Tag: ransomware

US offers $10 million bounty for info on ‘Blackcat’ hackers who hit UnitedHealth

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

The US State Department on Wednesday offered up to $10 million for information on the “Blackcat” ransomware gang that hit the UnitedHealth Group’s tech unit and snarled insurance payments across America.

“The ALPHV Blackcat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide,” the department said in a statement announcing the reward offer.

UnitedHealth said last week it was beginning to clear a medical claims backlog of more than $14 billion as it brought its services back online following the cyberattack, which caused wide-ranging disruption starting in late February.

UnitedHealth’s tech unit, Change Healthcare, plays a critical role in processing payments from insurance companies to practitioners, and the outage caused by the cyberattack has in some cases left patients and doctors out of pocket. The toll on the community health centres that serve more than 30 million poor and uninsured patients has been especially harsh.

Hackers said earlier this month that UnitedHealth paid a $22 million ransom in a bid to recover its systems, but whether Blackcat honoured its end of the bargain has not been made public. Shortly after the hack, the group put a bogus press release on its website falsely claiming it had been seized by law enforcement, giving the impression that they had shut down operations.

Also Read: Cyber attacks in healthcare — here’s the deadly war the world doesn’t talk about, yet

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

US govt to UnitedHealth: Accelerate healthcare provider payments amid cyberattack fallout

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

In an open letter on Sunday, officials from the US government urged UnitedHealth Group (UHG) to expedite payments to healthcare providers, following a cyberattack on the insurer’s Change Healthcare tech unit that severely disrupted medical claims and payments.

The US Department of Labor and the US Department of Health and Human Services emphasised the importance of UnitedHealth taking swift action to address the financial strain faced by healthcare providers due to the cyberattack on Change Healthcare. While the letter singled out UnitedHealth, it also called on other industry players to assist in mitigating the impact of the attack.

“We call on UHG, other insurance companies, clearinghouses, and healthcare entities to take additional actions to alleviate the challenges faced by patients and providers, particularly those serving as safety nets,” the letter stated.

UnitedHealth has yet to respond to requests for comment.

Last Tuesday, the US government announced plans to expedite Medicare and Medicaid payments to hospitals affected by the cyberattack on Change Healthcare, which was disclosed on February 21. The attack, attributed to the “Blackcat” ransomware group, has had widespread repercussions across the U.S. healthcare system, disrupting electronic pharmacy refills and insurance transactions.

UnitedHealth has indicated that it aims to restore disrupted services for medical claims and payments platforms by mid-March.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

FBI, UK National Crime Agency say they have disrupted LockBit gang

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

A coalition of international law enforcement agencies, including the FBI and UK National Crime Agency, said they have disrupted LockBit, one of the most prolific hacker groups of all time, including shutting down websites the organisation used for ransomware payments.

A post on the gang’s website Monday said it’s “now under the control” of the UK agency, the FBI and other law enforcement agencies.

Law enforcement from 11 different countries took part in the operation, which seized 11,000 domains used by LockBit and its affiliates to facilitate ransomware, an FBI official said. The operation, which disrupted LockBit’s infrastructure and targeted its malware deployment system, took place in recent days, the official said.

LockBit specialises in using malicious software known as ransomware to encrypt files on its victims’ computers, then demanding payment to unlock the files. The operation recruits hackers to conduct the cyberattacks using LockBit’s tools and infrastructure. LockBit gets a cut of any ransom extorted in the hacks.

The group was responsible for last year’s attack on the US arm of Industrial & Commercial Bank of China Ltd., which disrupted the $26 billion US Treasury market. It also took down a website that Boeing Co. uses to sell spare aircraft parts, software and services.

The worldwide operation disrupted the group’s infrastructure and will include indictments, followed by sanctions, said Brett Leatherman, deputy assistant director of the FBI.

Agents seized control of Lockbit’s equipment, including servers with victim data, file-share servers and communication servers, he said. That will help authorities return stolen data to the companies and other organisations hacked by LockBit.

“We’ll be notifying victims here soon,” Leatherman said in an interview.

LockBit first came to prominence in 2021, calling itself LockBit 1.0. In 2022, it became LockBit 2.0 and its latest iteration is LockBit Green. One of the group’s most recent victims was EquilLend. The trading platform, which processes trillions of dollars of transactions a month, said the incident on January 22 affected some automated securities lending services.

