Archive for June 14, 2022

University of Pisa Pwned By Ransomware

Posted in Commentary with tags , on June 14, 2022 by itnerd

The University of Pisa in Italy is currently being held to ransom for $4.5 million, according to cybersecurity360 (Translation here). The BlackCat ransomware group has claimed responsibility for the cyberattack, issuing a ransom note stating that the University has until June 16th to pay the ransom. Though I will note that the report indicates that some of the data is already online. Which of course is bad.

Chris Olson who is the CEO of The Media Trust, had this comment:

“The University of Pisa attack follows a trend of ransomware actors targeting universities and schools, possibly because they assume these institutions are well-funded and eager to resume operations. Unfortunately, BlackCat is a sophisticated ransomware strain that is capable of targeting organizations through multiple entry points – it also uses a modern programming language (Rust) to evade detection, making it hard for cyber defenders to fight back.”

“Together with the attack on Palermo, this incident is a reminder that cyber actors are shifting to more valuable targets and using advanced methods to infiltrate them. As cyber threats encroach on critical infrastructure and vulnerable institutions, it’s more important than ever for today’s businesses to understand how ransomware actors compromise their systems, from reconnaissance to execution. This includes digital attack surfaces like Web and mobile devices, where many ransomware incidents begin.”

The Palermo attack that Chris is referring to is on the Italian municipality of Palermo where the ransomware group Vice Society has claimed responsibility for that attack. Thus it makes understanding and addressing weak points in your IT security along with having prevention methods in place along with training of staff the best defence in terms of getting pwned.

NordVPN And SurfShark To India: We’re Outta Here!

Posted in Commentary with tags on June 14, 2022 by itnerd

Frequent readers will recall that India brought in strict new laws that require VPN operators to retain data on who uses their services, or else, and VPN companies considering their options including leaving the company. Which is the route that ExpressVPN took. And now it seems others are joining them in exiting the country. Starting with NordVPN:

“Moreover, we are committed to protecting the privacy of our customers. Therefore, we are no longer able to keep servers in India,” Laura Tyrylyte, head of public relations at NordVPN, told TechCrunch.

“Our Indian servers will remain until 26 June 2022. In order to ensure that our users are aware of this decision, we will send notifications with the full information via the NordVPN app starting 20 June. As digital privacy and security advocates, we are concerned about the possible effect this regulation may have on people’s data. From what it seems, the amount of stored private information will be drastically increased throughout hundreds or maybe thousands of different companies. It is hard to imagine that all, especially small and medium enterprises, will have the proper means to ensure the security of such data,” she added.

Joining them in heading to the exits is SurfShark:

Surfshark’s physical servers in India will be shut down before the new law comes into power. Up until then, users will be able to connect to servers in India as usual. After the new regulations come into effect, we’ll introduce our virtual Indian servers – which will be physically located in Singapore and London. Users will be able to find them in our regular list of servers. 

Virtual servers are functionally identical to physical ones – the main difference is that they’re not located in the stated country. They still provide the same functionality – in this case, getting an Indian IP. 

Users in India who don’t use Indian servers will not notice any differences – they will still be able to connect to whichever server outside the country they please. Meanwhile, Surfshark will continue to closely monitor the government’s attempts to limit internet freedom and encourage discussions intended to persuade the government to hear the arguments of the tech industry. 

This isn’t really going well for India as I think they expected VPN companies to roll over and comply. But that’s not happening. And the fact that some VPN companies are pulling their servers from the company, it will encourage other VPN companies to do the same. That makes India look rather lame. And it may make them rethink this rather than lose face. Though I can see a scenario where India barrels ahead to make a point. We’ll have to see which direction that they decide to go in.

Cisco Launches AppDynamics Cloud

Posted in Commentary with tags on June 14, 2022 by itnerd

Today, Cisco announced the launch of AppDynamics Cloud at Cisco Live, the premiere networking and security event. AppDynamics Cloud enables delivery of exceptional digital experiences by correlating telemetry data from across any cloud environment at massive scale. It leverages cloud-native observability to remediate application performance issues with business context and insights-driven actions.

AppDynamics Cloud maximizes business outcomes and customer experiences by continuously optimizing cloud-native applications. It accelerates detection and resolution of performance issues, before they impact the business or the brand, with intelligent operations. Investment protection is derived from continuous data integrations with OpenTelemetry ™ standards and technology partnerships with cloud solutions and providers.

The platform enables collaboration across teams including DevOps, site reliability engineers (SREs), and other key business stakeholders to achieve common benchmarks like service-level objectives (SLOs) and organizational KPIs. While many organizations still run their mission-critical and revenue-generating systems with traditional applications, modern business apps are increasingly built using DevOps initiatives and must support distributed architectures and services. This pandemic-accelerated trend has spawned an end-to-end experience revolution among consumers and end users, and hybrid work is contributing exponential momentum.

