Tag: ransomware

AIIMS data retrieved, services restored after over two weeks: Govt

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

More than two weeks after the AIIMS cyber attack, Minister of State for Health Bharati Pravin informed the Lok Sabha on Friday that all the data has been retrieved from an unaffected backup server with most of its services also being restored.

Responding to a question, Pawar said no specific amount of ransom was demanded by the hackers though a message was discovered on the server that suggested it to be a cyber-attack.

An FIR has been registered by the All India Institute of Medical Sciences with the Special Cell of Delhi Police, regarding the attack, the minister said in her written reply.

Five physical servers of AIIMS Delhi on which the e-Hospital application of the National Informatics Centre (NIC) was hosted, were affected. All the data for the e-Hospital has been retrieved from a backup server which was unaffected and restored on new servers. “Most of the functions of e-Hospital applications like patient registration, appointment, admission, discharge etc have been restored after two weeks of the cyber-attack,” Pawar said in the written reply.

Also Read: AIIMS ransomware attack: What we know so far

The National Nodal Agency for responding to cyber security incidents — Indian Computer Emergency Response Team (CERT-In) has “Empanelled Information Security Auditing Organisations” for auditing including vulnerability assessment and penetration testing of the computer systems, networks and applications involving public service delivery including Ayushman Bharat Digital Mission (ABDM).  Immediate measures were taken by AIIMS to enhance security like endpoint hardening, string firewall policies and network segmentation to secure all the data of the Institute, the minister stated.

Setting up of 22 new AIIMS and 75 projects of upgradation of existing government medical colleges or institutions by way of setting up of super speciality blocks or trauma centres have been approved under the Pradhan Mantri Swasthya Suraksha Yojana (PMSSY) to reduce the patient load on the Delhi hospital.

They are at various stages of offering inpatient and outpatient services to the needy. The day-to-day operations or surgeries as well as associated activities and record keeping was done in a manual mode. In AIIMS Delhi, the dashboard for the real-time emergency bed availability has been developed in-house, the reply stated.

Also Read: Chinese hackers suspected to be behind AIIMS cyber attack

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

AIIMS working on cybersecurity policy with investigating agencies

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

The AIIMS, Delhi is working on devising a cybersecurity policy for the hospital and other wings with guidance from investigating agencies, official sources said on Thursday, even as its servers remained down for the ninth day following a ransomware attack.

Recommendations have been sought from the investigating agencies, they said.

Besides, a chief information security officer (CISO) is being appointed on an ad hoc basis for emergency cyber security measures to be taken at the All India Institute of Medical Sciences (AIIMS) here to restart the eHospital services and prevent such incidents in the future.

The Indian Computer Emergency Response Team within the Ministry of Electronics and Information Technology, Delhi cybercrime special cell, Indian Cybercrime Coordination Centre, Intelligence Bureau, Central Bureau of Investigation, National Forensic Sciences University, National Critical Information Infrastructure Protection Centre, and National Investigation Agency, etc. are investigating the cyber attack.

Also read: AIIMS online services likely to begin from next week in a phased manner

Meanwhile, internet services at the AIIMS continued to be blocked as per the recommendations of the investigating agencies.

Patient care services including outpatient, laboratory, inpatient and emergency, etc. are operating in manual mode.

On Tuesday, AIIMS authorities informed that the e-Hospital data has been restored on the servers. They said that the network is being sanitised before the services can be restored.

The process is taking some time due to the volume of data and large number of servers/computers for the hospital services. Measures are being taken for cyber security, the AIIMS had said in a statement issued on Tuesday.

A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25 in connection with the ransomware attack.

There has been a 20 per cent increase in the number of walk-in OPD patients at the AIIMS leading to long queues as the premier hospital’s online appointment system remained shut.

Also read: ‘Ransomware attack’ on AIIMS Delhi server, government agencies begin probe

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

AIIMS Delhi cyber attack: Authorities confident of retrieving encrypted data, sources say

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Investigating authorities in the All India Institute of Medical Sciences (AIIMS) Delhi cyber attack have not come across any ransomware demand, sources close to the matter told CNBC-TV18. The initial probe indicates the hacking might have emanated from China. While the hackers have encrypted the data, authorities seem confident of retrieving it.