The hacking group has claimed 1,600 victims in the US and 2,000 internationally, according to the FBI. A good majority are within the private sector, and the FBI said it’s tracking 144 million ransoms paid in relation to LockBit attacks.

Also Read: Cybersecurity attacks rise in Digital India as companies play catch-up

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Behind Industrial & Commercial Bank of China hack is a gang for hire that holds systems hostage

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

In January, it hacked the UK’s Royal Mail and halted international mail shipments. Less than a month later, it struck a British fintech firm, paralysing global derivatives trading. It has crippled Japan’s biggest maritime port and struck Boeing Co.’s parts and distribution business.

But arguably none of the recent cyberattacks orchestrated by LockBit — one of the most prolific ransomware gangs of all time — has shaken the financial world more than its hack of Industrial & Commercial Bank of China Ltd. The breach disclosed Thursday by the largest global lender by total assets blocked some Treasury market trades from clearing, forcing brokers and traders to reroute transactions.

“This is a true shock,” Marcus Murray, founder of the Swedish cybersecurity firm Truesec. It’s the kind of large-scale, high-profile attack that “will make large banks around the globe race to improve their defences, starting today.”

LockBit’s devastation has been roughly four years in the making. The group has been active since at least the start of 2020 and has hacked as many as 1,000 victims globally, extorting more than $100 million in ransom demands, according to the US Justice Department. The group’s members have been tied to Russia and are active on Russian-language cybercriminal forums, according to industry experts.

The gang is what’s known as a “ransomware as a service” enterprise. Core LockBit hackers develop malware and other tools. Freelance cybercriminals then sign up with LockBit to gain access to their tools and infrastructure and do the hacking themselves. When attacks are successful, LockBit gets a commission — typically around 20% of any ransom paid, according to cybersecurity firms.

“They run it like a business, and that’s the best way to explain it,” Jon DiMaggio, chief security strategist at Analyst1, said in an interview earlier this year. “The founder of LockBit runs it as if he were Steve Jobs, which is successful for them but very bad news for the rest of us.”

LockBit hackers use so-called ransomware to infiltrate systems and hold them hostage. They demand payment to unlock the computers they’ve compromised and often threaten to leak stolen data to pressure victims to pay.

The gang’s victims span Europe and the US, as well as China, India, Indonesia and Ukraine, according to cybersecurity firm Kaspersky.

Researchers have long studied LockBit’s hacking tools, determining that the group regularly updates its malicious software in order to avoid detection from cybersecurity products. One strain of malware, dubbed LockBit Black, showed that the gang had experimented with a kind of self-spreading malware that would make it easier for hackers to infiltrate victim organisations without the technical expertise typically required to do so, Sophos Group Ltd. researchers wrote in a blog post.

Exactly how many people are involved in LockBit and where they are based is unknown, but the gang has said on its website that it doesn’t attack post-Soviet Union countries because most of its developers and partners were born and grew up there.

As of late Thursday, ICBC hadn’t been listed on LockBit’s website as a victim. That’s not unusual, said Mattias Wåhlén, a threat intelligence expert with Truesec. “Many initial ransom notes contain the offer that, if victims pay swiftly, the ransomware group will not publish the victim’s name at all, to save public embarrassment.”

Eric Noonan, chief executive officer of the security services firm CyberSheath, described LockBit as “the most deployed ransomware in the world in 2022,” noting that it has also been “pretty active” this year. Still, Noonan said: “It really is surprising that a Chinese bank was targeted.”

Because the Chinese government banned trading in cryptocurrency — hackers’ preferred payment method — gangs don’t often target the region, according to Wåhlén. China has also traditionally been considered an ally to Russia, he said, making it a lesser target of those with Russian ties.

“If that targeting turns out to be an error, Noonan said, “we could see LockBit aid in the recovery by providing free decryption as they have in the past when the wrong victims have been targeted.”

Then again, LockBit hackers have in the past made it clear that they’re equal opportunists. In a statement issued early last year, they described themselves as “apolitical.”

“For us, it is just business,” the gang said. “We are only interested in money for our harmless and useful work.”

