por Rebeca | Dic 28, 2022 | Ciberseguridad
Ransomware: To pay or not to pay
Ransomware attack and pay or not
The main goal of hackers when carrying out a ransomware attack is to demand a ransom in return and profit. They key is… Ransomware attack, and pay or not.
The 64% of Spanish companies agreed to pay the ransom requested by cybercriminals and 43% of them did so to become operational again because the ransomware attack paralyzed their activity. This is the conclusion of the Cyberpreparedness Report 2022 of Hiscox, an insurer that offers innovative and specialized products for companies and professionals in the Spanish market.
This number of companies that chose to pay the ransom in order to become operational again increases to 56% in the case of small and medium-sized Spanish companies. This type of attack endangers the economic capital of the company, since only the payment of all the ransoms carried out by Spanish companies in 2021 cost each of them an average of €19,400, without taking into account the extra €10,843 that on average they invested to be able to recover their normal activity after the incident.
So… Ransomware attack and pay or not?
However, paying is not synonymous with peace of mind in light of the fact that 47% of companies that decided to pay the ransom demanded by cybercriminals resulted in a second ransomware attack, a figure that rises to 50% in the case of small and medium-sized companies in Spain.
Ransomware is the third type of attack that companies suffer the most (22%), behind Denial of Service (38%) and financial fraud (32%). In the specific case of SMEs, ransomware attacks are becoming more frequent. Since if in 2020 they only represented 11%, in 2021 it has risen to 20%.
But why shouldn’t we pay? There are different reasons:
- Nothing guarantees that we will recover the files.
- In certain circumstances it is illegal to pay such a ransom and even not to inform the authorities. That we have been the victim of a ransomware attack. In the United States, for example, it is a crime.
- Paying allows cybercriminals to continue their attacks since we would be financing the attackers.
Soffid recommends to adopt the principle of least privilege for internal and external network users. With this type of ransomware it is effective to reduce the privileges of user accounts. Reducing to a minimum the accounts that need system administrator privileges. Thus reducing the attack surface exploited by the ransomware agent.
Sources:
- thelawreviews
- signaturit
- redeszone
por Rebeca | Dic 21, 2022 | Soffid
At the holiday season, our thoughts turn gratefully to those who have made our progress possible. It is in this spirit that we say…
… Thank you and best wishes for the holidays and Happy New Year.
News are coming in 2023 and we are looking to share all the best with you during the upcoming year.
por Rebeca | Dic 14, 2022 | Sin Categoria
Zero Trust: This concept was coined in 2010 by John Kindervag, a former Forrester Research analyst who is also considered one of the world’s leading cybersecurity experts. basically Guided by the principle «never trust, always verify», the application of this strategy aims to protect modern digital environments with increasingly mobile and connected users.
A zero trust approach allows organizations to make access certainly decisions based on the context of the transaction.
Creating a zero trust architecture requires excellent identity data, contrarily properly assigned rights and a standardized application of authentication.
Why Zero Trust?
Many organizations have taken a decentralized approach to identity and access management, accordingly allowing multiple lines of business to build their own controls. Unfortunately, this leads to duplicate access enforcement systems. Zero Trust takes a more consistent approach across the enterprise, also providing visibility and enforcement of access policies. This means increased security and compliance.
Implementing zero trust is an interdisciplinary exercise spanning identity, firstly access management, and infrastructure security. There is no single technology that can cover all requirements. Access policies can be implemented in access management solutions as well as privileged access tools. Network infrastructure, API gateways, cloud platforms and even within application code.
- Identify policy enforcement points and policy engines for access decisions.
- Understand the information points of the policy.
- Identify implementation patterns.
- Know their data.
- Develop a risk-based roadmap.
Do you want to keep your company safe?
Sources:
- Accenture
- welivesecurity.com
por Rebeca | Dic 7, 2022 | Sin Categoria
Cybersecurity Trends in 2023
According to a report recently published by the insurer Hiscox, but cyberattacks in Spain have an average cost per company of 105.000 euros, almost double compared to 2020, which was 55,000 euros. The cost per company reaches, on average, 78,000 euros worldwide.
