Categories
India News Tech Lite Technology

India govt cautions Internet users against ransomware ‘Akira’

An increase in ransomware attacks and human error is the leading cause of the cloud data breach in India and worldwide, according to the Thales data threat 2023 report…reports Asian Lite News

The government has cautioned against an Internet ransomware called “Akira” which steals important information and encrypts data which can lead to extortion.

CERT-In, the government’s technology arm which guards against cyber attacks, issued an advisory regarding “Akira”, a computer malware targets Windows and Linux-based systems.

It said that it steals information and then encrypts data on their systems. Once this is done, the malware conducts double extortion, thus forcing the victim into paying the ransom amount.

“In case the victim does not pay, they release their victim’s data on their dark web blog,” the advisory noted.

CERT-In thus suggested that Internet users should use basic online hygiene and protection protocols to protect themselves from such attacks. It also recommended that users should maintain offline backups of critical data and keep them updated, to prevent its loss in case of an attack.

The technology arm also advised that users should follow a strong password policy.

An increase in ransomware attacks and human error is the leading cause of the cloud data breach in India and worldwide, according to the Thales data threat 2023 report.

Thales released the data, on Tuesday, on security threats, trends and emerging topics based on the survey of nearly 3000 IT and security professionals in 18 countries. Half of the IT professionals surveyed in India believe that security threats are increasing in volume or severity with 52 per cent reporting an increase in ransomware attacks.

The figure from India is higher than the global figure of 47 per cent of IT professionals believing that security threats are increasing in volume or severity, while 48 per cent indicated an increase in ransomware attacks, as per the data.

More than a third (38 per cent) of respondents in India (37 per cent globally) have experienced a data breach in the past 12 months, including 23 per cent (22 per cent globally) reporting that their organisation had been a victim of a ransomware attack.

Respondents identified their cloud assets and IoT devices as the biggest targets for cyber-attacks. 53 per cent of respondents in India said that their IoT devices were the biggest targets, followed by Cloud-based storage (41 per cent) and Cloud delivered applications (SaaS) (40 per cent), according to Thales data threat report.

At the global level, 28 per cent of the respondents said SaaS apps and cloud-based storage were the biggest targets, followed by cloud-hosted applications (26 per cent) and cloud infrastructure management (25 per cent). The increase in cloud exploitation and attacks is directly due to the increase in workloads moving to the cloud as 75 per cent of respondents globally said 40 per cent of data stored in the cloud is now classified as sensitive compared to 49 per cent of respondents in 2022.

These are just a few of the key insights from the 2023 Thales Data Threat Report, conducted by 451 Research, which surveyed both private and public sector organisations. It reveals how businesses are responding and planning their data security strategies and practices in light of a changing threat landscape and the progress they are making to address threats.

According to the Thales new data, human error and ransomware have largely impacted on the Cloud data breach in India.

ALSO READ-UK suffers ‘biggest ever’ ransomware attack on NHS

Categories
Tech Lite

Hacker encrypting data in ransomware attack

Despite this increase, the sector still has one of the lowest data recovery rates, according to the report by Sophos, a global leader in cybersecurity…reports Asian Lite News

More than two-thirds (68 per cent) of manufacturing companies hit by ransomware attacks globally had their data encrypted by hackers, a report showed on Tuesday.

This is the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.

However, in contrast to other sectors, the percentage of manufacturing organisations that used backups to recover data has increased, with 73 per cent of the manufacturing firms using backups this year versus 58 per cent in the previous year.

Despite this increase, the sector still has one of the lowest data recovery rates, according to the report by Sophos, a global leader in cybersecurity.

“Using backups as a primary recovery mechanism is encouraging, since the use of backups promotes a faster recovery. While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery,” said John Shier, field CTO, Sophos.

With 77 per cent of manufacturing organisations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response, he added.

In addition, despite the growing use of backups, manufacturing and production reported longer recovery times this year.

In 2022, 67 per cent of manufacturing organisations recovered within a week, while 33 per cent recovered in more than a week. This past year, only 55 per cent of manufacturing organisations surveyed recovered within a week.

“Longer recovery times in manufacturing are a concerning development. This extended recovery is negatively impacting IT teams, where 69 per cent report that addressing security incidents is consuming too much time and 66 per cent are unable to work on other projects,” said Shier.

