Most of the ransomware incidents invite lawsuits in the United States

A recent survey conducted by Comparitech revealed that in 2023, one out of every five ransomware attacks resulted in legal action, with approximately 123 cases filed. This alarming trend suggests a significant rise in litigation stemming from cyber incidents, with many cases from the previous year still pending reporting.

Examining data from the past five years, it’s evident that ransomware incidents have been on the rise, totaling around 3000 occurrences between 2018 and 2023. Of these, 355 lawsuits specifically addressing file-encrypting malware attacks were filed during the same period.

According to Comparitech’s ransomware incidents report, out of 228 resolved cases, 59% resulted in either data breach settlements or out-of-court resolutions through arbitration. The remaining cases faced penalties for inadequate consumer data protection measures.

A concerning aspect of ransomware attacks is the emergence of double or triple extortion tactics, where data breaches are leveraged to coerce victims into paying ransoms. This pressure often leads to legal action as victims seek to mitigate the fallout from stolen data.

The true impact of ransomware lies not merely in file encryption but in data exfiltration. Cybercriminals exploit this stolen data, threatening to release it or sell it on the dark web unless a ransom is paid. This creates a dilemma for victims, as payment rewards criminal behavior and offers no guarantee of data recovery or deletion.

In a recent incident involving the BlackCat ransomware group targeting Change Healthcare, a subsidiary of United Health, a ransom of $22 million was demanded to prevent the disclosure of stolen data. However, another group, RansomHub, swiftly emerged, demanding an additional $15 million in Bitcoin, illustrating the complex dynamics of ransom negotiations.

To counteract these threats, the FBI issued a statement in November 2019-2020 advising against ransom payments, citing their ineffectiveness in deterring crime and ensuring data recovery. Ultimately, the decision to pay rests with the victim, but those with robust backup strategies are better positioned to resist extortion tactics and safeguard their data.

The post Most of the ransomware incidents invite lawsuits in the United States appeared first on Cybersecurity Insiders.

May 03, 2024 at 08:37PM

Read More

Essential programming languages to be learnt by Cybersecurity Professionals

In the ever-evolving landscape of cybersecurity, proficiency in programming languages has be-come indispensable for professionals seeking to defend against digital threats effectively. Whether you’re securing networks, analyzing malware, or developing security tools, mastering certain programming languages can significantly enhance your capabilities. Here are some essential programming languages for cybersecurity professionals:

Python: Widely regarded as one of the most versatile programming languages, Python is a favorite among cybersecurity experts. Its simplicity, readability, and extensive library support make it ideal for tasks ranging from scripting to data analysis. Python’s popularity in cybersecurity stems from its effectiveness in tasks like automating security tasks, building tools for penetration testing, and developing security solutions.

C/C++: Despite being more complex than Python, C and C++ are fundamental languages in cybersecurity. Understanding these languages provides insights into low-level system operations, memory management, and vulnerability exploitation. Many security-critical applications, such as operating systems and firmware, are written in C/C++, making proficiency in these languages essential for vulnerability analysis and reverse engineering.

JavaScript: As the backbone of web development, JavaScript plays a crucial role in securing web applications and detecting client-side vulnerabilities. Cybersecurity professionals often leverage JavaScript for tasks like web application security testing, analyzing browser-based attacks, and developing browser extensions for security enhancements. Familiarity with JavaScript frameworks like Node.js is also beneficial for server-side scripting and building security tools.

SQL: Structured Query Language (SQL) is indispensable for securing and managing databases, which are prime targets for cyber attacks. Cybersecurity professionals utilize SQL for tasks like database security auditing, identifying SQL injection vulnerabilities, and conducting forensic investigations on compromised databases. Understanding SQL queries and database manipulation techniques is essential for protecting sensitive data and preventing data breaches.

Bash/Shell scripting: For automating routine tasks, managing system configurations, and con-ducting incident response activities, proficiency in Bash or Shell scripting is invaluable. These scripting languages are native to Unix-based operating systems, making them essential for tasks like system hardening, log analysis, and creating custom security scripts. Mastery of Bash scripting enables cybersecurity professionals to streamline workflow processes and respond promptly to security incidents.

Ruby: Although less prevalent than Python in the cybersecurity community, Ruby offers unique advantages for certain security tasks. The Metasploit Framework, a popular penetration testing tool, is written in Ruby, making knowledge of this language beneficial for exploiting vulnerabilities, creating custom payloads, and developing modules for penetration testing. Additionally, Ruby’s simplicity and expressiveness make it suitable for rapid prototyping of security tools and frameworks.

