Tata Technologies Faces Ransomware Attack Resulting Temporary Suspension of Some of Its IT Services

Tata Technologies recently experienced a ransomware attack that affected some of its IT assets. The attack led to the temporary suspension of certain IT services. However, Tata Technologies confirmed that their client delivery services remained fully functional and unaffected throughout the incident.

The ransomware incident was discovered on January 31, 2025. Tata Technologies did not disclose whether a ransom was demanded or paid.

A detailed investigation is underway in consultation with experts to assess the root cause and take necessary remedial actions.

The company has restored the affected services and launched a detailed investigation to determine the root cause and take necessary remedial actions.

CEO Warren Harris highlighted the importance of increased funding for upskilling initiatives aligned with Industry 4.0 to support India's economic growth.

Tata Technologies emphasized its commitment to maintaining high standards of security and data protection. They are working closely with experts to mitigate any potential risks associated with the attack.

This incident highlights the growing cybersecurity challenges faced by companies, especially in sectors like engineering and technology.

Last December, Deloitte UK was reportedly cyberattacked for whopping 1 TB of sensitive data by ransomware group called Brain Cipher Ransomware.

Last year, Infosys' U.S.-based subsidiary, McCamish Systems, experienced a significant data breach due to a ransomware attack attributed to the LockBit ransomware operation, and data from over 6.078 million individuals was compromised.

Deloitte UK Reportedly Cyberattacked for 1 TB of Sensitive Data by Ransomware Group

The Brain Cipher Ransomware group has reportedly claimed responsibility for a significant cyberattack on Deloitte UK, alleging that they have exfiltrated over 1 terabyte of data. This breach, if confirmed, could have serious implications for Deloitte's clients and its professional reputation.

However, Deloitte has not confirmed the breach, leaving the claim unverified.

The group claims to have accessed and stolen over 1 terabyte of compressed data, including sensitive client information and internal documents.

According to statements posted by Brain Cipher, the attack has exposed critical vulnerabilities in Deloitte UK’s cybersecurity infrastructure. “Soon we will tell you about this incident. We will provide an example of data that has leaked. The volume of compressed data more than 1tb".

The group has criticized Deloitte for not observing basic information security protocols. "Unfortunately, giant companies do not always do their job well,” the hackers claim.

Brain Cipher emerged in June 2024 and has quickly gained notoriety for targeting high-profile organizations.

Brain Cipher has set a deadline of December 15, 2024, for Deloitte to respond, after which they threaten to release the stolen data.

The impact of this breach could be severe when it comes to client data exposure. Potential exposure of sensitive client information, including financial records, could be affected. Reputational Damage of the "big four" firm is also at stake. As one of the world's leading professional services firms, Deloitte's stature is at stake as it is raising serious concerns about data protection practices.

The breach, if confirmed, could disrupt operations for Deloitte and its clients, eroding trust and confidence.

Deloitte has yet to confirm the incident publicly. This situation underscores the critical need for robust cybersecurity measures in today's digital landscape.

Infosys' US-based Subsidiary Reportedly Faced Data Breach Affecting Over 6 Mn Individuals

IT consulting giant Infosys' U.S.-based subsidiary, McCamish Systems, experienced a significant data breach. Following a November ransomware attack attributed to the LockBit ransomware operation, data from over 6.078 million individuals was compromised reported Security Affairs.

Initially, it was believed that sensitive information on approximately 57,000 people had been stolen. However, further investigation revealed that the threat actors had accessed valuable intel on more than six million individuals.

The stolen data includes a wide range of personal information, such as Social Security Numbers (SSN), birth dates, medical details, biometric data, email addresses, passwords, Driver’s License numbers, state ID numbers, financial account information, payment card details, passport numbers, Tribal ID numbers, and US military ID numbers. This wealth of information could potentially be used for phishing or identity theft attacks.

Infosys McCamish, the center of excellence for Infosys' Life Insurance software solutions and services offerings in the U.S., has been providing software and services to the life insurance industry for over 22 years.

To mitigate the impact, McCamish Systems provided affected individuals with free identity protection and credit monitoring services through Kroll for a period of two years. The incident was initially reported by Bank of America, which identified Infosys McCamish Systems as an outside counsel for the bank.

The specific details of how the breach occurred have not been publicly disclosed. However, ransomware attacks often exploit vulnerabilities in software, weak passwords, or social engineering tactics. In the case of Infosys McCamish Systems, the LockBit ransomware group likely gained unauthorized access to their systems, encrypted data, and demanded a ransom for its release. Organizations typically respond by enhancing security measures, patching vulnerabilities, and improving incident response protocols to prevent future breaches.

Forescout Unveils Latest Findings on Ransomware Targeting VMware ESXi Servers

The latest threat report by Vedere Labs shares insights into tactics deployed by attackers, and mitigation measures for quick detection and threat hunting

Forescout’s Vedere Labs, today revealed its latest findings on the recent ransomware VMware ESXi virtualization servers. In its new threat briefing report, Vedere Labs also analyzes two payloads used in these attacks: variants of the Royal and Clop ransomware, while also presenting the tactics, techniques and procedures (TTPs) used by attackers in this campaign, discuss mitigation recommendations and list indicators of compromise (IOCs) that can be used for detection or threat hunting.

ESXi servers have grown in popularity of late. As of February 24, 2023 there are close to 85,000 ESXi servers exposed on the internet, according to the Shodan search engine. Forescout’s Device Cloud allowed researchers at Vedere Labs to have deeper insight into organizations deploying ESXi. There are more than 17,000 ESXi servers tracked on the Device Cloud. On February 3, CERT-FR issued a warning about an attack campaign targeting VMware ESXi hypervisors vulnerable to CVE-2021-21974 with the goal of deploying ransomware.