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Industrial and Commercial Bank of China tells clients to reroute some trades after a cyber attack

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Industrial & Commercial Bank of China Ltd. was hit by a cyberattack that prevented it from clearing swathes of trades, forcing US clients of the world’s largest lender by assets to reroute transactions and leaving brokers and traders scrambling to assess the extent of the impact.

Explained: Why ransomware is so dangerous and hard to stop

The state-owned bank alerted market makers, banks and brokerages that trading of Treasuries is being impacted by the issue which started last night, according to people familiar with the matter who asked not to be identified discussing private information.

ICBC has told market participants that its US subsidiary appears to be experiencing the issue and is working to resolve US Treasury transactions as soon as possible, one of the people familiar said. The bank has hired cybersecurity firm Mandiant and has been offered assistance from the FBI and CISA, the person said.

The lender confirmed in a statement that a ransomware attack at its ICBC Financial Services unit disrupted some of its systems. The bank said it’s conducting a thorough investigation and progressing its recovery efforts. Its head office and other domestic and overseas units weren’t affected, it added.

“We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation,” a spokesman for the US Treasury Department said in an emailed statement.

A spokeswoman for the SEC declined to comment.

The extent of the disruption caused wasn’t immediately clear, though Treasury market participants reported liquidity was being affected. The Securities Industry and Financial Markets Association, or Sifma, held a call with members about the matter on Thursday, some of the people familiar said. A representative for the trade organization declined to comment.

The attack on ICBC is suspected of being orchestrated by the prolific gang known as Lockbit, according to people familiar with the situation, who asked not to be identified because the information isn’t public. That’s the the same group that has — just in the past year — also hit Boeing Co., ION Trading UK and the UK’s Royal Mail.

Lockbit, a criminal gang with ties to Russia, specializes in using malicious software known as ransomware to encrypt files on its victims’ computers, then demanding payment to unlock the files.

ALSO READ: Lockbit was the most active global ransomware group last year based on the number of victims, and it has hit 1,700 US organisations since 2020, according to the US Cybersecurity and Infrastructure Security Agency 

Earlier this year, it took credit for an attack against ION that paralyzed derivatives trading across markets for everything from commodities to bonds and forced several banks and brokers to process trades manually.

There was speculation among market participants that the issues with ICBC were part of the catalyst behind a very poor auction result for Treasury’s sale Thursday of 30-year bonds. Still, others said one firm’s issues would likely only affect a small portion of the market.

One US brokerage received an email from a broker who clears trades through the ICBC saying that the bank couldn’t connect to the Depository Trust and Clearing Corporation amid an issue clearing trades and that customers should expect delays.

Representatives for the DTCC didn’t immediately respond to requests for comment.

Central clearing platforms are intermediaries between buyers and sellers that assume responsibility for completing transactions and therefore prevent the a default of one counterparty from causing widespread problems in the marketplace.

The SEC has made a raft of proposals aimed at curbing leveraged trading by hedge funds and investments firms in the US Treasuries market, which include mandating central clearing of all US Treasuries. Stanford University finance professor Darrell Duffie said that the incident underscores the benefits of central clearing in the $26 trillion market.

“It’s being handled very effectively, and people are working very hard sorting it out,” Duffie said in an interview. “Having central clearing allows the market to handle this in a way that both protects counterparties but also manages the systemic risk in a much more transparent and organized way.”

Other financial institutions have been the target of similar assaults in recent years.

The website of the New Zealand Stock Exchange was hit by a cyberattack that throttled traffic so severely that it couldn’t post critical market announcements, forcing the entire operation to shut down. It was later revealed that more than 100 banks, exchanges, insurers and other financial firms worldwide were targets of the same type of so-called DDoS attacks at that time.

ICBC, which is also a big player in the US repo market, has been improving its cyber-security in recent months as it highlighted increased challenges from potential attacks amid the expansion of online transactions, the adoption of new technologies and open banking.

“The bank actively responded to new challenges of financial cyber-security, adhered to the bottom line for production safety, and deepened the intelligent transformation of operation and maintenance,” it said in its interim report in September.

In 2016, an examination of the malware used in an attack on Vietnam’s Tien Phong Commercial Joint Stock Bank showed that unique Swift codes identifying at least seven additional financial institutions were embedded in the hackers work. They included the New York and Hanoi branches of ICBC.