Assembly Language: While not commonly used for day-to-day tasks, understanding Assembly Language is crucial for deep-level understanding of computer architecture and vulnerability exploitation. Proficiency in Assembly Language enables cybersecurity professionals to analyze malware, dissect binary executables, and uncover vulnerabilities in software at the machine code level. Although daunting to learn, familiarity with Assembly Language provides invaluable insights into how computer systems operate at their core.

In conclusion, mastering programming languages is essential for cybersecurity professionals looking to stay ahead in the constantly evolving threat landscape. By acquiring proficiency in languages like Python, C/C++, JavaScript, SQL, Bash/Shell scripting, Ruby, and Assembly Language, cybersecurity professionals can enhance their capabilities in threat detection, vulnerability analysis, incident response, and security tool development, ultimately strengthening the defense against cyber-attacks.

The post Essential programming languages to be learnt by Cybersecurity Professionals appeared first on Cybersecurity Insiders.

May 03, 2024 at 11:35AM

Read More

Microsoft issues cyber threat alert to Google on Vulnerable Mobile Apps

Microsoft Security Analysis team recently alerted Google’s Android Security Research teams to a critical issue potentially affecting billions of Android app users. This vulnerability could lead to various cyber threats, including token thefts, code execution attacks, and other common security risks.

Responding swiftly to the alert, Google promptly released new guidelines for Android app developers to help them identify and address these security concerns. The aim is to prevent similar vulnerabilities from being introduced into future app developments.

Notably, popular apps like Xiaomi Inc’s File Manager Product and WPS Office, boasting over half a billion downloads, were identified as having these security weaknesses.

In a separate move, Google announced enhanced security measures for apps developed by governments and aimed at public welfare. Following extensive testing on its Google Play Store platform, the company will roll out official badges for apps in more than 14 countries, signifying their legitimacy as government applications.

Over the past three years, Google has banned over 2 million Android applications, including more than 37,000 that were clones of existing apps but designed for malicious purposes. A recent report revealed that Google blocked over 7,000 applications imitating mobile apps from federal agencies, involved in fraudulent activities such as data theft and financial scams.

The new badges will initially cover over 2,000 federal apps from governments in countries including Australia, Canada, Germany, France, the United Kingdom, Japan, South Korea, the United States, Brazil, Indonesia, India, and Mexico.

The beta version of this feature has been in testing since November 2023 and has been included in the developer guidelines since then.

To facilitate the smooth implementation of the badges, governments and developers are encouraged to use official government email IDs for correspondence and provide authorization proof during the application process.

The post Microsoft issues cyber threat alert to Google on Vulnerable Mobile Apps appeared first on Cybersecurity Insiders.

May 03, 2024 at 11:30AM

Read More

Dropbox Sign witnesses data breach

Dropbox has recently made headlines after falling victim to a sophisticated cyber attack, resulting in the exposure of user data. The incident occurred within Dropbox Sign, a service utilized for managing documents online, bearing similarities to DocuSign.

According to a media update issued by the cloud storage service, as also mentioned in regulatory filings, the data breach occurred on April 24, 2024. It led to the leakage of user information, including phone numbers, usernames, emails, hashed passwords, and authentication-related data such as OAuth Tokens and API Keys.

Security analysts highlight that the theft of authentication keys, such as tokens and certifications, could enable hackers to bypass security measures effortlessly and gain access to data stored on servers.

In the case of Dropbox Sign, previously known as HelloSign, the company asserts it has found no evidence indicating misuse of the stolen data by hackers, including payment information. However, the potential financial repercussions loom, prompting the online storage provider to reassure investors.

To mitigate risks, Dropbox recommends users reset passwords, log out of all connected devices, log back in, and rotate API keys and OAuth Tokens. Additionally, enabling multi-factor authentication can bolster account security. Given the siphoning of email data, users are advised against clicking on unsolicited links received via email and refraining from disclosing personal details.

This incident echoes a similar security breach experienced by Dropbox in early 2022, when hackers accessed data from over 130 code repositories by exploiting stolen credentials of one of a C level employee.

The post Dropbox Sign witnesses data breach appeared first on Cybersecurity Insiders.