The ransomware attack on the servers of AIIMS Delhi is a conspiracy and planned by forces that are significant, Minister of State for Electronics and IT Rajeev Chandrasekhar said on Friday.

According to an AIIMS official, the restoration work on the AIIMS database is ongoing. “Over 50 percent of work is completed. The online services likely start from the end of this week in a phased manner,” the official said last week.

AIIMS on Tuesday, in an official statement, said that the e-hospital data has been restored on the server and that the data is taking time due to the volume of data and a large number of servers/computers for the hospital services.

The eHospital data has been restored on servers. Network being sanitized before services can be restored. The process is taking some time due to the volume of data and large number of servers/computers for the hospital services. Measures are being taken for cyber security: AIIMS pic.twitter.com/w8Rk8hwOa7

— ANI (@ANI) November 29, 2022

However, all hospital services, including outpatient, in-patient, laboratories, etc continue to run on manual mode. Meanwhile, two system analysts were suspended by AIIMS on Monday after being served show-cause notices for alleged dereliction of duty, reported PTI.

Official sources said Internet services in the hospital are blocked as per the recommendations of the investigating agencies leading to a 20 percent rise in the number of walk-in OPD patients at the AIIMS which led to long queues.

Officials said the hospital authorities have deployed additional staff to manage the rush of patients. All hospital services, including outpatient and in-patient departments and laboratories, continue to run on manual mode.

Besides the outpatient department (OPD), long queues were witnessed outside diagnostic centres and billing counters at the All India Institute of Medical Sciences (AIIMS) as the hospital authorities along with other agencies struggled to restore the servers, PTI reported.

A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

AIIMS ransomware attack: What we know so far

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

 Several services have remained affected at the All India Institute of Medical Sciences (AIIMS), Delhi, as the hospital is still struggling to get control of its servers back. The hospital lost access to its servers as a result of a possible ransomware attack that has forced hospital staff to manually settle bills, conduct tests and perform other functions.

“The server for National Informatics Centre’s Hospital being used at AIlMS, New Delhi was down due to which outpatient and inpatient digital hospital services including, smart lab, billing, report generation, appointment system etc, have been affected. All these services are running on manual mode currently,” the hospital said in a statement issued on November 24.

What we know about the ransomware attack 

On November 23, patients and doctors complained about the hospital’s services working slowly or not at all. As a result, the hospital was forced into working in a manual mode from 7 in the morning. The National Informatic Centre investigated the issue and found signs of a ransomware attack on the hospital’s servers.

Also Read: Amazon faces Black Friday protests in 40 countries for better wages and working conditions

Following the initial investigation, the Computer Emergency Response Team (CERT-In) and National Informatics Centre started working on the hospital’s servers to restore functionality as soon as possible. At the same time, the Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) cell registered an FIR invoking sections of cyber terrorism (IT Act, section 66F) in light of the incident with the preliminary investigation hinting to the ransomware attack being perpetrated from outside the country, reported Hindustan Times.

While several services remained unaffected, the breach also put the loss of research data and information about VIP medical records at risk, sources told CNN-News18. Intelligence sources also added that the hack was possible due to weak security infrastructure including weak antivirus software and firewalls.

The ransomware attack on AIIMS is the first such attack on an Indian healthcare institution even as such institutions have been a favoured target of ransomware over the past few years.

Ransomware is a type of malware that encrypts or corrupts the data of an organisation restricting access, and forcing the organisation to pay a ransom to get their data back.

Also Read: Foxconn woes at China plant could hit 30% iPhone November shipments

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Ransomware activity doubles in transportation and shipping industry: Report

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Ransomware activity increased 100 percent quarter over quarter in transportation and shipping, in the US alone, according to a report by a cybersecurity company. Trellix on Thursday released The Threat Report: Fall 2022, which analyses cybersecurity trends from the third quarter of 2022. 

Globally, transportation was the second most active sector (following telecom), with more advanced persistent threats (APT) detected in transportation than in any other sector.

The report examines malicious cyber activity, including threats to email, the malicious use of legitimate third-party security tools, and more.