The malware wasn’t used to attack those banks — rather, it deleted money-transfer confirmations sent between the Vietnamese bank and its partners that could have alerted bank officials of improper transactions.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Boeing says ‘cyber incident’ hit parts business after ransom threat

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Boeing, one of the world’s largest defense and space contractors, said on Wednesday it was investigating a cyber incident that impacted elements of its parts and distribution business and cooperating with a law enforcement probe into it.

Boeing acknowledged the incident days after the Lockbit cybercrime gang said on Friday it had stolen “a tremendous amount” of sensitive data from the US planemaker that it would dump online if Boeing didn’t pay ransom by November 2.

The Lockbit threat was no longer on the gang’s website as of Wednesday, and it didn’t immediately respond to a request for comment. Boeing declined to comment on whether Lockbit was behind the cyber incident it disclosed.

“This issue does not affect flight safety,” a Boeing spokesperson said. “We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers.”

Boeing’s parts and distribution business, which falls under its Global Services division, provides material and logistics support to its customers, according to the company’s 2022 annual report. Some webpages on the company’s official website that had information on the Global Services division were down on Wednesday, with a message that cited technical issues.

“We expect the site to be back up soon,” the pages said.

Lockbit was the most active global ransomware group last year based on the number of victims, and it has hit 1,700 US organisations since 2020, according to the US Cybersecurity and Infrastructure Security Agency (CISA).

The hacking group typically deploys ransomware on a victim organiation’s system to lock it up, as well as stealing sensitive data for extortion.

It’s unclear what data Lockbit may have stolen from the company. Brett Callow, a ransomware expert and threat analyst at the cybersecurity firm Emsisoft, said that while organisations may pay cybercriminal gangs when demanded ransom, that doesn’t guarantee that data won’t be leaked.

“Paying the ransom would simply elicit a pinky promise from LockBit that they will destroy whatever data they obtained,” Callow said. “There would, however, be no way of knowing for sure that they actually had.”

The loss of military-related information would be “extremely problematic”, he added. Boeing did not comment on whether any defense-related data had been impacted in the cyber incident.

The CISA did not immediately respond to a request for comment on the Boeing statement.

Also Read: The US, along with 40 other countries, to vow not to pay ransom to cybercriminals

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

The US, along with 40 other countries, to vow not to pay ransom to cybercriminals

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Forty countries in a US-led alliance plan to sign a pledge never to pay ransom to cybercriminals and to work toward eliminating the hackers’ funding mechanism, a senior White House official said on Tuesday.

The International Counter Ransomware Initiative comes as the number of ransomware attacks grows worldwide. The United States is by far the worst hit, with 46% of such attacks, Anne Neuberger, US deputy national security adviser in the Biden administration for cyber and emerging technologies, told reporters on a virtual briefing.

“As long as there is money flowing to ransomware criminals, this is a problem that will continue to grow,” she said.

In ransomware attacks, hackers encrypt an organisation’s systems and demand ransom payments in exchange for unlocking them. Often they also steal sensitive data and use it to extort victims and leak it online if the payments are not made.

While hundreds of companies fall victim every year, high-profile US attacks occurred in the last two months at casino operator MGM Resorts International and cleaning products maker Clorox. Both companies have not yet fully recovered from the disruptions.

The new initiatives by the alliance aim to eliminate the criminals’ funding through better information sharing about ransom payment accounts, Neuberger said. Two information-sharing platforms will be created, one by Lithuania and another jointly by Israel and the UAE.

Reuters reported details of this initiative on Monday.

Partner countries will share a “black list” through the US Department of Treasury that will include information on digital wallets being used to move ransomware payments, Neuberger said.

She added that the effort will use artificial intelligence to analyse blockchain with a view to identifying illicit funds.

The volume of crypto payments to ransomware attackers is on track for its second-biggest annual total on record, blockchain analytics firm Chainalysis said in July.

Also Read: Massive dark web data leak exposes India to digital identity theft and financial scams, warns Resecurity

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Sun Pharma admits business affected due to March 2 ransomware attack

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

India’s largest drugmaker Sun Pharmaceuticals Industries Ltd. mentioned that the recent incident on its IT systems has resulted in a breach of certain file systems and theft of certain company and personal data.