May 02, 2024 at 08:42PM

Read More

LayerX Security Raises $24M for Innovative Browser Security Platform

LayerX, the creator of the innovative LayerX Browser Security platform, has successfully closed $24 million in Series A funding. This round was spearheaded by Glilot+, Glilot Capital Partners’ early-growth stage fund, with contributions from Dell Technologies Capital and other backers. Lior Litwak, Managing Partner at Glilot Capital and Head of Glilot+, along with Yair Snir, Managing Partner at Dell Technologies Capital, are set to join LayerX’s board.

The influx of funds will bolster corporate development, enhancing talent recruitment and expanding the company’s global footprint. To date, the company’s funding total has reached $32 million. In today’s digital age, enterprise employees increasingly depend on browser-based tools and SaaS platforms. However, these essential tools also introduce significant security threats, such as data breaches, identity and password thefts, harmful browser add-ons, phishing websites, and more. Specifically designed to fortify browser-based operations on both managed and unmanaged devices, LayerX stands out in its field.

“We’ve transformed workforce protection for organizations without requiring the transition to a dedicated secure browser. Unlike other solutions, installed in a matter of minutes, the LayerX Browser Extension does not impact employee efficiency, speed, privacy or the browsing experience, ” said Or Eshed, co-founder and CEO, LayerX. “As the browser becomes more central to the employee, we anticipate it becomes more attractive to the attacker, particularly in the wake of GenAI tools used in browser-related activities,” he continues. “Today’s funding round is a testament to our increasing market opportunity and the innovation behind our platform’s user-friendly approach to a more secure browser experience.”

The LayerX Enterprise Browser Extension works seamlessly across all major browsers like Chrome, Firefox, and Edge, requiring no agents, VPNs, or changes to network settings. Upon deployment, security and IT departments can monitor user activities closely and address threats instantly, all without disrupting the user experience. LayerX effectively shields against all types of threats, whether they originate from user errors or external attacks. The platform’s AI technology meticulously examines browser-executed code, automatically generating detailed insights into user behavior.

“Since inception, LayerX showed super fast growth and adoption by the world’s leading enterprises. The company is at the forefront of defense for modern organizations. By protecting the browser, the central productivity application in organizations, from a wide range of new-generation security risks, LayerX can solve acute security problems that have remained unanswered until now,” said Kobi Samboursky, Founding and Managing Partner at Glilot Capital

“We believe that this novel solution for securing browsers will replace most SASE and SSE solutions prevalent today in organizations. At an estimated market size of $7 billion, the potential inherent in LayerX’s technology is tremendous.”

“Similar to other successful entrepreneurs in the cybersecurity field we’ve collaborated with, Or and David bring significant experience and knowledge in understanding the technical issues involved in threats to organizations and the motivations of attackers. Consequently, they recognize that effective security measures should adapt to real-world user behaviors, rather than the other way around,” said Yair Snir, Managing Director at Dell Technologies Capital.

“In a world where most computer operations are conducted through browsers, LayerX introduces a creative approach to corporate security that is user-friendly, robust, and easily implementable in large organizations. This approach transforms the browser from a major vulnerability to a strength, facilitating secure work across devices. Our investment in LayerX isn’t just driven by the promising opportunity but also by the potential impact of the company’s solution on organizations, regardless of where employees conduct their tasks.”

About LayerX
LayerX was founded in 2022 by Or Eshed, CEO, and David Weisbrot, CTO, who developed web attack and defense systems during their military service. In 2017, Eshed led the exposure of the largest attack campaign in history on the Chrome browser, which involved tens of millions of compromised browsers and even led to the capture and trial of the hackers. LayerX has Fortune 100 clients worldwide.

LayerX Enterprise Browser Extension natively integrates with any browser, turning it into the most secure and manageable workspace, with no impact on the user experience. Enterprises use LayerX to secure their devices, identities, data, and SaaS apps from web-borne threats and browsing risks that endpoint and network solutions can’t protect against. Those include data leakage over the web, SaaS apps and GenAI Tools, malicious browser extensions, phishing, account takeovers, shadow SaaS, and more.

The post LayerX Security Raises $24M for Innovative Browser Security Platform appeared first on Cybersecurity Insiders.

May 02, 2024 at 06:40PM

Read More

United Health CEO testifies before senate for ransomware attack

In February of this year, a ransomware assault on Change Healthcare caused significant disruptions in medical supply chains and billing procedures, prompting the company to isolate its computer network and launch a clinical investigation.

