Tag Archive for: Crippling

Sophos: Ransomware is crippling retail organizations

/in


Retail organizations faced a growing threat from ransomware attacks, with fewer managing to stop the encryption of their data. Sophos, a cybersecurity leader, revealed that only a quarter of retailers prevented data encryption during attacks in the last year, marking a decline from previous years. 

This trend indicated a struggle to intercept ongoing ransomware assaults.

“Retailers are losing ground in the battle against ransomware,” said Chester Wisniewski, director, global field CTO, Sophos. “Ransomware criminals have been encrypting increasingly greater percentages of their retail victims in the last three years, as evidenced by the steadily declining rate of retailers stopping cybercriminal attacks in progress. Retailers must up their defensive game by setting up security that detects and responds to intrusions earlier in the attack chain.” 

Sophos: Cybercriminals run contests to advance techniques
Cybercriminals scam each other — Sophos

Organizations that paid the ransom faced significantly higher recovery costs compared to those who restored their data from backups. Despite nearly half of the retail victims yielding to ransom demands, their median recovery expenses were four times greater. 

Wisniewski stressed the importance of robust defenses and rebuilding systems rather than funding cybercriminals.

Key findings outlined the escalating rate of encryption in the retail sector, with a majority falling victim to data encryption by ransomware. Although the percentage of attacks slightly decreased, the time taken for recovery varied, with fewer organizations managing swift restoration.

Boosting cyber defense

Sophos recommended various strategies to boost defenses against ransomware, including enhanced security tools, Zero Trust Network Access, adaptive technologies, and continual threat detection and response. The cybersecurity-as-a-service provider emphasized the necessity of proactive measures such as regular backups, data recovery drills, and updated incident response plans, alongside maintaining stringent security practices like timely patching and constant security tool evaluations.

The survey, participated by 3,000…

Source…

What Suffolk County has to do to recover from crippling cyberattack

/in


The costly, painstaking process of rebuilding Suffolk County’s computer networks in the wake of a ransomware attack may be complicated by uncertainties about how the attack occurred, how much data was lost and whether hackers can re-exploit vulnerabilities, experts say.

One month after BlackCat AlphV’s intrusion on Suffolk networks was discovered and the county was forced to stop it with measures as blunt as physically pulling network cables from their sockets, only parts of the vast system of police, court, health department and real estate systems are back online, some in limited form. Email and phone systems were widely affected, and a source with knowledge of the situation said there are questions about whether years of email records can be restored. 

“You have to make a determination on how to wall off your network,” said Mike Balboni of the Manhattan consulting firm Redland Strategies, which has been a computer security contractor to the county. He declined to discuss specifics of the attack.

Suffolk’s main vendor for firewalls, PaloAlto Networks, also declined to discuss what happened. 

WHAT TO KNOW

  • The process of rebuilding Suffolk County’s computer networks in the wake of a ransomware attack may be complicated by uncertainties about how the attack occurred, how much data was lost and whether hackers can re-exploit vulnerabilities, experts say.
  • The Sept. 8 attack infiltrated departments across the county system, impacting the ability of the police to write tickets and the government to make payments to vendors and local governments.
  • Only parts of the vast system of police, court, health department and real estate systems are back online, some in limited form.

“For this story, we’re not going to be able to assist with your questions, but I appreciate you reaching out,” Kelly Kane, PaloAlto senior manager for threat communications, said in an email.

The Sept. 8 attack infiltrated departments across the sprawling county system, from the Department of Health to the county clerk, affecting the ability of the police to write tickets and the government to make payments to vendors and local governments and provide certain real estate records…

Source…

Critical Vulnerabilities in the U.S. Food Sector and the Next Crippling Attack

/in


The U.S. Department of Homeland Security defines 16 critical infrastructure sectors vital to the physical and economic security of the United States. Any destruction or disruption to one of these sectors would impart a massive, negative impact on U.S. national security. One of these 16 critical infrastructure sectors is the food and agricultural sector. Although not one of the first sectors to come to mind as “critical” to most people, this sector nonetheless touches the lives of all Americans. It is almost entirely privately owned yet accounts for one-fifth of the nation’s economic activity. It is composed of more than 2 million farms, more than 900,000 restaurants, and more than 200,000 food manufacturing, processing, and storage facilities.[1] In addition, this sector is closely linked with many other critical infrastructure sectors, including water and wastewater systems (for irrigation), transportation systems (for movement of food and animals), the energy sector (for powering the processing of food), and the chemical sector (for fertilizers and pesticides). Any disturbance to the food and agricultural sector will cause additional effects to the other critical infrastructure sectors. As such, it is of vital importance to protect food and agricultural operations in the U.S.

The COVID-19 pandemic brought about historic supply chain issues that most people had not yet seen in their lifetimes. Facility shutdowns, labor shortages, and energy problems all took a toll on the food industry in terms of both supply and demand, and American consumers felt and continue to feel the economic side effects. This issue has brought to light some of the vulnerabilities found within the food sector. Most importantly, in addition to disruptions within the supply chain, the U.S. has seen an increasing number of cyberattacks that target physical food processing operations. There are a multitude of existing and emerging vulnerabilities that make agricultural entities prime targets for cyberattack, especially attacks from Russia. This has become so noticeable in recent years that U.S. congressional representatives have begun introducing bills to help protect against cyberattacks in the food…

Source…

No crippling cyberattacks in Ukraine war, yet

/in


Russia has some of the best hackers in the world, but in the early days of the war in Ukraine, its ability to create mayhem through malware hasn’t had much of a noticeable impact.

Instead, it is Ukraine that has marshaled sympathetic volunteer hackers in an unprecedented collective global effort to make the Kremlin pay for making war on its neighbor. It’s a kind of cyber free-for-all that experts say risks escalating a moment already fraught with extraordinary danger after Russian President Vladimir Putin put his nuclear forces on alert.

The kind of devastating cyberattacks thought likely to accompany a large-scale Russian military invasion haven’t happened.

Michael Daniel, a former White House cybersecurity coordinator said, “It has not played as large a component as some people thought it might and it definitely has not been seen outside of Ukraine to the extent that people feared.”

While it still is not totally clear by Russia hasn’t been able to make a bigger impact in their cyber warfare efforts on Ukraine so far, Ukraine’s industrial infrastructure is not heavily reliant on a digital component as in the case in Western countries, so this may be a factor, as the Associated Press reports.

A volunteer group that has labeled itself the IT Army of Ukraine, with over 230,000 followers on their Telegram channel, has been listing Russian targets to hit back at, like banks and Russian cryptocurrency exchanges.

Source…