Sun Pharma’s business operations have been impacted due to the ransomware attack, due to which, the revenue in some businesses will be lower.

On March 2, Sun Pharma had reported that a security incident took place at the company’s IT assets, but also said that the incident did not impact its core IT systems and operations.

Sun Pharma has said that a ransomware group has claimed responsibility for this incident and that the company is utilising global cyber security experts and enhanced security measures to address and mitigate the impact of this incident.

“The Company is currently unable to determine other potential adverse impacts of the incident, including but not limited to additional information security incidents, increased costs to maintain insurance coverage, the diversion of management and employee time or the possibility of litigation,” the exchange filing stated.

Expenses in connection with the incident and the subsequent remediation will also be borne by the company.

New Acquisition

Sun Pharma will also be making an investment of Rs 143.3 crore to acquire 60 percent stake in animal healthcare company Vivaldis Health & Foods. The remaining 40 percent shareholding will be acquired later, without a clear timeline being specified.

Vivaldis is engaged in the business of trading, distribuing, manufacturing and marketing of drugs, food supplements, and over-the-counter products in the animal healthcare industry.

The acquisition is likely to be completed by May 2023. For the financial year 2022, Vivaldis reported revenue of Rs 29.92 crore.

Additionally, brokerage firm Credit Suisse has upgraded Sun Pharma to outperform from the earlier rating of neutral. It has also raised its price target to Rs 1,150 from Rs 950 earlier. The brokerage expects Sun Pharma’s specialty sales to double over the next four years.

Credit Suisse expects Sun Pharma’s revenue to grow at a Compounded Annual Growth Rate (CAGR) of 12 percent over financial year 2022-2025 and expects margin to expand to 30 percent over the same period.

Shares of Sun Pharma have given up all the gains made so far this year, and are now down 2.5 percent. The stock has corrected 9 percent from its 52-week high of Rs 1,072.

Also Read: Here are key reasons why Sun Pharma is Jefferies’ top pharma pick

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Data Privacy Day 2023: Top 5 data risks every business should address

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Data Privacy Day is observed on January 28 all around the world. Sensitising people and spreading information about privacy practices and principles are the day’s goals. In order to foster a culture of privacy, it encourages everyone to take ownership of their privacy obligations.

This year’s theme is ‘Privacy Matters.’ It fosters a sense of responsibility by demonstrating the importance of privacy for both individuals and organisations. But more so for the latter as businesses hold several datasets. It is important for them to understand data risks and always be a step ahead of any potentially malicious activity.

Here are the top five data risks every organisation should be aware of:

Loss of data

A data-centric strategy is necessary to keep pace with innovation, data accessibility, and compliance monitoring, along with data loss protection. In order to protect and maintain the privacy of a business’s most valuable resource, data loss prevention (DLP) is essential. By using this method, data owners and security teams can safely recommend DLP within their organisation.

Also Read: Python-based attack campaign targeting healthcare and finance industries discovered

Inadequate knowledge of data loss

The biggest threat to the cloud security of a business may be data leaks. A growing number of firms are discovering that their cloud computing capabilities are vulnerable to reputational and financial penalties arising from the regulatory and legal fallout that follows data breaches.

Insider threats

Protecting the perimeter is insufficient because the real threat can be lurking within the organisation. Businesses need to pay close attention to anyone who has access to their internal information, including partners, employees, third parties, and others. It’s crucial to ensure that they won’t abuse their access rights because they have access to your company’s trade secrets and could have an impact on your operations.

Social engineering vulnerabilities

Luring employees into disclosing credentials or downloading malware is a relatively typical method for data breaches. Every employee needs to learn how to recognise phishing, malware, and other social engineering problems. IT must keep up with current trends, watch out for targeted assaults, and ensure that staff members are informed about what to look for and how to respond.

Also Read: View | High awareness, low preparedness — The state of cybersecurity in healthcare

Ransomware attacks

Ransomware attacks are among the few cyber threats that receive a lot of public attention and general concern. Small-to-midsize businesses (SMBs), as well as local governments, are targets of these more common and expensive online cash grabs, which are driving up the number of these cyber threats. Additionally, many ransomware threats occur at the user level because phishing techniques and other harmful communications enable these major cyber threats.