Commenting on the latest threat report, XX from Forescout said, "As cyber threats continue to evolve and proliferate, it's crucial for organizations to remain vigilant and proactive in their approach to cybersecurity. Forescout's latest threat report highlights the growing threat of ransomware targeting VMware ESXi virtualization servers, which can have a devastating impact on organizations' operations and finances. These attacks are becoming more sophisticated and are leveraging multiple attack vectors, including supply chain attacks and social engineering tactics."

VMware ESXi is an enterprise-class hypervisor developed by VMware to deploy and serve virtual computers. It allows the same hardware to be used for multiple virtual machines (VMs), which helps organizations save on hardware and easily scale infrastructure.

Since 2022, ESXi virtualization servers have been one of the main targets of ransomware groups, with the number of attacks targeting these servers tripling between 2021 and 2022. The increasing focus on new types of targets, such as ESXi, may be seen as a response to a decline in successful ransomware attacks or total ransom payouts in 2022. Ransomware groups are ever-changing and willing to adapt to maintain or increase profitability.

Ransomware is just a part of the threat landscape for virtualized infrastructure. Beyond what is discussed in the report, there are known attacks leveraging a custom Python backdoor on ESXi servers, APTs targeting Log4shell vulnerabilities on VMware Horizon, attack tools developed specifically for ESXi and even vulnerabilities allowing attackers to break out of virtual machines and execute code on the host operating system.

The Forescout Platform provides visibility, compliance, segmentation and threat detection against ransomware on ESXi servers.

About Forescout

Forescout Technologies, Inc. delivers cybersecurity automation across the digital terrain, maintaining continuous alignment of customers’ security frameworks with their digital realities, including all asset types. The Forescout Platform provides complete asset visibility, continuous compliance, network segmentation and a strong foundation for Zero Trust. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide automated cybersecurity at scale. Forescout arms customers with data-powered intelligence to accurately detect risks and quickly remediate cyberthreats without disruption of critical business assets. www.forescout.com

Managing cyber risk, together.

Spike in Ransomware Threat to More Than 1.2 Mn Per Month, Says Latest Barracuda Threat Report

New fourth-annual research report analyses ransomware attack patterns that occurred between August 2021 and July 2022

• In the past 12 months, Barracuda researchers identified and analyzed 106 highly publicized ransomware attacks and found the dominant targets are still five key industries: education, municipalities, healthcare, infrastructure, and financial.
• Researchers also saw a spike in the number of service providers that have been hit with a ransomware attack.
• The volume of ransomware threats detected spiked between January and June of this year to more than 1.2 million per month.

Barracuda, a trusted partner and leading provider of cloud-first security solutions, today released its fourth-annual threat research report on ransomware. The new report looks at ransomware attack patterns that occurred between August 2021 and July 2022.

A closer look at ransomware trends

For the 106 highly publicised attacks analysed by the researchers, the dominant targets are still five key industries: education (15%), municipalities (12%), healthcare (12%), infrastructure (8%), and financial (6%):

• The number of ransomware attacks increased year-over-year across each of these five industry verticals, and attacks against other industries more than doubled compared to last year’s report.
• While attacks on municipalities increased only slightly, Barracuda analysis over the past 12 months showed that ransomware attacks on educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled.
• This year, Barracuda researchers dug in deeper on the highly publicized attacks to see which other industries are starting to be targeted. Service providers were hit the most, and ransomware attacks on automobile, hospitality, media, retail, software, and technology organizations all increased as well.

Most ransomware attacks don’t make headlines, though. Many victims choose not to disclose when they get hit, and the attacks are often sophisticated and extremely hard to handle for small businesses. To get a closer look at how ransomware is affecting small businesses, the report details three examples that researchers have seen through Barracuda SOC-as-a-Service, the anatomy of each attack, and the solutions that can help stop these attacks.

Parag Khurana, Country Manager, Barracuda Networks India, said, “Ransomware attackers remain defiant and continue to operate their business with extended extortion attempts. As ransomware and other cyberthreats continue to evolve, the need for adequate security solutions has never been greater. Many cybercriminals target small businesses to gain access to larger organisations. As a result, it is essential for security providers to create products that are easy to use and implement, regardless of a company's size. Additionally, sophisticated security technologies should be available as services, so businesses of all sizes can protect themselves against these ever-changing threats. By making security solutions more accessible and user-friendly, the entire industry can help to better defend against ransomware and other cyberattacks.”

To safeguard their network against this type of attack, businesses should implement execution prevention by disabling macro scripts from Microsoft Office files transmitted via email. They should also carry out a robust network segmentation to help reduce the spread of ransomware if it does get into the system. Additionally, they should identify and remove any unused or unauthorised software, particularly on remote desktops or remote monitoring, as they could be signs of compromise. Organisations should also secure their web applications from malicious hackers and bad bots by enabling web application and API protection services, including distributed denial of service (DDoS) protection.

Resources:
Read the full Threat Spotlight blog post: https://blog.barracuda.com/2022/08/24/threat-spotlight-the-untold-stories-of-ransomware/

Ransomware protection page: https://www.barracuda.com/ransomware

2021 Ransomware Threat Spotlight research: https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/

Subscribe to our Barracuda blog to receive recaps by email and get the latest news, research, and more: blog.barracuda.com/subscription/

Kaspersky Launches Online Course For Improving Skills for Responding to Cyberattacks Including Ransomware

According to the recent Kaspersky survey conducted among senior non-IT management and business owners, 73% of firms can’t handle a ransomware attack alone or with the help of regular IT service providers. To offer in-house cybersecurity teams and InfoSec professionals an opportunity to expand their analytical skills in the incident response domain, Kaspersky has designed a new Windows Incident Response training course.

Over recent years the lack of skilled technical staff who can detect and respond to complex incidents, along with a lack of visibility across infrastructure and consistent management, have been the biggest challenges for businesses in dealing with complicated cyber threats.

