Ransomware

Ransomware continues to be a major issue, with the FBI recently reporting a 62 percent year-on-year increase for the period ending July 31.

Unpatched vulnerabilities, device misconfigurations, internet-facing assets and unauthorized software rank consistently among the top attack vectors, but how can businesses track them down?

High-profile ransomware and software supply chain disruptions are driving increased attention on software security, according to the latest Building Security In Maturity Model (BSIMM) report from Synopsys.

The BSIMM12 data indicates a 61 percent increase in software security groups' identification and management of open source over the past two years, almost certainly due to the popularity of open source components in modern software and the rise of attacks using open source projects as vectors.

Ransomware now accounts for 69 percent of all attacks involving malware, according to the latest threatscape report from Positive Technologies.

The researchers have also identified a growing pattern of new malware specifically designed to penetrate Unix systems.

In the first half of 2021, cybercriminals launched approximately 5.4 million DDoS attacks, representing an 11 percent increase over the same period in 2020.

The latest threat intelligence report from NETSCOUT shows that in the first half of the year cybercriminals weaponized and exploited seven new reflection/amplification DDoS attack vectors putting organizations at greater risk.

The latest threat report from Nuspire shows that the second quarter of 2021 saw a massive 55,239 percent increase in ransomware activity during the second and third weeks.

This took place just prior to the Colonial Pipeline ransomware attack conducted by the DarkSide ransomware group. The reason for the increase is not known, however, and it may not be related to the attack.

Ransomware has hit the headlines in recent months with attacks on infrastructure and supply chains closing down operations. But ransomware has the potential to be even more devastating if it’s spread via Active Directory, as demonstrated by the SolarWinds attack.

We talked to Derek Melber, chief technology and security strategist of Tenable to find out more about AD attacks and how to combat them.

Many organizations have been quick to adopt containerization and particularly Kubernetes. But while there are advantages in scale and flexibility, it also raises issues around cloud-native data protection practices.

So how can businesses adopt the technology but still protect their information? We spoke to Gaurav Rishi, VP product, at Kubernetes backup specialist Kasten by Veeam to find out.

Analysis by CybSafe of incidents reported to the UK's Information Commissioner's Office (ICO) shows that ransomware attacks made up 22 percent of all reported cyber security incidents in the first half of 2021. This is up from 11 percent in the first half of 2020

Phishing still leads, accounting for 40 percent of all cybersecurity cases reported to the ICO, slightly down from 44 percent the year before, but ransomware has now edged into second place.

Earlier this month Taiwanese hardware maker Gigabyte confirmed that it was under ransomware attack from a hacker group calling itself RansomEXX.

Now researchers at CyberNews have discovered that confidential data apparently belonging to Gigabyte has been leaked on a hacker forum.

A new whitepaper released today by O'Reilly and based on a survey of tech professionals experiences of ransomware concludes that basic security practices like backups are key to surviving an attack.

Of 950 respondents to the study only six percent had experienced a ransomware attack directly in the organization they work for and, by and large, these organizations have strong security measures in place.

We've looked before at the phenomenon of Initial Access Brokers, cybercriminals who breach systems and then sell access to the highest bidder.

It seems that during the pandemic IABs have been busy improving their business model. New research from threat intelligence company KELA shows that pricing is often determined by company size and the level of privilege on offer within the compromised network, with $5,400 as the average price for network access, and $1,000 as the median price.

Ransomware attacks are growing in severity and volume, bringing increasing costs and financial, legal, and other challenges.

Businesses need to be sure they can recover from an attack and data management specialist Zerto aims to provide the means with its latest offering Zerto 9.

According to Checkpoint Research, ransomware attacks have surged significantly, hitting a double-digit increase of 93 percent year-on-year. As of June 2021, the number of organizations impacted by ransomware has risen to 1,210. This exponential rise is also attributable to the migration to remote work globally. The amount paid by victims of these attacks has increased by almost 300 percent in 2020 alone

These staggering statistics paint a grim picture of the security threat that companies face. As early as July 2021, as many as 1,500 businesses world-wide have been affected by ransomware attack -- REvil. The group has reportedly used Kaseya IT software as backbone for this notorious attack. Around $70 million dollars were demanded from the affected companies to restore business data. The companies that majorly came under the radar were supermarkets, IT companies -- primarily small to medium sized, schools and kindergartens

Ransomware is a major problem and ideally while you'd like to avoid being attacked, the chances are that at some point you're going to be a target.

So, what happens following an attack and what should organizations be doing immediately afterwards to lessen the impact? We spoke to Ed Williams, EMEA director of SpiderLabs at Trustwave, to find out and to get some tips on how to proactively secure against ransomware attacks in future.

It is now almost three weeks since the gigantic ransomware attack that exploited a vulnerability in Kaseya VSA remote management software. The attack affected millions of devices and the group behind it, REvil, had been demanding a $70 million ransom.

There had been great concern about the fall out from the attack due to the apparent disappearance of REvil which made it impossible for anyone willing to pay the ransom to do so. Now a universal decryption key has been obtained from a "trusted third party", giving victims the chance to regain access to their data without the need to part with any money.