Archive for November 17, 2021

Cohere & Google Cloud Announce Multi-Year Technology Partnership 

Posted in Commentary with tags on November 17, 2021 by itnerd

Cohere, a provider of cutting-edge natural language processing (NLP) services, and Google Cloud today announced a multi-year partnership in which Google Cloud’s advanced artificial intelligence (AI) and machine learning (ML) infrastructure will power Cohere’s platform. Many of Cohere’s products will be developed and deployed on Cloud TPUs, Google’s supercomputers that are optimized for large-scale ML, enabling Cohere to broaden access to advanced large language models (LLMs) and NLP to more small businesses and large enterprises alike.

Today, organizations in every industry generate massive quantities of unstructured, text-heavy data such as web pages, business documents, invoices, and customer support records. NLP technologies—from data analysis and semantic search, to voice assistants and chatbots—have the power to unlock the value of that data and translate it into rich customer insights and experiences. Yet, until now, access to these technologies has been limited to enterprises with extensive financial resources, AI research teams, and advanced engineering capabilities. 

To address these challenges, Cohere—using Google Cloud’s technology—allows companies of all sizes to build products and services upon Cohere’s NLP models capable of understanding, processing, and generating language, similar to how humans communicate naturally. Additionally, with just a few lines of code, customers can fine-tune Cohere’s models with proprietary datasets and integrate them into their products through an API. Developers can now focus on building products and applications that can classify, summarize, and generate text.

For more information about Cohere’s NLP platform, visit cohere.ai

Retailer’s Need to Up Their Data Security Game This Year on Black Friday & Cyber Monday

Posted in Commentary with tags on November 17, 2021 by itnerd

Black Friday and Cyber Monday mark two of the most important events for retailers in the United States, if not the world. In fact, November and December have historically accounted for nearly a third of the retail industry’s annual sales. However with cybercrime, particularly ransomware, growing in 2021 by as much as 900% IT professionals in the retail industry have no choice but to up their game. 

Of course, the retail industry has been chief among those to feel the ransomware pain. According to Sophos’s State of Ransomware in Retail 2021 Report, approximately 44% of retail organizations were hit by a ransomware attack in 2020, and more than half of those affected (54%) said cyber criminals had succeeded in encrypting their data. The research also indicated that 32% of retail organizations whose data was encrypted paid the ransom to get their data back. The average ransom payment was US$147,811 – lower than the global average of US$170,404.

I got some commentary from Surya Varanasi, CTO, StorCentric and JG Heithcock, General Manager (GM), Retrospect, a StorCentric Company on this topic. First up is Surya Varanasi:

Surya Varanasi, CTO, StorCentric:

“According to Salesforce, the 2020 holiday season broke records and online sales in 2021 are expected to continue to surge. Salesforce predicts ‘online sales will continue to grow, up to 10% in the U.S. and 7% around the globe. Put another way, between November and December, online shoppers will spend $259B in the U.S. and $1.2T globally. And thanks to better omni-channel experiences, you can expect shoppers to keep clicking ‘add to cart’ even past the shipping cutoff.’ While there is always a chance that ransomware will hit a smaller retail organization, the greatest likelihood is that it will target large organizations with operations, revenue and PII to protect, as well as the deepest pockets to pay. 

Our advice to these retail IT executives is to put aside traditional strategies and instead take their data protection and security to the next level — from basic to unbreakable. An Unbreakable Backup solution overcomes today’s most common cybercriminal strategy, which is to attack the backup first, and then come after the production data and operations. In this way, the retail IT executive loses their backup plan— excuse the pun — and is at the mercy of the ransomware demands. Instead, Unbreakable Backup creates an immutable copy of the data which cannot be deleted, corrupted or changed in any way. And it can do so for copies kept onsite, remotely and in the cloud. Then, it takes the admin keys and stores them in another location entirely — hidden from cybercriminals or even an insider threat. Once done, retail IT executives can rededicate their time to activities that ensure the optimum customer experience and premium sales, as well as safe, efficient and cost-effective back office operations.”  

JG Heithcock, General Manager (GM), Retrospect, a StorCentric Company: 

“Today’s mid-to-enterprise class retail organizations manage complex IT operations that depend upon numerous technologies, distributed across the HQ datacenter and each remote location, to provide customer-facing and back-office functionalities. This creates a vast attack surface for the would-be cybercriminal that only needs to be right one time to get in, versus the datacenter management team that must be right every time, every day, in every way. Today, it is not a matter of ‘if’ ransomware will get in, rather a question of ‘when?’

