Month: July 2022

Businesses are losing the battle when it comes to defending against ransomware attacks, according to the Veeam® 2022 Ransomware Trends Report, which found that 72% of organizations had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom. Veeam Software, the leading company in backup, recovery and data management solutions that deliver Modern Data Protection, found that 80% of successful attacks targeted known vulnerabilities – reinforcing the importance of patching and upgrading software. Almost all attackers attempted to destroy backup repositories to disable the victim’s ability to recover without paying the ransom. The Veeam 2022 Ransomware Trends Report reveals the results of an independent research firm that surveyed 1,000 IT leaders whose organizations had been successfully attacked by ransomware at least once during the past 12 months, making it one of the largest reports of its kind. The first of its kind study examines the key learnings from these incidents, their impact on IT environments and the steps taken to implement Modern Data Protection strategies that ensure business continuity moving forward. The research project specifically surveyed four IT persona (CISOs, Security Professionals, Backup Administrators and IT Operations) to understand cyber-preparedness alignment across organizations. “Ransomware has democratized data theft and requires a collaborative doubling down from organizations across every industry to maximize their ability to remediate and recover without paying the ransom,” said Danny Allan, CTO at Veeam, “Paying cybercriminals to restore data is not a data protection strategy. There is no guarantee of recovering data, the risks of reputational damage and loss of customer confidence are high, and most importantly, this feeds a self-fulfilling prophecy that rewards criminal activity.” Paying the ransom is not a recovery strategy Of the organizations surveyed, the majority (76%) of cyber-victims paid the ransom to end an attack and recover data. Unfortunately, while 52% paid the ransom and were able to recover data, 24% paid the ransom but were still not able to recover data – resulting in a one out of three chance that paying the ransom still leads to no data. It is notable that 19% of organizations did not pay the ransom because they were able to recover their own data. This is what the remaining 81% of cyber-victims must aspire to – recovering data without paying the ransom. “One of the hallmarks of a strong Modern Data Protection strategy is a commitment to a clear policy that the organization will never pay the ransom, but do everything in its power to prevent, remediate and recover from attacks,” added Allan, “Despite the pervasive and inevitable threat of ransomware, the narrative that businesses are helpless in the face of it is not an accurate one. Educate employees and ensure they practice impeccable digital hygiene; regularly conduct rigorous tests of your data protection solutions and protocols; and create detailed business continuity plans that prepare key stakeholders for worst-case scenarios.” Prevention requires diligence from both IT and users The ‘attack surface’ for criminals is diverse. Cyber-villains most often first gained access to production environments through errant users clicking malicious links, visiting unsecure websites or engaging with phishing emails – again exposing the avoidable nature of many incidents. After having successfully gained access to the environment, there was very little difference in the infection rates between data center servers, remote office platforms and cloud-hosted servers. In most cases, the intruders took advantage of known vulnerabilities, including common operating systems and hypervisors, as well as NAS platforms and database servers, leaving no stone unturned and exploiting any unpatched or outdated software that they can find. It is notable that significantly higher infection rates were reported by Security Professionals and Backup Administrators, compared with IT Operations or CISOs, implying that “those closer to the problem see even more of the issues.” Remediation starts with immutability Respondents to the survey confirmed that 94% of attackers attempted to destroy backup repositories and in 72% of cases this strategy was at least partially successful. This removal of an organization’s recovery lifeline is a popular attack strategy as it increases the likelihood that victims would have no other choice than to pay the ransom. The only way to protect against this scenario is to have at least one immutable or air-gapped tier within the data protection framework – which 95% of those we surveyed stated they now have. In fact, many organizations reported having some level of immutability or air-gap media in more than one tier of their disk, cloud and tape strategy. Other key findings from the Veeam 2022 Ransomware Trends Report include: Orchestration matters: To proactively ensure recoverability of their systems, one in six (16%) IT teams automate the validation and recoverability of their backups to ensure their servers are restorable. Then, during remediation of a ransomware attack, 46% of respondents use an isolated ‘sandbox’ or staging/ test area to ensure their restored data is clean prior to reintroducing the systems into production. Organization alignment must unify: 81% believe their organizations’ cyber and business continuity/disaster recovery strategies are aligned. However, 52% of respondents believe the interactions between these teams requires improvement. Diversifying the repositories holds the key: Nearly all (95%) organizations have at least one immutable or air-gapped data protection tier, 74% use cloud repositories that offer immutability; 67% use on-premises disk repositories with immutability or locking; and 22% use tape that is air-gapped. Immutable or not, organizations noted that in addition to disk repositories, 45% of production data is still stored on tape and 62% goes into a cloud at some point in their data lifecycle.  

