ransomware | Business Upturn

AI risks to security discussed in Parliament

Eesha Chakraborty — Tue, 27 Feb 2024 09:58:29 +0000

The potential dangers of Artificial Intelligence (AI) to national security were at the forefront of discussions held in the UK Parliament recently. Leading figures from the British cybersecurity industry gathered to address the evolving threat landscape and brainstorm solutions.

The event, hosted by Member of Parliament Dean Russell and chaired by Steven George-Hilley of Centropy PR, featured a panel of experts who delved into the specific risks posed by AI advancements. These concerns ranged from the potential misuse of AI-generated deepfakes for malicious purposes, such as spreading misinformation or manipulating public opinion, to the increased sophistication of AI-powered hacking tools that could target critical national infrastructure. The rise of ransomware attacks, a growing threat in recent years, was also highlighted as likely to become even more complex with the integration of AI technology.

Beyond outlining the potential problems, the panel also emphasized the crucial need for proactive measures to address these emerging challenges. Victor Murineanu, CISO of Chelsea Football Club, underlined the importance of bridging the growing cyber skills gap in the UK. He called for increased investment in training and recruitment programs to equip young people with the necessary expertise to combat these future threats. This call to action resonated with cyber security specialist Sarah Rench from Avanade, who observed a positive trend of companies allocating more resources towards developing cyber skills within their workforce.

Nicko van Someren, the Chief Technology Officer of Absolute Software, emphasized the crucial role of staying ahead of the curve. He pointed out that the rapid advancements in AI not only pose new challenges but also present opportunities for strengthening defenses. He stressed the urgency of utilizing these advancements for defensive purposes, acknowledging that malicious actors are likely already exploring the offensive potential of AI.

The discussion also highlighted the importance of maintaining comprehensive visibility into IT systems. Paul Connaghan, a Principal Consultant specializing in application security at RiverSafe, argued that in the face of increasingly sophisticated threats like AI-powered attacks, having clear visibility into network activity, user behavior, and system performance is no longer optional but essential for building effective defensive strategies. He emphasized that investing in robust threat intelligence solutions that provide real-time insights is crucial for businesses to proactively identify and mitigate potential threats, ultimately protecting themselves and their employees.

The conversation also touched upon the need to anticipate future threats. Angus Lockhart, Chief Operating Officer at SECQAI, pointed out the escalating complexity of the cyber landscape, which he linked to rising global tensions and conflicts. He stressed the importance of ensuring the UK’s preparedness against both current and future threats. This, he suggested, involves mitigating existing cyber attacks by promoting the use of “memory safe” hardware and preparing for future threats like quantum computing by transitioning to Post-Quantum Cryptography, a more secure encryption method.

Finally, Nithin Thomas, Founder and CEO of Klarytee, emphasized the transformative potential of AI while simultaneously cautioning against its potential misuse. He warned that as businesses embrace AI’s capabilities, a new wave of cyber threats, powered by AI, is likely to emerge. He concluded by underlining the critical need for a proactive approach to data protection in the face of this evolving threat landscape.

Lockbit claims resurgence after global police takedown

Eesha Chakraborty — Tue, 27 Feb 2024 03:17:29 +0000

In a surprising turn of events, the notorious cybercrime group Lockbit, known for its use of ransomware to extort victims, claims to be operational again following a recent international takedown effort by law enforcement agencies.

Earlier in February, a coordinated operation led by the United Kingdom’s National Crime Agency (NCA) targeted Lockbit. This unprecedented effort resulted in arrests, indictments, and the seizure of the group’s infrastructure, effectively taking them offline.

However, in a recent statement, Lockbit asserts that they have restored their servers and are back in business. They claim their “backup blogs,” which are believed to be alternative platforms for leaking stolen data from victims, were unaffected by the takedown due to their use of a different programming language. This statement, posted on a newly established dark website, further asserts that stolen data leaks will continue.

The NCA, however, disputes Lockbit’s claims. They maintain that the group remains “completely compromised” and emphasize their ongoing efforts to disrupt Lockbit’s activities. Additionally, they acknowledge the possibility of the group attempting to rebuild and regroup, highlighting the vast amount of intelligence gathered about Lockbit and its associates.

While the group claims partial functionality, the effectiveness of the police operation and the extent of Lockbit’s capabilities are still under investigation. Cybersecurity experts continue to advise organizations to remain vigilant and implement robust defenses against the ever-present threat of ransomware attacks.

