Tinder achieves certification in Information Security Management System

Tinder, the most popular dating app among millennials has achieved for the first time a certification in Information Security Management System that endorses that the user data on the company servers remains well protected from all kinds of cyber threats.

ISO/IEC 27001:2013 is the first information security certification provided to Tinder by Coalfire ISO that offers extensive impartial external audit procedures to app owners. The standards claimed comply with the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and confirm that the member data, intellectual property, financial info, employee data, are well protected as per the internationally accepted standards.

In what is known to Cybersecurity Insiders, Tinder’s IT team invested several months in gaining the latest data security certification that is only available when all the 114 physical, operational, technical and security controls are followed while protecting the data. This is only achieved with related hardware and software that help in strengthening the current security posture.

Coalfire ISO is an accredited Management systems certifying body that is recognized by United Kingdom Accreditation Service (UKAS) and ANSI National Accreditation Board (ANAB). And this external audit ISO has given a certification that the dating app’s security program is efficient enough to protect its members, employees and business partner’s information from all the prevailing threats in the digital space.

Note- Launched: in the year 2012, Tinder allows users to like or dislike the photos, bio and common interest about all prospective matches and has gained over 5.2 million pay subscribers till the end of 2019. However, the Federal Trade Commission alleged that the parent company ‘The Match Group’ was creating fake female profiles to make men users pay for subscription in order to seek contacts of the profiles. In January 2021, Tinder tried its best to put an end to all data privacy related queries by implanting an anti-spam filter that helps protect users from catfishing scams, revolving around snapchat.

The post Tinder achieves certification in Information Security Management System appeared first on Cybersecurity Insiders.

March 01, 2021 at 10:35AM

Read More

It is Microsoft vs Dell and IBM after SolarWinds hack

In November 2020, Security firm FireEye revealed that a Russian intelligence funded hacking group had infiltrated the computer networks of several organizations and was indulging in several espionage related tactics since 2019.

Now, debate between tech companies has started on whether it is safe to store data on cloud storage platforms or on-premises appliances.

Tech giant Microsoft led by Satya Nadella argues that cloud computing systems are safe any type of corporate data and is encouraging the technology as its future vision. However, Dell Technologies, along with International Business Machines (IBM) is arguing that corporate networks need to secure their data on-premises data centers. Amazon says that it is always better to store data in hybrid environments where critical data is stored on premises and the rest of the data is moved to the cloud.

On February 24th, 2021 government and private industry’s Cybersecurity experts accessed the whole situation and stated that there needs to be a detailed debate on how companies need to reassess their network security from assumptions.

Last Friday, Brad Smith, the President of Microsoft, presented his views before the house committee and stated that cloud migration has become critical to improve security mellowness across several businesses that are involved in on-premises data management.

Frankly , Microsoft has emerged as one of the big of the biggest cloud vendors across the globe offering most data protection to customers.

However, Redhat head Paul Cormier feels that a hybrid cloud approach helps keep data secure as it is stored onshore and off the shore premises. Now, the company that has become a business subsidiary of IBM is seeing a growing demand for hybrid cloud services is busy supporting the hybrid theme, unlike Microsoft and IBM that are to support cloud and on-premises data storage services, respectively.

The post It is Microsoft vs Dell and IBM after SolarWinds hack appeared first on Cybersecurity Insiders.

March 01, 2021 at 10:33AM

Read More

Nutanix makes its Cloud Platform Ransomware free

Nutanix, a cloud infrastructure and software provider has made it official that its cloud platform will be ransomware protected, thus making it conducive for businesses to implement their virtualization and other enterprise network storage needs with no hesitation.

Technically, Nutanix has added a threat monitoring and detection service along with data replication and robust access controls to its Nutanix stack. Therefore, companies willing to move forward with their business continuity plan can use the Nutanix cloud platform for their IP storage or multi cloud environment needs.

The American Cloud Company platform has added automated anomaly detection by supporting it with machine learning capabilities that help secure the network operations by shielding it from all sophisticated threats.

Ransomware detection and protection services will also be available to those using Nutanix file storage services, and the highlight is that they can also use the analytics feature that helps detect abnormal and suspicious access patterns to data and locks the data from access to ransomware signatures.

Note- Founded in 2009, Nutanix offers hyper-converged infrastructure, cloud computing services, and software defined storage. Because of the corona virus global shutdown, the company furloughed over 1700 of its employees in April 2020 and worked on a subscription based model for usage billings. In the year 2017, the Rajeev Rama Swamy led company partnered with IBM to create data center related hardware using IBM Power Systems for business apps.

The post Nutanix makes its Cloud Platform Ransomware free appeared first on Cybersecurity Insiders.

February 26, 2021 at 08:43PM

Read More

Local mafia was behind cyber attacks on French Hospitals

France Minister Cedric O has cleared the air that local mafia type organizations were behind cyber attacks on two of the healthcare organizations of France and no state funded organizations were involved in the incident.

Condemning some reports published in a certain section of media, Cedric O stated that some hacking groups based in Eastern Europe were involved in the attack- as per the preliminary inquiry.

Often such cyber crooks demand a ransom in cryptocurrency to keep their activities concealed and sometimes indulge in double extortion techniques to gain some assured sum.

Dax and Villefranche Sur Saone were still working with pen and paper instead of computer systems according to Cedric O and is said to improve by this month’s end.

For those uninitiated, France President Emmanuel Macron announced a $1billion investment in French Currency early this week to strengthen the entire National Infrastructure of the country. He bolstered the network after learning that some hackers spent 3 full years breaching the network of organizations via a software vulnerability developed by Centreon.

Adding to the list of companies targeted by ransomware, were motor company Trigano and cruise maker Beneteau who made it official that their IT infrastructure has suffered cyber attacks.

Note- Last year, United States FBI urged all ransomware victims not to pay any ransom to the hackers spreading the file encrypting the malware, as it encourages them in distributing more malware and doesn’t guaranty a decryption key. However, later the investigative agency switched its response and asked the victims to act wisely and react to the situation.

The post Local mafia was behind cyber attacks on French Hospitals appeared first on Cybersecurity Insiders.

February 26, 2021 at 10:28AM

Read More

Fresh Cyber Attack on Oxford University Laboratory

Oxford University is back in news for being attacked on a digital note. Confirmed sources report that its Division of Structural Biology division dubbed Strubi was hit by a cyber attack leaking some vital information to hackers. The only good news is that no classical data was compromised, and the hack has been totally contained- all thanks to the IT staff of the internationally renowned educational institute.

National Cyber Security Centre (NCSC) has started an investigation as soon as it learnt about the attack and is busy finding the culprit behind the incident.

A third party company that was pressed into service to investigate the incident along with the national law enforcement agency suspects a nation funded hacking group behind the incident as the attack was carried out on a sophisticated note and targeted research documents related to Covid-19.

Although Strubi is not into the vaccine development, it offers Covid cells related information to clinical laboratories such as AstraZeneca that are into Vaccine development and distribution.

Forbes has come up with an update that the infiltration by the hackers could have taken place on February 13 and 14th of this year, 202l. 

Already many International security agencies such as US FBI and France’s Agence Nationale De La Securite Des Systemes D’Information have issued a warning in November last year showing a possible cyber attack on laboratories that are into vaccine research. And have requested all healthcare providers to increase their defense line against all variants of sophisticated threats existing in the cyberspace.