A vulnerable spot in global commerce is the supply chain: It enables technology developers and vendors to create and deliver innovative products but can leave businesses, their finished wares, and ultimately their consumers open to cyberattacks. A new update to the National Institute of Standards and Technology’s (NIST’s) foundational cybersecurity supply chain risk management (C-SCRM) guidance aims to help organizations protect themselves as they acquire and use technology products and services. The revised publication, formally titled Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (NIST Special Publication 800-161 Revision 1), provides guidance on identifying, assessing and responding to cybersecurity risks throughout the supply chain at all levels of an organization. It forms part of NIST’s response to Executive Order 14028: Improving the Nation’s Cybersecurity, specifically Sections 4 (c) and (d), which concern enhancing the security of the software supply chain. Released today after a multiyear development process that included two draft versions, the publication now offers key practices for organizations to adopt as they develop their capability to manage cybersecurity risks within and across their supply chains. It encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its components – which may have been developed elsewhere – and the journey those components took to reach their destination. “Managing the cybersecurity of the supply chain is a need that is here to stay,” said NIST’s Jon Boyens, one of the Publication’s Authors, “If your agency or organization hasn’t started on it, this is a comprehensive tool that can take you from crawl to walk to run, and it can help you do so immediately.” Modern products and services depend on their supply chains, which connect a worldwide network of manufacturers, software developers and other service providers. Though they enable the global economy, supply chains also place companies and consumers at risk because of the many sources of components and software that often compose a finished product. A device may have been designed in one country and built in another using multiple components from various parts of the world that have themselves been assembled of parts from disparate manufacturers. Not only might the resulting product contain malicious software or be susceptible to cyberattack, but the vulnerability of the supply chain itself can affect a company’s bottom line. “A manufacturer might experience a supply disruption for critical manufacturing components due to a ransomware attack at one of its suppliers, or a retail chain might experience a data breach because the company that maintains its air conditioning systems has access to the store’s data sharing portal,” Boyens said. The primary audience for the revised publication is acquirers and end users of products, software and services. The guidance helps organizations build cybersecurity supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks. Because cybersecurity risks can arise at any point in the life cycle or any link in the supply chain, the guidance now considers potential vulnerabilities such as the sources of code within a product, for example, or retailers that carry it. “If your agency or organization hasn’t started on (C-SCRM), this is a comprehensive tool that can take you from crawl to walk to run, and it can help you do so immediately,” said NIST’s Jon Boyens “It has to do with trust and confidence,” said NIST’s Angela Smith, an Information Security Specialist and one of the Publication’s Authors, “Organizations need to have greater assurance that what they are purchasing and using is trustworthy. This new guidance can help you understand what risks to look for and what actions to consider taking in response.” Before providing specific guidance – called cybersecurity controls – the publication offers help to the varied groups in its intended audience, which ranges from cybersecurity specialists and risk managers to systems engineers and procurement officials. Each group is offered a ‘user profile’ in Section 1.4, which advises what parts of the publication are most relevant to the group. The publication’s Sections 1.6 and 1.7 specify how it integrates guidance promoted within other NIST publications and tailors that guidance for C-SCRM. These other publications include NIST’s Cybersecurity Framework and Risk Management Framework, as well as Security and Privacy Controls for Information Systems and Organizations, or SP 800-53 Rev. 5, its flagship catalog of information system safeguards. Organizations that are already using SP 800-53 Rev. 5’s safeguards may find useful perspective in Appendix B, which details how SP 800-161 Rev. 1’s cybersecurity controls map onto them. Organizations seeking to implement C-SCRM in accordance with Executive Order 14028 should visit NIST’s dedicated web-based portal, as Appendix F now indicates. This information has been moved online, in part to reflect evolving guidance without directly affecting the published version of SP 800-161 Rev. 1. In part because of the complexity of the subject, the authors are planning a quick-start guide to help readers who may be just beginning their organization’s C-SCRM effort. Boyens said they also plan to offer the main publication as a user-friendly webpage. “We plan to augment the document’s current PDF format with a clickable web version,” he said, “Depending on what group of users you fall into, it will allow you to click on a link and find the sections you need.”  

