Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Encryption. Show all posts
SafePay ransomware
advanced ransomware techniques Cyber Security Cyber Threats Data Encryption LockBit source code ransomware strain ransomware tactics SafePay ransomware

SafePay Ransomware: A New Threat with Advanced Techniques

 

In October 2024, cybersecurity experts at Huntress identified a previously undocumented ransomware strain named SafePay. This malware was deployed in two separate incidents and stands out for its distinctive features, including the use of .safepay as an encrypted file extension and a ransom note titled readme_safepay.txt. Despite its limited exposure, SafePay’s techniques signal a skilled operator leveraging advanced ransomware methods.

SafePay is linked to older ransomware families like LockBit, with Huntress analysts stating: “During our analysis of the ransomware binary, we began to notice a large number of similarities to the extensively analyzed LockBit samples from the end of 2022.” These parallels suggest that SafePay’s developers may have utilized leaked LockBit source code to create their malware, showcasing a blend of stealth and sophistication.

SafePay follows a systematic two-phase attack process:

  • Data Collection and Exfiltration: In one observed incident, attackers used WinRAR to archive data across multiple systems and exfiltrated it via FileZilla. Analysts remarked, “This activity looks like potential data exfiltration from the network—collected and archived with WinRAR and then possibly exfiltrated out using FTP.” Tools were uninstalled post-use to erase traces.
  • Encryption Deployment: Using Remote Desktop Protocol (RDP) access, attackers deployed ransomware scripts via PowerShell, targeting network shares. Commands such as disabling shadow copies and modifying boot configurations were executed to impede recovery. The ransom note ominously begins with: “Greetings! Your corporate network was attacked by SafePay team,” and outlines negotiation steps for data recovery.
The SafePay group operates on both the Tor network and the decentralized The Open Network (TON). Their leak site showcases victim organizations and stolen data directories. Huntress analysts discovered vulnerabilities in the site’s backend, exposing an Apache server status endpoint, offering insights into the group’s operations.

Although relatively new, SafePay’s connection to LockBit and its sophisticated techniques present significant risks across industries. As Huntress analysts concluded: “The threat actor was able to use valid credentials to access customer endpoints and was not observed enabling RDP, creating new user accounts, or establishing persistence.”

Read more »
Zero Trust
AI Models Cyber Security Data Encryption log files threats Zero Trust

Zero-Trust Log Intelligence: Safeguarding Data with Secure Access

 


Over the years, zero trust has become a popular model adopted by organisations due to a growing need to ensure confidential information is kept safe, an aspect that organisations view as paramount in cybersecurity. Zero-trust is a vital security framework that is fundamentally not like the traditional security perimeter-based model. Instead of relying on a robust boundary, zero-trust grants access to its resources after the constant validation of any user and every device they use, regardless of an individual's position within an organisation or the number of years since one first employed with the company. This "never trust, always verify" policy only grants minimum access to someone, even a long-tenured employee, about what is needed to fulfil their tasks. Because information for cybersecurity is often log file data, zero trust principles can provide better safeguarding of this sensitive information.

Log Files: Why They Are Both Precious and Vulnerable

Log files contain information that reflects all the digital interplay happening on the network, hence can indicate any vulnerability on a system for remediation purposes. For example, it's a good source where one will trace how companies' activities go regarding their performance by analysing log files for anything out of place or anomalies in systems' behaviours for speedy intervention for security lapses. At the same time, however, these log files can expose organisations to vulnerabilities when wrong hands gain access because of possible theft of confidential data or the intention of hacking or modification. The log files have to be strictly controlled and limited only for authorization, because the misuse has to be avoided for maintaining the network secure.

Collecting and Storing Log Data Securely

Zero trust can best be implemented only if gathering and storing of log file collection and storage are sound. It ensures that the real-time data is collected in an environment that has a tamper-resistant place that prevents data from unauthorised modification. Of late, there has been OpenTelemetry, which is gaining popularity due to its potential in the multiple data sources and secure integration with many databases, mostly PostgreSQL.

Secure log storage applies blockchain technology. A decentralised, immutable structure like blockchain ensures logs cannot be altered and their records will remain transparent as well as tamper-proof. The reason blockchain technology works through multiple nodes rather than one central point makes it nearly impossible to stage a focused attack on the log data.