ALSO READ-Twitter rivals flex their muscles as Musk restricts access

Categories
-Top News India News

Deeper ransomware attacks may put firms at greater threat

The goal of pseudo ransomware, also referred to as wiperware, is to destroy the victim’s systems rather than offer the opportunity to decrypt them…reports Asian Lite News

With the ransomware-as-a-service (RaaS) business model taking off, Indian organisations across the spectrum, after the massive AIIMS attack, will need to be more alert and ready to face aggressive cyber attacks.

According to Barracuda Networks, a leading provider of cloud-first security solutions, a new generation of smaller and smarter gangs will steal their limelight in 2023.

During the year, organisations will experience an increased frequency of ransomware attacks with new tactics, the company said on Tuesday.

“In 2023, organisations need to be ready to be targeted by every kind of cyberthreat, regardless of their size or industry sector. As existing authentication methods are challenged by attackers, security practitioners need to look at alternatives, and we expect to see password-less and FIDO U2F (Universal 2nd Factor) single security key technology receiving a lot of consideration,” said Parag Khurana, Country Manager, Barracuda Networks India.

The growing use of artificial intelligence (AI) in threat detection will make a significant difference to security, and “we expect to see more companies invest in 24/7 human-led threat hunting and response, making use of an expert SOC-as-a-Service if they don’t have the resources in house,” he added.

In 2023, “wiperware” emanating from Russia will likely spill over into other countries as geopolitical tensions continue.

The goal of pseudo ransomware, also referred to as wiperware, is to destroy the victim’s systems rather than offer the opportunity to decrypt them.

This form of cyberattack is often geopolitical in nature.

In 2022, there were 21,000 Common Vulnerabilities and Exposures (CVEs) registered. Many of them were classed as ‘critical’, and many were actively exploited by attackers.

“There were also a number of popular third-party software libraries that had critical vulnerabilities reported. Organisations need to have a team in place ready to patch software and remediate as soon as possible,” said the report.

2022 was the year of the supply chain attack with a large number of high-profile incidents occurring around the world and it has led more attackers to look for the weakest link in attacking companies.

“We have seen impersonation techniques and spear phishing attacks constantly evolve and with multi-factor authentication (MFA) fatigue attacks, they are having more and more success,” said the report.

ALSO READ-The Guardian hit by ransomware attack

Categories
Business

‘Small businesses face higher ransomware attacks‘

LockBit and Ragnar Locker were the most active ransomware gangs in India, responsible for 13 per cent and 7.80 per cent of attacks in the January 2020-July 2022 period, respectively…reports Asian Lite News

India is currently 10th in the world on ransomware attacks and small businesses (up to 500 employees) are at the highest risk, accounting for more than half of all attacks (54.7 per cent), a new report showed on Wednesday.

In India, tech/IT is the top industry hit by ransomware (23.40 per cent of all attacks), followed by the manufacturing industry (10.90 per cent), according to cyber-security firm NordLocker.

LockBit and Ragnar Locker were the most active ransomware gangs in India, responsible for 13 per cent and 7.80 per cent of attacks in the January 2020-July 2022 period, respectively.

“Nearly 17 per cent of ransomware attacks in India attack businesses that have over Rs 80 billion in annual revenue. However, most often, ransomware in India targets companies with annual revenue between Rs 8-40 billion (41.5 per cent),” the findings showed.

Companies with an employee count of between 201-500 are the victims of 22.60 per cent of attacks, and those with between 1,001-5,000 employees are victims of 17 per cent of ransomware hacks in the country.

About 11.3 per cent of ransomware attacks in India target companies that employ more than 10,000 employees, said the report that analysed numerous databases of ransomware incidents that affected over 5,000 companies globally.

Nearly 21 per cent of attacks in India target companies that are publicly-traded.

“This type of attack is extremely effective. In the past few years, cases have grown exponentially, while cybersecurity awareness has failed to catch up,”A said Tomas Smalakys, NordLocker CTO.

With a collective revenue of Rs 330.9 trillion, the companies under investigation produce more value than Germany’s entire GDP.

Consumer services, finance and energy industries are the other most affected by ransomware in India.

“Small businesses are top targets for ransomware gangs because, for them, cybersecurity is often an afterthought. Smaller companies justifiably prioritise growing their operation, leaving cybersecurity on the sidelines,” said Smalakys.

ALSO READ: Adani unveils plan for next decade

Categories
India News Tech Lite

Ransomware to cost govt $30 bn  

Cyber-attacks have contributed to a loss of more than $60 billion in decentralised finance (DeFi) currency since 2012 — $44 billion of that vanished during the last 12 months, according to the report by cyber protection company Acronis…reports Asian Lite News

Ransomware is set to cause $30 billion in damages to global organisations by 2023, remaining the top cyber threat to the enterprises as well as governments, a report showed on Wednesday.