To deliver the consistent, reliable digital experiences that consumers and end users now demand, IT teams must monitor and manage a dynamic set of application dependencies across a mix of infrastructure, microservices, containers, and APIs using home-grown IT stacks, multiple clouds, SaaS services, and security solutions. Traditional monitoring approaches break down in this vastly complex and dynamic ecosystem.

AppDynamics Cloud seamlessly ingests the deluge of metrics, events, logs, and traces (MELT) generated in this environment—including network, databases, storage, containers, security, and cloud services—to make sense of the current state of the entire IT stack all the way to the end user. Actions can then be taken to optimize costs, maximize transaction revenue, and secure user and organizational data.

Current AppDynamics customers can upgrade to AppDynamics Cloud and leverage their existing application performance monitoring (APM) agents, or feed both solutions concurrently. AppDynamics Cloud supports cloud-native, managed Kubernetes environments on Amazon Web Services (AWS), with future expansion to Microsoft Azure, Google Cloud Platform, and other cloud providers.

Guest Post: Over 70% Of Organizations Suffered Two Or More Ransomware Attacks In The Past 12 Months Says Atlas VPN

Posted in Commentary with tags on June 14, 2022 by itnerd

Ransomware has become a popular means for cybercriminals to cash in on their activities. They use ransomware to encrypt companies’ essential data and ask to pay a ransom in return. If companies have not backed up their information, they must dig into their pockets to get it back.

According to the data presented by the Atlas VPN team based on a Veeam 2022 Ransomware Trends Report, 73% of organizations suffered two or more ransomware attacks in the past 12 months. The majority — 44% of ransomware infections entered through phishing emails, links, and websites. 

In total, 35% of organizations experienced two ransomware attacks, nearly a quarter (24%) endured three, close to a fifth (9%) of companies had four, and 4% went through five. Meanwhile, 1% of organizations suffered six or more ransomware attacks in the past 12 months. The remaining 27% of organizations faced only one ransomware attack.

Paying the ransom does not guarantee data recovery

Ransomware will continue to be used in cyberattacks as long as businesses are willing to pay up, and they still are. 

A whopping 76% of organizations affected by ransomware in the past twelve months went through with the ransom payment. However, nearly one in four (24%) companies still could not recover their data afterward.  

On the positive side, nearly a fifth (19%) of companies that got their IT systems infected with ransomware in the past twelve months were able to recover their data without paying the ransom. Meanwhile, 5% were not asked to pay in the first place.

To read the full article, head over to:

https://atlasvpn.com/blog/over-70-of-organizations-suffered-two-or-more-ransomware-attacks-in-the-past-12-months

In Depth: RiskAware

Posted in Commentary with tags on June 14, 2022 by itnerd

Cybersecurity is a challenge these days. There’s not enough talent to go around for starters. Plus if you’re a company who wants to focus on your cybersecurity game, you might not see yourself as big enough to have resources such as a full time cybersecurity team, or having a CISO (chief information security officer) on your staff. Doing nothing to address that is a non-starter, which means that you have to have a partner that you can trust.

This is where RiskAware comes in. What’s unique about RiskAware is that they focus on people and processes. They among other things, can help you to provide that “virtual” CISO role so that enterprises have the leadership it needs to avoid being the next band news headline. It also provides training services so that the staff aren’t the gateway to a bad news day. Not to mention supplying the people to help to fight off cyber threats as those people are hard to come by these days due to “the great resignation” among other factors.

I spoke to Michael Castro yesterday about RiskAware, and three things that stood out to me after our discussion:

  • First is that the people who work at RiskAware have been in the trenches for a very long time. Thus when a company engages RiskAware, they are getting people who know what needs to be done because they’ve been there, done that, and got the t-shirt.
  • The reach of RiskAware is extensive. Not only do they have a pair of offices in Canada, they have another pair of offices in the US, along with another pair in the Caribbean. That reach is important because everyone likes to deal with someone locally. Plus it insulates RiskAware from initiatives that force companies to buy locally.
  • Cost is the last thing that stood out to me. RiskAware puts itself in a place where its services are attainable by most businesses. Which is important because the more businesses have access to a company like RiskAware, the less likely that something bad will happen to them.

Based on my research, RiskAware seems to be in a unique place when it comes to cybersecurity vendors and service providers as they have a number of services under their umbrella that allows them to take unique approaches to keeping a company from being hit by a cyberattack. And the fact that they’re Canadian is a big plus. I’m going to be keeping an eye on this company as they can help businesses of all sizes make sure that their cybersecurity game is on point.