Archive for February 14, 2025

IT-ISAC offers 2025 predictions based on 2024 observations

Posted in Commentary with tags on February 14, 2025 by itnerd

According to a recent report, Exploring the Depths: Analysis of the 2024 Ransomware Landscape and Insights for 2025 published by the IT-ISAC, the organization tracked approximately 3,500 ransomware incidents in 2024, up from 3,000 in 2023, with the top three critical infrastructure sectors impacted being critical manufacturing (733 attacks/20%), commercial facilities (614 attacks/17%) , and healthcare (332/9%) in 2024.

“As cybercriminals continue to evolve their methods, it is crucial for organizations to adopt a proactive, multi-layered defense strategy to keep their systems secure.

“These groups are leveraging advanced tactics and exploiting unknown vulnerabilities to maximize their impact,” said Scott Algeier, Executive Director of the IT-ISAC.

Based on current data and new threat actor TTPs observed by researchers, the IT-ISAC expects several key developments in 2025:

1.    Continued Rise in Critical Sector Targeting

“As long as there is a high likelihood of the bad actors making money and a low likelihood of them getting caught, the attacks will certainly continue.”

2.    Increased Use of Zero-Day Exploits

3.    Continued Movement to Double Extortion and Data Theft

“Double extortion is particularly effective against industries handling sensitive data, such as Healthcare and Financial Services, where organizations face relentless pressure to maintain confidentiality and comply with HIPAA and GDPR regulations.” 

4.    AI-Powered Ransomware Evolution

“IT-ISAC warns of a recently identified FunkSec ransomware group that has built its ransomware using AI tools, which helps it evade security tools. The malware is capable of self-modifying its behavioral patterns and can change tactics in real-time by analyzing the target’s security posture. Despite only emerging at the end of 2024, 54 companies were attacked.”

5.    Increasing Geographic Spread

“Countries with expanding digital infrastructures could face an increase in threats as they adopt new technologies.”

6.    Continued Ransomware-as-a-Service (RaaS) Model Growth

“[…] particularly targeting organizations with less robust security measures, such as small and medium-sized.”

7.    Enhanced Data Exfiltration Techniques

8.    Supply Chain Attacks Become More Common

Jawahar Sivasankaran, President, Cyware:

  “As threats evolve and attackers grow more sophisticated, timely and actionable cyber threat intelligence plays an increasingly important role in protecting organizations against leaks.

  “Research shows that 72% of security professionals struggle with prioritizing vulnerabilities, delaying remediation efforts, and 17% of IT assets are invisible to vulnerability scans, leaving them exposed.

  “Although competing organizations may be reluctant to work with each other, when it comes to cybersecurity, we really are stronger together. Taking part in collective defense efforts – such as by joining sector-specific Information Sharing and Analysis Centers (ISACs) and operational collaboration frameworks that leverage public-private partnerships – grants organizations greater visibility into exploitable vulns and threats the business faces, allowing for more efficient and effective threat intelligence management and proactive response.”

CIO’s and others should read this report as it will help them to focus on what they need to do to secure their environments. And they should also consider playing nice with others so to speak as that will help us all to be safer.

Leave a comment »

Zachs Investment Research leaks 12 million unsalted passwords, user names & more 

Posted in Commentary with tags on February 14, 2025 by itnerd

Zacks Investment Research (Zacks), stock performance assessment tool provider, had a leaked database added to Have I Been Pwned on Wednesday of this week that included 12 million unique records. HIBP confirmed that the file included 12 million unique:

  • Email addresses
  • IP addresses
  • Names
  • Passwords in the form of unsalted SHA-256 hashes
  • Phone numbers
  • Physical addresses
  • Usernames

Scammers and other threat actors will have “fun” with all that data…. At your expense if you’re on this list.

Lawrence Pingree, VP, Dispersive had this to say:

   “When leaks occur, it allows investigators to determine more quickly where they need to look to investigate. E.g. They normally know at least in theory where the data came from. The important thing is to have zero trust connectivity between systems, isolating them from lateral movements from compromised systems, limiting the blast radius of the breach. In this case, it is most likely an application layer attack or SQL injection into the application that resulted in the database exposure, but I am speculating based on the scenario.”

Jawahar Sivasankaran, President, Cyware follows with this:

   “Research shows that 72% of security professionals struggle with prioritizing vulnerabilities, delaying remediation efforts, and 17% of IT assets are invisible to vulnerability scans, leaving them exposed.

   “When it comes to cybersecurity, competing financial services organizations are better protected and more resilient when they work together. Joining sector-specific Information Sharing and Analysis Centers (ISACs) such as the Financial Services ISAC ( FS-ISAC) and operational collaboration frameworks that leverage public-private partnerships – gives financial services organizations new visibility into exploited vulns, threats the sector faces, data protection best practices, issues on emerging risks such as generative AI, and more efficient and effective threat intelligence management and proactive response strategies.”

Hopefully the 12 million people on this list have credit monitoring services in place. Because they’re going to need it.

Leave a comment »

Guest Post: Microsoft, SUSE, & DH2i: A Comprehensive Dream Team for HA SQL Server in the Cloud

Posted in Commentary with tags on February 14, 2025 by itnerd

By Josh Achtemeier

Our collaborations with technology partners over the years have been critical in engineering the most flexible and impactful software solutions for our customers. 

DH2i has worked in different capacities with Microsoft for years. We’ve maintained a collaborative, mutually-beneficial relationship that has fostered some massive advances in SQL Server high availability technology, especially in the Linux space. E.g. DH2i’s groundbreaking SQL Server Operator for Kubernetes has become Microsoft’s officially recommended SQL Server Operator, even receiving dedicated documentation articles within their SQL Server resource library. 

Over the last couple years, we have started working closely with the fantastic team over at SUSE as well—pioneering some powerful new solutions to facilitate SQL Server modernization with unparalleled ease. E.g. Take a look at this demo video featuring DxOperator and Rancher Prime to facilitate the easiest possible approach to a SQL Server Kubernetes deployment in AKS.  

From robust, certified platforms to meticulously developed Kubernetes orchestration and security technologies, SUSE provides perfectly complementary capabilities to enhance our existing solution stories with Microsoft. The functional possibilities and applications of our combined solution portfolios are wide-ranging, but this blog will focus on the ability of our three companies to unlock easy deployment of highly available SQL Server in the cloud with Microsoft Azure, SUSE Linux Enterprise Server (SLES), and DxEnterprise. 

A Full Suite of Services and Security for Cloud Databases 

Microsoft Azure: Azure is Microsoft’s public cloud platform, which provides a wide range of services, including computing, storage, networking, and database management. Azure supports various operating systems, including SUSE Linux Enterprise Server (SLES). 

SUSE Linux Enterprise Server: SUSE is an open-source software company that offers a range of products, including the SLES operating system. SLES is a popular choice for enterprise environments due to its stability, security, and scalability. 

DxEnterprise: DxEnterprise is Smart High Availability Clustering software developed by DH2i, which provides an easy-to-mange, flexible, secure, and highly available clustering framework for managing SQL Server databases on Windows, Linux, and Kubernetes.  

When used together, Azure, SLES, and DxEnterprise can provide a robust solution for deploying and managing highly available databases in the cloud. Here’s how they work together: 

  1. Azure as the cloud platform: Azure provides the underlying infrastructure for deploying and running SLES virtual machines (VMs) or containers. 
  2. SUSE Linux Enterprise Server: SLES is installed on Azure VMs or used as a container runtime, providing a stable and secure operating system environment for running databases. 
  3. DxEnterprise: DxEnterprise is deployed on top of SLES, providing a high availability framework that can manage multiple database instances across the Azure (and any mix of) infrastructure. 

The benefits of using Azure, SUSE, and DxEnterprise together include: 

  1. Scalability: Azure provides a scalable cloud infrastructure that can be effortlessly integrated with the DxEnterprise HA management framework, regardless of region or Availability Zone. 
  2. High availability: DxEnterprise ensures high availability of databases by providing real-time monitoring, load balancing, and automatic failover (for instances AND containers) to ensure that workloads are always running in their respective best execution venues. 
  3. Security: SLES provides a secure operating system environment, while DxEnterprise offers the additional capability of encrypted, app-level zero trust network access connections across any mix of clouds and infrastructure. 
  4. Simplified management: DxEnterprise simplifies high availability management by providing a unified platform for managing multiple database instances across Azure and any mix of infrastructure or platforms. 

Use Cases for the Azure, SLES, & DxEnterprise Solution Stack 

Some possible use cases for using Azure, SUSE, and DxEnterprise together include: 

  1. Database consolidation: Consolidate multiple databases into a single DxEnterprise high availability cluster running on SLES in Azure.
  2. Easy Multi-Site DR in the Cloud: If organizations need the real-time replication provided by Always-On Availability Groups (AGs), DxEnterprise can be used to easily stretch the AG across multiple Azure regions or availability zones, ensuring high availability and disaster recovery capabilities between sites.
  3. Cloud migration: Migrate on-premises databases to Azure using DxEnterprise and SLES, taking advantage of proprietary tools like DxEnterprise’s SQL Server Operator for Kubernetes.

