we will explore what Contact Key Verification is and why it matters.

iMessage is a popular messaging platform known for its end-to-end encryption, which ensures that only the sender and the recipient can read the messages. With the new Contact Key Verification feature, Apple is making iMessage even more secure by allowing users to verify the identity of the person they are messaging with.

Contact Key Verification uses public key cryptography to establish a secure connection between the sender and receiver. Each iMessage user has a unique public key, which is stored on Apple's servers. When a user sends a message, their public key is used to encrypt the message. The recipient's device then uses their private key to decrypt and read the message. This ensures that only the intended recipient can access the content.

But what Contact Key Verification does differently is that it allows users to confirm that the public key used for encryption belongs to the person they intend to communicate with. This extra layer of verification prevents man-in-the-middle attacks, where an attacker intercepts and decrypts messages meant for someone else.

The implementation of Contact Key Verification is simple. Users can access the feature by tapping on the contact's name or picture in the chat. They can then view the contact's key and verify it through various methods like scanning a QR code or comparing a series of numbers with the contact in person.

This additional security feature is essential in today's digital landscape, where data breaches and cyberattacks are increasingly common. It ensures that even if someone gains access to your device, they cannot impersonate you or read your messages without proper verification.

Apple's commitment to user privacy is evident in this move. By giving users control over their message security, they are ensuring that iMessage remains one of the most secure messaging platforms available. Moreover, the public key infrastructure used in Contact Key Verification is a proven method for securing digital communications.



Read more »
Weak Password
Cyber Security Data Encryption Data Theft Email Attacks Multi-Factor Authentication (MFA) NSA and CISA Phishing Attacks VPNS Weak Password

Top 10 Cybersecurity Misconfigurations by NSA and CISA

Protecting your organization's data is more important than ever in an era where digital dangers are pervasive and cyberattacks are increasing in frequency and sophistication. Recognizing the pressing need for heightened cybersecurity, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have joined forces to release a comprehensive list of the 'Top 10 Cybersecurity Misconfigurations.' As identified by the two agencies, these misconfigurations represent common vulnerabilities that malicious actors often exploit to infiltrate systems, steal data, or disrupt operations.

  • Weak Passwords: Passwords serve as the first line of defense against unauthorized access. Weak or easily guessable passwords are a major vulnerability.
  • Inadequate Access Controls: Failing to implement proper access controls can lead to unauthorized individuals gaining access to sensitive information.
  • Outdated Software and Patch Management: Neglecting software updates and patches can leave known vulnerabilities unaddressed, making systems susceptible to exploitation.
  • Misconfigured Cloud Storage: In the age of cloud computing, misconfigured cloud storage solutions can inadvertently expose sensitive data to the public internet.
  • Improperly Configured VPNs: Virtual Private Networks are vital for secure remote access. Misconfigurations can lead to unauthorized access or data leaks.
  • Lack of Multi-Factor Authentication (MFA): Relying solely on passwords is no longer sufficient. Implementing MFA adds an extra layer of security.
  • Neglecting Security Event Monitoring: Without proper monitoring, suspicious activities may go unnoticed, allowing potential threats to escalate.
  • Inadequate Email Security: Email remains a common vector for cyber attacks. Misconfigurations in email security settings can lead to phishing attacks and malware infections.
  • Insufficient Data Backups: Failing to regularly backup critical data can result in significant data loss during a cyber incident.
  • Unencrypted Data Transmission: Failing to encrypt data in transit can expose it to interception by malicious actors.
Organizations should take a proactive approach to cybersecurity in order to reduce these risks. This entails carrying out frequent security audits, putting in place strict access controls, and keeping up with the most recent cybersecurity risks and best practices.

Programs for employee awareness and training are also essential. An organization's overall security posture can be significantly improved by training personnel on the value of using strong passwords, spotting phishing attempts, and reporting suspicious activity.

Misconfigured cybersecurity poses a serious risk in today's digital environment. Organizations may strengthen their defenses against cyber threats and protect their digital assets by resolving the top 10 misconfigurations identified by the NSA and CISA. Keep in mind that the best kind of defense in the world of cybersecurity is frequently prevention.

Read more »
Sophos
Cybersecurity Data Encryption Enterprise security Ransomware Sophos

Ransomware Attacks on the Rise in Manufacturing Industry

Threat of Ransomware Attacks

The Growing Threat of Ransomware Attacks

According to a recent report by Sophos, a global leader in cybersecurity, more than two-thirds (68%) of manufacturing companies hit by ransomware attacks globally had their data encrypted by hackers. This is the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.

Ransomware attacks have become an increasingly common threat to businesses and organizations of all sizes. These attacks involve hackers gaining access to a company's computer systems and encrypting their data, making it inaccessible to the company. The hackers then demand a ransom payment in exchange for the decryption key.

Manufacturing Industry Hit Hard by Ransomware

The manufacturing industry has been particularly hard hit by these attacks. Despite an increase in the percentage of manufacturing organizations that used backups to recover data, with 73% of the manufacturing firms using backups this year versus 58% in the previous year, the sector still has one of the lowest data recovery rates.

This highlights the importance of companies taking proactive measures to protect themselves against ransomware attacks. This includes regularly backing up important data, keeping software and systems up to date with the latest security patches, and training employees on how to recognize and avoid phishing emails and other common attack vectors.

Protecting Against Ransomware: Best Practices for Companies

In addition to these preventative measures, companies should also have a plan in place for how to respond in the event of a ransomware attack. This includes knowing who to contact for assistance, having a communication plan for informing customers and other stakeholders and having a plan for how to restore operations as quickly as possible.

The threat of ransomware attacks is not going away anytime soon. By taking proactive steps to protect themselves, companies can reduce their risk of falling victim to these attacks and minimize the impact if an attack does occur.

Read more »
Threat Landscape
Cyber Security Data Encryption Data Leak RaaS Ecosystem Ransomware Threat Landscape

The Rate of Rorschach Ransomware is Increasing; Here's How to Safeguard Yourself

 

Staying ahead of threat actors is a game of cat and mouse, with hackers frequently having the upper hand. LockBit was the most widely used ransomware strain in 2023. In the previous year, LockBit was recognised to be the most active global ransomware organisation and RaaS supplier in terms of the number of victims claimed on their data leak site. 

New strains of malware emerge as the threat of ransomware grows. The current ransomware strain, Rorschach, is proof of this. It is one of the most rapidly spreading variants on the ransomware market today. 

Check Point tested 22,000 files on a 6-core machine and found that all files were partially encrypted in 4.5 minutes. In comparison to LockBit, which was previously thought to be one of the fastest ransomware outbreaks, Rorschach quickly compromised a machine. 

What is the purpose of the partial encryption of the files? A novel encryption approach known as intermittent encryption encrypts only a portion of the material, rendering it unusable. 

By drastically reducing the time required to encrypt files, security software and personnel have only a limited amount of time to thwart an attack. The outcome is the same: the victim is unable to access their files. 

The speed with which encryption is performed is critical since it limits the amount of time available for a user or IT organisation to respond to a security breach. This improves the chances of a successful attack. 

Rorschach ransomware, for example, can construct a Group Policy that spreads the ransomware to all machines in the domain if it is successful, even if the attack originally targets just one system. 

So, what are the best practises for defending against ever-increasing threats? The three actions listed below are critical for defending yourself and your organisation from Rorschach assaults.

Access control 

One of the first stages in safeguarding your organisation is to ensure that each user has only the access they require. Implementing RBAC (Role-Based Access Control) or ABAC (Attribute-Based Access Control) procedures ensures that no user or compromised account can access data outside of its bounds.

With suitable controls in place, you can audit when an account does an action that exceeds its permitted permissions, and fast onboarding and offboarding enable swift responses to security events. 

Account policy

Accounts are supported by a strong password policy. This may include following industry standards such as NIST 800-63B or verifying for previously hacked account passwords. Industry requirements and breached password protection are tough to meet, but software like Specops Password Policy with Breached Password Protection can help. 

Ensuring that a user changes their password in accordance with the policy and does not use a previously hacked password guarantees that your organisation is secure.

Data backup 

Having good, thorough data backups that cover your entire infrastructure is essential, even in the event of a ransomware attack. If the worst happens, you will be able to quickly rebuild your infrastructure and ensure that you can bring back services and functioning. You can lessen the effects of a successful ransomware attack and discover what may have been compromised by swiftly recovering. 

Bottom line 

While the three measures above cannot ensure foolproof security, they can guard you against increasingly complex dangers like Rorschach. There will probably be numerous improvements in the future, even though this ransomware uses special programming to speed up encryption.

Enforcing a tighter password policy helps deter these criminals from looking for easy targets, which is what they frequently do when targeting passwords that have already been obtained. 

Additionally, you may use a free download to search your Active Directory for more than 940 million compromised credentials. Make sure no one is using credentials that have already been stolen.
Read more »
User Privacy
1Password Manager Authentication Cyber Security Data Encryption Hackers LastPass User Privacy

Upgrading Online Security with Password Managers

Online security has become a major concern for individuals and businesses alike, as cyber-attacks become more sophisticated and prevalent. Passwords play a critical role in protecting online security, but the traditional method of using passwords has become inadequate due to the increasing number of online accounts people use, making it challenging to remember multiple passwords.