Indian businesses face urgent need to bolster cybersecurity amidst rising AI-driven threats

Eesha Chakraborty — Sun, 25 Feb 2024 14:08:05 +0000

In the ever-evolving realm of cybersecurity, complacency can be a costly mistake. As cyber criminals continuously adapt and exploit new technologies, Indian organizations must remain vigilant and proactive in safeguarding their digital assets. Experts are urging Indian organizations to shed complacency and actively bolster their cybersecurity measures in the face of increasingly frequent and complex cyberattacks. New technologies like artificial intelligence (AI) offer exciting possibilities but also introduce fresh challenges to the cybersecurity landscape.

Dr. Sanjay Katkar, Joint Managing Director of Quick Heal Technologies, aptly describes AI in cybersecurity as a “double-edged sword.” While it empowers defensive capabilities, malicious actors can exploit it too.

However, not all hope is lost. Dr. Katkar assures us that certain detection technologies remain exclusive to cybersecurity professionals, offering a critical line of defense for critical digital infrastructure and anomaly detection. This is further underscored by research conducted by Seqrite Labs, which analyzed a staggering 400 million malware detections in India alone during 2023.

The financial repercussions of cyberattacks are equally concerning. A recent report by Barracuda Networks reveals that the average annual cost of responding to such incidents exceeds a staggering $5 million. Moreover, the report raises concerns about the potential use of Generative AI (GenAI) by hackers, further amplifying the volume, sophistication, and effectiveness of their attacks. In the face of this evolving threat landscape, experts propose a multi-pronged approach. Deploying AI-based defenses specifically tailored to counter these emerging threats is deemed essential.

Additionally, Raj Sivaraju, President of APAC at Arete, emphasizes the importance of implementing ethical frameworks to govern AI development and cyber use cases, potentially mitigating potential damage. Regular software updates, access isolation, and ongoing user training against evolving social engineering techniques are also highlighted as crucial measures.

Looking ahead, 2024 demands a proactive approach from Indian firms. Expanding training programs, fostering security partnerships, embracing automation, and implementing resilience principles like “zero trust” are identified as priorities for maturing defensive strategies. By embracing urgency, collaboration, and strategic technology investments, Indian cyber defenders can effectively confront the challenges posed by their adversaries and contribute to a more secure digital future.

North Korean hackers leverage AI, raising global cybersecurity concerns

Eesha Chakraborty — Sun, 25 Feb 2024 03:35:15 +0000

North Korean hackers, long notorious for their audacious cyberattacks, have taken their game to the next level by incorporating generative artificial intelligence (AI) into their operations. This development, reported by security experts and intelligence agencies, marks a concerning escalation in the sophistication and potential impact of North Korea’s cyber threats.

Previously known for brazen attacks like the Bangladesh central bank heist and the WannaCry ransomware epidemic, North Korean hackers are now leveraging AI’s power to create more convincing online personas and tailor phishing campaigns with unprecedented precision. Imagine receiving a LinkedIn message from a seemingly legitimate recruiter, only to discover later it was a meticulously crafted AI-generated profile designed to steal your credentials. This is the reality that cybersecurity professionals now face, with the added complexity of AI-powered attacks blurring the lines between human and machine interaction.

The integration of AI raises several critical concerns. Firstly, it facilitates targeted espionage and financial theft, potentially fueling North Korea’s nuclear weapons program. The ability to bypass language barriers and generate realistic documents enables hackers to infiltrate sensitive networks and steal valuable information, intellectual property, and funds. Secondly, it complicates global cybersecurity efforts. Identifying and neutralizing AI-powered attacks requires advanced detection algorithms and constant adaptation, posing a significant challenge for defense systems designed to combat traditional cyber threats.

The report by the National Intelligence Service further highlights North Korea’s ambitious AI development, encompassing government, academic, and commercial sectors. This comprehensive approach suggests a strategic focus on leveraging AI across various domains, including public health, nuclear safety, and military simulations. While some private entities claim to have integrated AI into their surveillance systems, the true extent of North Korea’s AI capabilities remains shrouded in secrecy.

The arms race in the cybersecurity realm is intensifying, with both defense and offense adopting AI tools. While machine learning algorithms traditionally aided in identifying suspicious network activity, offensive actors are now exploring large language models like ChatGPT to automate and personalize attacks. This dual-use nature of AI underscores the need for responsible development and deployment, ensuring its benefits outweigh the potential harm.

Enhanced international cooperation is crucial to share intelligence, develop robust AI-powered defense systems, and establish clear norms for responsible AI development. Additionally, continued investment in research and development is essential to stay ahead of the curve and ensure effective countermeasures against AI-powered cyberattacks.