For organizations looking to deploy highly available SQL Server in the cloud, it’s impossible to outdo the benefits provided by Azure cloud infrastructure and its tight, out-of-the-box integration with SQL Server. Microsoft and SUSE’s longstanding partnership has culminated in an incredibly stable and secure operating system environment with SUSE Linux Enterprise Server. And SLES provides a cost-effective platform that is inherently optimized for SQL Server workloads. Lastly, DxEnterprise delivers the perfect high availability solution to manage all your workloads across Azure—instances or containers—and easily unifies mixed infrastructure and multi-site deployments for disaster recovery. 

Together, Azure, SLES, and DxEnterprise provide the go-to solution stack for deploying and managing SQL Server databases in the cloud. Their close integration and robust management capabilities stand head and shoulders above the competition in terms of scalability, high availability, and security.

Check out other resources detailing Microsoft, SUSE, and DH2i’s continued collaborations below:

Leave a comment »

CISA issues Medical Advisory on Qardio Heart Health app

Posted in Commentary with tags on February 14, 2025 by itnerd

The CISA has just issued an ICS Medical Advisory alert on the Qardio Heart Health app for vulnerabilities that may result in exposure of private personal information to a cyber attacker, and that successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information, cause a denial-of-service condition, or other implications. All of which are bad.

George McGregor, VP, Approov had this to say:

   “This recent vulnerability shows once more that mobile apps are the weakest link in the healthcare ecosystem and that it’s not just consumer access to PHI that is the issue.

   “Medical practitioner apps are increasingly used from personal devices, outside the security provided by campus networks. In addition, mobile apps have become a key means of access and control for every new medical device.

   “This is why the upcoming HIPAA Security Rule (https://www.regulations.gov/document/HHS-OCR-2024-0020-0001) must be updated to explicitly target known mobile app attack surfaces and eliminate the risks to US Healthcare posed by the proliferation of Healthcare apps.”

Given how much we all have become reliant on apps to manage our health in some way, this is not good news. But at least there is some good news coming in the form of the HIPAA rule that is inbound. Hopefully that will make something like this an edge case.

Leave a comment »

Guest Post: The Privacy Trade-Off: Balancing Security and Convenience in Smart Homes

Posted in Commentary on February 14, 2025 by itnerd

Provided by Geonode

Smart homes are all the rage. Thermostats, cameras, voice assistants—they promise ease and security. But there’s a catch: privacy and security risks. Let’s break it down.

Convenience at a Price

Imagine controlling your lights or thermostat with a tap on your phone or a voice command. Sounds great, right? Devices like Amazon Alexa and Google Home make life smoother and more efficient. But these gadgets need data to function, and that data includes your daily routines and private conversations.

The Hidden Cost of Data

All this convenience comes at a cost. Your smart devices collect heaps of data, often stored in the cloud. This means you’re losing control over who sees your info. Companies might share it with third parties, sell it to advertisers, or even hand it over to the government. Not so smart, huh?

Security Vulnerabilities

And let’s talk about hacking. Many smart home devices aren’t as secure as you’d think. Weak passwords, outdated software, and insecure APIs are open doors for hackers. Think your home security system is impenetrable? High-profile breaches in devices like Ring and Nest suggest otherwise.

Legal Landscape

Lawmakers are catching on. The American Data Privacy and Protection Act (ADPPA) aims to give you rights to your data. You can access, correct, and delete it. Companies must limit data collection to what’s “reasonably necessary.” Sounds good, but enforcing these rules is another ballgame.

How to Protect Yourself

So, what can you do? Be smart about your smart home.

  1. Strong Passwords: Use unique, strong passwords for each device.
  2. Update Regularly: Keep your device firmware up to date.
  3. Know Your Rights: Familiarize yourself with privacy laws like the ADPPA.

Real-World Incidents

Data misuse in smart homes is real. From unauthorized data collection to hacking, your private moments could end up exposed. High-profile cases have shown how easily these devices can be compromised, underscoring the need for robust security measures.

Industry Responsibility

Manufacturers also have a role to play. They need to implement strong security protocols and be transparent about data usage. Compliance with standards like the Matter interoperability and security standard can help build trust and protect user data.

Consumer Awareness

Consumers must stay informed. Understand what data your devices collect and take steps to safeguard it. Use strong passwords, update regularly, and know your rights.

Josh Gordon, a technology infrastructure expert at Geonode, emphasizes the importance of robust privacy measures: “The key to balancing convenience and security lies in understanding the data flows and ensuring that access is secure and controlled.” Gordon’s insights align with the industry’s growing emphasis on data privacy and secure access solutions, reinforcing the critical need for consumers to stay vigilant.

By staying vigilant and informed, you can enjoy the perks of a smart home without sacrificing your privacy.

Leave a comment »