Imposing Least Privilege Access Control

Least privilege access would be one of the greatest principles of zero-trust security, which means that end-users would have only access to what is required to achieve their task. However, it can be challenging when balancing this principle with being efficient in log analysis; traditional access control methods-such as data masking or classification-frequently fall short and are not very practical. One promising solution to this problem is homomorphic encryption, which enables analysis of data in its encrypted state. Analysts can evaluate log files without ever directly seeing the unencrypted data, ensuring that security is maintained without impacting workflow.

Homomorphic encryption is beyond the level of the analyst. This means other critical stakeholders, such as administrators, have access to permissions but are not allowed to read actual data. This means logs are going to be secure at internal teams and thus there is a lesser chance of accidental exposure.

In-House AI for Threat Detection

Companies can further secure log data by putting in-house AI models which are run directly within their database and hence minimise external access. For instance, the company can use a private SLM AI that was trained specifically to analyse the logs. This ensures there is safe and accurate threat detection without having to share any logs with third-party services. The other advantage that an AI trained on relevant log data provides is less bias, as all operations depend on only relevant encrypted log data that can give an organisation precise and relevant insights.

Organisations can ensure maximum security while minimising exposure to potential cyber threats by applying a zero-trust approach through strict access controls and keeping data encrypted all through the analysis process.

Zero-Trust for Optimal Log Security

One of the effective log file intelligence approaches appears to be zero trust security-a security approach that uses the technologies of blockchain and homomorphic encryption to ensure the integrity and privacy of information in management. It means one locks up logs, and it is a source for valuable security insights, kept well protected against unauthorised access and modifications.

Even if an organisation does not adopt zero-trust completely for its systems, it should still ensure that the protection of the logs is considered a priority. By taking the essential aspects of zero-trust, such as having minimal permissions and secured storage, it can help organisations decrease their vulnerability to cyber attacks while protecting this critical source of data.




Read more »
western digital
Data Breach Data Encryption intellectual property patents western digital

Western Digital Fined Over $310 Million for Patent Infringement

 


In a landmark case, data storage major Western Digital has been asked to pay the highest fine of $315.7 million for violating patents associated with data encryption technology. SPEX Technologies owns these patents, having acquired them from Spyrus that developed the encryption technology. These technologies are used in older storage devices like PCMCIA and Compact Flash cards.

The jury concluded that many of Western Digital's self-encrypting storage devices infringed on these patents, which led to the hefty damages awarded. The case has been ongoing since 2016 when SPEX first sued Western Digital for using its patented technology without permission. Patents US6088802A and US6003135A, together at the heart of this case, dealt with the only plausible data encryption methods allowing secure operation of the peripherals and the host without compromising the security of the data.

Patents at the Heart of Controversy

The patents involved here deal with filed inventions in 1997 related to the protection of communication or interaction based on data in external storage that connects to computers. They have been applied in ancient standards, including PCMCIA and Compact Flash cards. Despite their patents having expired in 2017, they filed the lawsuits prior to expiration, so the case is technically valid. These patents are crafted specifically to allow encryption processes meant to safeguard the data, especially during the transfer from a peripheral device to a host computer.

Western Digital Response

Western Digital has strongly protested the allegations and clarified that it did not violate any patents. The company issued a dissent and said it would appeal after the jury verdict. Western Digital will file post-trial motions to challenge the verdict and will seek an appeal at higher courts if there is an unfavourable outcome.

This patent-related issue is not the first that Western Digital Corp. has faced. The company was recently held liable by the same court, a few months back, for violating patents on increasing capacity in hard drives. Because of this, the court ordered Western Digital to pay over $262 million in damages.

 An Ongoing Dispute

This is one more protracted case in the judicial branch that has been taking years. SPEX Technologies sued Western Digital, and as this case continues, it reminds the industry that intellectual property still is the epicentre of technology, even though the older technology has evolved with time and in its effect has shown its influence on newer technologies developed into the future. The case reminds the world of one of the financial risks that companies face when patent disputes and intellectual property rights issues happen.