Global security company, Gallagher has recently announced they have achieved ISO 27001 accreditation, the leading international standard focused on information security. The ISO 27001 standard ensures organizations protect their information in a systematic and efficient way, through the adaptation of a robust and comprehensive Information Security Management System (ISMS). “Achieving this certification further demonstrates to our Channel Partners and customers around the world that we are committed to ensuring the delivery of robust and industry-leading security solutions which protect and safeguard the data of each and every one of them,” said Greg Barclay, Chief Operating Officer at Gallagher. The certification verifies Gallagher’s outstanding safeguards in three critical areas, including confidentiality, integrity, and authorized availability of all key data and information. Achieving the standard is a detailed and comprehensive process that requires a dedicated approach to all aspects of an organization’s processes in and around their ISMS. The ISO 27001 certification is the latest in a long list of key accreditations Gallagher has achieved in recent years. As Greg goes on to note, “We are proud to deliver solutions that meet government and industry compliance standards and certifications around the world. This is an essential part of our customer offering and commitment to protect what matters most.”  

An INTERPOL-coordinated operation targeting migrant smuggling and human trafficking has triggered 121 arrests across 25 countries, prompting 193 new investigations. Operation Storm Makers (21-25 March 2022) saw authorities carry out enforcement actions against organized crime groups believed to be facilitating the travel of Asian men, women and children across borders for exploitation and/ or profit. In total, authorities rescued 80 human trafficking victims and identified some 3,400 irregular migrants. Operational coordination units were set up in Hanoi (Vietnam) and Abu Dhabi (United Arab Emirates), helping assess intelligence and facilitating enforcement actions between participating countries. Smart electronic gates, connected to INTERPOL’s databases, were activated at airports across the United Arab Emirates (UAE) to boost passport checks and help detect forged documents. Globally, some 15 million checks were carried out against INTERPOL’s databases at air, land and sea borders, generating ‘hits’ or alerts for fraudulent travel documents, as well as INTERPOL Notices against individuals wanted on various charges, including murder and fraud. Organ trafficking, forced labour, sexual exploitation uncovered In Turkey, police arrested four people, dismantling a suspected international organ trafficking ring. The criminal network, originating in India, is accused of targeting vulnerable Indonesian nationals and facilitating kidney transplants in Turkey. The suspects went as far as staging wedding photos and falsifying documents in order to establish fake family relationships between recipients and donors. With each kidney fetching USD37,000 on the black market, the organ donor would receive USD15,000, with the remainder split among members of the network. Police in Malaysia and Cambodia worked closely on a case involving 15 men and one woman lured to Cambodia on the promise of a lucrative salary to work in a call centre. On arrival, however, they were locked up and forced to work 14-hour days as scammers. Authorities in both countries believe there are more victims of the criminal group and the ongoing investigation is being supported by INTERPOL’s Human Trafficking and Smuggling of Migrants unit. Additional operational highlights The Philippines rescued 32 victims of human trafficking and arrested eight suspects on charges of trafficking, child exploitation and child abuse. Authorities in Greece intercepted a car carrying five irregular migrants from Afghanistan and Syria, who had each paid EUR 4,000 to a smuggler in Turkey for transport to Thessaloniki. Vietnamese migrants were intercepted on the Hungary-Romania border, on their way to Germany. Their smugglers, also of Vietnamese origin, had coordinated all aspects of their illegal journey via social media platforms. In the UAE, a 17-year old girl was rescued from sexual exploitation. Brought to the UAE from Pakistan when she was just 13, the girl had been forced into prostitution by a family member. In the Maldives, intelligence led authorities to a possible brothel operating as a salon and spa, where they believe trafficked Thai women had been forced into prostitution. Authorities liaised with the women to ensure their safe return to Thailand and are working via the INTERPOL National Central Bureau in Bangkok to investigate the organized crime group behind their recruitment and exploitation. INTERPOL’s Secretary General, Jürgen Stock, said, “In just one week, this operation generated nearly 200 new investigations, revealing the sheer scale of these crimes. It is a huge responsibility for law enforcement, particularly when you know that the victims are in abusive or life-threatening situations. INTERPOL will continue to help authorities close the gaps and ensure the offenders behind these appalling activities are brought to justice.” Working together Participating countries received support from INTERPOL’s Specialized Operational Network against migrant smuggling, as well as its Human Trafficking Experts Group. AIRCOP, Homeland Security Investigations, the International Organization Migration and the Regional Support Office for The Bali Process delivered pre operational training. EUROPOL actively supported the operational phase by cross-checking information against its databases. Participating countries Australia, Bangladesh, Brunei, Cambodia, China, France, Germany, Greece, India, Indonesia, Laos, Malaysia, Maldives, Myanmar, Pakistan, Philippines, Portugal, Qatar, Romania, Singapore, Spain, Turkey, UAE, UK, Vietnam. Operation Storm makers was funded by the INTERPOL Foundation for a safer world.