Healthcare billing disruption caused by Optum hack

Eesha Chakraborty — Fri, 23 Feb 2024 17:24:08 +0000

The American healthcare system was sent into disarray on February 21st, 2024, as a cyberattack targeted Optum, a subsidiary of UnitedHealth Group. Optum operates the Change Healthcare platform, a crucial cog in the nation’s medical billing and claims processing machinery. The attack forced Optum to shut down its IT systems, causing widespread disruptions that impacted hospitals, clinics, pharmacies, and ultimately, patients.

The attack, believed to be perpetrated by a “nation-state” actor, highlights the vulnerabilities of the healthcare industry in the face of sophisticated cyber threats. Optum confirmed the incident in an official filing with the Securities and Exchange Commission, stating that they proactively isolated impacted systems to contain the attack and protect patient data. However, the disruption’s full extent and duration remain unclear.

The immediate consequences were widespread. Hospitals and clinics struggled to process patient bills and claims, leading to delays in treatment and prescriptions. Pharmacies, particularly local and chain stores, were unable to process insurance claims or accept discount cards, creating significant inconvenience for patients. The American Hospital Association issued a stark warning, urging healthcare organizations to disconnect from Optum until its systems were deemed safe.

The potential for a ransomware attack looms large, with the possibility of patient and corporate data being stolen and held for ransom. While the investigation continues, the incident raises critical questions about data security and preparedness within the healthcare industry. The reliance on centralized platforms like Change Healthcare underscores the need for robust cybersecurity measures and contingency plans to mitigate such disruptions.

The investigation into the cyberattack is ongoing, with authorities yet to disclose the full extent of the damage. However, the initial impact has been significant, highlighting the vulnerabilities within the US healthcare system’s digital infrastructure. This incident underscores the need for robust cybersecurity measures and contingency plans to ensure the continued functionality of critical healthcare services in the face of such threats.

India ranks 80th in local cyber threats despite booming $6 billion cybersecurity market

Eesha Chakraborty — Wed, 21 Feb 2024 15:29:37 +0000

A recent report has shed light on India’s cybersecurity landscape, revealing a concerning trend of local cyber threats targeting internet users. The report, which focused on threats found directly on users’ devices or removable media, placed India at the 80th position globally. This means that a significant portion of Indian internet users faced local threats in 2023, with nearly 34% encountering such malicious programs. These threats can take various forms, including malware hidden within complex installers or encrypted files.

Despite the prevalence of local threats, India’s cybersecurity market is booming, reaching a staggering USD 6.06 billion in 2023. However, experts warn that sophisticated external cyber threats pose a major challenge for businesses. In response, nearly two-thirds of Indian enterprises are planning to outsource key security tasks to managed security service providers in the next three years. Establishing and maintaining trust in the digital realm becomes increasingly difficult when sophisticated attacks threaten to breach data and disrupt operations.

Recognizing this challenge, a significant trend is emerging within Indian enterprises. Nearly two-thirds, or 67%, are considering outsourcing key security tasks to managed service providers (MSSPs) in the coming years. This shift signifies a growing understanding of the complexities involved in managing cybersecurity, and the potential benefits of leveraging specialized expertise. By partnering with MSSPs, organizations can gain access to advanced security solutions and skilled personnel, allowing them to focus on their core business functions with greater peace of mind.

Furthermore, the adoption of artificial intelligence (AI) and digital payments in India adds another layer of complexity to the cybersecurity landscape. As Jaydeep Singh, General Manager for South Asia at Kaspersky, aptly points out, “With the rise of AI use and the consistent digital payment adoption here, it has become imperative for organisations to continuously improve their cybersecurity posture to protect their assets and maintain stakeholder trust.” The integration of AI and digital payments necessitates robust security measures to safeguard sensitive data and prevent financial losses.

While the market is flourishing and awareness is increasing, the persistent threat of local and external cyber attacks necessitates continuous vigilance and improvement.

International law enforcement dismantles LockBit ransomware gang

Eesha Chakraborty — Tue, 20 Feb 2024 17:29:46 +0000

In a significant blow to the global cybercrime landscape, a coalition of international law enforcement agencies, led by the FBI and the UK National Crime Agency, has successfully disrupted the operations of the notorious LockBit ransomware gang. This coordinated effort, involving authorities from 11 countries, dealt a crippling strike to LockBit’s infrastructure, seizing control of its website and shutting down 11,000 domains used by the group and its affiliates to facilitate their ransomware attacks.