Cyber-attacks have contributed to a loss of more than $60 billion in decentralised finance (DeFi) currency since 2012 — $44 billion of that vanished during the last 12 months, according to the report by cyber protection company Acronis.

Ransomware underlines how over-complexity in IT and infrastructure leads to increased attacks.

Nearly half of all reported breaches during the first half of 2022 involved stolen credentials, which enable phishing and ransomware campaigns, according to the report.

To extract credentials and other sensitive information, cybercriminals use phishing and malicious emails as their preferred infection vectors.

Nearly one per cent of all emails contain malicious links or files, and more than one-quarter (26.5 per cent) of all emails were delivered to the user’s inbox (not blocked by Microsoft365).

“Organisations of all sizes need a holistic approach to cybersecurity that integrates everything from anti-malware to email-security and vulnerability-assessment capabilities,” said Candid Wuest, VP of Cyber Protection Research.

Ransomware gangs, like Conti and Lapsus$, are inflicting serious damage.

The Conti gang demanded $10 million in ransom from the Costa Rican government and has published much of the 672GB of data it stole.

Lapsus$ stole 1 TB of data and leaked credentials of over 70,000 Nvidia users. The same gang also stole 30 GB worth of T-Mobile’s source code.

“Six hundred malicious email campaigns made their way across the internet in the first half of 2022 and 58 per cent of the emails were phishing attempts. Another 28 per cent of those emails featured malware,” the report noted.

The business world is increasingly distributed, and in Q2, an average of 8.3 per cent of endpoints tried to access malicious URLs.

“In addition, we will see initial attacks in the metaverse that will exploit smart contract vulnerabilities,” said the report by cyber-security firm Check Point Software.

There has been a 42 per cent increase in cyber attacks globally, with ransomware becoming number one threat.

Ransomware groups have become more structured and operate like regular businesses, with set targets to hit, as cyber attacks become state-level weapons.

“We have seen huge increases in cyberattacks against organisations in all sectors and all countries this year. Unfortunately, this will only get worse especially with ransomware now being the number one threat to organisations,” said Maya Horowitz, VP Research at Check Point Software.

Due to the implementation of internet macros being blocked by default in Microsoft office, the more sophisticated malware families will accelerate the development of new infection chains, with different file types that are password protected to prevent detection as sophisticated social engineering attacks increase. “Hacktivist groups will continue to align their attacks with the agenda of their chosen nation state, particularly as the Russia-Ukraine war is still ongoing,” the report noted.

ALSO READ-Govt not cooperating on Pegasus probe, panel tells SC

Categories
Technology USA

FBI to treat ransomware incidents as terror attacks

President Joe Biden said last week that his administration was “looking closely” at whether to retaliate against Russia for a recent ransomware attack….reports Asian Lite News

Taking a tough stand on growing ransomware attacks, the Federal Bureau of Investigation (FBI) and US Justice Department have announced to treat such cyber incidents as terror attacks.

Christopher Wray, Director of the FBI, told The Wall Street Journal that the country is facing a similar challenge like 9/11, and the Bureau has identified about 100 different types of ransomware, several of them being traced to Russia.

“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention. There’s a shared responsibility, not just across government agencies but across the private sector and even the average American,” Wray told WSJ on Saturday.

President Joe Biden said last week that his administration was “looking closely” at whether to retaliate against Russia for a recent ransomware attack.

“We’re looking closely at that issue,” Biden told reporters at the White House when asked if the US would retaliate against Russia for the latest ransomware attack.

Major meat producer JBS USA said that it suffered a cyberattack and notified the administration that the ransom demand came from a criminal organisation likely based in Russia.

The latest ransomware attack came weeks after a similar cyberattack targeting Colonial Pipeline, which forced the company to shut down approximately 5,500 miles of fuel pipeline for days.

Senior Justice Department officials were quoted as saying in reports that ransomware attacks would be investigated in a manner similar to terror incidents.

Biden said last month that he would raise the cybercrime issue in talks with his Russian counterpart Vladimir Putin when they meet in Geneva on June 16.

Relations between Washington and Moscow have been adversarial in recent years.

The two sides have obvious differences on issues related to Ukraine, cybersecurity, human rights, and US election interference.

Alarmed at repeated cyber-attacks on the country, Biden last month signed an executive order, implementing new policies to improve national cybersecurity.