The recent global study by Kaspersky titled “How do business executives perceive ransomware threat?”[1] confirms that most firms (73%) will have to seek the help of external incident response providers’ in the event of a ransomware attack. This is despite the fact that 73% of respondents from APAC consider there to be a high possibility of these attacks on their organization.

It is also likely that companies who have never experienced a ransomware attack overestimate the skills of their regular security providers and in-house IT teams. The statistics show that organizations that have previously been exposed to such threats rely less on their existing resources.

[1] The research was conducted with 900 respondents across North America, South America, Africa, Russia, Europe and Asia-Pacific in April 2022 among companies with up to 1000 employees.

For companies looking to improve the expertise of their in-house digital forensics and incident response teams, as well as for IT security practitioners looking to upgrade relevant skills, Kaspersky has expanded its online expert training portfolio. The Windows Incident Response training was developed by experts from the company’s Global Emergency Response Team (GERT) with more than 12 years’ experience in the field.

During the course, which is heavily focused on practical skills, Ayman Shaaban, Digital Forensics and Incident Response Manager and Kai Schuricht, Senior Incident Response Specialist, will take students through incident detection using the example of a real-life REvil ransomware case.

By the end of the course IT security practitioners will know how to identify and respond to a cyberincident and will be able to differentiate APTs from other threats, as well as studying various attack techniques and a targeted attack anatomy through the Cyber Kill Chain. Participants will master evidence acquisition, all phases of incident detection, log file analysis, network analysis and the creation of IoCs, and also get introduced to memory forensics.

Students will be granted access to a simulated virtual working environment with all the necessary tools, including ELK stack, PowerShell, Suricata, YARA, and more, to practice IR techniques.

Sandra Lee, Managing Director of Asia Pacific, Kaspersky said "Cyberattacks are one of the most pressing concerns, and Kaspersky understands the need of providing frequent training to its stakeholders and constituent organizations in order to better prepare them to identify and respond to cyberattacks, including ransomware. An interactive real-life REvil ransomware scenario that replicates a cyber-assault will assist participants in better understanding the intricacies of incident identification while developing knowledge and expertise in cyber security against cyberattacks and collaborating efficiently."

"Incident Response capabilities require specialized skills to verify and handle threats in a timely manner, as well as to minimize the damage from an incident. Since no one is immune to a cyberattack, and it becomes increasingly more difficult to prevent a security perimeter penetration, remediation and the knowledge and experience of how to respond are more in demand than ever before," adds Kai Schuricht, Senior Incident Response Specialist at Kaspersky.

“Responding to complex incidents and uncovering attack steps is a huge challenge for InfoSec experts. Within this new course we’ve concentrated GERT knowledge gained from handling security incidents for Kaspersky customers around the globe. Our aim was not only to provide extensive theory around the subject, but to also provide real applied skills through end-to-end ransomware case investigation.” comments Ayman Shaaban, Digital Forensic and Incident Response Manager at Kaspersky.

The self-guided training course includes 40 video lessons and 100 hours of virtual lab time for hands-on learning. The estimated training duration is 15 hours, but participants will have six months of access to the platform to finish the training.

More information about the Windows Incident Response course is available via this link.

Coinminers, Web Shells and Ransomware Made Up 56% of Malwares Targeting Linux Systems in the First Half of 2021

Trend Micro Detected Nearly 13 Million Malware Events Targeting Linux-based Cloud Environments

Bangalore, September 9, 2021 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, released a new research on the state of Linux security in the first half of 2021. The report gives valuable insight into how Linux operating systems are being targeted as organizations increase their digital footprint in the cloud and the pervasive threats that make up the Linux threat landscape.

As of 2017, 90% of public clouds workloads ran on Linux. According to GartnerÒ, “Rising interest in cloud-native architectures is prompting questions about the future need for server virtualization in the data center. The most common driver is Linux-OS-based virtualization, which is the basis for containers.” [as per Gartner - Rationalizing Applications and Infrastructure for Cloud Delivery, Philip Dawson, 28 May 2021]

Linux allows organizations to make the most of their cloud-based environments and power their digital transformation strategies. Many of today’s most cutting-edge IoT devices and cloud-based applications and technology run on some flavor of Linux, making it a critical area of modern technology to secure.

“In the industry, we see some very creative attacks and we have to stay ahead. Protecting the company, our employees, and our intellectual property is a priority,” says John Breen, Global Head of Cybersecurity at Flowserve. “We’ll continue to work closely and collaborate with Trend Micro to ensure our people and our company remain protected.”

The report investigates the top malware families affecting Linux servers during the first half of 2021, with the top types of malwares being:

• 25% Coinminers – The high prevalence of cryptocurrency miners is of little surprise given the clear motive of the seemingly endless amount of computing power the cloud holds, making it the perfect environment.
• 20% Web shells – The recent Microsoft Exchange Attack, which leveraged web shells, showed the importance of patching against this type of malware
• 12% Ransomware – The most prevalent detected was the modern ransomware family, DoppelPaymer, however some other notable ransomware families seen targeting Linux systems as well are RansomExx, DarkRadiation, and the DarkSide.

“It’s safe to say that Linux is here to stay, and as organizations continue to move to Linux-based cloud workloads, malicious actors will follow,” said Aaron Ansari, vice president of cloud security for Trend Micro. “We have seen this as a main priority to ensure our customers receive the best security across their workloads, no matter the operating system they choose to run it on.”

The report revealed that most detections arose from systems running end-of-life versions of Linux distributions, including 44% from CentOS versions 7.4 to 7.9. In addition, 200 different vulnerabilities were targeted in Linux environments in just six months. This means attacks on Linux are likely taking advantage of outdated software with unpatched vulnerabilities.

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. TrendMicro.com.