The reputational damage must be added to the economic cost. Becouse a security breach can cause reluctance or fear among users but clients when hiring their services.
Today we share the trends in cybersecurity in 2023.
Cybersecurity Culture
Businesses will continue to fight phishing, ransomware, and DDoS. Remote work is here to stay, along with the security risks that come with it. Unshielded home networks, untrained employees, and the absence of a cybersecurity culture. Will pose a serious threat to organizations unless they take the proper precautions. A new geopolitical reality. The ongoing war, coupled with the energy crisis, may result in attacks on critical energy infrastructure.
Security Practices improvement
The CISO is responsible for setting the strategy, additionally cannot implement that strategy if there is no buy-in from other areas of the organization. It is up to the members of each department to apply the controls that the security team recommends or requires. This disconnect between the expectations of the security team and the actual implementation is where things fall apart. In 2023, organizations will look another to solve this problem and place more departmental emphasis on implementing security best practices.
Zero-Trust Architecture
Businesses will address ransomware threats from several ways, from improving cyber skills by working with the security team, to the right security tools such as multi-factor authentication, and training courses. Zero-trust architecture investment to validate access and improve security will increase.
Transparent Cybersecurity with customers
The way companies interact and communicate with their customers will. Need to change in 2023 as the public becomes increasingly aware of ransomware threats and data privacy issues.
As data breaches become increasingly public, rather than trying to downplay or hide the incident, organizations will need to admit the problem and provide details about the steps they are taking to mitigate the problem and prevent future breaches.
Visibility and security of connected devices
Leading organizations will target connected device cyber practices by establishing or updating related policies and procedures. Updating inventories of their IoT connected devices, monitoring and patching devices, refining device acquisition and disposal practices with security in mind , correlating IoT and IT networks, monitoring connected devices more closely to further secure those endpoints, manage vulnerabilities, and respond to incidents.
Supply chains threats
Today’s hyper-connected global economy has led organizations to rely heavily on their supply chains, them threats evolving in complexity, scale, and frequency, so organizations will continue the drive to innovate and mature their transformation capabilities. risk and security.
Organizations are focusing on implementing and operating identity and access management (IAM) capabilities. But trust is at zero that they enforce authorized third-party access to systems and data, and reduce the consequences of a compromised third party.
Shall we talk?
Fuentes:
- Spiceworks.com
- Venturebeat.com
por Rebeca | Nov 24, 2022 | Ciberseguridad, Noticias, Soffid
The Uber breach
In September, ridesharing company Uber disclosed that hackers had stolen the personal information of about 57 million customers and drivers. The days following the attack were full of speculation around how the attacker – allegedly a 17 year old – was able to gain access to the systems.
What happened?
1st. By obtaining access to login information for Uber’s VPN infrastructure, the attacker was able to enter its IT environment.
2nd. This contractor most certainly did not have elevated or unique access rights to critical resources, but he or she did have access to a network share, much like other Uber employees. Either this network share was accessible or the broad read ACL setting was set incorrectly. As a result, the hacker located a PowerShell script with hard-coded privileged credentials for Uber’s PAM solution within the network share.
3rd. The attacker was able to further elevate privileges by harvesting the hard-coded admin credentials for the privileged access management system.
4th. The attacker ultimately obtained “elevated permissions to a number of tools,” according to Uber’s most recent update. The potential for harm was high by accessing privileged access management solution secrets: According to reports, the hacker gained access to the SSO, consoles, and cloud management console, which Uber uses to store confidential customer and financial information.
5th. The attacker “downloaded some internal Slack communications. As well as accessing or downloaded information from an internal application our finance team uses to track some bills,” according to Uber, which is still looking into the matter.
Zero-trust strategy
Proactive security demands defence-in-depth, or a combination of complementary security layers that are in support of a zero-trust strategy. The absence of embedded credentials in the first place may be of importance in this situation.
In order to effectively manage these accounts, the Soffid product has the necessary logic to Identify accounts. Classify them according to the level of risk and its scheme of use, distribution and assignment to responsible users, automatic and planned password change process, passwords delivery process to authorized users and automatic injection of passwords, when this injection applies and makes sense.
Shall we talk?
Sources: Technative.io