Admitting that the US is facing persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy, Biden said that the government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.

ALSO READ: Biden announces vaccine sharing plan

Categories
-Top News Europe USA

US ‘looking closely’ at retaliation over ransomware attack

The latest ransomware attack came weeks after a similar cyberattack targeting Colonial Pipeline…reports Asian Lite News

US President Joe Biden said that his administration was “looking closely” at whether to retaliate against Russia for a recent ransomware attack.

“We’re looking closely at that issue,” Biden told reporters at the White House on Wednesday when asked if the US would retaliate against Russia for the latest ransomware attack.

Biden replied “no” when asked if he believes Russian President Vladimir Putin was testing him with the hack ahead of their first-ever face-to-face meeting in Geneva on June 16.

Major meat producer JBS USA said on Sunday that it suffered a cyberattack and notified the administration that the ransom demand came from a criminal organization likely based in Russia.

The US was in direct touch with Russia and conveyed concerns about the issue, White House Press Secretary Jen Psaki told reporters at a briefing on Wednesday.

“We do expect this to be one of the issues that the president will discuss with President Putin at the summit.

“Harbouring criminal entities that are intending to do harm, that are doing harm to the critical infrastructure in the United States is not acceptable,” she added.

The latest ransomware attack came weeks after a similar cyberattack targeting Colonial Pipeline, which forced the company to shut down approximately 5,500 miles of fuel pipeline for days.

The Biden administration concluded that the Kremlin was not involved in the attack against Colonial Pipeline, while indicating criminals behind the hack were living in Russia.

The President said last month that he would raise the cybercrime issue in talks with Putin.

Relations between Washington and Moscow have been adversarial in recent years.

The two sides have obvious differences on issues related to Ukraine, cybersecurity, human rights, and US election interference.

The Biden administration noted it seeks “a more predictable, stable relationship” with Russia.

The much-anticipated Russia-US summit in a third country was first proposed by Biden during a telephone conversation with Putin on April 13, according to the Kremlin.

ALSO READ: Biden announces vaccine sharing plan

Categories
Business India News Technology

Targeted ransomware attacks grow 767% in India

From 2019 to 2020, the number of users encountering targeted ransomware increased by around 767 percent…reports Asian Lite News.

The ransomware attacks on high-profile targets such as corporations, government agencies, and municipal organisations globally increased by a whopping 767 percent in one year (from 2019 to 2020), according to a new report.

Targeted ransomware attacks have become a major concern globally in the past few years, especially for organisations and businesses in the APAC region, especially India.

“At least 61 entities from the region were breached by a targeted ransomware group in 2020. Australia and India being the top two countries that logged the highest number of incidents across APAC,” said Chris Connell, Managing Director, Kaspersky (APAC).

The increase in targeted ransomware occurred alongside a 29 percent decrease in the overall number of users affected by any kind of ransomware, with WannaCry still being the most frequently encountered family, according to cybersecurity firm Kaspersky.

Targeted ransomware attacks involve significantly more sophistication (network compromise, reconnaissance and persistence, or lateral movement) and a much larger payout.

From 2019 to 2020, the number of users encountering targeted ransomware increased by around 767 percent.

The ransomware family most frequently encountered by users is still WannaCry, the ransomware Trojan that first appeared in 2017 and led to damages of at least $4 billion across 150 countries.

Nearly 22 percent of the users that encountered ransomware in 2019 encountered WannaCry, but this decreased to 16 percent in 2020.

“We’ll most likely see fewer and fewer widespread campaigns targeting everyday users. Of course, that’s not to say users aren’t still vulnerable,” said Fedor Sinitsyn, a security expert at Kaspersky.

“However, the primary focus will likely continue to be on companies and large organisations, and that means ransomware attacks will continue to become more sophisticated and more destructive,” he added.

The ransomware threat — when attackers encrypt private information and hold it to ransom — became mainstream news in the 2010s following large-scale outbreaks, such as WannaCry and Cryptolocker.

They targeted tens of thousands of users and often requested relatively small amounts from victims to have their files returned.

Some of the most prolific targeted ransomware families during this time were Maze, the infamous group involved in several loud incidents, and RagnarLocker, also covered in the news.

Both of these families began the trend of exfiltration of data in addition to encrypting it and threatening to make the confidential information public if the victims refused to pay, according to the report.

Also Read-World economy Lost $1 Tn to Cyber Attacks: Report

Read More-‘India ready to combat China’s cyber attacks’