IBM Security Report: Attacks on Industries Supporting COVID-19 Response Efforts Double

Ransomware Group Banks Millions; Cloudy Forecast Amid 40% Rise in Open-Source Malware in 2020; Social Distancing "Must Have" Tools Dominate Top Spoofed Brands

CAMBRIDGE, Massachusetts, Feb. 24, 2021 /PRNewswire/ -- IBM (NYSE: IBM) Security today released the 2021 X-Force Threat Intelligence Index highlighting how cyberattacks evolved in 2020 as threat actors sought to profit from the unprecedented socioeconomic, business and political challenges brought on by the COVID-19 pandemic. In 2020, IBM Security X-Force observed attackers pivoting their attacks to businesses for which global COVID-19 response efforts heavily relied, such as hospitals, medical and pharmaceutical manufacturers, as well as energy companies powering the COVID-19 supply chain.

 

According to the new report, cyberattacks on healthcare, manufacturing, and energy doubled from the year prior, with threat actors targeting organizations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains. In fact, manufacturing and energy were the most attacked industries in 2020, second only to the finance and insurance sector. Contributing to this was attackers taking advantage of the nearly 50% increase in vulnerabilities in industrial control systems (ICS), which manufacturing and energy both strongly depend on.

"In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note. Many organizations were pushed to the front lines of response efforts for the first time – whether to support COVID-19 research, uphold vaccine and food supply chains, or produce personal protective equipment," said Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-Force. "Attackers' victimology shifted as the COVID-19 timeline of events unfolded, indicating yet again, the adaptability, resourcefulness and persistence of cyber adversaries."

The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources within IBM, including IBM Security X-Force Threat Intelligence and Incident Response, X-Force Red, IBM Managed Security Services, and data provided by Quad9 and Intezer, both of which contributed to the 2021 report.

Some of the report's key highlights include:

• Cybercriminals Accelerate Use of Linux Malware – With a 40% increase in Linux-related malware families in the past year, according to Intezer, and a 500% increase in Go-written malware in the first six months of 2020, attackers are accelerating a migration to Linux malware, that can more easily run on various platforms, including cloud environments.
• Pandemic Drives Top Spoofed Brands – Amid a year of social distancing and remote work, brands offering collaboration tools such as Google, Dropbox and Microsoft, or online shopping brands such as Amazon and PayPal, made the top 10 spoofed brands in 2020. YouTube and Facebook, which consumers relied on more for news digestion last year, also topped the list. Surprisingly, making an inaugural debut as the seventh most commonly impersonated brand in 2020 was Adidas, likely driven by demand for the Yeezy and Superstar sneaker lines.
• Ransomware Groups Cash In On Profitable Business Model – Ransomware was the cause of nearly one in four attacks that X-Force responded to in 2020, with attacks aggressively evolving to include double extortion tactics. Using this model, X-Force assesses Sodinokibi – the most commonly observed ransomware group in 2020 – had a very profitable year. X-Force estimates that the group made a conservative estimate of over $123 million in the past year, with approximately two-thirds of its victims paying a ransom, according to the report.

Investment in Open-Source Malware Threatens Cloud Environments

Amid the COVID-19 pandemic, many businesses sought to accelerate their cloud adoption. "In fact, a recent Gartner survey found that almost 70% of organizations using cloud services today plan to increase their cloud spending in the wake of the disruption caused by COVID-19." 1 But with Linux currently powering 90% of cloud workloads and the X-Force report detailing a 500% increase in Linux-related malware families in the past decade, cloud environments can become a prime attack vector for threat actors.

With the rise in open-source malware, IBM assesses that attackers may be looking for ways to improve their profit margins – possibly reducing costs, increasing effectiveness and creating opportunities to scale more profitable attacks. The report highlights various threat groups such as APT28, APT29 and Carbanak turning to open-source malware, indicating that this trend will be an accelerator for more cloud attacks in the coming year.

The report also suggests that attackers are exploiting the expandable processing power that cloud environments provide, passing along heavy cloud usage charges on victim organizations, as Intezer observed more than 13% new, previously unobserved code in Linux cryptomining malware in 2020.

With attackers' sights set on clouds, X-Force recommends that organizations should consider a zero-trust approach to their security strategy. Businesses should also make confidential computing a core component of their security infrastructure to help protect their most sensitive data – by encrypting data in use, organizations can help reduce the risk of exploitability from a malicious actor, even if they're able to access their sensitive environments.

Cybercriminals Disguised as Celebrity Brand

The 2021 report highlights that cybercriminals opted to disguise themselves most often as brands that consumers trust. Considered one of the most influential brands in the world, Adidas appeared attractive to cybercriminals attempting to exploit consumer demand to drive those looking for coveted sneakers to malicious websites designed to look like legitimate sites. Once a user visited these legitimate-looking domains, cybercriminals would either seek to carry out online payment scams, steal users' financial information, harvest user credentials, or infect victims' devices with malware.

The report indicates that the majority of Adidas spoofing is associated with the Yeezy and Superstar sneaker lines. The Yeezy line alone reportedly pulled in $1.3 billion in 2019 and was one of the top selling sneakers for the sportswear manufacturing giant. It's likely that, with the hype for the next sneaker release in early 2020, attackers leveraged the demand of the money-making brand to make their own profit.

Ransomware Dominates 2020 as Most Common Attack

According to the report, in 2020 the world experienced more ransomware attacks compared to 2019, with nearly 60% of ransomware attacks that X-Force responded to using a double extortion strategy whereby attackers encrypted, stole and then threatened to leak data, if the ransom wasn't paid. In fact, in 2020, 36% of the data breaches that X-Force tracked came from ransomware attacks that also involved alleged data theft, suggesting that data breaches and ransomware attacks are beginning to collide.

The most active ransomware group reported in 2020 was Sodinokibi (also known as REvil), accounting for 22% of all ransomware incidents that X-Force observed. X-Force estimates that Sodinokibi stole approximately 21.6 terabytes of data from its victims, that nearly two-thirds of Sodinokibi victims paid ransom, and approximately 43% had their data leaked – which X-Force estimates resulted in the group making over $123 million in the past year.