LockBit, notorious for its brutal tactics and high-profile targets, has plagued the digital landscape for several years. Their modus operandi involves deploying ransomware, a type of malicious software that encrypts victims’ data, rendering it inaccessible. They then demand exorbitant sums of money in exchange for decryption keys, inflicting significant financial losses and operational disruptions on businesses and organizations.

The operation targeted the core infrastructure of LockBit, seizing control of over 11,000 domains used by the group and its affiliates for facilitating ransomware activities. This included taking down the LockBit website, and effectively severing their primary communication channel with potential victims and collaborators. Additionally, law enforcement officials disrupted LockBit’s malware deployment system, further hindering their capacity to launch new attacks.

Notably, LockBit was behind the 2023 attack on the U.S. arm of the Industrial & Commercial Bank of China, causing significant disruption to the U.S. Treasury market, and also compromised a website used by Boeing to sell spare parts and services.

The group’s operations are estimated to have netted millions in ransom payments, with the FBI reporting over 144 million dollars extorted from victims in the United States alone. LockBit’s reach extended beyond national borders, claiming over 3,600 victims globally, primarily from the private sector.

The successful disruption of LockBit marks a significant victory in the ongoing fight against cybercrime. It demonstrates the power of international cooperation and coordinated action in tackling sophisticated cyber threats. Furthermore, the action encourages victims of cyberattacks to come forward and report them to law enforcement authorities.

The growing threat of cybercrime in Africa

Eesha Chakraborty — Tue, 20 Feb 2024 04:19:51 +0000

The META region, encompassing the Middle East, Turkey, and Africa, faces a relentless barrage of cyberattacks. But within this region, Africa has emerged as the prime target for malicious actors, raising concerns about the continent’s digital security and the potential ramifications for individuals, businesses, and governments.

Dr. Amin Hasbini, head of the Global Research & Analysis Team (GReAT) for the META region at Kaspersky, paints a stark picture. For instance, Kenya, South Africa, and Nigeria witnessed a staggering 41 million, 33 million, and 21 million cyberattacks in the past year alone. This alarming trend isn’t just about quantity; it’s also about the nature of the threats. Ransomware, notorious for encrypting files and demanding hefty ransoms for decryption, has reigned supreme for three consecutive years, with file encryption as its preferred weapon.

However, the threat landscape is undergoing a dynamic shift. While some countries grapple with intensified ransomware attacks, others face a surge in Denial-of-Service (DoS) threats, aiming to disrupt online services. This evolving tactic highlights the adaptability of cybercriminals, constantly seeking new avenues to exploit vulnerabilities.

The very nature of the criminal underground is transforming. Dr. Hasbini emphasizes the rapid growth and interconnectedness of these networks, allowing them to flourish and pose an even greater threat. These actors no longer discriminate; they target everyone – individuals, families, and even children. Their methodologies and technologies are constantly evolving, and they readily collaborate and compete, further exacerbating the problem.

Adding another layer of concern is the recent discovery of certain cybercriminals possessing “Zero-Day” exploits, granting them unprecedented access to systems with no known defenses. This highlights the sophistication and alarming capabilities these malicious actors are attaining.

The scale of attacks is also escalating, threatening to overwhelm defenses. The “Raysida” attack on a South African educational institution in January serves as a chilling example. This attack compromised a staggering 500 gigabytes of data, equivalent to 500,000 large Excel files, exposing a vast amount of personal and confidential information. Such incidents underscore the potential severity of cyberattacks in Africa.

Advanced persistent threats (APTs), characterized by stealthy and prolonged intrusion attempts, are also gaining traction. These targeted attacks primarily focus on government, telecommunications, financial, and industrial sectors, posing a significant challenge to regional stability and economic well-being. Dr. Hasbini emphasizes the particular vulnerability of government institutions due to the rapid digital transformation sweeping across Africa, a trend that, while bringing advancements, also creates exploitable gaps.

North Korea’s cyber army plunders billions in virtual currency

Eesha Chakraborty — Sat, 17 Feb 2024 14:35:12 +0000

Within the digital world, a group known as Andariel, a North Korean hacker unit, alongside others like Kimsuky, Lazarus, and BlueNoroff, has become notorious for its focus on financial cybercrime. Their recent exploits, however, have shed light on a larger, more troubling trend: North Korea’s growing reliance on virtual currency theft to fund its nuclear weapons of mass destruction (WMD) programs.

News of Andariel’s breach of South Korean defence firms, stealing 1.2 terabytes of sensitive data, was just the tip of the iceberg. A recent report by the U.S. Department of the Treasury reveals a more alarming reality: North Korean cybercriminals have allegedly amassed a staggering $1.7 billion in virtual assets through cyber thefts in 2022 alone, exceeding any previous year. This brings the total stolen over the past three years to a staggering $3.129 billion.

