Ransomware is one of the most sophisticated and feared attacks in the modern threat landscape. A specialized form of malware, ransomware is designed to forcibly encrypt a victim’s files. The attacker then demands a payment from the victim in exchange for the decryption key to restore access to the data upon payment. Costs can range from a few hundred dollars to millions, in addition to the disruption suffered while data remained inaccessible.

Notable ransomware attacks of 2022

1. Costa Rica ransomware attack (government)

In May 2022 President Rodrigo Chaves of Costa Rica declared a national emergency due to  Conti ransomware attacking numerous government institutions including the Ministry of Finance, Ministry of Science, and the Costa Rican Social Security Fund (CCSS).

Conti, a ransomware-as-a-service, has been wreaking havoc since 2020. Conti ransomware has several unique features not seen before, including the ability to run 32 encryption threads simultaneously, and remote control through command-line options.

2. Puma ransomware attack (enterprise)

Puma was alerted to a security breach on 10 January, caused by a ransomware attack on Kronos, their workforce management solutions provider. With ransomware and data exfiltration, the goal, personal data of over 6,600 employees, including Social Security numbers, were taken and encrypted, but no customer information was compromised. Kronos regained access to their data soon after, issuing two years of complimentary Experian Identity Works to affected Puma employees as compensation, including credit monitoring, insurance, and restoration.

3. French hospitals targeted with ransomware (healthcare)

In August, hackers used LockBit ransomware and targeted French hospital Centre Hospitalier Sud Francilien with data exfiltration. In retaliation for not paying a ransom, the attackers leaked patient data, including laboratory analyses, radiology reports, and more. The attack caused disruption of all health services, forcing transfer of patients to other facilities and postponement of surgeries.

Another French hospital, André Mignot hospital in Versailles, was also hit with ransomware in December. They had to shut down their network as a security measure.

What was the prevailing ransomware variant of 2022?

According to a Mawarebytes report, LockBit (formerly “ABCD” ransomware) was the main ransomware variant of the year. LockBit ransomware scans for targets of value, propagates itself, and encrypts any computers that are connected to the network.

“LockBit is a subclass of ransomware known as a ‘crypto virus’ due to forming its ransom requests around financial payment in exchange for decryption. It focuses mostly on enterprises and government organizations rather than individuals.”

– Source: Kapersky Lab’s article LockBit ransomware — What You Need to Know 

How do ransomware attacks work?

Ransomware attacks can be initiated in many ways. One of the most common is a phishing exploit, in which an email delivers an attachment disguised as a legitimate business file. Once it has been downloaded and opened—often by a victim with good intentions and no awareness of the threat it contains—the malware takes over the victim’s computer, and can even use built-in social engineering tools to gain administrative access. At this point, the ransomware can spread laterally from one computer to another and ultimately infect the entire network.

Once the malware has taken over the victim’s computer, the typical next social engineering toolsstep is to encrypt some or all of the user’s sensitive files and forcibly reboot the user’s system. The user is then informed of the exploit and notified of the ransom being demanded, usually in the form of an untraceable Bitcoin payment, as well as a deadline for payment.

The post 2022 Ransomware Attacks and Evolution of Data Exfiltration appeared first on The Integrator.

Written by: Adrian Taylor, A10 Networks

Ecommerce continues to be one of the most fast-paced and competitive global industries, with industry-watchers estimating that online sales will constitute a fifth of all retail sales worldwide by the end of 2022. As vendors strive to capture their share of market growth, they need to offer exceptional customer experiences that build loyalty and repeat revenue. However, delivering omnichannel excellence puts considerable pressure on infrastructure as site traffic increases and consumer expectations rise.

At the same time, the sector is heavily targeted by cybercriminals seeking to disrupt, extort and damage online retail businesses. Consequently, striking a balance between operational efficiency, cost control, security, and customer satisfaction is a complex challenge.

Adrian Taylor, VP of EMEA at A10 Networks

To resolve the tension between availability, performance, efficiency, and security, most e-commerce providers are accelerating their cloud transition programs with many opting for a multi-cloud strategy. These decisions are driven by the changing landscape in which they are operating and the nature and intensity of the cyber threats they face.

Security concerns: Brand and reputation are crown jewels for e-commerce companies

Ecommerce providers are acutely aware that trust is intrinsic to building customer loyalty. Anything that damages reputations and threatens customer confidence has a long-term impact on revenues. It’s not surprising, therefore, that cyber defacement and brand damage are top concerns for 62% and 49% of the businesses surveyed respectively. Linked to this is concern over user data theft and credit card theft, identified as a top concern by 52% and 36% of respondents.

Away from direct public-facing threats, more than one-third of companies cited DDoS attacks as a key concern. This is not surprising, given the increase in DDoS attacks and the potential loss of revenue. The report indicated that some e-commerce providers are struggling to resolve this issue, with one in ten reporting that they had lost availability due to a DDoS attack. Given that this directly affects revenue generation, and creates a poor customer experience, organizations should focus on ensuring that their DDoS mitigation strategy and tools are effective.

