Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Digital Threat. Show all posts
VPN
At-Bay Cyber Security CyberCrime Cyberhackers CyberThreat Digital Threat RaaS Ransomware remote access VPN

Increasing Exploitation of Remote Access Tools Highlights Ransomware Risks

 


Among the latest findings from cybersecurity insurance provider At-Bay, ransomware incidents witnessed a significant resurgence in 2024, with both the frequency and the severity of these attacks escalating significantly. Based on the firm's 2025 InsurSec Report, ransomware activity rose 20 percent from the previous year, returning to the high level of threat that had been experienced in 2021, when ransomware activity soared to 20 per cent. 

There is an overwhelmingly large number of remote access tools and virtual private networks (VPNS) that have been exploited as entry points for these attacks, according to the report. In particular, mid-market organisations, particularly those with annual revenues between $25 million and $100 million, have been severely hit by this surge, with targeted incidents on the rise by 46 per cent. As a result of the At-Bay claims data, it is apparent that the severity of ransomware breaches has increased by 13 per cent year over year, highlighting how sophisticated and financially destructive these threats are becoming. 

It was also found that attacks originating from third parties, such as vendors and service providers, have increased by 43 per cent, compounding the risk. It is also important to note that the economic toll of these supply chain-related incidents increased by 72 per cent on average, which increased the overall cost associated with them. This study highlights the need to reassess the cybersecurity postures of businesses, especially those that are reliant on remote access infrastructure, as well as strengthen defences across the entire digital ecosystem. 

A study published by At-Bay highlights the widespread misuse of conventional cybersecurity tools, particularly those intended to enhance remote connectivity, as well as the deterioration of the effectiveness of traditional cybersecurity tools. Virtual private networks (VPNS) and remote access software, which are frequently deployed to ensure secure access to internal systems from off-site, are increasingly being repurposed as a gateway for malicious activities. 

As a matter of fact, At-Bay’s analysis illustrates a concerning trend that threatens the flexibility of work environments. Threat actors are frequently exploiting these same tools to get access to corporate networks, extract sensitive data, and carry out disruptive operations. Due to their visibility on the public internet, cybercriminals are actively searching for potential vulnerabilities in these systems to attack them. 

The Remote Access Tools are essentially a front door that provides access to your company's network and can typically be viewed by the general public. For that reason, remote access tools are prone to being attacked by attackers, according to Adam Tyra, Chief Information Security Officer for At-Bay's customer service department. In addition to this, the report highlights the disproportionately high risk posed by mid-sized enterprises, which generate annual revenue of between $25 million and $100 million. 

The number of direct ransomware claims has increased significantly within the segment, which highlights both the increased exposure to cyber threats as well as the potential limitations in resources available to defend against them. As part of this report, the authors point out that “remote” ransomware activity has increased dramatically, a tactic that has gained considerable traction among threat actors over the past few years. 

In 2024, this type of attack is expected to have increased by 50 per cent compared to the year before, representing an astounding 141 per cent increase since the year 2022. As far as traditional endpoint detection systems are concerned, remote ransomware campaigns are typically carried out by unmanaged or personal devices. In these kinds of attacks, rather than deploying a malicious payload directly onto the victim's machine, networks file-sharing protocols are used to access and encrypt data between connected systems by using the network file-sharing protocol. Therefore, the encryption process is often undetected by conventional security tools, such as malware scanners and behaviour-based defences. 

These stealth-oriented methodologies pose a growing challenge to organizations, particularly small and medium-sized businesses (SMBS), as a result of this stealth-oriented methodology. In the study conducted by Sophos Managed Detection and Response (MDR), the most common threat vector in the SMB sector is ransomware and data exfiltration, which accounted for nearly 30 per cent of all cases tracked within this sector. 

Even though sophisticated attack techniques are on the rise, the overall volume of ransomware-related events in 2024 saw a slight decline in volume compared with 2023 despite the rise in sophisticated attack techniques. There has been a marginal decrease in ransomware-as-a-service (Raas) incidents. 

The advancement of defensive technologies and the dismantling of several of the most high-profile ransomware-as-a-service (Raas) operations have both contributed to this decline. This combined study emphasises the urgent need for businesses to modernise their cybersecurity strategies, invest in proactive threat detection, and strengthen the security of their remote access infrastructure to combat cybercrime. 