According to the report, North Korean cyber criminals amassed a staggering $1.7 billion in virtual assets through cyber theft in 2022 alone, exceeding any previous year. This brings the total stolen over the past three years to a staggering $3.129 billion. This illicit activity takes various forms, including ransomware attacks, hacks on virtual asset service providers (VASPs), and even the deployment of IT experts overseas who operate under assumed identities to secure contracts on digital platforms.

No longer content with isolated attacks, they are now building a network of international collaborators, with evidence suggesting ties to Russian cybercriminals who provide haven and support. This collaboration raises the spectre of even more sophisticated and coordinated attacks in the future.

The vulnerability of virtual assets plays a crucial role in North Korea’s success. The rapid growth of the cryptocurrency market, coupled with a lack of robust regulations, creates a fertile ground for exploitation. Hackers capitalize on weak security measures and the anonymity offered by certain platforms to steal and launder funds with relative ease.

This growing threat has not gone unnoticed by the international community. The United Nations Security Council has imposed sanctions on North Korea since 2006, and a trilateral effort by South Korea, the United States, and Japan aims to curb virtual asset theft. However, these efforts have been met with adaptation by North Korean hackers, who operate from foreign shores and meticulously mask their identities.

With billions already stolen and North Korea’s nuclear ambitions unabated, the international community must act swiftly. Strategies like enhanced cyber security measures, stricter regulations for virtual asset markets, and closer international cooperation are crucial to dismantle North Korea’s cybercrime network and prevent further funding of its WMD programs.

U.S. firm CEO says up to 1,500 businesses affected by ransomware attack

Vaibhav Agrawal — Tue, 06 Jul 2021 05:37:17 +0000

According to a report released by Reuters, due to a ransomware attack centered on the United States information technology firm Kaseya, around 800 to 1500 businesses across the world have been affected, as mentioned by its Chief Executive Officer on Monday.

It was difficult to estimate the precise impact of Friday’s attack because those who were hit were major customers of Kaseya’s customers, As mentioned by the Florida-based company’s CEO Fred Voccola in an interview.

The company typically handles the back-office work for those companies which are too small or modestly resourced for having their Tech departments are provided software tools by Kaseya.

Allowing the hackers to paralyze hundreds of businesses situated on all five continents, on Friday one of those tools was subverted. Small concerns like dentists’ offices or accountants were among the most of those who affected, while the disruption has been felt more keenly in Sweden where due to cash registers going inoperative, hundreds of supermarkets had to close along with New Zealand, where schools and kindergartens were knocked offline.

Although a willingness to temper the demands made by the hackers in private conversations with the cybersecurity expert and with Reuters has been indicated by the hackers who, to restore all the affected businesses data have demanded $70 million and claim the responsibility for the breach.

On Monday Reuters was told by a representative of the hackers that they are always ready to negotiate. Although the representative didn’t provide their name but spoke through a chat interface on the hacker’s website.

Ransomware attacks in India increased 200% quarter-on-quarter in April-June: Seqrite Report

Anjana Krishna — Wed, 26 Aug 2020 12:53:32 +0000

Ransomware attacks in India doubled in the June quarter according to cybersecurity firm Seqrite’s quarterly threat report. Almost 4 lakh ransomware cases were reported in the April-June quarter, witnessing a large spike from the last quarter.

Seqrite detected 22 million Windows malware in June quarter. Out of these, 9.59 million attacks were in June alone, up from 7.51 million in May. As many as 100 enterprises have been affected by the Maze ransomware, which has emerged as the biggest ransomware threat according to the researchers. Ryuk, Netwalker, RagnarLocker, PonyFinal and Tycoon are the other ransomware families that saw increased activity since the pandemic started. Absence of a good cybersecurity system attributed to the work from home situation is the reason behind the spike in the ransomware attacks, said the report.

The recent attacks also saw ransomware operators stealing sensitive information apart from encrypting company systems and asking for ransom, which is a troublesome development. BFSI, Manufacturing, IT/ITES and Government departments are the most targeted because of the sensitive information they possess.

“Ransomware attacks have always been a concern for enterprises. But what makes them more dangerous is their innovative and evolving nature. While previously, threat actors used to block sensitive data and ask for a ransom in return, now they have evolved and become much smarter than ever,” Sanjay Katkar, Joint Managing Director and CTO – Quick Heal Technologies said in a statement. Manufacturing and professional services were the most affected sectors with 23.86% and 23.54% detection.