Cyber risks are also shifting as businesses move toward a digital strategy while balancing a hybrid work structure and pushing every aspect of their operations to the cloud. As per recent reports, cyber threats are growing, spilling into the mainstream.

The year 2023 will see leading organisations investing heavily in updating or establishing more robust cybersecurity policies and procedures, monitoring attack surfaces, and enabling security automation. They will team up with incident response, digital forensics, and data restoration groups to proactively identify and eliminate threats in networks, reduce the attack surface, close security breaches, and recover critical data.

Also Read: As businesses shift to cloud, CEOs need to prioritise cybersecurity: PwC

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Cyber security in 2023: Trends to watch out for in the new year

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Cyber crime continued to create havoc in 2022. Nearly 1.9 million cyberattacks against the healthcare industry in India were recorded from January to November this year while the number of cyber attacks against Indian government agencies doubled in 2022, making it the most targeted country in this sector.

The number of cyber attacks in the country has witnessed three-fold increase over as many years. According to government data, in 2019, total number of cyber security incidents tracked by Indian Computer Emergency Response Team (CERT-In) was 3,94,499. The number spiked to 11,58,208 in the year 2020 and further increased to 14,02,809 in 2021. This year, as many as 6,74,021 cyber security incidents were reported till June.

Experts suggest, however, that the magnitude and novelty of digital attacks coming in 2023 will only get more aggressive as cybersecurity teams around the world are presented with a task unlike any other: securing access to the data of their individual organisations over hundreds of remote access points.

Here are some of the trends to watch out for in 2023:

Accelerated 5G adoption to deepen vulnerabilities

5G connections in India are expected to reach 88 million by 2025, according to a recent report by GSMA. While the spotlight is currently focused on delivering higher data speeds, latency improvements, and the overall functional redesign of mobile networks, the cloud will expose the 5G core to cloud security vulnerabilities, according to cyber security company Palo Alto networks. With only 114% of Indian organisations equipped with a plan to secure their 5G/4G environment, CISOs will need to be wary of large-scale attacks from any source, including the operator’s own network.

Securing connected medical devices will be critical

Digitisation has enabled new healthcare capabilities such as virtual healthcare and remote diagnosis. But the prevalence of legacy and sensitive data will make healthcare an attractive target for cyber threat actors. Ensuring the cybersecurity of medical IoT will be important as ever for patient safety as the closer a patient is to a device, the greater the likelihood for weaponization by bad actors, according to Palo Alto.

Multi-factor authentication

Multi-factor authentication (MFA) is a critical security measure that can protect users even if their passwords are leaked — but MFA only helps when it’s enabled and enforced, according to software company Varonis. Without MFA, attackers have a more straightforward path to compromise an organisation. Criminal groups are known to grab usernames and passwords from data breach dumps on the dark web. They try out every credential to brute-force internet-facing systems and gain access.

Internal sharing links overexpose data

Sharing links are helpful for collaboration but they are also a significant security risk. Easy sharing makes protecting sensitive data challenging, according to Varonis. When insiders or external attackers gain access to data they shouldn’t, information is immediately at risk from ransomware and theft.

Metaverse to be the new playground for cybercriminals

With an estimated $54 billion spent on virtual goods every year, metaverse could open up a new playground for cybercriminals. The immersive nature of the metaverse will unlock new opportunities for businesses and consumers alike, as it will allow buyers and sellers to connect in a new way. Companies, and cyber attackers in tandem, will take advantage of mixed reality experiences to diversify their offerings and cater to the needs of consumers in the metaverse.

Supply chain attacks to gain momentum

These attacks involve hackers targeting a company’s suppliers or other partners in order to gain access to the company’s systems. Globalisation has considerably increased the flow of commodities around the world, but because manufacturing and supply chains are becoming more interdependent, supply networks are now spread over greater distances and are more prone to disruption.

Alexa, start mining bitcoins!

The advanced capabilities of consumer and enterprise IoT devices will be leveraged by hackers to mine cryptocurrencies, according to cybersecurity company Trellix.

Potential of Artificial Intelligence (AI)

From face recognition, natural language processing, and autonomous danger detection – since artificial intelligence and machine learning were introduced to all industry sectors, cybersecurity has undergone tremendous changes. But it also enables pulling up sophisticated spyware and attacks that bypass the majority of data security defences.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow