The IT Nerd

Today Atlas VPN is covering the recently published FISMA report by the United States Office of Management and Budget (OMB) for the fiscal year 2022.

The FISMA report published by the OMB provides information about the overall state of government information security, including challenges, progress, and incidents.

In the fiscal year 2022, agencies saw fewer cyber incidents overall, which decreased by around 6%. 

There were 30,659 cyber incidents in FY 2022, according to the OMB’s annual FISMA report to Congress, down from 32,509 in 2021.

The Federal Information Security Modernization Act (FISMA) requires Federal agencies to develop, document, and implement agency-wide information security programs to protect sensitive government information and operations.

Agency officials, like chief information officers and inspector generals, conduct annual reviews of an agency’s information security program and submit those to the OMB. 

The OMB gathers all those annual reviews and summarizes them in the FISMA report, which is then submitted to Congress. 

These reports are publicly available on the Whitehouse.gov website.

Improper usage incidents were the most commonly reported by Federal agencies in FY 2022, with 10,467 total cases, a slight uptick from 10,123 in 2021.

Improper usage incidents result from violating the organization’s acceptable usage policies, like using work computers for personal matters. 

In addition, agencies said email or phishing attacks increased slightly to more than 3,010 last year from 2,962 in 2021.  

The most significant growth in incidents was seen in the loss or theft of equipment category. 

Around one thousand computing or media devices were lost or stolen in 2021, while in 2022, the number climbed to 1,786 incidents. 

The most common attack vector remains in the “unknown” category.

Major incidents on the decline

According to OMB, 93% of the incidents in 2022 were classified as “baseline” or “unsubstantiated or inconsequential event[s].”

Four of almost 31 thousand incidents reported by agencies in FY 2022 were classified as major. 

Government bodies affected by the incidents included the Department of Education, the Department of Treasury, and the Department of Agriculture. 

One incident remains classified.

In contrast, agencies encountered seven major incidents in FY 2021. 

Overall, the incidents’ number and severity remain relatively similar in FY 2022 and 2021. 

To read the full article, head over to: https://atlasvpn.com/blog/federal-agencies-reported-over-30-thousand-cyber-incidents-in-fy22

Data breaches can seriously threaten businesses, resulting in significant financial losses, legal ramifications, and reputational damage.

According to the data presented by the Atlas VPN team, 42% of IT leaders have been told to keep a data breach confidential. Furthermore, more than half of businesses admitted to experiencing a data breach in the last 12 months.

Nearly 30% of IT professionals had kept data breach a secret when they knew it should be reported. While these people should know better, they decided to side with the hackers and keep their crimes silent. In addition, customers whose information was stolen are also unaware that their data are in criminals’ hands.

When looking at the results by country, US businesses were the least responsible when dealing with data breaches. Over 70% of IT leaders were told to keep a data breach confidential, while 55% kept data theft a secret when they knew it should be reported.

Companies in Germany were the most responsible when dealing with data breaches. Of the IT leaders surveyed, 35% were advised to maintain confidentiality regarding a data breach, but only 15% kept it quiet. Furthermore, 54% neither were told nor kept a breach confidential.

​​Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on data breach management:

“In an age where data breaches have become a grim reality, such practice undermines the fundamental principles of transparency, accountability, and proactive risk mitigation. Organizations must recognize that concealing data breaches erodes customers’ trust and hinders the collective effort required to combat cyber threats.”

US businesses in trouble

To stay ahead in the face of technological advancements, businesses must recognize the gravity of the situation and adjust their security measures accordingly.

Overall 52% of companies have experienced a data breach in the last 12 months. However, when we take a closer look at country statistics, one of them stands out among the others.

About 3 out of 4 IT leaders in the US admitted that their company suffered a data breach in the last 12 months. This statistic seems even worse when combined with the fact that 55% of professionals stayed silent about data breaches. In the US, if the data breach affects more than 500 people, it is legally required to report it in 10 business days.

Meanwhile, 51% of businesses in the UK experienced a data breach in the last year. IT leaders working in Germany and Italy disclosed that nearly 50% of their businesses suffered a data incident. Data breaches also affected 44% of companies in Spain, while French businesses were the least likely to suffer such incidents, with only 42% experiencing data thefts.

To read the second part and the full article, head over to: https://atlasvpn.com/blog/42-of-it-leaders-told-to-keep-data-breaches-confidential

Technology should make our lives easier and our work more efficient. But that is not the case when we have to deal with outdated tech.  

According to data presented by the Atlas VPN team, based on the Skynova survey, Millennials are losing an average of 19.3 minutes per day due to outdated workplace technology, which adds up to a staggering 84 hours annually or 10.5 days of working time per year.

Gen Xers and Gen Z workers are also affected, wasting approximately 18.8 minutes (close to 82 hours yearly) and 18.2 minutes (79 hours yearly), respectively.

When looking at the numbers by industry, the financial sector reports losing the most time to outdated workplace technology, with an average of 23.7 minutes daily or approximately 103 hours per year. Interestingly, the financial industry also has the newest technology among sectors, with an average age of 3.7 years. 

Outdated technology is also a significant issue in the healthcare industry, consuming an average of 23 minutes daily (or close to 100 hours yearly) of workers’ time.

In the meantime, workers in both the government and retail sectors waste an average of 19.4 minutes of their daily work time dealing with outdated technology, which amounts to 84 hours per year. 

The cost of outdated technology

Although cost reduction is a priority for many business owners, they often fail to consider the long-term implications of outdated technology. Using old tech introduces inefficiencies and vulnerabilities that can lead to increased costs over time. 

Outdated technology and software can make an organization more vulnerable to exploitation, both from internal and external sources. When an organization fails to keep its operating systems and software up to date, it increases the risk of cyber attacks exploiting known vulnerabilities in those systems, which can lead to data breaches or theft of valuable company information.

Although newer technology may come with a higher price tag, failing to upgrade means that the costs of using outdated tech will only continue to rise. In the end, investing in new technology can ultimately result in long-term savings and increased efficiency and security for businesses.

To read the full article, head over to: https://atlasvpn.com/blog/millennials-lose-over-80-hours-yearly-to-outdated-workplace-tech

In today’s digital age, social media has become a powerful tool for communication, activism, and information dissemination.

According to the data presented by the Atlas VPN team, Twitter and Facebook, two highly influential social media platforms, have been targeted by governments worldwide for their role in facilitating communication and mobilization. Protests and active conflicts were the primary triggers of the internet shutdowns.

Governments restricted access to Twitter 13 times in 2022. As of February 2022, Twitter has been inaccessible in China, Iran, Myanmar, North Korea, Russia, Turkmenistan, and Uzbekistan due to government restrictions.

Last year, Facebook’s access was also limited by governments on 13 occasions. Besides the usual suspects who blocked Twitter, Uganda’s president banned Facebook in January 2021.

Governments enforced limitations on Instagram’s and WhatsApp’s accessibility, blocking each social media app 10 times. VPN usage in Russia skyrocketed by 10,000% following the Instagram ban in March.

Google Services were blocked 9 times by governments last year. Furthermore, governments imposed restrictions on Telegram 8 times. Signal experienced governmental restrictions on access 5 times, while TikTok faced 4 instances of such limitations.

​​Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on government censorship on the internet:

“Government internet shutdowns and social media blocks during protests or conflicts are short-term solutions that stifle freedom of expression and access to information. Governments should explore proportionate measures that respect human rights and uphold communication principles.”

Internet shutdown triggers

Internet shutdowns have become a control tool for some governments by limiting access to information and communication during critical moments.

The primary leading cause for internet shutdowns was protests, leading to 62 cutoffs from the web. After demonstrations in Jordan, India, Iran, and other countries, their governments restricted internet access to prevent the further spread of information.

Active conflicts were the reason for 33 internet shutdowns in 2022. Russia’s war on Ukraine caused a few of these cutoffs, and so did the conflict in Yemen.

Governments shut down the internet 8 times to prevent cheating in exams. In addition, 5 cutoffs from the internet were tied to elections.

To read the second part and the full article, head over to: https://atlasvpn.com/blog/governments-blocked-twitter-and-facebook-the-most-in-2022

In the world of social media, there’s a new king in town. According to data presented by the Atlas VPN team, people are now spending more time on TikTok than any other social app. 

The average user spent an astonishing 23.5 hours (23 hours and 28 minutes) each month scrolling through TikTok throughout 2022 — 3 hours and 51 minutes more than the year before. The total time spent on TikTok amounts to nearly 282 hours per year. 

It is the first time TikTok has overtaken YouTube regarding time spent on social media. This surge in TikTok’s popularity is a testament to the app’s unique and engaging format, which has captured the attention of millions of users worldwide.

However, it is important to note that both video content platforms were previously reported to track user data the most out of social media apps.

These figures are derived from data provided by Meltwater and We Are Social. The data looks at social media monthly usage trends worldwide among Android users aged 16 to 64.  

Nevertheless, YouTube is still the second most popular platform in terms of hours watched. Throughout 2022 people spent approximately 23.1 hours (23 hours and 9 minutes) on YouTube per month. The time spent on the platform decreased by 32 minutes compared to the previous year.

Facebook occupies the third spot on the list. Internet users spent an average of 19.7 hours (19 hours and 43 minutes) monthly on the world’s most popular social media app — 8 minutes more than the year before. 

Next up is the instant messaging app WhatsApp, with 17.3 hours (17 hours and 20 minutes) spent on the app. The time spent on the app dropped by 1 hour and 15 minutes compared to before. 

Instagram rounds out the top five list, with social media users spending 12h hours per month on average on the app. Time dedicated to browsing Instagram increased by 46 min compared to 2021.

Other platforms that consumed a significant portion of social media users’ time include Line (10h 59 min), Twitter (5h 28 min), Telegram (3h 57 min), Snapchat (3h 10 min), and Facebook Messenger (3h 7 min).

Overall, people reported spending 38% of their time online on social media.

To read the full article, head over to: https://atlasvpn.com/blog/people-now-spend-more-time-on-tiktok-than-any-other-social-app

Due to its ease of access and efficacy, phishing remains one of the most common types of cybercrime. By purchasing pre-made phishing kits, fraudsters may easily start phishing operations with very little technical knowledge.

Data presented by Atlas VPN reveals that e-shop brands were the most often utilized lure by phishers in 2022. E-shop phishing scams accounted for 42% of financial phishing cases in 2022. 

Companies in the banking and payment system industries were also imitated, but they comprised only around 10% of all financial phishing occurrences each.

The data comes as a courtesy of Kaspersky and is extracted from the devices of Kaspersky security product users. Users voluntarily made the data available, and the data was anonymized. 

Globally, the popularity of online shopping is increasing, and as a result, more companies are being imitated by phishers.

Yet one brand is imitated much more often than any other. With approximately 60% of e-shop financial phishing threats in 2022, Apple continues to be the brand that fraudsters most frequently impersonate.

Another brand that is favored by cybercriminals is Amazon. Amazon, with 15%, stayed in second position as the most imitated brand in e-shop phishing sites and emails. Together with Apple, these two brands appear in around 75 out of 100 phishing attacks.

While Mercari, MercadoLibre, and eBay brands are also used in phishing scams, they only appear in around 6 out of 100 cases. 

Watch out for emails from PayPal

According to current data, while the vast majority of financial phishing scams imitate e-shop brands (42%), payment systems (10%) are also used as a lure by phishing artists.

In the world of electronic payment methods, PayPal has long been a favorite target for con artists. The vast majority (84.23%) of phishing URLs for electronic payment systems target PayPal.

As a result, the shares of other payment systems have fallen precipitously, with American Express falling to 2.02% in 2022, Visa decreasing to 3.10%, and MasterCard declining to 3.75%.

To read the full article, head over to: https://atlasvpn.com/blog/60-of-e-shop-phishing-scams-exploit-apples-brand-name

OpenAI, the developer of the popular generative AI chatbot, ChatGPT, has begun geoblocking access to its service in Italy. This decision comes after the local data protection authority ordered OpenAI to halt processing Italians’ data for the ChatGPT service.

As a result, there has been a significant surge in VPN downloads in Italy, with a staggering 400% increase in usage.

During March, Italians installed one of the top 10 VPN apps about 4213 times on average daily. However, on the day OpenAI announced its geoblock in Italy, VPN installs jumped by 121%, which is equal to 9302 downloads.

On April 1st, VPN downloads originating in Italy skyrocketed by 404%. The following day, the total number of VPN installs was 359% larger than the March average. Finally, on April 3rd, the downloads started to slow down but were still significantly higher at 270% above the pre-ban levels of ChatGPT services.

While users can use a VPN to bypass the block by switching to a non-Italian IP address, ChatGPT accounts initially registered in Italy may no longer be available. Consequently, users may need to create a new account using a non-Italian IP address to access ChatGPT.

​​Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on Apple overtaking Samsung as the most popular smartphone:

“The ChatGPT geoblock in Italy and the subsequent surge in VPN usage highlight that people will try to access the online services they need, despite internet restrictions. This is a powerful reminder of the importance of internet freedom and the role that tools like VPNs can play in ensuring access to information and communication.”

Looking for a VPN

Naturally, as Italians started looking for ways to bypass the restriction of ChatGPT services, VPNs became a more popular search.

Google Trends data indicates that the keyword “VPN” gained a lot of interest in Italy after the ChatGPT ban. Google Trends measures search interest on a scale of 0 to 100, with 100 representing peak popularity for a term.

Days before the geoblock of ChatGPT, Italians’ interest in VPNs was relatively low. At the end of March, interest hovered around 15 point mark. However, on April 1st, interest grew significantly from 14 to 100, which indicates a 600% increase. The interest in VPN remained high, without falling below 50, during the following days.

To read the second part and the full article, head over to: https://atlasvpn.com/blog/vpn-downloads-in-italy-skyrocket-by-400-after-chatgpt-block

In today’s world, smartphones have become essential to our daily lives. From checking emails to browsing social media, we rely on these devices for communication, entertainment, and information.

According to the data analyzed by the Atlas VPN team, Apple overtook Samsung as the most popular smartphone in the first months of 2023. It is a significant shift in the global smartphone market, as Samsung has been the dominant player for several years. However, is this change part of a bigger tendency or only a short-term trend?

Nearly through all of 2022, Samsung had the highest market share of all smartphones.

In October, Apple surpassed Samsung’s market share by 0.2%. Despite that, Samsung regained its position at the top the next month, claiming 28.33% of the market share. Apple’s market share in November and December stayed just slightly behind, with 27.48% and 26.98%, respectively.

At the start of 2023, two months in a row, iPhones are now the leading smartphone. In January, Apple made up 27.6%, while Samsung had 27.09% of the market share. Next month, Apple’s share dropped slightly to 27.1%, and so did Samsung’s to 26.75%.

Currently, the world has about 6.84 billion smartphone users, of which 1.85 billion are using iPhones and 1.82 billion have chosen a Samsung. However, it is essential to note that these numbers are just estimates, as some people might have multiple phones and use both Apple and Samsung devices.

Xiaomi phones comprised 12.29% of the market in February, while Oppo had a 6.86% share. Huawei’s smartphones have declined for the past 6 months and reached a market share of 4.84% last month.

​​Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on Apple overtaking Samsung as the most popular smartphone:

“While it is impossible to predict the future with certainty, Apple’s success will likely continue due to its strong brand image, customer loyalty, and effective marketing. While Samsung is undoubtedly a formidable rival, it will need to innovate and differentiate itself to catch up to Apple.”

To read the second part and the full article, head over to: https://atlasvpn.com/blog/apple-overtook-samsung-with-the-most-smartphone-users

Undoubtedly, we spend a significant portion of our day online. But just how much? 

According to data presented by the Atlas VPN team, the average time spent browsing the internet in 2022 was 397 minutes (6 hours and 37 minutes) per day. It equates to an astonishing 2,415 hours yearly, or nearly 30% of our time.

However, there is some good news as daily online time actually decreased by 4.8% or 20 minutes compared to 2021 as we gradually moved past the pandemic.

These figures are derived from data provided by Meltwater, and We Are Social. The data looks at internet usage trends worldwide among internet users aged 16 to 64.  

The time spent online varies significantly from country to country. South Africans are the most internet-addicted, with an average of 578 minutes (9 hours and 38 minutes) spent online each day, three hours more than the global average.

Brazilians are just a little behind, with 572 minutes (9 hours and 32 minutes) devoted to internet usage daily. The Philippines ranked third with an average of 554 minutes (9 hours and 14 minutes) spent online per day, followed by Argentinians and Colombians, both with 541 minutes (9 hours and 1 minute) of daily internet usage.

People in the United States also spend an above-average amount of time online, dedicating 419 minutes (6 hours and 59 minutes) daily to internet browsing — the same as people living in Singapore. Meanwhile, Canadians are slightly less generous with their time, spending an average of 395 minutes (6 hours and 35 minutes) online daily. 

In contrast, East Asian countries have one of the lowest average daily internet usage, with Chinese people spending 325 minutes (5 hours and 25 minutes) online, followed by South Korea at 321 minutes (5 hours and 21 minutes), and Japan with only 225 minutes (3 hours and 45 minutes) — the least out of all the countries in the study. The only exception is Taiwan, with an average daily internet usage time of 434 minutes (7 hours and 14 minutes).

Most European countries also spend significantly less time online than the global average. Austrians devote 322 minutes (5 hours and 22 minutes) daily to internet usage, while Germans spend 312 minutes (5 hours and 12 minutes). 

People in Denmark dedicate the least amount of time to being online out of all European countries in the study, with an average of 298 minutes (4 hours and 58 minutes) spent on the internet each day.

To read the full article, head over to: https://atlasvpn.com/blog/these-countries-spend-the-most-time-online

Data presented by Atlas VPN reveals that Russian hackers have been targeting Ukraine’s and its allied countries’ government and IT organizations with ever-increasing sophistication.

The Russian government is believed to be behind the attacks, as they appear to be well-funded and well-organized. The cyber attacks have been aimed at stealing sensitive information, disrupting systems, and causing chaos in the targeted countries.

According to the recently published Microsoft Threat Intelligence report, the government sector was by far the most targeted sector by Russian state-affiliated hackers between February 2022 and January 2023. 

The team at Microsoft discovered 46 organized cyber attacks on various government bodies.

Russian threat actors were also interested in IT & communications companies, launching 17 attacks within the last year. 

The energy sector was also among the industries most targeted, as they were subject to 16 cyber attacks. 

A suspected Russian threat actor named IRIDIUM initiated several phishing activities between January 12 and January 28 of 2023, to access accounts at Ukrainian businesses in the defense and energy sectors.

This aligns with the traditional targets of Russian cyberattacks in Ukraine since the energy sector provides a significant portion of Ukraine’s revenue, and the government and telecommunications industries are key components of national security.

Russian hackers have been using a variety of tactics to infiltrate government and IT organizations. One of the methods used is spear-phishing, which involves sending emails with malicious links or attachments that, when clicked, infect the targeted computer with malware. 

The attacks have become increasingly complex over time, with hackers using advanced techniques such as zero-day exploits, which are vulnerabilities in software that are not yet known to the software vendor.

One of the most concerning aspects of these attacks is the potential for damage to critical infrastructure. Russian hackers have already targeted the energy and transportation infrastructure in Ukraine. 

Attacks outside of Ukraine

The Ukrainian government and IT organizations are not the only targets of these attacks. Russia has also targeted companies in other countries, including NATO member states, to play havoc with their operations and gain access to classified information.  

Between February 23, 2022, and February 7, 2023, Microsoft observed Russian nation-state threat activity against organizations based in 74 countries, excluding Ukraine.

According to the amount of recorded threats, EU and NATO member countries—particularly those on the eastern flank—dominate the list of the top 10 most targeted states.

In the 74 countries they attacked, Russian threat actors were particularly interested in government and IT sector firms, much like in Ukraine.

Government and IT & communications sectors suffered from 100 and 51 cyber attacks, respectively. 

Hackers corrupt IT businesses to leverage trusted technical ties and gain access to those firms’ clients in government, policy, and other sensitive institutions.

Hackers paid a lot of attention to the activities of various non-profit organizations and tried to disrupt their efforts by launching 31 cyber threats within the past year. 

Sophisticated cyber attacks were launched on companies in the education and energy sectors, with 16 threats targeting each. 

To read the full article, head over to: https://atlasvpn.com/blog/russia-backed-hackers-target-government-and-it-organizations-in-ukraine