Also Read: India one step closer to adopting uniform charging port for electronic devices

Key findings of the report are as follows: 

Germany Saw the Highest Detections: Not only did Germany generate the most threat detections related to APT actors in Q3 (29 percent of observed activity), but they also had the most ransomware detections. Ransomware detections rose 32 percent in Germany in Q3 and generated 27 percent of global activity. 

Emerging Threat Actors Scaled: The China-linked threat actor, Mustang Panda, had the most detected threat indicators in Q3, followed by Russian-linked APT29 and Pakistan-linked APT36.

Ransomware Evolved: Phobos, a ransomware sold as a complete kit in the cybercriminal underground, has avoided public reports until now. It accounted for 10 percent of global detected activity and was the second most used ransomware detected in the US. LockBit was the most detected ransomware globally, generating 22 percent of detections.

Also Read: Elon Musk defends $56 billion pay — ‘was focused on reviving Tesla’

Old Vulnerabilities Continued to Prevail: Years-old vulnerabilities continue to be successful exploitation vectors. Trellix observed Microsoft Equation Editor vulnerabilities comprised of CVE-2017-11882, CVE-2018-0798, and CVE-2018-0802 to be the most exploited among malicious emails received by customers during Q3.

Malicious Use of Cobalt Strike: Trellix saw Cobalt Strike used in 33 percent of observed global ransomware activity and 18 percent of APT detections in Q3. Cobalt Strike, a legitimate third-party tool created to emulate attack scenarios to improve security operations, is a favourite tool of attackers who repurpose its capabilities for malicious intent. 

Trellix Advanced Research Center brings together a team of security professionals and researchers to produce insightful and actionable real-time intelligence to propel customer outcomes and the industry at large.

Also Read: Apple MacBooks, smartwatches go on sale in US as Black Friday nears

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Australia to consider banning paying of ransoms to cybercriminals

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Australia’s Home Affairs Minister Clare O’Neil on Sunday said the government would consider making illegal the paying of ransoms to cyberhackers, following recent cyberattacks affecting millions of Australians.

Australia’s biggest health insurer, Medibank Private Ltd, last month suffered a massive cyber attack, as Australia grapples with a rise in hacks.

Singapore Telecommunications-owned telecoms company Optus, Australia’s second largest telco, along with at least eight other companies, have been breached since September.

Asked on ABC television on Sunday whether the government planned to look at outlawing ransom payments to cyber criminals, O’Neil said ”that’s correct”.

”We will do that in the context of … cyber strategy,” she said.

Also read: Supply chain attack — A potential cybersecurity blind spot

The comments come after O’Neil, on Saturday, formalised a new cyber-policing model between the Australian Federal Police (AFP) and the Australian Signals Directorate – which intercepts electronic communications from foreign countries – to do ”new tough policing” on cybercrime.

Around 100 officers would be part of the new partnership between the two federal agencies, which would act as a joint standing operation against cyber criminals.

The taskforce would ”day in, day out, hunt down the scumbags who are responsible for these malicious crimes”, she said.

Also read: Cybersecurity | Best practices for data loss prevention & latest threats to be wary of

The AFP earlier this week said Russia-based hackers were behind the attack on Medibank, which compromised data from around 10 million current and former customers.

Attorney General Mark Dreyfus on Saturday refused to be drawn on whether the Russia-based ransomware group REvil was responsible for recent cyber attacks on Australians, but said it was a ”very organised criminal gang” located in Russia.

Prime Minister Anthony Albanese has previously said the government was doing all it could to limit the impact of the Medibank hack and had set up a phone service for affected customers to seek help from both the government and Medibank.

Also read: Explained: What is protected system and the need for securing critical infrastructure

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Expert highlights importance of digital hygiene in an increasingly risk-prone online world

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

If the coronavirus showed us one thing, it was the importance of hand hygiene. Another thing that became apparent, if not immediately, then a few weeks into the lockdown, was just how much we would come to rely on the internet — for entertainment, to pay bills, to transfer money online etc.

And then there was the flip side — as the digital ecosystem evolved, so did digital frauds. According to the latest report by the National Crime Records Bureau, India reported 52,974 cases of cybercrime in 2021, an increase of over 5 percent from the previous year, 2020 (50,035 cases), and a jump of over 15 percent from 2019 (44,735 cases).