According to TechRadar, the use of password managers has emerged as a solution to this problem. These tools generate complex and unique passwords for each account, securely store passwords, and autofill passwords, making them convenient to use. The article suggests that password managers have become essential for enhancing online security. 

Password managers not only provide a higher level of security but also make managing passwords easier. "With the ever-increasing number of accounts people hold, there is a higher risk of password reuse, which makes users more vulnerable to cyber-attacks. A password manager can help overcome this issue," says tech writer Ashwin Bhandari. 

Android Police highlights the advantages of using password managers, including the ability to generate secure passwords and store them securely. The tool also helps users avoid the risk of weak passwords or using the same password for multiple accounts, which could make them vulnerable to cyber-attacks. 

CyberNews has compiled a list of the best password managers available, including LastPass, Dashlane, and 1Password. These password managers use strong encryption methods to protect user passwords and employ multi-factor authentication to provide an additional layer of security.

"Multi-factor authentication is the best way to protect your account from unauthorized access. While a password manager can generate and store passwords, enabling multi-factor authentication can prevent hackers from gaining access to your account even if they have your password," says cybersecurity expert John Smith.

Password managers have become a crucial tool for maintaining online security, to sum up. Users can prevent the risk of using weak passwords or the same password for many accounts by utilizing them since they make it convenient to generate and save complex passwords securely. Password managers can help people and businesses increase their internet security and defend against cyberattacks.
Read more »
User Privacy
cloud storage Data Encryption Data Storage Dropbox Encrypto iCloud MacPaw OneDrive Privacy Sensitive data User Privacy

What Must You Do Before Uploading Your Sensitive Data to the Cloud?


Cloud storage has emerged as a prominent tool when it comes to managing or storing users’ data. Prior to the establishment of cloud storage technology, more than a decade ago, emailing individual files to yourself or saving them to an external drive and physically moving them from one computer to another were the two most popular methods for backing up documents or transferring them between devices. 

But now data storage has witnessed a massive breakthrough in technology, thanks to cloud storage solutions. Some of the prominent cloud storage services like Google Drive, Microsoft OneDrive, Dropbox, and Apple iCloud Drive made it dead simple to back up, store, and keep our documents synced across devices. 

Although, this convenience came to the users at a cost of privacy. When we use any of the Big 4's major cloud services, we theoretically give them—or anybody who can hack them—access to whatever we keep on their cloud, including our financial and health information, as well as our photos, notes, and diaries. 

One of the major reasons why user privacy is at stake is because all four prominent cloud service providers meagerly encrypt the documents while uploading. Since these documents are not end-to-end encrypted, it indicates that the user is the only one with the ability to decrypt. 

Minimal encryption would mean that the service provider too holds the key to decrypt users’ documents, and is capable of doing so at all times. Moreover, in some severe instances, a hacker may as well get hold of the decryption key. 

Out of the four major cloud services, Apple is the only service provider with Advanced Data Protection for iCloud, launched recently, which enables users to choose to have their documents end-to-end encrypted when stored in iCloud Drive. This makes Apple void of any access to the files, ensuring the user’s privacy. However, this setting is still optional, making the merely encrypted iCloud Drive a default setting. 

Since the remaining three major cloud storage providers are yet to provide users with the choice of end-to-end encryption and taking into consideration the exploded usage of such personal cloud services in recent years, billions of users are currently at risk of getting their sensitive documents exposed to the third party. 

Encrypt First, Then Upload to the Cloud 

It is possible to use the popular cloud storage services while preventing anyone who gains access to your account from seeing the files stored therein by encrypting those files prior to uploading them. The best part? You do not require a computer scientist or a security developer to do so. With the numerous applications, that are available for free, one could encrypt any file on one's own. 

What is Encrypto?

One such well-known encryption program is Encrypto, sponsored by a company called MacPaw. You may drag a file into the program, give it a password, and then encrypt it using industry AES-256 encryption. The software then enables you to save a file with an encrypted version (.crypto file type). 

After encrypting the files, the user can now upload the encrypted version of the file to their preferred cloud storage provider rather than the original file containing sensitive data. If your cloud storage is then compromised, the attacker should be unable to open the Crypto file without knowing the password the user has established for it. 

Encrypto is a cross-platform tool that works on both Macs and Windows PCs, despite the fact that MacPaw is known for producing Mac-specific utility apps. The recipient merely needs to download the free Encrypto app to be able to open sensitive documents that have been sent to them over email and have been encrypted using Encrypto (and you need to let them know the password, of course). 

Another nice feature that the app possesses is that it enables users to set different passwords for each file they create. One can even include a password hint in the encrypted file to remind what password is being used in the file. Users are advised to establish a password that would be difficult to decipher through brute force or something that would be difficult to guess. 