The post Fresh Cyber Attack on Oxford University Laboratory appeared first on Cybersecurity Insiders.

February 26, 2021 at 10:27AM

Read More

Cyber Threat warning to never search for these things on Google

Whether you are using a mobile phone or a laptop for your online search needs, security experts are recommending not to indulge in such activity without weighing the pros and cons on a proper note.

While it is easy to gain knowledge about everything on Google these days, there is a high chance that the activity can land you into deep trouble if you show some carelessness. As scammers are always on the prowl to target victims by optimizing search results with fake results, products, services, names, addresses or contact numbers.

So, be careful while searching for customer care numbers on Google as many of the fraudsters are posting fake business listings and customer care numbers that can land you into deep trouble in the future. So, better rely on apps that the companies are offering to avoid such fake website or service troubles.

Also, while doing banking or online shopping, make sure you double check the URL that you are accessing, as scammers are seen posting fake websites that can skim the login credentials.

Never download apps and software from Google search as it can induce malware or spying software onto the device. Therefore, always rely on the official app stores like Google Play or Apple Store.

Never-ever rely on the free tips that are being offered related to finances and stock market as often such content dumped on Google is misleading or favoring few individuals or companies.

Last, but not the least, always re-verify the government websites that you are accessing to file municipal taxes, water bills and other utility services as scammers are seen offering a counterfeit to such websites to dupe the general public. Plus, do not search for discount coupons on Google search as it lands the victims into deep trouble by making them click on malicious websites that steal bank login details and currency from e-wallets.

Note- Keeping aside cyber hygiene, a personal tip from our Cybersecurity Insiders who are reading this article. Don’t ever blindly believe on the tips offered on health, medical prescriptions, weight loss and nutrition as such tips have mostly landed the followers in deep health issues.

The post Cyber Threat warning to never search for these things on Google appeared first on Cybersecurity Insiders.

February 25, 2021 at 08:42PM

Read More

Mobile Security quotient increased in iPhones

All those who are worried about phishing attacks on Apple iPhones, here’s news to rejoice. With the latest update, the Cupertino giant has made it difficult for hackers to break into iPhones just by sending malicious links via messages or emails.

From March 12th, 2021, Apple will change the way it secures a code that works on the operating system that will keep all zero-click attacks at bay.

Technically, Zero Click attacks allow the hackers to take control of iPhone by targeting the victim with a malicious link and often these attacks are hard to detect. But in coming weeks, the company will tweak its beta version of iOS 14.5 to help its mobile customers to safeguard their device from sophisticated cyber attacks.

In the past, Apple Inc was using Pointer Authentication Codes (PAC) to prevent memory corruption by hackers. Now, the technique has been changed and will be guarded by a sophisticated version of authentication and validation of the ISA Pointers.

Meanwhile, an official update is out from the tech giant that its upcoming version of iPhone 13 model devices will use the latest version of Qualcomm Snapdragon X55 modem that will be compatible with the use of 5G technology by wireless network providers.

As more and more OEMs are interested in offering 5G ready equipment, Apple seems to go ahead in the race by offering mmWave and sub-6GHz band in the latest series of iPhone 13 devices. However, the latest tech is not the latest in technology and might be used to keep the costs under control.

The post Mobile Security quotient increased in iPhones appeared first on Cybersecurity Insiders.

February 25, 2021 at 10:38AM

Read More

A surge in Ransomware attacks against Universities

All these days we have seen an increase in ransomware attacks against healthcare companies. Now, news is out that the attacks related to file encrypting malware have doubled in 2020 on Universities, especially involved in the development of Corona Virus Vaccine.

According to a research carried out by BlueVoyant on over 2702 Universities operating across 43 countries, almost all of them were found to be facing ransomware attack as the number one cyber threat. And on an average, the cost of payments made to hackers reached $450,000.

Security experts say that the increase in attacks was witnessed because many of the educational institutes switched to remote teaching/learning, exposing their networks to the sophisticated hacking techniques like social engineering attacks.

As there is an enormous demand for the credentials of university students on dark web, some hacking group are readily offering such information for less than $250 for over 10k accounts. This is making hackers purchase such stuff and launch cyber attacks.

Threat actors are always on a lookout for vulnerabilities to be exploited in the networks of educational institutes and so universities are being urged to increase their defense line by solidifying their Cybersecurity posture as this not only helps in keeping cyber crooks at bay but also help reduce the crime to a large extent by demoralizing those who want to earn illegitimately.

Keeping up a disaster recovery plan in place, creating an awareness among employees about the threats lurking in the current cyber landscape, and having in-house threat monitoring solutions can help in defending the IT infrastructure of the educational institutes from all variants of cyber attacks.

The post A surge in Ransomware attacks against Universities appeared first on Cybersecurity Insiders.

February 25, 2021 at 10:36AM

Read More

Medical data from France stolen and IT provider ransomware attack

Sensitive data that was got from over 30 Medical laboratories operating in France was stolen and released by hackers because of some unknown reasons. The siphoned information includes birth date, social security number, blood group, health insurance details, medical treatment history, illnesses like HIV that were detected till date, medicine info and pregnancy confirmation and details, contact details, names of patients, phone numbers, postcodes and addresses of over 491,840 people belonging.

Cybersecurity Insiders has learnt that the details were being stored on the servers of a healthcare software provider named Daedalus Software Inc from 2015 to 2020 that was providing IT services to over 49 laboratories from North West France and hackers stole the data that was stored on the computer network between 2015-2020.

It was probably the work of a group of hackers and the data leak took place because of some disagreement between a hacker or two in the group said Damien Bancal, who first revealed the story to the world.

Meanwhile, news is out that a ransomware attack has taken place on IT service provider TietoEvry of Finland that has resulted in disruption of services to the customers.

Geir Remman, a communication director at TietoEvry said that there was indeed some technical glitches in their services, but did not confirm that the attack was because of a ransomware or any other cyber incident.

To those uninitiated, TietoEvry provides IT and Product engineering services in over 20 countries. And work is going on full swing to restore the data as soon as possible through a disaster recovery plan.

The post Medical data from France stolen and IT provider ransomware attack appeared first on Cybersecurity Insiders.

February 24, 2021 at 08:44PM

Read More

39% of Healthcare Organizations Suffered Ransomware Attacks in the Cloud in 2020

As a result of a cloud breach, one in four healthcare organization was fined for non-compliance and 1 in 10 was sued, Netwrix study finds. 

IRVINE, Calif., February 24, 2021 – Netwrix, a cybersecurity vendor that makes data security easy, today announced findings for the healthcare sector from its global 2021 Netwrix Cloud Data Security Report.

 

The survey found that in 2020, the most common incidents that healthcare institutions experienced in the cloud were phishing (reported by 44% of organizations), ransomware (39%) and data theft by insiders (35%). Data theft was the hardest of the three to detect; more than half of organizations required days or weeks to flag it, while phishing and ransomware were spotted in hours or less by the overwhelming majority. 

 

The top consequences of cloud breaches in the healthcare sector were unplanned expenses to fix security gaps (24%), compliance fines (23%) and lawsuits (11%). Most healthcare organizations attribute their cloud security challenges to lack of budget (61%), lack of IT/security staff (56%) and employee negligence (39%).

 

Other survey findings include:

• 61% of healthcare organizations store customer data in the cloud and 54% store personal health records there. 
• 32% of healthcare organizations needed days to discover accidental data leakage and supply chain compromise.
• The top security measures healthcare organizations are taking in response to cloud security challenges are encryption (78%), review of access rights (75%) and employee training (65%).

 “An explosion of telehealth services and the shift of non-clinical employees to WFH increased the need for cloud technologies in the healthcare sector. As a result, new avenues for cyber threats opened up. Moreover, because hospitals and health systems are dealing with high caseloads caused by the pandemic, the threat to care delivery remains extremely high. Our report highlights the lack of security fundamentals that could improve the security posture of these organizations. They should consider stronger data governance processes to reduce their attack surface; real-time user activity monitoring to improve time to detect incidents; and training and security awareness programs for both IT staff and employees,” said Ilia Sotnikov, VP of Product Management at Netwrix. 

 

The 2021 Netwrix Cloud Data Security Report is based on feedback from 937 IT professionals worldwide who use private and public cloud services to store their data. To get the complete findings, please visit www.netwrix.com/2021_cloud_data_security_report.html.

About Netwrix 

Netwrix makes data security easy, thereby simplifying how professionals can control sensitive, regulated and business-critical data, regardless of where it resides. More than 10,000 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers.

Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.

For more information, visit www.netwrix.com.

The post 39% of Healthcare Organizations Suffered Ransomware Attacks in the Cloud in 2020 appeared first on Cybersecurity Insiders.

February 24, 2021 at 08:31PM

Read More

Clubhouse social app suffers a data breach due to Chinese App developer

Clubhouse, an audio based chat app only being used by iPhone users is in news for all wrong reasons. The app that has almost 600,000 registered users, since March 2020 was suspected to have been breached when a Chinese app developer crafted an open source app that was having the potential to access the invites meant only through Apple iOS loaded devices.

Technically , the app works on iOS devices and the Android version of the audio app was due to be released at sometime early next year. However, a Chinese application developer named Grigory Klyushnikov offered an open source app on the Github that listened to audio conversations meant for Clubhouse invites only.

Privacy advocates who have been screeching against Clubhouse for launching the app without giving importance to information security seems to have gained a chance with the latest revelations as from the past two days, several Twitterati are seen expressing their concerns against the Paul Davidson found company for putting their devices at risk of being monitored and becoming a data point to hackers.

However, the iOS based chat app says that it has provided all security features to its users to chat securely and share common interests along with the purpose of learning more about new topics.

Note- Clubhouse app operates on China’s Agora.ai technology and has gained a lot of popularity after the corona virus propelled worldwide lockdown. As soon as Elon Musk indulged in an audio conversation with Good Time Club on the platform of Clubhouse, in Feb’2021 the app gained immense popularity by hitting the mark of 600,000 active users from just 300,649 registered in Jan’2021.

The post Clubhouse social app suffers a data breach due to Chinese App developer appeared first on Cybersecurity Insiders.

February 24, 2021 at 09:59AM

Read More

Ransomware Attack on Airplane maker Bombardier

Clop Ransomware gang has targeted airplane maker Bombardier from Montreal, Canada, leaving the company employees not only embarrassed by the data breach but also worried as some of their classical data was published online early this week.

Highly placed sources say that the ransomware spreading gang infiltrated the computer network of Bombardier by exploiting vulnerability in the Accellion file sharing software that led to many such data breaches that came into light last month.

Cybersecurity Insiders has learnt that the hackers could have gained access to the Quebec company network in December 2020 when a zero- day exploit was exploited by hackers allowing them to steal sensitive data.

Later, after investigating, Accellion stated that over 100 of its file sharing servers out of 300 could have been accessed by hackers and allowing them to steal data from around 25 of the servers until a ransom is paid.

Clop Ransomware gang shames its victims online by selling their stolen data and has done so to at least 7 of multinational companies

Apart from targeting Bombardier, the Clop Ransomware gang was also seen targeting geo-spatial company Fugro, Technology Company Danaher, Singapore-based telecommunication brand SingTel, and law firm from US named Jones Day.

Note 1- As per the details available on dark web, airplane design documents and some documents related to spare parts were accessed and stolen from the Bombardier. However, no personal data related clients or employees were stolen from the firm, confirmed a top Management source from Bombardier.

Note 2- Cyber Threat monitoring firm CrowdStrike predicts that there could be an increase in ransomware attacks from North Korea as the nation is suffering from economic slowdown and natural calamities facing acute shortage of food and other essential commodities.

The post Ransomware Attack on Airplane maker Bombardier appeared first on Cybersecurity Insiders.

February 24, 2021 at 09:58AM

Read More

The year 2020 witnessed these biggest GDPR fines

Google was awarded $56.6 million or €50 million penalty in March 2020 by the France data watchdog for failing to provide transparent information to users about its rules and regulations pertaining to data collection related to its products and services.

H&M Germany had to face a penalty of $41 million or €35 million for fraudulently keeping a watch on its hundreds of employees for reasons. For instance, as soon as the employees took sick leave and were about to join the office, they were asked to attend a return-to-work meeting that was recorded and the video was passed on to over 50 H&M Managers to get atleast 50% of their consent for attending the office again.

Telecom Italia aka TIM was also hit by a GDPR fine of $31.5 million or €27.8 million and the penalty was awarded by the Italian Data Protection Authority for indulging in extreme marketing techniques that involved unsolicited calls, messages and emails.

British Airways was slapped with a $26 million fine or €21.8 million for failing to protect the data of its 400,000 customers that also involved 40,000 of British citizens. And the details that were found to have been accessed by hackers were login info, payment card info, names, addresses and some passport details. Note- Originally they were slapped with $238 million penalty for the data breach that took place in 2018. But as the airlines business is down due to the corona virus lock down, the penalty was vitiated by the Information Commissioners Office.

Marriott was slapped with a penalty of $123 million for failing to protect the information of its 382 million customers and that includes details of names, passport numbers, payment card details and addresses along with some flight reservation data. But the fine was lowered to $23.8 million or €20.3 million as the hotel chain business was negatively impacted by the worldwide lock-down.

Note- If we observe it carefully, most of the GDPR fines were pronounced for indulging in extreme marketing tactics, failure to remove personal information when requested by the online service users in Europe, and unlawful collection of personal information related to employees by their employers and failing to protect their customer or client data from hackers access.

The post The year 2020 witnessed these biggest GDPR fines appeared first on Cybersecurity Insiders.

February 23, 2021 at 08:51PM

Read More

Ransomware attack exposes Hyundai Logistics Data

Although Kia Motors America has released a press update stating that its computer network disruption was not because of the file encrypting malware attack, but because of a technical server glitch.

However, the repercussions of the cyber attack are clearly visible, though the denial is being made strongly; as the DopplePaymer Ransomware gang has released some Logistics information related to Hyundai Glovis that could have probably been stolen during the cyber incident that targeted Kia Motors last week.

Details of the automobiles to be shipped to various parts of the country and states and some information related to the company’s trucking partner were revealed by the hackers on the dark web, confirming that a data steal and network infiltration took place last week.

Hyundai Motor America did not acknowledge the incident, but a top source from the firm agreed that the car making firm was facing some IT difficulties.

Some customers and dealers are experiencing disruption while accessing the website of the company, and Hyundai Motor America has already addressed the outage as purely technical and nothing to do with any digital invasion.

Note 1- Last week, Bleeping Computer first reported that Kia Motors was targeted by DopplePaymer Gang propelled ransomware attack and reports were in that the hackers group was demanding $20 million to free up the database from encryption and return the decryption key.

Note 2 – DopplePaymer is a notorious criminal gang that indulges in data steal and file encryption techniques until millions of dollars in ransom are paid via cryptocurrency wallets.

The post Ransomware attack exposes Hyundai Logistics Data appeared first on Cybersecurity Insiders.

February 23, 2021 at 10:42AM

Read More

Survey expects an increase in Cyber Attacks from North Korea

A survey taken up by CrowdStrike has confirmed that there would probably be an increase in cyber attacks from North Korea as the nation is struggling with economic crisis and food shortage in the nation because of the corona-virus pandemic.

The CrowdStrike 2021 Global Threat Report also confirmed that the Kim Jong Un nation is planning to close its border ties with China as a precautionary measure to curb the spread on COVID-19 from Chinese border migration.

A proposal to increase state funded cyber attacks in on the cards as the nation is going through extreme food crisis because of severe floods, storms and COVID-19 shut down crisis. So, it is planning to increase the national earning through cyber crime by stealing funds from banks, and cryptocurrency wallets of individuals and companies.

Currency generation is the present motive of the nation led by Kim and some sources from South Korean intelligence state that the country might plan to increase economic espionage operations targeting science and technology related research and developments in adversary nations like UK, US and Australia.

The entities involved in the development and distribution of vaccine are at the risk of being targeted by cyber intrusions says CrowdStrike as the country wants to steal the documentation related to the scientific research and plan the production of its own vaccine to save the nation from seeing more deaths of its infected populace.

CrowdStrike report also disclosed that its researchers have found 18 ransomware variants infecting around 104 healthcare related firms in 2020. Out of the identified variants, Twisted Spider and Wizard Spider were seen distributing Maze and Conti Ransomware profusely.

Meanwhile, Ukraine pressed new allegations against Russia for launching cyber attacks on security and defense websites on February 18th, 2021. However, the update provided by Ukraine’s National Security and Defense Council seemed incomplete as the nation failed to specify the repercussions that erupted after the incident.

The post Survey expects an increase in Cyber Attacks from North Korea appeared first on Cybersecurity Insiders.

February 23, 2021 at 10:40AM

Read More

7 Ways Changing Security Requirements Will Impact Industries in 2021

COVID-19 wasn’t the only challenge businesses faced in 2020. Last year also saw a wave of cybercrime across all industries, highlighting the need for better cybersecurity. As companies begin the recovery journey in 2021, these security needs will drive their operations.

Cybersecurity standards and requirements are changing, and businesses will have to change with them. These trends will reshape entire industries this year. Here’s what that shift will look like.

1. More Zero-Trust Adoption

The mass shift to remote work resulted in unprecedented levels of cloud adoption. A mid-2020 survey revealed that 82% of IT teams had increased their cloud use in response to the pandemic. This expansion of remote access, in turn, led to a new emphasis on zero-trust security models.

With so many people trying to access a system remotely, there’s a greater chance of employee devices becoming entry points for hackers. Zero-trust models mitigate this threat by limiting employee access and verifying everything. They ensure a breach in one sector won’t jeopardize the entire system.

As cloud adoption continues to grow, so will the business world’s fondness of zero-trust security. Before long, zero-trust could become the standard for many industries.

2. Higher Cybersecurity Budgets

One of the most significant impacts the 2020 cybercrime wave will have across all industries is a financial one. In light of rising cybercrime and consumer awareness of these events, businesses of all types will increase their cybersecurity budgets. Experts predict cybersecurity spending in critical infrastructure alone to increase by $9 billion this year.

This upward trend in spending is significant given the losses many companies now face. In Q2 2020, the U.S. experienced the steepest quarterly drop in economic output on record. Businesses across all industries are still grappling with the COVID-19 recession, so any budgetary increases would seem unusual at first.

The increase in cybersecurity budgets reflects new business priorities. More companies are starting to see cybersecurity as a necessity, not just an advantage. This type of spending wouldn’t happen amid a recession if businesses didn’t think it was essential.

3. Increased Documentation

As cybersecurity regulations and standards become more stringent, companies will document their strategies more comprehensively. In 2021, partners and clients won’t take businesses at their word that they have thorough security measures. If companies can provide evidence of their cybersecurity efforts, they can assure others they’re safe to work with.

The Cybersecurity Maturity Model Certification (CMMC), codified in November 2020, requires documentation at most of its levels. While these requirements apply to Department of Defense contractors, other businesses will refer to them as well. Regulations like this will help guide new cybersecurity practices, so even companies that don’t have to document their practices will do so.

In early 2021, documentation will help assure key stakeholders of a company’s cyber defenses. As the year goes on, it will start to become a requirement for many organizations.

4. Less Third-Party Trust

The spike in cybercrime in 2020 is driving many businesses to reevaluate how they approach cybersecurity. One common flaw that became particularly apparent in 2020 is companies’ tendency to overlook third-party security. As cybersecurity standards tighten throughout 2021, more businesses will develop an inherent mistrust of third parties.

Prominent companies like Marriott, General Electric, and Tesla all suffered third-party data breaches last year. In light of these cases, industry cybersecurity standards will start to include tighter access controls for third parties. These regulations will, in turn, lead to a rise in suspicion over trust.

Industries that deal with more sensitive customer data, like health care and insurance, will adopt a standard of distrust. Hopeful vendors and partners will have to prove their reliability before any chance of a deal.

5. New Emphasis on Mobile Security

Even before the pandemic, smartphones were a growing part of doing business. As companies shifted to remote work, phones became an even more central part of operations and access. This trend, together with the uptick in cybercrime, will lead to a growing emphasis on mobile security.

Mobile access to company systems can be a tremendous help to remote workers, but more endpoints means more risk. As companies enable employees to do more from their phones, they’ll simultaneously invest more in mobile security. Before 2020, many businesses overlooked this area of cybersecurity, but that won’t be the case in 2021.

Some experts predict mobile security will be the fastest-growing cybersecurity category over the next few years. With remote work unlikely to fall out of fashion, it’s easy to see why.

6. More Subscription-Based Services

The effects of growing cybersecurity regulations will extend beyond a business’s IT practices. In some cases, they’ll go so far as to reshape an organization’s business models. Software and other technology developers, in particular, will likely move towards subscription-based models in 2021.

In April of last year, Nintendo disclosed that 160,000 user accounts were compromised thanks to a vulnerability in a legacy system. When users don’t update, it can lead to substantial breaches like this. As a result, many companies will prefer subscription-based services to ensure clients always have the most up-to-date system.

Last year’s cybercrime spike emphasizes that businesses can’t leave security to their clients. Subscription-based models remove some risks associated with user error.

7. Rapid Modernization

The move toward subscription-based services isn’t the only way industries will respond to legacy vulnerabilities. Many companies will approach modernization with new urgency in an effort to eliminate legacy systems. It’s become increasingly evident that any inconveniences that come with upgrading are worth the security benefits.

In the past, many businesses, especially in non-tech-centric industries, have been hesitant to upgrade their infrastructure due to related expenses. Over the past few years, the average cost of a data breach has risen by 10% to $3.86 million. As cyberattacks become increasingly expensive, businesses can no longer use cost to justify legacy systems.

Cybersecurity Is More Urgent in 2021

Cybersecurity has been essential for all businesses for years now. After a year as tumultuous as 2020, industries are finally waking up to its importance. Industry standards will adapt in response, spurring broader changes across companies.

2021 will be a period of change, but these changes are for the better. Businesses across all sectors are becoming safer and more aware of the challenges they face.

The post 7 Ways Changing Security Requirements Will Impact Industries in 2021 appeared first on Cybersecurity Insiders.

February 23, 2021 at 05:04AM

Read More

Ransomware attacks on Hospitals make France President allot €1 billion

After two of the hospitals were badly hit by ransomware attacks last week, the France President Emmanuel Macron took the pledge of allotting €1 billion to bolster the National Cybersecurity Strategy.

Speaking briefly to the media after the announcement of the investment, Macron said that attacks on healthcare facilities have shown how vulnerable the infrastructure is and how vital is it for the government to strengthen them to meet up the demand.

Now, to those uninitiated, two of the hospitals- one in Dax and other the Villefranche Sur Saone were hit by the file encrypting malware forcing the staff of both the hospital facilities to take up pen and paper for administration and operational purposes. As phone lines were blocked and the internet connectivity was cut down, the affect clearly showed on the maintenance of patient records, surgical devices, medication administration, appointment scheduling, bed allotment and doctor allocation.

Many of the appointments had to be canceled and patients needing emergency help were directed to other hospitals.

The law enforcement was pressed into service and the National Information Systems Security Agency (Anssi) was since working to restore the services to normalcy, probably by data backups.

Some well versed from the political and economic circles of France say that the investment was praiseworthy. However, they say that the funds should be easily accessible and the spending should not be in the hands of the bureaucrats and some money minded people.

They are in a hope that the investment will truly help in protecting the patients from digital invasions by strengthening the in-house Cybersecurity measures with related hardware and software technology.

The post Ransomware attacks on Hospitals make France President allot €1 billion appeared first on Cybersecurity Insiders.

February 22, 2021 at 08:39PM

Read More

Cyber Attacks in UK leading to Silent Stealing

Cyber Criminals seems to have changed their ways of attacking by launching silent stealing attacks in which they siphon digital currency in smaller amounts that is equivalent to £10 or less.

This strange, but true behavior was detected by the Royal United Services Institute (RUSI) in a survey conducted on how the hackers were indulging in stealing techniques.

A security expert monitoring the currency stealing campaigns digitally says that cyber crooks are stealing smaller amounts from victims, but targeting many of them to make their cash bells ringing.

Stealing lesser amounts doesn’t make the law enforcement radar focus on them, and that is why they are reportedly involved in these silent stealing techniques. And with data breach related information available easily for sale online, it takes criminals few pennies to gather large amounts of personal information to craft phishing campaigns.

For instance, in September 2020, during the course of a nationwide lockdown in UK, cyber crooks launched digital frauds, stealing currency of less than £10, but making up £7500 with each campaign launched on a weekly note.

If this continues, the fraud has the potential to become a national security priority, with the Boris Johnson taking the case on a much more serious note.

Cybersecurity experts from Kaspersky are urging people not to over-share their details online, as that could give leads to fraudsters to launch social engineering related cyber attacks. This applies to those who share more data than intended (Like DoB, names, addresses, and Contact info) on various social media platforms like Facebook & Twitter.

The post Cyber Attacks in UK leading to Silent Stealing appeared first on Cybersecurity Insiders.

February 22, 2021 at 10:19AM

Read More

Google puts more focus on mobile security in Android 12

Google seems to have taken mobile security and data privacy on a serious note, as it is clear in its latest preview of its Android 12 Operating System. Introducing to the world the new mobile operating system, Dave Burke, the Vice President of Engineering working for the Alphabet subsidiary stated that the new OS will give utmost attention to security features.

Dave added that the Android 12 will for now on be meant only for developers and might be introduced by September 2021 on all Google Pixel Smart Phones and will be rolled out to other devices by mid next year.

Confirmed sources say that Android 12 will insist for a 6 character password that has to be an Alpha-Numeric one tucked with a special character. And if the user cannot abide by the rules, then the device will be prompted to add a more secure password.

The upcoming version will also allow IT admins to access employee services with the help of a secure certificate management for applications. As it is not that easy-to-use company software on the Android devices, the next version of Android OS will also see that IT admins can install management software of contractor phones with little complexity.

On an overall note, Android 12 is said to help create a better relation among employees and consumers by relying less on static information used for the identification of a device.

Since Apple Inc has made privacy element key in its marketing campaigns, Google seems to take on the same path with its Android 12; that is visible in its latest announcement.

The post Google puts more focus on mobile security in Android 12 appeared first on Cybersecurity Insiders.

February 22, 2021 at 10:17AM

Read More

The Healthcare Breach Report: Hacking and IT Incidents on the Rise

This post was originally published by Will Houcheime.

The vast majority of healthcare organizations utilize and store highly sensitive data, such as protected health information (PHI) and personal data such Social Security numbers, personal financial data, and more. For our annual Healthcare Breach Report, we analyzed data from the US Department of Health and Human Services’ “Wall of Shame” to get a closer look at the state of security for healthcare organizations over the last few years. These breaches are broken down into four categories: hacking or IT incidents, unauthorized access or disclosure, loss or theft, and other. 

Read more here: www.bitglass.com

The post The Healthcare Breach Report: Hacking and IT Incidents on the Rise appeared first on Cybersecurity Insiders.

February 21, 2021 at 06:59AM

Read More

HOW YOU CAN TAKE THE CISSP EXAM FROM HOME

This post was originally published by (ISC)² Management.

For a limited time – February 22-28, 2021 – (ISC)² is pilot testing the option to take the CISSP online exam from home. Last year, as the COVID-19 pandemic emerged, we accelerated our exploration of enabling candidates to take the CISSP exam online. While all (ISC)² exams are, and will remain, available to be taken in person at test centers with health and safety measures in place, we are happy to be able to offer an alternative in the course of this pilot test.

When is the CISSP Online Exam Available?

You can take your CISSP exam online next week in the linear exam format. Each test will contain 250 items and has a time limit of six hours. The exam is offered in English and only available to U.S.-based candidates. Security measures are in place to maintain the integrity of the exam process and all CISSP candidates will be permitted one 10-minute break approximately halfway through the exam.

Read more here: CISSP Exam

The post HOW YOU CAN TAKE THE CISSP EXAM FROM HOME appeared first on Cybersecurity Insiders.

February 21, 2021 at 05:39AM

Read More

Cybersecurity for a Cloud-First, Work-from-Home World (Part 2)

An Interview with Joe Green, Netskope

The number of employees working from home or other remote locations has skyrocketed since the outbreak of the coronavirus pandemic. This massive shift has led to a rise in the use of cloud applications and services, along with an increase in risky behaviors and a further blurring of the lines between personal and corporate IT resources.

We asked Joe Green, Global Director, Solution Architects, Netskope, about how to continuously manage these risks using the right cloud security and networking solutions.

In part 1 of our interview, Joe discussed the basic reliability of cloud security, and risks created by the increased number of people working from home, including device-related and malware risks, and strategies for managing these risks.