The two judgments already passed against Western Digital are substantial and have placed the spotlight on its real legal and financial challenges in protecting its technology and the costs of such lawsuits. A decision in the appeals will tell whether this technology will be returned to Western Digital, or it will have to pay the announced fines.

In the meantime, this case serves as a cautionary tale for other tech companies, especially by ensuring that they remain vigilant about patent rights whenever legacy technologies are still intact and protected by law. 

Future Implications

This may bring tighter scrutiny of intellectual property and a re-examination on the part of companies of the technology that's being used in their products, even if it seems outdated. This case is being watched closely by the tech community as it may set a precedent for future litigation involving expired patents and the fast-changing world of data security.

Western Digital's troubles are far from over because it will currently have to navigate its appeal, manage its reputation, and continue operations. Sure enough, this case will command close attention in the tech industry and speak to all who operate from this new platform within patent law and data encryption technologies.


Read more »
Sensitive data
Cyber Crime Data Encryption Decryption Quantum computing Sensitive data

Why Hackers Are Collecting Encrypted Data for Future Attacks

 



The cybercrime world is ever-changing, and hackers are preparing for a future quantum computer that might make current encryption techniques useless. This is called "harvest now, decrypt later," a rising phenomenon since cybercriminals steal encrypted data with hope for the time when, decrypted, it will become easy using quantum computers. Businesses must be aware of this new threat and use measures of proaction in their data protection.

Encryption has been one of the most essential practices that organisations have been carrying out for years, keeping any of the sensitive information being used to communicate, financial records, and personal information. New advances in quantum computing, however, create a potential danger that today's encryption would be relatively easy to break in the near future. Hackers are aware of this and are more aggressively collecting encrypted data that will wait for the quantum computers' ability to break down cryptographic codes.

Already, it's the reality of cyberattacks. Today, more than 70% of ransomware attacks include exfiltration of data before encrypting it. Cybercriminals are banking on quantum computing ultimately making decryption of taken data possible, no matter how safe they are today.


Threat from Quantum Computing to Encryption

There is a fundamental difference between quantum and traditional computing. In a classical computer, a bit is either one or zero. A qubit in a quantum computer, through superposition characteristic of it, is both one and zero at the same time, so that quantum computers are enabled to calculate at unprecedented speeds on complex calculations.

For instance, it would take a classical computer trillions of years to break a 2,048-bit encryption; a quantum computer can do this in a few seconds. Quantum technology is not available on a massive scale yet, but scientists predict that it will be implemented within ten years, causing hackers to put aside the data they want to encrypt in advance-by storing it encrypted today.


What Data Are Hackers Targeting?

In general terms, hackers have historically been most interested in stealing PII, which includes names, addresses, social security numbers, and even financial information. Such details are patently valuable for identity theft purposes and far more nefarious undertakings. With quantum computing, of course, hackers will no longer be limited to stealing data from databases but rather can intercept data as it travels between the web browser and server or even exploit vulnerabilities existing within internal networks.

This effectively means that companies must be even more careful to safeguard the very foundations of their HR and financial structures, communications, and any partnerships they hold. When quantum computing becomes ubiquitous, no encrypted data will ever remain safe unless new methods impervious to quantum decryption are deployed.


The Quantum Decryption Consequences

As a result, severe consequences will be meted out to businesses if they do not prepare for the quantum era. If hackers decrypt the data, the taken data may lead to initiating account takeovers, revealing identity theft campaigns that may have begun, and running targeted cyberattacks. The average cost of a data breach already runs into millions of dollars; it has risen from $4.35 million in 2022 to $4.45 million in 2023. These figures may see a great uptrend as quantum computing becomes a reality.

On the legal side, one of the main issues is possible legal implications. Companies that cannot protect client information may face billions in penalties and damage their reputation as jurisdictions worldwide are hardening their data protection measures.


Why Begin Preparing Now?

While quantum computing may not be commercially available yet, businesses cannot wait. It may take many years before the average hacker gets his hands on quantum technology, but well-funded groups-nation-states or corporate competitors-will probably soon get to use it. Companies should act now, not just to avoid losing money but to get ahead of advanced cyber threats.

Also, the development in quantum computer technology speeds up quickly. Although current quantum computers are of high price and complexity, a recent breakthrough came from a Chinese startup regarding portable consumer-grade quantum computers; this means that such quantum computers might appear more useful even sooner than thought.


Protecting Businesses Against Quantum Computing Threats

As quantum computing rapidly evolves, businesses need to take decisive actions to protect their data from future risks. Here are key steps to consider:

1. Adopt Post-Quantum Cryptography: Organisations should prioritise implementing encryption methods that are resistant to quantum computing, following the guidelines from the National Institute of Standards and Technology (NIST). By transitioning to post-quantum cryptographic standards as soon as they become available, businesses can secure their data from potential quantum-powered attacks.

2. Improve Breach Detection: Strengthening breach detection capabilities is essential. By monitoring for indicators of compromise, businesses can identify potential attacks early, allowing security teams to respond quickly. This could involve changing compromised passwords or encrypting sensitive data before hackers can exploit it.

3. Use Quantum-Safe VPNs: As quantum-safe virtual private networks (VPNs) are developed, they can provide an additional layer of security by protecting data in transit. These VPNs will ensure that hackers cannot intercept sensitive communications or steal data while it is being transmitted between systems.

4. Move Sensitive Data to Secure Locations: Business leaders should evaluate whether decrypted data poses significant risks and move critical information to secure offline storage if necessary. For highly sensitive data, businesses may need to implement segmented networks, strict access controls, or even revert to paper-based systems to protect it from potential quantum threats.


The Time to Act Is Now

With quantum computing on the horizon, businesses must begin preparing for a future where these technologies could be used to break traditional encryption. By adopting quantum-resistant cryptography, improving breach detection, and securely storing sensitive data, companies can reduce the risk of falling victim to quantum-driven cyberattacks. While quantum computers may still be years away, the consequences of failing to prepare could be disastrous. Now is the time for decision-makers to take proactive measures to protect their data before it's too late.


Read more »
Technology
Cryptography Data Encryption data security Indian Security Researchers Quantum communication quantum cryptography Technology

Raman Research Institute’s Breakthrough in Quantum Cybersecurity

 

Scientists at the Raman Research Institute have achieved a significant breakthrough in cybersecurity by developing a novel method for generating truly unpredictable random numbers. This development is essential for strengthening encryption in quantum communications, addressing one of the most pressing challenges in data security today. Traditional encryption methods depend on algorithms and computational complexity to protect data. 
However, with the rise of cyber threats and the imminent advent of quantum computing, there is an increasing demand for more robust and reliable encryption techniques. Quantum computing, in particular, poses a threat to conventional encryption methods as it has the potential to break these systems with ease. Thus, the need for advanced cryptographic solutions has never been more urgent. The team at the Raman Research Institute has created a user-friendly approach to generate random numbers that are genuinely unpredictable. 

This is a critical component for secure encryption because predictable random numbers can compromise the integrity of cryptographic systems. By ensuring that these numbers are entirely random, the new method significantly enhances the security of data transmissions. The unpredictability of these random numbers makes it exponentially harder for potential attackers to predict encryption keys, thereby fortifying data protection. Quantum communication, which relies on the principles of quantum mechanics, offers unparalleled security by making it theoretically impossible for an eavesdropper to intercept and read the transmitted data without being detected. 

However, the effectiveness of quantum communication systems hinges on the quality of the random numbers used in encryption. The breakthrough achieved by the Raman Research Institute addresses this need by providing a reliable source of high-quality random numbers. This advancement not only bolsters current encryption standards but also paves the way for more secure quantum communication networks. 

As cyber threats continue to evolve, the ability to generate truly random numbers will play a crucial role in maintaining the integrity and security of digital communications. This development is particularly significant for industries that rely heavily on data security, such as finance, healthcare, and government sectors. The method developed by the scientists is not only efficient but also practical for real-world applications. It can be integrated into existing systems with minimal modifications, ensuring that organizations can enhance their security measures without significant overhauls. The research team at Raman Research Institute is optimistic that this innovation will set a new standard in cryptographic practices and inspire further advancements in the field. 