Fast forward two months from the cyber onslaught, Andrew Witty, CEO of UnitedHealth, the parent company of Change Healthcare, appeared before the Senate to provide testimony regarding the digital breach. Acknowledging that the cyber attack on Change Healthcare was indeed a ransomware incident, Witty attributed it to the absence of multi-factor authentication, a foundational cybersecurity measure that every company, regardless of size, sector, or financial standing, should adhere to.

Multi-factor authentication entails requiring users to provide two or three verification factors to access their accounts, serving as a barrier against unauthorized access.

Initial estimates suggest the attack has resulted in a financial loss of $22 million thus far, with concerns mounting that the figure could soar into the billions by the third quarter of this year.

Interestingly, speculation arose from certain media outlets suggesting that Change Healthcare had struck a deal with the ALPHV ransomware group and paid a ransom to regain access to encrypted data. Despite reportedly paying around 350 bitcoins to the BlackCat ransomware group, the company continues to face threats of data exfiltration since April 2024 from another group known as RansomHUB, demanding $15 million for the deletion of pilfered information.

Further investigations revealed RansomHUB’s involvement in the attack, indicating that since severing ties with the BlackCat gang, they have embarked on their own venture, extorting ransom payments from their already targeted victims, as they possess all the stolen data on their servers.

Security experts suggest that this latest development could either be a scheme to extract more money or a genuine threat. Regardless, the victims find themselves caught in an ongoing saga, with no resolution in sight at least for the near future.

The post United Health CEO testifies before senate for ransomware attack appeared first on Cybersecurity Insiders.

May 02, 2024 at 10:36AM

Read More

Organizations Need Fully Autonomous Security Powered by Gen-AI

Traditional approaches to security automation no longer suffice in today’s dynamic environments. Talent is getting scarce, and at the same time threat vectors are getting more complex. A fully autonomous security platform presents a big opportunity in the global cybersecurity market, which, according to a cybersecurity market report, is to grow to $298.5 billion by 2028.

Simbian is a leader in the field, using a deep understanding of the nuance and context of security automation that learns with AI and gets smarter and deeper over time.​ Recently the company introduced the industry’s first GenAI-powered security co-pilot that integrates secure and intelligent AI solutions into diverse IT environments to maximize coverage and expedite resolutions to security teams’ ever-changing needs.

The co-pilot continuously observes user actions and environments and learns to autonomously perform increasingly sophisticated tasks on its own over time. Simbian is committed to making security fully autonomous by delegating all tactical tasks to its trusted AI platform, allowing users to focus on strategic security goals.

 

Security teams cannot keep up with the operational tasks they must do each day, despite years of investment in in-house automation and tools to make them more effective.  Simbian puts the security operator firmly in charge of security decisions, enabling the user to interact with products across vendors to get things done. The company is unique in the industry offering the ability to generate commands in code using LLM and based on a natural language user interface, and enables users to craft permutations of the actions Simbian supports, all on the fly.

Simbian’s GenAI-powered platform is the industry’s first security co-pilot that adapts to diverse IT environments and covers the entire gamut of security functions. Most businesses have a mix of software from multiple vendors and in-house software. Each business and each member of a security team have unique, ever-changing security needs. Simbian helps every member of the security team from the CISO to the frontline practitioner solve their unique security needs in real-time. Users provide their goal in natural language, and Simbian’s patent-pending LLM-powered platform provides personalized recommendations and generates automated actions across heterogeneous environments – delivering better security outcomes, higher agility to evolving business needs and threats, and lower costs.

 

Security is a domain of ever-increasing complexity. Every day security incidents bring new variables. Simbian is taking a big step forward towards the mission of a fully autonomous security platform. While security vendors are increasingly using GenAI, off-the-shelf GenAI models come with many security risks, including hallucinations, prompt injection risks, and exposure of PII/confidential data. Simbian minimizes these risks by leveraging a patent-pending, hardened LLM system called TrustedLLM that utilizes multiple layers of security controls between the user and the GenAI models it uses under the hood.

 

AI-driven security solutions can greatly improve threat detection, speed remediation, and reduce complexity. Simbian is bringing this vision to a reality, leveraging AI to automate many of the more challenging, frequent security tasks performed by all levels of security analysts throughout their day.

 

The company is venture backed and headquartered in Mountain View, Calif. For more information, visit www.simbian.ai, or follow Simbian on https://www.linkedin.com/company/simbian/ and https://twitter.com/simbianai.

The post Organizations Need Fully Autonomous Security Powered by Gen-AI appeared first on Cybersecurity Insiders.

May 01, 2024 at 05:14PM

Read More