Like Sodinokibi, the report found that the most successful ransomware groups in 2020 were focused on also stealing and leaking data, as well as creating ransomware-as-a-service cartels and outsourcing key aspects of their operations to cybercriminals that specialize in different aspects of an attack. In response to these more aggressive ransomware attacks, X-Force recommends that organizations limit access to sensitive data and protect highly privileged accounts with privileged access management (PAM) and identity and access management (IAM).

Additional key findings in the report include:

Vulnerabilities Surpass Phishing as Most Common Infection Vector – The 2021 report reveals that the most successful way victim environments were accessed last year was scanning and exploiting for vulnerabilities (35%), surpassing phishing (31%) for the first time in years.
Europe Felt the Brunt of 2020 Attacks – Accounting for 31% of attacks X-Force responded to in 2020, per the report, Europe experienced more attacks than any other region, with ransomware rising as the top culprit. In addition, Europe saw more insider threat attacks than any other region, seeing twice as many such attacks as North America and Asia combined.

The report features data IBM collected in 2020 to deliver insightful information about the global threat landscape and inform security professionals about the threats most relevant to their organizations. To download a copy of the X-Force Threat Intelligence Index 2021, please visit: https://www.ibm.biz/threatindex2021

About IBM Security

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.

Press Contact
Georgia Prassinos
IBM Security Media Relations
gprassinos@ibm.com

____________________


1 Gartner Press Release, Gartner Forecasts Worldwide Public Cloud End-User Spending to Grow 18% in 2021, 17 November 2020

Pandemic Pushes 89 Percent of Indian IT Leaders to Protect Organizational Data from Ransomware According to New Survey

Druva Inc., the leader in Cloud Data Protection and Management, today announced further results from its inaugural 2020 Value of Data Report, highlighting the rising enterprise technology trends in India. The global survey, commissioned by Druva, offers insights from over 1,000 IT decision makers (ITDMs) in India, the US and UK, and underpins the importance of maximizing the value of data as businesses continue to navigate an unprecedented worldwide situation.

 

As organizational reliance on data continues to rise amid the pandemic, the survey uncovered rising concerns among Indian businesses about data protection, the growing need to enhance resilience, and the role data agility plays in enabling organizational operations and connecting with customers. Of the more than 300 ITDMs surveyed in India, approximately one third (31 percent) report an increase in ransomware attacks on the organization since the pandemic began, and overall 89 percent of ITDMs being more concerned now with protecting their organizational data from ransomware than before the pandemic. It’s clear data has never been more valuable to organizational success, yet 44 percent of organizations do not have the data they collect readily available when needed for decision making.

 

With data being created, stored, and shared in more ways than ever before, IT leaders in India are confronted with unprecedented challenges. The survey reveals that protecting data from outside threats, unauthorised internal access and ensuring business resiliency are becoming key priorities for organisations as they accelerate their cloud migration and digital transformation plans.

 

Other key India findings:

 

• Accelerated digital transformation - 76 percent of respondents said that their digital transformation plans have accelerated due to the pandemic.
• Expanding threat surface - since the pandemic began 42 percent reported an increase in video conferencing attacks, malware (40 percent), phishing (35 percent), user error / accidental tampering or deletion (32 percent) and insider attack (31 percent)
• Data Recovery a concern - 67 percent reported that the time to recover data is still an issue and has increased since the pandemic
• Data access crucial for business survival - 25 percent reported that their company can only go 3 to 4 hours without access to data before causing serious harm to their business

“The pandemic, and possibilities of an emergence in the coming months, has forced organizations across India to re-evaluate the health of their data, potential security vulnerabilities, and their level of preparedness”, said Milind Borate, Co-founder and Chief Development Officer, Druva. “The ability to unlock the value of data, rapidly adapt to changing demands, and delight customers will increasingly be determined by their cloud strategy. Cloud data protection plays a pivotal role in this journey, and Druva Cloud Platform is designed to help organizations accelerate their digital transformation, while ensuring data security and compliance.

 

Additional Information

 

• Read more about Druva’s Value of Data survey

About Druva

 

Druva delivers Data Protection and Management for the cloud era. Druva Cloud Platform is built on AWS and offered as-a-Service; customers drive down costs by up to 50 percent by freeing themselves from the burden of unnecessary hardware, capacity planning, and software management. Druva is trusted worldwide by over 4,000 companies at the forefront of embracing the cloud. Druva is a privately held company headquartered in Sunnyvale, California and is funded by Sequoia Capital, Viking Global Investors, Tenaya Capital, Riverwood Capital and Nexus Partners. Visit Druva and follow us @druvainc.

View source version on businesswire.com: https://www.businesswire.com/news/home/20210127006011/en/

Organizations are Never the Same After Being Hit by Ransomware, According to Sophos Global Survey

The Confidence of IT Managers and Approach to Battling Cyberattacks is Vastly Different Between Those Who've Been Impacted by Ransomware and Those who Have Not , Survey Shows

New Ryuk Ransomware Techniques Underscore How Fast Attackers Switch Gears

OXFORD, United Kingdom, Oct. 14, 2020 (GLOBE NEWSWIRE) -- Sophos , a global leader in next-generation cybersecurity, today announced the findings of its global survey, "Cybersecurity: T he Human Challenge ", which reveals that organizations are never the same after being hit by ransomware. In particular, the confidence of IT managers and their approach to battling cyberattacks differ significantly depending on whether or not their organization has been attacked by ransomware.

For instance, IT managers at organizations hit by ransomware are nearly three times as likely to feel "significantly behind" when it comes to understanding cyberthreats, compared to their peers in organizations that were unaffected (17% versus 6%).

More than one third (35%) of ransomware victims said that recruiting and retaining skilled IT security professionals was their single biggest challenge when it comes to cybersecurity, compared with just 19% of those who hadn't been hit.

When it comes to security focus, the survey found that ransomware victims spend proportionally less time on threat prevention (42.6%) and more time on response (27%) compared to those who haven't been hit (49% and 22% respectively), diverting resources towards dealing with incidents rather than stopping them in the first place.

"The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall. However, it could equally indicate that they are more alert to the complex, multi-stage nature of advanced attacks and therefore put greater resource into detecting and responding to the tell-tale signs that an attack is imminent," said Chester Wisniewski, principal research scientist at Sophos.

The fact that ransomware attackers continue to evolve their tactics, techniques and procedures (TTPs) contributes to pressure on IT security teams, as evidenced by SophosLabs Uncut's article, "Inside a New Ryuk Ransomware Attack ". The article deconstructs a recent attack involving Ryuk ransomware. Sophos incident responders found that the Ryuk attackers used updated versions of widely available and legitimate tools to compromise a targeted network and deploy ransomware. Unusually, the attack progressed at great speed – within three and a half hours of an employee opening a malicious phishing email attachment, the attackers were already actively conducting network reconnaissance. Within 24 hours, the attackers had access to a domain controller and were preparing to launch Ryuk.

"Our investigation of the recent Ryuk ransomware attack highlights what defenders are up against. IT security teams need to be on full alert 24 hours a day, seven days a week and have a full grasp of the latest threat intelligence on attacker tools and behaviors. The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyberthreat awareness. However, their ransomware experiences also appear to have given them a greater appreciation of the importance of skilled cybersecurity professionals, as well as a sense of urgency about introducing human-led threat hunting to better understand and identify the latest attacker behavior," said Wisniewski. "Whatever the reasons, it is clear that when it comes to security, an organization is never the same again after being hit by ransomware."

The full report, "Inside a New Ryuk Ransomware Attack", is available on SophosLabs Uncut , where Sophos researchers regularly publish their latest research and breakthrough findings, such as Maze leveraging Ragnar Locker . Threat researchers can follow SophosLabs Uncut in real time on Twitter at @SophosLabs .

About the Survey

The "Cybersecurity: T he Human Challenge " survey was conducted by Vanson Bourne, an independent specialist in market research, in January and February 2020. The survey interviewed 5,000 IT decision makers in 26 countries, in the US, Canada, Brazil, Colombia, Mexico, France, Germany, the UK, Italy, the Netherlands, Belgium, Spain, Sweden, Poland, the Czech Republic, Turkey, India, Nigeria, South Africa, Australia, China, Japan, Singapore, Malaysia, Philippines and UAE. All respondents were from organizations with between 100 and 5,000 employees.

Additional Resources

For more information on how to identify that ransomware attackers have you in their sights, read the SophosLabs article Five signs you're about to be attacked . Learn more about ransomware behavior in the Sophos ransomware playbook: How Ransomware Attacks Read the latest security and company news on Naked Security  and on Sophos News Connect with Sophos on Twitter , LinkedIn , Facebook , Spiceworks , and YouTube About Sophos

As a worldwide leader in next-generation cybersecurity, Sophos protects more than 400,000 organizations of all sizes in more than 150 countries from today's most advanced cyber threats. Powered by SophosLabs – a global threat intelligence and data science team – Sophos' cloud-native and AI-powered solutions secure endpoints (laptops, servers and mobile devices) and networks against evolving cyberattack techniques, including ransomware, malware, exploits, data exfiltration, active-adversary breaches, phishing, and more. Sophos Central, a cloud-native management platform, integrates Sophos' entire portfolio of next-generation products, including the Intercept X endpoint solution and the XG next-generation firewall, into a single "synchronized security" system accessible through a set of APIs. Sophos has been driving a transition to next-generation cybersecurity, leveraging advanced capabilities in cloud, machine learning, APIs, automation, managed threat response, and more, to deliver enterprise-grade protection to any size organization. Sophos sells its products and services exclusively through a global channel of more than 53,000 partners and managed service providers (MSPs). Sophos also makes its innovative commercial technologies available to consumers via Sophos Home. The company is headquartered in Oxford, U.K. More information is available at www.sophos.com

CONTACT: Press Contact:

Hanah Johnson

sophos@marchcomms.com

COVID-19 Pandemic Sparks 72% Ransomware Growth, Mobile Vulnerabilities Grow 50%

Skybox® Security, a global leader in cybersecurity management, today published the mid-year update to its 2020 Vulnerability and Threat Trends Report. The report analyzes the vulnerabilities, exploits and threats in play over the first half of a year dominated by the chaos surrounding the COVID-19 pandemic. The report, compiled by Skybox® Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.

Key findings from the report include:

• 20,000+ new vulnerability reports predicted for 2020, shattering previous records
• 50% increase in mobile vulnerabilities highlights dangers of blurring line between corporate and personal networks
• Ransomware thrives during COVID-19 pandemic, with new samples increasing by 72%
• Attacks on critical infrastructure, including healthcare companies and research labs, have added to chaos

"The global COVID-19 pandemic has completely reshaped the way that organizations and their employees work," said Ron Davidson, VP of R&D and CTO for Skybox Security. "With the majority of the workforce now working remotely, the network perimeter has significantly widened – securing this perimeter now needs to be a top strategic priority. Organizations need to be able to identify the flaws that sit within both personal and professional devices. They also need to be able to model their expanded network so that they can understand all potential attack vectors. If they do not have these capabilities, then they will not be able to manage the mass of 20,000 new vulnerabilities, leaving them vulnerable to attack; something that they cannot afford at a time of global financial uncertainty."

Also notable in the report is the increase of ransomware's popularity, with the number of new samples rising by 72% over the first half of the year.