This being said, no matter the choice of app, encrypting the files yourself before uploading them to Google Drive Microsoft OneDrive, Dropbox, or iCloud Drive adds an additional layer of encryption and security to the sensitive data while still maintaining to reap the numerous benefits of cloud storage.  

Read more »
User Security
Cyber Attacks Data Encryption Extortion Scheme Ransom Payment ransomware attacks User Security

Ransomware Gangs are Starting to Forego Encryption

 

Criminal organisations are now employing a new strategy to ensure ransomware payouts: they skip the step of encrypting target companies' systems and instead go straight to demanding the ransom payment for the company's valuable data.

Malicious hackers are constantly looking for less-flashy but still effective ways to continue their ransomware attacks as law enforcement's focus on the problem grows.

Typically, a ransomware attack begins with the installation of malware that encrypts files onto a company's networks, followed by the appearance of a ransom note on each screen.

By concentrating only on data extortion, hackers can launch their attacks more quickly and without the need for encryption tools, which can occasionally go down in the middle of an attack. 

According to Drew Schmitt, a principal threat analyst at GuidePoint Security, law enforcement is also more interested in looking into attacks that use encryption because it results in more damage.

Schmitt added that businesses that have strong endpoint security tools, firewalls, ongoing monitoring, and security plans that restrict employees' access to internal files will be the most successful at thwarting ransomware attacks.

Security leaders must know how to lessen the effects of a ransomware attack. Here are a few of our suggestions: 

  • Keep encrypted backups of your data offline and make sure that your team consistently performs backups. Additionally, your team should prioritise restoring all crucial systems and data first and routinely test backups to determine how long data restoration efforts will take. 
  • Make it a company-wide rule that no device should be used to store corporate data locally. Unlike data stored in the cloud, if a device is infected, you risk losing all locally stored data. 
  • To prevent ransomware from spreading to other network devices, immediately isolate the infected device.
  • If at all possible, determine the type of ransomware used and/or the threat actors who carried out the attack to see if a decryption key may already be in existence. Engage an external incident response provider with digital forensics capabilities to lead the charge if you lack the expertise to carry out this investigation internally. 
  • Your team should have the relevant source code or executables backed up in addition to system images (or escrowed, have a licence agreement to obtain, etc.) so that you don't lose the application code entirely if the ransomware infection affects it. 
Read more »
Ransomware
Cyber Security Data Encryption Healthcare Industry Ransom Ransomware

Ransomware Attacks Forced Organizations to Shut Down Operations Completely

 

Ransomware attacks have evolved constantly and now the spike in attacks is causing a massive concern for thousands of organizations worldwide. Hackers are taking advantage of security vulnerabilities and encrypting data belonging to all sorts of organizations: from private firms to healthcare facilities and governments. 

What motivates the ransomware attackers to become even more sophisticated and demand tens of millions of dollars is that numerous firms agree to pay the ransom and not reveal the attack. It usually happens because they are afraid of the devastating social consequences. 

Earlier this week, Trend Micro, a global cybersecurity leader, disclosed that a quarter of healthcare organizations hit by ransomware attacks were forced to shut operations completely. The study also revealed that 86% of global healthcare organizations impacted by ransomware attacks suffered operational outages. 

More than half of the global HCOs (57%) acknowledged being hit by ransomware attacks over the past three years. Of these, 25% were forced to shut down their operations, while 60% disclosed that some business processes were affected by an attack. 

On average, it took most responding organizations days (56%) or weeks (24%) to fully restore these operations. In a survey of 145 healthcare business and IT professionals, 60 percent of HCOs also suffered a data breach, potentially increasing compliance and reputational risk, as well as investigation, remediation, and clean-up costs. 

The good news is that most (95%) HCOs say they regularly update patches, while 91% limit email attachments to thwart malware risk. Many also employed detection and response tools for their network (NDR) endpoint (EDR) and across multiple layers (XDR). 

"In cybersecurity, we often talk in abstractions about data breaches and network compromise. But in the healthcare sector, ransomware can have a potentially genuine and very dangerous physical impact," Trend Micro Technical Director Bharat Mistry stated. 

"Operational outages put patient lives at risk. We can't rely on the bad guys to change their ways, so healthcare organizations need to get better at detection and response and share the appropriate intelligence with partners to secure their supply chains." 

The study published by cybersecurity firm Sophos in June revealed that HCOs spend nearly $1.85 million to recover systems after a ransomware attack, the second-highest across all sectors. The average ransom paid by healthcare organizations surged by 33% in 2021, an almost threefold increase in the proportion of victims paying ransoms of $1 million or more.
Read more »
Subscribe to: Posts (Atom)