Consequently, while prevention and detection are critical, today’s top priority must be the recovery piece. Retail IT executives should choose a data backup solution that provides broad heterogeneous platform and app support. It should ensure automated backup protection across the entire IT environment from the central datacenter to remote offices to the edge and into the cloud. This feature is particularly important to retail organizations with numerous remote stores, which oftentimes do not have onsite IT expertise to ensure data and operations security and protection. Next, the backup solution must auto-verify the backup process. It should check each file in its entirety to make sure files match across all environments, which consequently ensures the ability to recover in the event of an outage, disaster or cyber-attack. And this one’s a deal-breaker — at least one backup must be immutable, unable to be deleted, corrupted or changed in any way, even if the ransomware has already infiltrated your organization, and integrated itself into the backup process.”

You should never, ever pay to get your data back from a ransomware gang. So hopefully a good backup strategy is part of an organizations defence against ransomware.

“Small lapses” Lead To Ransomware Attacks Says House Oversight & Reform Committee

Posted in Commentary with tags on November 17, 2021 by itnerd

The House Oversight and Reform Committee yesterday released a staff memo on investigations into ransomware attacks including the Colonial Pipeline attack and JBS meat producer. The memo, a result of a committee panel investigation, conclude that “small lapses” contributed to successful ransomware attacks, including lacking point of contacts with the federal government and pressures to pay attackers to restore systems.

Saumitra Das, CTO and Cofounder of Blue Hexagon had this to say:

Many security attacks happen because of small lapses. However, requiring organizations to contact the federal government for response and not having an in-house IR is not going to scale. Ransomware attacks are no longer low and slow but more smash and grab. They happen quickly on a long weekend or before an important deadline. What is needed is not to focus only on hygiene and hardening, which everyone keeps talking about but never gets done. Small lapses will happen.”

Organizations must invest in detection and response with AI to find these attacks in the earlier stages. You want to kill an infection before it gets too deep into your network.

Organizations need to be vigilant to make sure that they aren’t the next victim, and have a plan to deal with an attack should the worst happen.

UPDATE: Eddy Bobritsky, CEO of Minerva Labs also provided this commentary:

Small lapses will always happen when people are involved. New methods of attacks will be built, and new breaches will be found. The threat actors are always few steps ahead.  After all these recent cases, there is no doubt the business and federal community should adopt a preemptive approach when fighting ransomware attacks. Prevention tools should be deployed at every organization, from enterprise to small business.  

The understanding that evasive techniques can’t be detected until damage already begins should be clear, and the chasing attacks should stop. These types of attacks should and can be prevented before they occur.

Guest Post: Social Media Attacks Increased By 83% Year-To-Date Says Atlas VPN

Posted in Commentary with tags on November 17, 2021 by itnerd

Now more than ever, threat actors rely on several attack channels to steal from customers and harm businesses.

According to the data presented by the Atlas VPN team, social media attacks rose by 83% from the start of the year until September. In addition, fraud-related social media threats accounted for most of the attacks encountered in Q3 2021. 

In January 2021, the average target organization suffered nearly 34 attacks carried out through social media. In February, social media threats jumped up by 25% to 42 attacks per single enterprise.

In the second quarter of 2021, the average of attacks carried out through social media increased significantly. They grew from nearly 41 in April to about 49 threats in May and June per organization, a 20% increase.

In July, social media threats rose to 58 per enterprise. While the attack average fell slightly in August to 57, it reached its peak in September, with 61 threats being carried out through social media.

Most attacked industries

Some of the industries are particularly vulnerable to social media attacks.

Payment services companies experienced nearly 63% of all attacks carried out through social media. Industries that operate financial transactions are often targets for cybercriminals.

Broadcast media encountered 9% of the total attacks committed through social media in the third quarter of 2021. The reason behind threats is that online platforms are where media companies communicate with their audience the most.

Dating services were the target of about 5% of attacks carried out through social media. Threat actors have been exploiting single people in dating apps or websites for a long time.

The e-commerce industry experienced nearly 4% of the attacks done through social media. However, the percentage might increase significantly in Q4 as Black Friday and Christmas sales are incoming.

To read the full article, head over to: https://atlasvpn.com/blog/social-media-attacks-increased-by-83-year-to-date