Sivan Nir, Threat Intelligence Team Leader for Skybox Security, commented on this rise. "We observed 77 ransomware campaigns during the first few months of the pandemic – including several on mission-critical research labs and healthcare companies. The focus and the capability of attackers is clear: they have the means to impart serious financial and reputational harm on organizations. The need for focused remediation strategies that are informed by full network visibility and contextual, data-rich intelligence has never been more pressing."

The report further reveals that the volume of mobile vulnerabilities has increased by 50 percent. This increase is wholly driven by new Android deficiencies (which increased by 110 percent from 230 last year to 484 this year), after the number of new iOS vulnerabilities dropped by 23 percent from 152 to 117. In previous years such an increase may not have concerned security leaders, but after COVID-19 pandemic blurred the line between corporate and domestic spaces it underlines the importance of securing all possible access points.

In order to weather the COVID-19 pandemic and the resulting new threat landscape, organizations need to incorporate accurate, up-to-date threat intelligence into their vulnerability management strategy. Skybox's approach offers a systematic process where vulnerabilities are discovered on a continual basis; prioritized in the context of the network, assets and threats; and remediated or mitigated in accordance with the risk they pose. Such an approach is vital to being proactive against today's threats and adaptive to the volume of new threats yet to come.

To read the full mid-year update to the 2020 Vulnerability and Threat Trends Report, click here.

About Skybox Research Lab  
The Skybox Research Lab is a team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and the tactics, techniques and procedures (TTPs) of today's attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client– and server–side vulnerabilities. 

For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit www.vulnerabilitycenter.com. 

About Skybox Security

ww.skyboxsecurity.com 

At Skybox, we remove complexities from cybersecurity management. By integrating data, delivering new insights and unifying processes, we help you control security without restricting business agility. Our comprehensive solution unites security perspectives into the big picture, minimizes risk and empowers security programs to move to the next level.

IT Major Cognizant hit by 'Maze' Ransomware Attack

IT services major Cognizant said it has become a victim of the 'Maze' ransomware attack that has caused disruptions to some of its clients.

The company, which has about 2 lakh employees based in India, said it is in ongoing communication with clients and has provided them with indicators of compromise (IOCs) and other technical information of a defensive nature.

"Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack," Cognizant said in a statement.

It added that its internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident.

A ransomware typically logs users out of their own systems through forced encryption of data and asks them to pay a ransom if they want to access the encrypted data.

"Cognizant has also engaged with the appropriate law enforcement authorities," the statement noted.

The incident comes at a time when businesses have been disrupted by coronavirus pandemic that has forced companies to turn to initiatives like work from home to ensure business continuity.

This has also led to concerns around security of data.

"Based on present information, we don't believe the reaction to the COVID-19 pandemic or Cognizant's efforts to enable associates to work from home facilitated this incident," a Cognizant spokesperson said.

Quick Heal Launches Next-Gen Suite of Cybersecurity Solutions

Pune headquartered Quick Heal Technologies Limited, one of the leading providers of IT Security Solutions to consumers, today announced the launch of its next-generation suite of cybersecurity solutions – ‘Lighter Smarter Faster’, for laptops and desktops. The launch underlines Quick Heal’s 25-year legacy and constant focus on innovation to design future-ready solutions aimed at providing best-in-class protection against sophisticated cyber-threats.

The launch of Quick Heal’s ‘Lighter Smarter Faster’ suite marks a significant step in the direction of combatting the rapid evolution of the global threat landscape. In its Annual Threat Report 2019, Quick Heal reported more than 973 million malware attacks on desktops and laptops during 2018. More alarming, however, it highlighted how threats such as ransomware, crypto-miners and banking trojans have evolved over time to avoid signature-based detections and deliver advanced attack payloads on systems.

With the launch of ‘its next generation suite, Quick Heal has revamped its superior offerings which includes Quick Heal Total Security, Quick Heal Internet Security and Quick Heal AntiVirus Pro, designed to safeguard the digital lives of consumers from cyberattacks, privacy breaches and other online threats. Backed by industry-leading security technology and advanced features, the brand new range of Quick Heal solutions will go beyond the protection offered by traditional anti-virus solutions.

Kailash Katkar, Managing Director and CEO, said, “Quick Heal was founded with the promise of providing digital citizens with the best and most relevant cybersecurity solutions. In the past 25 years, we have endeavoured to uphold that promise through our commitment to innovation. The launch of the ‘Lighter Smarter Faster’ range is another step towards protecting consumers from new-age threats in the cyber space with state-of-the-art technologies. We remain committed to ensuring the safest digital experience to digital citizens through our range of cutting-edge security offerings.”

Sanjay Katkar, Joint Managing Director and Chief Technology Officer, said, “Since the launch of its first antivirus back in 1993, Quick Heal has set itself apart for providing the most cutting-edge cybersecurity while consuming the lowest system resources. However, over the past 25 years, threats have evolved exponentially and become more complex and sophisticated. We had realised sometime back that simply adding more security layers to combat the growing evolution of the threat landscape isn’t a sustainable solution. If a cybersecurity solution got too heavy to install or slowed down the system performance too much, consumers would simply stop installing or upgrading it. But, in today’s dynamic, threat-prone digital landscape, not installing security solutions is also not a feasible option. The launch of our next-generation suite addresses both these challenges by delivering ‘Lighter Smarter Faster’ cybersecurity while reducing the load demand on the end-user system. We are confident that the launch will help Quick Heal customers gain a competitive advantage against global threat actors.”

Quick Heal’s next generation suite is aimed at providing a seamless and uninterrupted digital experience to consumers by protecting their precious personal data, banking credentials, privacy, memories and more from the wrath of cybercriminals. The new range of solutions are equipped with advanced and comprehensive features like Total Ransomware Protection, as well as Webcam Protection, Portable File Vault, Safe Banking, Parental Control, Web Security and many more, to give its customers an edge over sophisticated cybercriminals and threat actors.