In part 2, Joe discusses the risk of data loss, the role of SD-WAN in contemporary networking and investment strategies for ensuring security in a direct-to-Net/direct-to-cloud world.

Enea:

We talked about malware in part 1 of the interview, so now let’s talk about data loss prevention. The Cloud/SaaS security survey, indicated a high level of concern about cloud file sharing and hosting and cloud email, all of which are important vectors for data loss as well as malware infection.

SaaS apps that generate the highest concerns for security

Do these concerns line up with what you’re hearing from customers? What strategies would you recommend to prevent data loss in the specific context of file sharing and email?

JG

This definitely aligns with what we’re seeing, so it’s not a surprise. File hosting or transfers and cloud email are two of the biggest applications people are using. Email is what everyone uses to communicate, and people are constantly sharing data. But it’s important to understand that there’s a difference between a malicious insider and an accidentally malicious insider. And companies, when they’re trying to protect their intellectual property (which all companies do), must worry about both. They have malicious people on the outside, they have them on the inside, and they have accidentally malicious people as well.

Communication and collaboration tools (such as Skype, MS Teams, Slack, etc.) are other SaaS apps that organizations are concerned about. Slack, for example, has become an incredibly popular tool and Microsoft Teams is growing at an unbelievable rate. I think there’s a need for education around these tools. In my observations, people are scrambling to learn how to support MS Teams, to learn how it works, how to secure it and we, at Netskope, are spending a lot of time supporting this education.

But, we can also look at this in terms of why it is a top concern. When you’re trying to protect intellectual property or trade secrets or anything else that flows out of a network, you have to have technology that understands the traffic, that knows the patterns you’re looking for. It’s about reducing false positives, because you can’t have people sifting through millions upon millions of records.

You need technology that is very accurate and can identify whether, for example, it’s a corporate template, national ID numbers, passport numbers, national registration numbers, or whatever, based on the country you live in. You want to make sure that your system can accurately recognize the data, detect the patterns you’re looking for, and keep the false positives very low, otherwise you just make the job impossible for security analysts.

Enea:

That’s interesting. So, if I understand correctly, to be effective, we need technology that can deal with data loss prevention (DLP) at the scale of the cloud.

J.G.

Absolutely, and it has to be able to function at that scale even when performing, real-time, in-line scanning. There’s an important difference between real-time security that is carried out in-line and scanning that happens out-of-band.

When you look at files in Google Drive or OneDrive or SharePoint, you may have data that’s already in the cloud. We call that data at rest. We scan it using something called application programming interface (API) scanning. This is a reactive, non-real-time technology because the data that is scanned is already in the cloud. It’s still very important to scan it, whether for malware or DLP patterns, but API scanning is a very reactive technology.

More important is the in-line, real-time technology. It doesn’t matter whether the data is going through a client, an explicit proxy in the cloud, or whether it’s an upload or a download, the important thing is that it’s in-line and real-time, that’s where we need to focus. And because the cloud can be worldwide, it’s also important to develop security that follows users no matter where they go.

Enea:

It’s interesting you should say that because findings from the Cloud/SaaS security survey support this approach:

Types of traffic analysis cloud/SaaS providers should be using to properly understand and secure customer activities

J.G.

The global pandemic has exacerbated this aspect of security because when users went home to work, that could mean a flat in London, an apartment in Hong Kong or a house in America. And in reality, it doesn’t matter where it is. Any user can go to any coffee shop to work now, but wherever they might be, their organization still needs to secure their data.

In legacy solutions, the security stacks were built on-prem at a company. But nowadays it doesn’t make any sense to route a user through VPN technology, back to a corporate, on-prem branch office and then do a U-turn to go back out to the Internet to a cloud application. Everything should be direct-to-net or direct-to-cloud. Security should be real-time and in-line, no matter where the user is. If a company is using Netskope technology for example, users come through the Netskope cloud and straight to their application. Our security technology is completely invisible to the user. They are accessing the application natively, like they normally would, but the security is happening in real-time, in-line, and they don’t even know about it.

Enea:

Indeed, if you think of the user and data as being at the heart of the enterprise (rather than in terms of networks, servers, cables, etc.), it changes the way you approach security. Which brings us to SD-WAN.

SD-WAN has become very popular. It can be deployed on premise or in the cloud, and enables the dynamic provisioning of virtualized network services, like firewalls, session controllers or load balancers, according to specific security and performance requirements. And it takes away the need to backhaul traffic through a hub or a headquarter data center.

Have you seen an increase in SD-WAN out in the field? How does a cloud-native security platform like Netskope’s correlate with SD-WAN?

J.G.

Yes, there has been a huge increase in SD-WAN, but it’s not a technology that Netskope makes or sells.

The reason SD-WAN has been adopted so much is because companies are trying to move away from expensive, private MPLS links that connect their offices worldwide. These links require very special and expensive proprietary hardware, such as routers. SD-WAN represents almost immediate cost savings that not only helps with wide area networks, but also helps to improve performance and traffic prioritization, among other things.

Now the irony is that when everyone went home at the beginning of the pandemic, SD-WAN deployment continued to accelerate. In reality, it should have become a low priority for companies. But, the interesting thing I discovered when talking to customers, is that since their employees are now remote, they’re actually using this time to upgrade their infrastructure and get rid of the expensive private lines and move to public links, which SD-WAN can take advantage of.

What’s interesting for Netskope is that there’s no competitive overlap. We can establish direct tunnels between any SD-WAN technology and Netskope. When the traffic hits, anything destined for the web or for a cloud application goes through the SD-WAN. A policy-based routing decision is then made whereby any traffic destined for a cloud application is sent to Netskope. This is completely transparent to the user, they have no idea it’s going on. It goes right back to what I was saying earlier, it’s a direct-to-net or direct-to-cloud feature, where you’re not backhauling traffic, you’re not sending traffic to a location that it doesn’t really need to go to

So, to answer your question, Netskope integrates tightly with SD-WAN vendors and works with them. Traffic is directed right from the SD-WAN box to the Netskope security cloud, which is worldwide, and we do all the decryption and traffic inspection processing. This is a seamless solution going on in the background. The customer or end-user has no idea it’s there, but at the end of the day it’s delivering a much better experience for the user.

Enea:

The SASE concept certainly does seem well-suited to the fundamental changes underway in the way we work. Interestingly enough, security professionals who participated in the Cloud/SaaS security survey also indicated they planned to invest in additional on-premise component solutions like endpoint security, UTM & NG firewall, and IDS/IPS.

New or additional deployments of solutions planned in response to increased external threats from cloud/SaaS usage

What do you think about such plans?

J.G.

Because of the vendor I work for, my opinion could be seen as slightly biased! However, I also talk to hundreds of customers worldwide, and I can therefore tell you with absolute certainty that the investment in on-prem solutions goes down by the day. And the global pandemic exacerbated that trend. Late starters, slow runners, even the most conservative financial companies, everyone was forced to accelerate the move to the cloud following the onset of the pandemic. They are all pivoting as fast as humanly possible to get to the cloud, maybe not for everything, but for most of their users. So, I definitely see the spend in on-prem going down as we help people get off their legacy on-prem proxy servers and DLP solutions.

Enea:

So, for you, we are no longer in the next-generation, but in the next, next-generation?

J.G.

Exactly, we’ve been calling the next-generation firewall the next generation for twenty years. If you have a firewall which is on prem, even the best – and all the main vendors are battling it out to build the top next-generation firewall – but none of your users are actually sitting behind that firewall, is that really next generation technology? Or did that become a legacy technology overnight? And that’s where my conversations have pivoted to “let’s talk about your perimeter.” “What is the perimeter of your network today?” And this question alone causes customers to think in a completely different way from the way they’ve been thinking for probably the last fifteen to twenty years. So, we have definitely seen a pivot. On-prem is dropping at the speed of light and the adoption and spend on cloud technology is dwarfing it day-by-day.

Enea:

Breaking with the way they’ve thought about security for the last couple of decades is probably difficult for some security professionals. What parting advice do you have for them as the cloud/WFH world becomes our new normal.

J.G.

Take a deep breath and remember you don’t have to stress over whether or not to migrate to the cloud. It’s already happened. Your people, your data and your apps are there. So go with the flow and don’t try to hitch a team of horses to an automobile. To make sure you’re not tempted, keep in mind the simple rule: “don’t send traffic to a location that it doesn’t really need to go to,”  either for connectivity or security handling. With the right partners, you can deliver networking and security as integrated cloud services to protect your users and data wherever they are, and your infrastructure will line up naturally with the way people are actually working today.

Enea:

Joe, thank you so much for these insights. If I can sum up, I would say that your message is to embrace the change and shift cloud networking and security to the top of your investment priorities. And to find an experienced partner who can accompany you.

The post Cybersecurity for a Cloud-First, Work-from-Home World (Part 2) appeared first on Cybersecurity Insiders.

February 20, 2021 at 12:33AM

Read More

WhatsApp gives new data privacy deadline of May 15

All you WhatsApp users across the world, here’s a news piece that needs your attention on an urgent note.

The Facebook subsidiary has issued a fresh set of policy updates in which it clearly specified that the users will have to accept its new data sharing rules that will become mandatory from May 15th,2021.

Earlier, WhatsApp was interested in sharing its users’ information with the Mark Zuckerberg company from February this year. And it justified its act by stating that the data share would prove beneficial to WhatsApp users in many ways in the future.

And as soon as this privacy update was circulated in the media, the company was targeted by many trolls on Twitter who were dead against about the information to share with Facebook.

Even some governments from United States, India, and Australia were forced to act against the data share on request of their populace on respective note.

So, after seeing the developments, WhatsApp has pushed in a new update to its users that makes it mandatory for them to accept the terms if they want to still use the chat & media share services.

From the past few days, some WhatsApp users have already started getting a banner update in the app that allows users to review the privacy update information.

The messaging giant has also stated that it became a victim of ‘misinformation’ about its privacy updates last month and would like to clear the air to its users with the facts. For this reason, the company has devised a banner that allows users to click on the information it would share with its parent company Facebook after a certain period.

The post WhatsApp gives new data privacy deadline of May 15 appeared first on Cybersecurity Insiders.

February 19, 2021 at 08:40PM

Read More

United States charges 3 North Koreans for Global Cyber Attacks

The United States Department of Justice has charged 3 North Korean for allegedly launching cyber attacks on many of the banking and cryptocurrency networks operating across the world. All the three have admitted the crime of committing computer fraud by indulging in wire transfers and bank transactions by fraudulent means in countries like Vietnam, Philippines, Poland, Pakistan, Malta, Mexico, and United States along with Canada and Australia.

Jon Chang Jyok, Kim II and Park Jin Hyok, who are suspected to be linked to North Korean intelligence agencies named as Reconnaissance General Bureau will face the charges for conducting destructive digital attacks.

“These guys have been using keyboards instead of guns and ammunition conducting cyber attacks such as stealing currency & cryptocurrency from digital wallets,” said John Demers, the Assistant Attorney General for National Security.

The Department of Justice has found in the prosecution that the three alleged men were involved in stealing over $1.3 billion in cash and digital currency from entities operating across the world. And the attacks were mostly launched through spear phishing emails that were laced with malware that allowed them tap into the computer systems and networks of the targeted victims.

Demers highlighted the fact that the list of the persons involved in the crime might be more than it will be revealed as more victims file complaints against alleged cyber heist and digital extortion schemes.

Note- All the three cyber criminals were found to be involved in the cyber attacks launched on Sony Pictures Entertainment, the $86m wire fraud committed at the Bank of Bangladesh and the Wannacry 2.0 attack aka Not Petya ransomware attack.

The post United States charges 3 North Koreans for Global Cyber Attacks appeared first on Cybersecurity Insiders.

February 19, 2021 at 11:22AM

Read More

Ransomware attack on California Department of Motor Vehicles

A Ransomware attack on California DMV- Department of Motor Vehicles is reported to have leaked data related to millions of customers. To be specific, the attack took place on the third party supplier called Automatic Funds Transfer services (AFS) a service that looks into the verification process of motor registration addresses related to the motor department of California.

As of now, no information related to the department is said to have accessed by the customers. But there is no conformation yet from the DMV, as the investigation is still under process.

However, unconfirmed sources say that the third party that was targeted was hit by a ransomware spreading gang that involves in double extortion and is said to have stolen data of millions of customers going back to over the past twenty months. The server that was targeted used to store details of customers such as names, addresses, license plate numbers, vehicle identification numbers and such.

AFTS is reported to be dealing with over 37 million records involving transport vehicles related to road and sea like boats and cruises, and so the data breach could have yielded the hackers a large trove of data.

An official statement released by AFTS said that the investigation is under progress related to ransomware attack and it has cleared the air that it doesn’t store sensitive details such as social security numbers, vote IDs, birth dates, immigration status on its servers and so there is no way that the threat actors could have gained access to such info. Therefore, the chances of identity theft are low or almost zero.

California DMV’s own database is secure enough and is up for access for normal users after a brief disruption for an hour yesterday.

FBI and other law enforcement agencies have been notified about the incident and the agency has already taken enough Cybersecurity measures to avoid such incidents in near future.

Note- Based in Sacramento, the California Department of Motor Vehicles is supposed to be the governing authority for motor vehicle registrations such as boats, private and public vehicles, and all commercial cargo vehicles operating in the state. It also issues license plates and driving licenses along with identification cards to those on request.

The post Ransomware attack on California Department of Motor Vehicles appeared first on Cybersecurity Insiders.

February 19, 2021 at 11:21AM

Read More

How to keep backed up data safe from ransomware attacks

We all know that most of the ransomware attacks take place on Windows environments and so security experts are recommending to use something other than the Microsoft giant propelled operating systems for data backups.

However, the fact is that most popular backup products are developed to run primarily on the Satya Nadella led company’s software i.e. Windows.

But to strictly keep the file encrypting malware at bay, ensure that your backup server runs on a Linux driven machine, as ransomware attacks launched with an aim to target Windows machines cannot disrupt Linux based media servers.

Remember, it makes little sense if the server that accesses the backup information is encrypted with the file encrypting malware, thus making the backed up data useless.

Also, make sure that you always store a separate copy of backed up data on the machines that are geographically separated from the main backed up server. This helps in keeping the data continuity intact, even if the primary data center gets damaged by digital invasion, floods or fire.

Here, cloud computing technology can help as most CSPs offers object storage that is compatible to work with most backup software products and services.

Mind you, there are very rare instances where hackers got sophisticated to attack stored data on an object storage platform. Plus, what’s amazing about this platform is that it allows admins to write once and read many times, making it difficult for even the authorized personnel to edit the stored info. Besides, removing the file system access to data backups and encrypting the data stored on the backup server can help keep threat actors at bay.

The post How to keep backed up data safe from ransomware attacks appeared first on Cybersecurity Insiders.

February 18, 2021 at 08:38PM

Read More

SHAREit app filled with vulnerabilities

SHAREit, a popular file sharing app is in news for having vulnerabilities that could be exploited by hackers to inject malicious codes by overwriting existing files. The Android app that has been downloaded over 1 billion times is reported to be susceptible to man-in-the-middle attacks, where threat actors can hijack the app features and take control of a user device.

Security research conducted by Trend Micro says that the flaw exists in the feature where users share files between friends or devices. And the flaw is said to be existing from the past three months, that could have allowed hackers to exploit the flaw as it is still unpatched.

Trend Micro after issuing repeated warnings to SHAREIt app makers made the flaw public as it helps in creating awareness among users on the danger lurking with the usage of the app.

Google has been informed about the issues in SHAREit code that could allow threat actors defect third party permissions with ease to take control of the app features.

ShareIT app that was owned by Lenovo company in the past has taken a note of the exploits being reported by Trend Micro and is said to be taking working on the fixes that will never allow threat actors to take control of the app.

Note- Founded in the year 2013, the file sharing app has also developed and shared a lot of other apps that include LOCKit, Cleanit, CloneIt, and S-player along with the lite version of the same app. Some countries like UK and India have either banned it on a permanent note or are seen discouraging the users in using such china backed apps from the past few months.

The post SHAREit app filled with vulnerabilities appeared first on Cybersecurity Insiders.

February 18, 2021 at 09:36AM

Read More

DoppelPaymer Ransomware hits Kia Motors America databases

Kia Motors America is experiencing a nationwide outage because of a ransomware attack and confirmed sources say that the car maker was targeted by DoppelPaymer gang that is demanding $20 million to decrypt the database.

In a media update released early this morning, the South Korean company stated that the nationwide IT outage resulted in disruption of services related to payment systems, UVO Link app, phone services, owner portal, internal sites and dealership link.

The highlight of the attack is that the ransomware spreading gang infiltrated only Kia’s computer network and did not touch the parent company Hyundai’s servers. However, they have left a ransom note stating that they have loads of data siphoned from the servers and if their ransom demand is ignored, they will raise the amount to 600 BTC or $30 million and thereafter will leak that data to the dark web.

Now to those who are interested in protecting their networks against such attacks, security experts are advised to create awareness among online users, deployment of a proactive cybersecurity program, using multi-factor authentication as a better security practice and use of updated threat intelligence.

Note- DoppelPaymer is a ransomware gang that indulges in a double-extortion technique where hackers steal data and then encrypt it until a ransom is paid. And usually this gang demands a sum in millions, and when the victim denies paying a ransom, they put the stolen data for sale on the dark web.

The post DoppelPaymer Ransomware hits Kia Motors America databases appeared first on Cybersecurity Insiders.

February 18, 2021 at 09:34AM

Read More

Automated cars are vulnerable to Cyber Attacks

A study carried out by Trend Micro has revealed that there are multiple possibilities for the automated cars to be targeted by Cyber Attacks. Researchers from the security firm revealed that those into manufacturing of connected cars have to focus more on keeping their automatives safe from the prying eyes of the threat actors.

Trend Micro says that most of the Intelligent Transportation systems (ITS) of connected cars could be susceptible to DdoS attacks launched by state funded actors. And that too with no deep technical knowledge about the internet driven cars.

However, good news is that currently they are limited opportunities for them to explore, and if those manufacturing the units act wisely, then these possibilities can be shut down with minor hiccups. But there is a fair amount of chance for the threat actors to evolve with time in this scenario.

According to a survey conducted by Trend Micro in 2019, an estimate of 125 million passenger cars is said to be shipped between 2021-2023 and with time the vehicles will go full autonomous.

So, this is said to create a ray of opportunities for cyber criminals to sabotage the world of automated cars putting the entire industry to a higher risk of threats.

Therefore, OEMs are being requested to come up with a security framework in the system of connected cars that meets all standards related to end-to-end data supply chain..

Note- Hope, the framework must be able to create an effective alert, containment and mitigation processes.

The post Automated cars are vulnerable to Cyber Attacks appeared first on Cybersecurity Insiders.

February 17, 2021 at 08:37PM

Read More

Clop Ransomware hackers target Law firm Jones Day

Jones Day Law firm that represented the former US President Donald Trump’s 2020 election campaign is back in news for being targeted by hackers spreading Clop Ransomware.

And the highlight is that the network hack took place sometime ago, as those involved in the ransomware spread have posted several gigabytes of email data on the dark web to confirm that they have indeed indulged in the hack.

Clop Ransomware is a kind of file encrypting malware that indulges in double extortion malware campaign where it first steals the data and then pressurizes the victim in paying the ransom. And if the victim refuses to pay the amount, then the threat actors sell the stolen data on the dark web for monetary benefits.

Technically investigation made by the IT staff of Jones Day says that the data breach occurred on its database through vulnerability in the File Sharing Accellion Software used in its IT Infrastructure.

Accellion said that it is still investigating the incident and so will need some more time to confirm on the issue.

Note 1– Clop Ransomware is distributed via fake software, Trojans, phishing emails, cracks and software that is downloaded from untrusted resources. It was first discovered in Feb’19 by Malware Hunters Team and has taken down several business networks, mostly from India and United States.

Note 2- Jones Day is based in Ohio, United States, and acted as an outside council for Trump’s 2016 and 2020 election campaign. It has emerged as a 5th largest law firm and 13th highest grossing law firm across the globe.

The post Clop Ransomware hackers target Law firm Jones Day appeared first on Cybersecurity Insiders.

February 17, 2021 at 09:59AM

Read More

Microsoft offers deep analyses of SolarWinds Hack

SolarWinds hack seems to be a never-ending saga, as Microsoft President Brad Smith has made a new revelation yesterday stating over 1000 hackers could have been involved in the attack that questioned the security of the entire federal computer system by experts.

Smith, who commented on the issue during the CBS 60 minute program over the weekend, stated that the attack could have been the largest and most sophisticated in the entire history of United States.

The Tech giant’s president stated that it could have taken tremendous amounts of manpower to write over 4000 of the millions of lines of code in the SolarWinds Orion update that paved way to the compromise of 100’s of federal networks.

Microsoft that invested the minds of around 500 of its engineers in the SolarWinds Cyber Attack analysis concluded that the hackers had an asymmetric advantage.

Coming to the source code steal in the Microsoft scam, the investigations revealed that the threat actors somehow registered another phone number for some employees and surpassed the 2 factor authentication to gain access to the company servers.

It was through this backdoor that the engineers of FireEye sneaked into the servers of various companies only to discover that the hack was in fact a widespread state backed cyber espionage campaign probably launched by Russian Intelligence since 2018.

Note–In December 2020, security firm FireEye announced to the world that some state funded hackers targeted over 47 public and private entities operating in United States with an espionage related campaign

The post Microsoft offers deep analyses of SolarWinds Hack appeared first on Cybersecurity Insiders.

February 17, 2021 at 09:58AM

Read More