Performance pitfalls: high traffic and security trade-offs are impacting uptime

On the performance side of the equation, 86% of the e-commerce businesses we surveyed reported a significant increase in traffic. This is undoubtedly a result of the pivot to online purchasing made by millions during the pandemic, but in an industry well-used to handling seasonal spikes it was surprising that businesses reported downtime caused by traffic spikes as a top issue in the past year. This is potentially related to the heavier performance demands from new technology standards, such as the encryption required by Perfect Forward Secrecy (PFS).

Priorities have changed in a multi-cloud environment

Managing performance and mitigating security threats have a different complexion in a multi-cloud environment compared to traditional on-premises systems. Our research found that the complexity of multi-cloud IT has reshaped the priorities of IT leaders.

While traditional e-commerce priorities such as disaster recovery and the ability to scale to meet seasonal demand remain important, they have dropped down the list as the resource-intensive nature of multi-cloud management becomes apparent.

Consequently, e-commerce IT leaders are seeking solutions that provide control and visibility. 60% cited centralized management and analytics as a key requirement for successful multi-cloud adoption. Consistent application delivery and security came a close second, while 46% sought efficient automation.

Adopting a polynimbus approach

As e-commerce companies continue their journey to the cloud, there’s no doubt that focus is needed to resolve the identified challenges and ensure that they gain all the benefits of multi-cloud flexibility, without losing control and visibility over critical elements of the environment.

Here, a polynimbus approach to application delivery helps simplify management and automate operations in multi-cloud deployments. It also centralizes security policy enforcement, helping organizations answer governance and compliance demands.

The post How Multi-Cloud Application Delivery is Impacting E-commerce Providers? appeared first on The Integrator.

The world has been going through significant changes: facing a global COVID-19 pandemic, researching how the SARS-CoV-2 virus works, and then delivering a defense via vaccines to fight back. Similarly, in the world of cybersecurity, we saw many changes in the first half of 2021. A10 Networks’ recent report on the H1 2021: The Global State of DDoS Weapons sheds light on potential DDoS weapons and their behavior to ensure DDoS attacks can be mitigated regardless of the country or organization they belong to. The report provides detailed insights into the origins of DDoS activity, how easily and quickly modern malware can hijack IoT devices and convert them into malicious botnets, and what organizations can do to protect against such activities.

Amr Alashaal, Regional Vice President – Middle East at A10 Networks

As per the report, while DDoS attacks kept growing in size and frequency, attackers particularly focused on low-volume attacks that ran for longer periods, frequently injecting attack traffic. These low-volume attacks helped them evade basic defensive measures, but low thresholds still had a significant impact on systems and operations. We also saw some positive changes, for example, a large-scale botnet takedown by an international operation across different continents. Organizations began paying a lot more attention to DDoS, raising awareness around the role of malware in DDoS attacks, and providing insights into how systems and operations can be protected from attacks, large or small.

Organizations are paying more attention to infectious malware, like Mozi. Some vigilante groups have even started using DDoS attacks as a defensive measure, attacking systems that exhibit scanning behavior. A10 has seen this behavior exhibited on our honeypots. While employing DDoS attacks against the very attackers might be considered controversial, it helps ultimately reduce DDoS attacks and the expansion of botnets.

Key Insights from the report:

• The total number of DDoS weapons has increased by approximately 2.5 million in the first half of 2021, in line with the last two reports, with a total number of approximately 15 million weapons. This number includes both reflected amplification weapons as well as botnet agents readily available for exploitation by attackers.
• SSDP (Simple Service Discovery Protocol), which can be a dangerous and potent DDoS weapon, remained at the top with over 3.2 million potential weapons exposed to the internet. The rest of the weapons remained virtually the same as before, with SNMP, Portmap, TFTP, and DNS Resolvers as the top five. It is important to note that almost all of these weapons experienced a growth in numbers except for DNS Resolvers, which had a reduction of over 300,000 weapons.
• China continues to lead in hosting the highest number of potential DDoS weapons (almost 2 million), including both amplification weapons and botnet agents.
• The United States remains the second-largest source of DDoS weaponry, particularly amplification weapons.
• The number of total botnet agents was almost halved, with China hosting 44% of the total number of drones available worldwide.
• Mozi, one of the highly prevalent malware in the DDoS world, topped out at over 360,000 unique systems using more than 285,000 unique source IP addresses, likely due to address translation. First identified in 2019, Mozi has been evolving and increasing in size ever since. It can now persist on network devices by infiltrating the device’s file system, remaining functional even after the device has been rebooted. The Mozi botnet includes infected bots around the globe with China, India, Russia, Brazil, and Vietnam leading the list of countries and regions.

In conclusion, cybercriminals and cyberattacks have been evolving at a steady pace. With new attacks and new malware variants that come out, we see new layers of sophistication in how IoT and smart devices are weaponized. While these attacks become more prevalent, one thing is quite obvious — they don’t go unnoticed. Now is the time to update our defensive strategies by incorporating the Zero Trust model and investing in modern, artificial intelligence/machine learning-based solutions that will not only defeat attacks in real-time but also protect against the unknown.

The post Global Lockdowns May Limit COVID-19, But Not DDoS appeared first on The Integrator.

The post A10 Networks acquires Appcito appeared first on The Integrator.