With this ground-breaking development, Quick Heal has distilled its extensive expertise in state-of-the-art cybersecurity and threat defence into new-age security solutions that offer the maximum protection with minimal resource consumption. The latest version of the Quick Heal products, for instance, will be less demanding on device memory and drastically reduce the processor load and disk storage requirement – thus having minimal impact on device performance. The ‘Lighter Smarter Faster’ version also enables quicker security scans and improves the device shutdown time and comes equipped with several smart features.

Amongst the new features introduced by Quick Heal is Total Ransomware Protection, an industry-first feature which provides complete protection for important user data against critical ransomware attacks. Quick Heal has also introduced the Tally Backup feature in Total Ransomware Protection to protect and recover critical Tally files, along with the popular document formats, in case of an attack.

Portable File Vault, on the other hand, restricts unauthorised access to users’ confidential documents through state-of-the-art encryption and prevents deletion of data, while Webcam protection shields webcams against privacy intrusion attempts. Other features, such as Safe Banking and Web Security also ensure that Quick Heal customers remain safe and secure from potential threats and cyber-attacks when online – whether banking, accessing information, or just browsing through the Internet.

About Quick Heal Technologies

Quick Heal Technologies Limited is one of the leading providers of IT security software products and solutions in India. Incorporated in 1995 with a registered office in Pune, Quick Heal has a network of over 25,000 channel partners as on 31st March 2018. It conducts sales and marketing activities across India.

Quick Heal’s portfolio includes solutions under the widely recognized brand names ‘Quick Heal’ and ‘Seqrite’ across various operating systems and devices.

Crypto-Mining Replaces Ransomware As Most Popular Cybercrime Malware

Skybox Security, a global leader in cybersecurity management, announced today the release of its mid-year update to the Vulnerability and Threat Trends Report which analyzes vulnerabilities, exploits and threats in play. The report, compiled by the team of security analysts at the Skybox® Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.

The mid-year update explores trends observed from January to June of 2018. One of the most significant findings is the replacement of ransomware as the cybercriminal tool of choice with cryptomining malware. In the last six months of 2017, ransomware accounted for 32 percent of attacks, while malicious cryptominers accounted for seven percent. By the first half of 2018, the figures had switched almost exactly: malicious cryptominers accounted for 32 percent of attacks while ransomware dropped to eight percent.

“In the last few years, ransomware reigned supreme as the shortcut money-maker for cybercriminals,” said Ron Davidson, Skybox CTO and Vice President of R&D. “It doesn’t require data exfiltration, just encryption to hold the data hostage and a ransom note of how the victim can pay up. With cryptominers, the criminals can go straight to the source and mine cryptocurrency themselves. There’s no question of if they’ll be paid or not.”

Cryptomining uses the computational power of compromised assets to create new blocks in the blockchain of like Bitcoin and Monero. The malicious or unauthorized cryptomining approach indeed avoids several of the drawbacks of ransomware:

• The victim doesn’t need to be notified of the attack in order to pay the ransom, so it can continue indefinitely in a stealth manner




• Cryptocurrency can be mined over long-periods of time, rather than the cybercriminal receiving a single lump-sum ransom payment




• There is no decision of payment on the part of the victim — the attack itself controls how much money will be generated.

“Ransomware received a lot of attention in years past, especially thanks to the likes of WannaCry, NotPetya and BadRabbit,” said Skybox Director of Threat Intelligence Marina Kidron and leader of the Research Lab behind the report. “To some extent, organizations took note and put effective precautions in place, ensuring they had reliable back-ups and even thwarting attackers with decryption programs. So cybercriminals found — in cryptomining— a path of lesser resistance. The recent uptick in value of cryptocurrencies also made this an incredibly profitable attack option.”

Other findings in the report appear to relate to this rise in cryptomining. Internet and mobile vulnerabilities made up nearly a third of all new vulnerabilities published in the first half of 2018. Google Android had by far the most vulnerabilities during that time period, exceeding the tally of the next five most vulnerable vendors combined. Android also logged 200 more vulnerabilities than it did in the second half of 2018. Malicious cryptomining has found an advantage in targeting the app store of the global market leader in mobile devices, with billions of potential targets worldwide.

Browser-based malware is also on the rise in the first half of 2018. “Out of all software today, web browsers are considered the most prone to malicious attacks,” said Kidron. “They constantly interact with websites and applications that cybercriminals have infected with malware like cryptominers and other threats via the web, which are notoriously difficult to detect. The cryptomining malware could be active as long as the web session is active, and ‘file-less’ cryptominers also can hide from conventional security tools as there’s no download or attachment to analyze.”

No matter the payload, attackers looking to exploit vulnerabilities have more resources than ever. Not only are dark web market places rich with attack tools and services, and criminal forums ripe with information, vulnerabilities themselves have skyrocketed. New vulnerabilities catalogued by MITRE’s National Vulnerability Database doubled in 2017 over the previous year, and 2018 looks to be on track to shatter even that record. The 2017 surge and continued elevated numbers is largely due to organizational improvements at MITRE and increased security research by vendors and third–parties, including vendor–sponsored bug bounty programs. But no matter the reason, organizations have to employ smarter and faster ways to find the signal in the noise and mitigate vulnerability risks before they’re used in an attack.

Skybox recommends establishing a threat–centric vulnerability management (TCVM) program to adapt to these changes in the threat landscape and those yet to come. The TCVM approach helps security practitioners focus on the small subset of vulnerabilities most likely to be used in an attack by incorporating vulnerability and threat intelligence with the context of their assets, network and security controls. This way, remediation is targeted at the greatest areas of risk while leveraging all response options — patching as well as network-based changes.

To read the full report on vulnerability and threat trends thus far in 2018, click here. To learn more about Skybox vulnerability management approach, download our e-book here.

[Top Image Source - ccn.com]