The Raman Research Institute’s new method for generating truly unpredictable random numbers marks a significant step forward in cybersecurity. This breakthrough is vital for the development of stronger encryption techniques, particularly in the realm of quantum communications, ensuring that data remains secure in an increasingly digital world. As we move towards more interconnected and data-driven societies, such advancements in cybersecurity are essential to protect sensitive information from sophisticated cyber threats.
Read more »
Open Source System
Cyber Security Data Encryption data security database enterprise cybersecurity Enterprise security Open Source Open Source System

Why Enterprise Editions of Open Source Databases Are Essential for Large Organizations


With the digital age ushering in massive data flows into organizational systems daily, the real value of this data lies in its ability to generate critical insights and predictions, enhancing productivity and ROI. To harness these benefits, data must be efficiently stored and managed in databases that allow easy access, modification, and organization. 

Open-source databases present an attractive option due to their flexibility, cost savings, and strong community support. They allow users to modify the source code, enabling custom solutions tailored to specific needs. Moreover, their lack of licensing fees makes them accessible to organizations of all sizes. Popular community versions like MySQL, PostgreSQL, and MongoDB offer zero-cost entry and extensive support. 

However, enterprise editions often provide more comprehensive solutions for businesses with critical needs.  Enterprise editions are generally preferred over community versions for several reasons in an enterprise setting. A significant advantage of enterprise editions is the professional support they offer. Unlike community versions, which rely on forums and public documentation, enterprise editions provide dedicated, around-the-clock technical support. This immediate support is vital for enterprises that need quick resolutions to minimize downtime and ensure business continuity and compliance. 

Security is another critical aspect for enterprises. Enterprise editions of open-source databases typically include advanced security features not available in community versions. These features may encompass advanced authentication methods, data encryption, auditing capabilities, and more granular access controls. As cyber threats evolve, these robust security measures are crucial for protecting sensitive data and ensuring compliance with industry standards and regulations. Performance optimization and scalability are also key advantages of enterprise editions. They often come with tools and features designed to handle large-scale operations efficiently, significantly improving database performance through faster query processing and better resource management. 

For businesses experiencing rapid growth or high transaction volumes, seamless scalability is essential. Features such as automated backups, performance monitoring dashboards, and user-friendly management interfaces ensure smooth database operations and prompt issue resolution. Long-term stability and support are crucial for enterprises needing reliable database systems. Community versions often have rapid release cycles, leading to stability issues and outdated versions. 

In contrast, enterprise editions offer long-term support (LTS) versions, ensuring ongoing updates and stability without frequent major upgrades. Vendors offering enterprise editions frequently provide tailored solutions to meet specific client needs. This customization can include optimizing databases for particular workloads, integrating with existing systems, and developing new features on request. Such tailored solutions ensure databases align perfectly with business operations. 

While community versions of open-source databases are great for small to medium-sized businesses or non-critical applications, enterprise editions provide enhanced features and services essential for larger organizations. With superior support, advanced security, performance optimizations, comprehensive management tools, and tailored solutions, enterprise editions ensure that businesses can rely on their databases to support their operations effectively and securely. For enterprises where data integrity, performance, and security are paramount, opting for enterprise editions is a wise decision.
Read more »
software supply chain attacks
BlackBerry report Cyber Security cybercriminal strategy Data Encryption IT infrastructure compromise software supply chain attacks

Software Supply Chain Attacks: A Major Strategy for Cybercriminals

 

A new research indicates that software supply chain attacks are becoming an increasingly effective method for cybercriminals to compromise large organizations and disrupt their IT infrastructure.

A report by BlackBerry revealed that a significant majority (74%) of companies have received notifications of attacks or vulnerabilities in their software supply chain within the past year.

As the risk of such attacks grows, companies are ramping up their efforts to mitigate it. The report highlighted that over half (54%) of the surveyed companies have implemented data encryption, and nearly half (47%) are regularly training their staff on cybersecurity. Additionally, 43% have deployed multi-factor authentication (MFA).

Despite these efforts, most IT leaders (68%) believe that their software suppliers' cybersecurity policies are at least as strong, if not stronger (31%), than their own. Nearly all respondents (98%) expressed confidence in their suppliers’ ability to identify and prevent the exploitation of vulnerabilities.

