Yesterday, the UK, France and allied countries signed a declaration calling for international guidelines for the responsible use of spyware in an effort to combat the use of commercial spyware in ways that violate human rights.
Participants at the UK-France Cyber Proliferation conference in London included Belgium, the Czech Republic, France, Greece, Italy, Poland, the US, the UK and the African Union and technology companies such as Apple, Google, Meta and Microsoft.
The spyware initiative, the “Pall Mall Process,” will tackle the proliferation and irresponsible use of commercially available cyber tools, establishing guidelines for developing, selling, facilitating, purchasing, and using these types of tools and services and create a framework for transparent and accountable use.
“The scope [of our efforts] must be broad, not just looking at spyware, but also considering the ‘hackers for hire’ phenomenon, the exploit marketplace, alongside the broader range of ‘off the shelf’ intrusion capabilities, including tools for disruptive and destructive effect,” The UK Deputy Prime Minister Oliver Dowden announced noted.
Ted Miracco, CEO, Approov Mobile Security said this:
“The market for commercial spyware tools and digital espionage is murky at best. These vendors cater in virtual arms that are sold to any repressive power willing to pay for them, and then cast themselves as shepherds of justice. We will see if the ‘Pall Mall Process’ reins in any bad behavior or it is just a facade for corralling the unbridled market for powerful spyware. The stakes are the very essence of privacy itself.”
Commercial spyware is something that absolutely needs to be curtailed, if not entirely outlawed. Thus I for one am in favour of any effort that achieves that.
Ransomware Victim Numbers Rose By 50% In 2023: Palo Alto
Posted in Commentary with tags Palo Alto on February 8, 2024 by itnerdResearchers at Palo Alto Networks have have revealed a significant surge in ransomware victims in 2023, with almost 4,000 companies listed on ransomware leak sites, marking a 50% increase from the previous year. The study also indicates that ransomware groups were attacking nearly 80 organizations weekly, a figure likely higher due to unreported incidents.
The study found 25 new leak sites emerged in 2023, accounting for a quarter of the total postings. Some of these sites were by existing groups and some by new groups that appeared last year for the first time.
Manufacturing remained the primary sector targeted by ransomware, followed by professional services, high-tech, wholesale/retail, construction, healthcare, finance, and education.
Almost half of the victims were based in the US, with 6.5% in the UK, 4.6% in Canada, 4% Germany, and 3.4% in France. “The US presents a very attractive target, especially when examining the Forbes Global 2000… In 2023, the US accounted for 610 of these organizations, consisting of almost 31% of the Forbes Global 2000, indicating a high concentration of wealthy targets.”
Emily Phelps, Director, Cyware had this comment:
“Ransomware continues to be a pervasive threat because of its low barrier to entry. Ransomware-as-a-Service platforms have made it easier for less technical cybercriminals to launch these lucrative attacks, contributing to the rise in incidents. Adopting more proactive strategies to combat ransomware attacks starts with threat intelligence and intelligence operationalization. Organizations need timely, relevant intelligence and the right technology to automatically route it to the right team members who can use those insights to take meaningful actions. “
HYAS CEO David Ratner follows with this:
“The ransomware report clearly demonstrates the criticality of not just utilizing proactive threat intelligence as part of one’s defenses but ensuring that cyber resiliency solutions are deployed as part of a security-in-depth strategy. This needs to be a top priority not just for organizations themselves but for MSSPs, MSPs, and anyone providing true protection today.”
I’ve been saying this a lot lately, but I’ll say it again. Ransomware is at crisis levels. Everyone needs to pitch in to stop it from getting out of hand. And unfortunately, based on this report it seems that we might be close to having ransomware reach a point where it simply cannot be stopped.
Leave a comment »