With the development of ransomware tactics in complexity and scale, the resilience of organisations targeted by these threats has also evolved. As a result of these developments, organisations are increasingly expected to reevaluate their risk management frameworks to adopt a more proactive cybersecurity policy. To ensure that a robust defense strategy is implemented, it is imperative that remote access security systems are secured and access controls are implemented and advanced monitoring capabilities are deployed. 

Besides raising awareness of cybersecurity throughout the workforce and fostering close cooperation between technology and insurance partners, it is also possible to significantly reduce the risk of ransomware being a threat to organisations. In the wake of cyber adversaries that keep improving their methods, businesses will have to take not only technical measures to strengthen their resilience, but also a wide range of strategic measures to anticipate and neutralise emergent attack vectors before they can cause significant damage.
Read more »
Digital Threat
Cyber Attacks CyberCrime Cybersecurity Cyberthreat. Cybersafety Digital Harrasment Digital Threat

Couple's ₹47.7 Lakh Loss Amid Two-Week Digital Harassment and Arrest

 


A long time has gone by since Apple announced several new AI-based features at its WWDC developer conference on Monday, as well as partnering with an upstart in generative artificial intelligence called OpenAI to create generative AI. Even though Apple is very clearly stating its commitment to practicality, personalization, and privacy with its new technology, there is also a clear focus on the practicality, personalization, and privacy aspects that are important to Apple. 

However, many of the features announced play to Apple’s strengths rather than being cutting-edge. Apple has recently announced several artificial intelligence features, some of which are a bit predictable. There is a nice bit of pride in being able to access writing assistance tools from numerous places within the operating system and to have AI generate unique emojis for users, but this is not a radical step forward in productivity for users. Using a variety of (anonymized) information and apps, Apple is giving their models access to a greater amount of information and apps of the user to make personal AI more valuable. 

According to Techsponential analyst Avi Greengart, the writing assistance stuff and image generation stuff are just table stakes. For instance, Siri, powered by artificial intelligence, is capable of accessing and orchestrating multiple apps at the same time. The users might ask Siri, “When is Mom's flight landing?” Siri can look up the flight details (in Messages or email apps) and cross-reference them with real-time flight tracking information so that he or she can provide a real-time arrival time for Mom. Alternatively, users can ask Siri to send them a few photos from a particular event via Messages, but this is restricted to iOS apps, of course. 

According to Greengart, Apple will offer app developers a new App Intents API, which will allow Siri to access certain app functions and access app data. However, this will only be possible with Apple apps. In my opinion, Apple is making a smart move by allowing Siri access to more apps and information. It has been estimated that more than 2.2 billion active Apple devices around the world store a variety of information, and Apple is in the unique position to turn this data into something useful by combining it with artificial intelligence. 

With the ability to reach across devices, Apple's artificial intelligence, or "Apple Intelligence," as it is called, can have access to a fuller set of information about users. And that is the area where Apple's longstanding commitment to data privacy could prove very useful. Apple has an excellent track record on privacy protection, and customers who have purchased services from Apple are likely to trust Apple to protect their data, whereas customers of other AI companies may be less confident that AI systems will not leak their data or use it for unauthorized purposes. 

The SVP of Software Engineering at Apple, Craig Federighi, explained in a keynote speech that people should not have to hand over everything about their lives to someone else's artificial intelligence cloud to be warehoused and analyzed by them. As part of its commitment, Apple has committed to designing mobile chips that are powerful enough to run AI models efficiently, which represents another of its core strengths. There is a lot of computing power required by language models as well as image models, and they are usually run on cloud-based servers to meet these requirements. 

Tim Bajarin, the principal analyst at Creative Strategies, says Apple has been spending so much time and money improving the performance of its M-series chips - and also making them smaller and more efficient - that it is now possible to run small AI models on the devices, thanks to the hard work and expertise of Apple. The new AI features are still not available for existing Apple users, Bajarin notes, as they will require upgrading to an iPhone with an M-class processor to access them. 

This suggests that the AI that is included in iPhones might simply be a powerful incentive for people to decide to upgrade. It would be no surprise to see Wall Street rushing to welcome the launch of a new iPhone "supercycle". However, analysts had a different interpretation of Apple's announcement than they thought. As a result of the keynote, Apple stock plummeted more than 2% in late afternoon trading, to close down more than 2% from its high in the morning. 

The situation could undergo a significant transformation if Apple device users begin to establish a personal connection with the newly introduced AI features. On Monday, Apple CEO Tim Cook emphasized that these advancements transcend traditional artificial intelligence. He described it as "personal intelligence," indicating that this represents a substantial and pivotal progression for Apple.
Read more »
Subscribe to: Posts (Atom)