A software supply chain attack essentially turns a software supplier into an unintentional Trojan horse for the targeted organization. As enterprises have enhanced their cybersecurity measures, direct attacks have become more challenging. 

However, software suppliers may not have equivalent security standards, making them easier targets for cybercriminals. Once compromised, these suppliers can inadvertently introduce malicious code into the software, granting hackers access to the organization’s systems.

The report also found that operating systems (32%) and web browsers (19%) are the most impactful targets for these attacks.

Organizations that fall victim to software supply chain attacks experience significant consequences, including financial losses (62%), data breaches (59%), reputational damage (57%), and operational disruptions (55%). Nearly 38% of affected companies take up to a month to fully recover.
Read more »
Windows 11 Recall
AI-powered feature Cyber Security Cybersecurity Data Encryption data security Microsoft Online Safety Privacy Concerns Threat actors User Privacy Windows 11 Recall

Microsoft's Windows 11 Recall Feature Sparks Major Privacy Concerns

 

Microsoft's introduction of the AI-driven Windows 11 Recall feature has raised significant privacy concerns, with many fearing it could create new vulnerabilities for data theft.

Unveiled during a Monday AI event, the Recall feature is intended to help users easily access past information through a simple search. Currently, it's available on Copilot+ PCs with Snapdragon X ARM processors, but Microsoft is collaborating with Intel and AMD for broader compatibility. 

Recall works by capturing screenshots of the active window every few seconds, recording user activity for up to three months. These snapshots are analyzed by an on-device Neural Processing Unit (NPU) and AI models to extract and index data, which users can search through using natural language queries. Microsoft assures that this data is encrypted with BitLocker and stored locally, not shared with other users on the device.

Despite Microsoft's assurances, the Recall feature has sparked immediate concerns about privacy and data security. Critics worry about the extensive data collection, as the feature records everything on the screen, potentially including sensitive information like passwords and private documents. Although Microsoft claims all data remains on the user’s device and is encrypted, the possibility of misuse remains a significant concern.

Microsoft emphasizes user control over the Recall feature, allowing users to decide what apps can be screenshotted and to pause or delete snapshots as needed. The company also stated that the feature would not capture content from Microsoft Edge’s InPrivate windows or other DRM-protected content. However, it remains unclear if similar protections will apply to other browsers' private modes, such as Firefox.

Yusuf Mehdi, Corporate Vice President & Consumer Chief Marketing Officer at Microsoft, assured journalists that the Recall index remains private, local, and secure. He reiterated that the data would not be used to train AI models and that users have complete control over editing and deleting captured data. Furthermore, Microsoft confirmed that Recall data would not be stored in the cloud, addressing concerns about remote data access.

Despite these reassurances, cybersecurity experts and users remain skeptical. Past instances of data exploitation by large companies have eroded trust, making users wary of Microsoft’s claims. The UK’s Information Commissioner's Office (ICO) has also sought clarification from Microsoft to ensure user data protection.

Microsoft admits that Recall does not perform content moderation, raising significant security concerns. Anything visible on the screen, including sensitive information, could be recorded and indexed. If a device is compromised, this data could be accessible to threat actors, potentially leading to extortion or further breaches.

Cybersecurity expert Kevin Beaumont likened the feature to a keylogger integrated into Windows, expressing concerns about the expanded attack surface. Historically, infostealer malware targets databases stored locally, and the Recall feature's data could become a prime target for such malware.

Given Microsoft’s role in handling consumer data and computing security, introducing a feature that could increase risk seems irresponsible to some experts. While Microsoft claims to prioritize security, the introduction of Recall could complicate this commitment.

In a pledge to prioritize security, Microsoft CEO Satya Nadella stated, "If you're faced with the tradeoff between security and another priority, your answer is clear: Do security." This statement underscores the importance of security over new features, emphasizing the need to protect customers' digital estates and build a safer digital world.

While the Recall feature aims to enhance user experience, its potential privacy risks and security implications necessitate careful consideration and robust safeguards to ensure user data protection.
Read more »
Subscribe to: Posts (Atom)