The onset of the pandemic and the forced switch to digitisation brought about by the subsequent nationwide lockdown made for happy hunting grounds for cybercrooks.

In such a situation, the role of the government in spreading awareness among the citizens to take steps and insulate themselves and their data online, and the host of companies that offer cybersecurity solutions, become crucial for enterprises and individuals alike.

Also read: Employee-level awareness key for companies to protect against cyberattacks, says expert

One such company is eSec Forte – which has been empanelled by national cybersecurity watchdog Indian Computer Emergency Response Team (CERT-In) as an information security auditor. eSec Forte is a “Global Consulting and IT Security Services company with offerings across Cloud Security, Cyber Forensics, Malware Detection, Security Audit, Red Team Assessment, Threat Hunting, Security Operations Control, Penetration Testing, Secure Access Management, Risk Assessment, IOT Security etc.”, as per its website.

As such, it is positioned to offer insights on several cybersecurity incidents that have surfaced in or impacted India in recent years.

Kunal Bajaj, the company’s Chief Business Officer, touched upon issues like the Pegasus spyware, enterprise-level cybersecurity, ransomware attacks, online transactional fraud, data theft, and information security in an increasingly digital world.

Pegasus

The surfacing of Israeli malware/spyware Pegasus and subsequent revelations that several high-profile Indians were monitored using the software has made it a politically charged issue in India.

Bajaj highlights the loopholes in privacy laws in India. “The country has to thoroughly revisit these legislations in order to make sure that both matters of national security and the privacy of citizens can be balanced in a desirable manner,” he says.

Meanwhile, at an enterprise level, several high-profile companies, such as Microsoft, Samsung, Uber, Rockstar Games, and NVIDIA, were affected by data breaches this year, begging the question, if technology companies aren’t safe from hackers, then who is? How can they protect themselves?

Also read: If security is ‘slack’ — what happened at Rockstar Games could happen to your company too

“Increasing awareness of consumers about their information (shared with companies), coupled with intensifying threat of data breaches, has re-emphasised the need for strict cybersecurity controls and preventive measures,” says Bajaj.

“Companies world over are employing top-of-the-line measures to safeguard their global Infrastructure and data points from hackers and anomalies,” he adds.

Companies are also encouraging their employees to be cautious of potential threats which may target the end points by deploying effective:

• End Point Security
• Mobile Security Controls
• User Behaviour Analysis
• Deep Packet Inspection
• Identity and Access Management
• Log Monitoring

“Besides all these efforts, companies are fully integrating flexible technologies and modular approaches so as to make a quick shift to a more advanced form of cybersecurity solutions,” he explains.

Ransomware

Another cyber menace that rears its ugly head from time to time is ransomware. Simply put, a ransomware attack is an incident in which a bad actor had stopped you from gaining access to sensitive data, and holds that data to ransom — “pay me, or lose this data forever”.

Just this year, the USA accounted for 60 percent of worldwide ransomware attacks, followed by Europe, Middle East and Africa, and Asia-Pacific — which includes India.

“There are many reasons behind the increasing number of ransomware attacks, with the biggest ones including the growing trend of remote working, unawareness about cybersecurity laws, lack of training, and unsecured data systems and networks among others,” explains Bajaj.

By simultaneously working on all these fronts, organisations can dramatically reduce the instances of ransomware attacks and save themselves a lot of resources that would have otherwise required to be paid to hackers as ransom money, he says.

“Experts in the cybersecurity domain also point out the need of raising awareness among users about various steps that can be taken to safeguard their systems against ransomware attacks,” he adds.

This can be done by first understanding the different ways in which a ransomware attack is deployed.

Transactional fraud

Simply put, a transactional fraud is basically a cybersecurity violation involving a digital payment. In a survey conducted by MasterCard, 90 percent of the consumers expressed their willingness to adopt new-age digital technologies to make payments safe. 

The survey also expressed a growing need for stringent cybersecurity laws as there is a staggering 49 percent jump in the cybersecurity violations that consumers have witnessed in 2021. 

“Banks, Financial Institutions, and other companies involved in the e-commerce space are also becoming aware of the increasing threat of cybersecurity violations, which explains the new methods of verification that have been now employed by various merchants across businesses and industries,” Bajaj says. “One of the novel practices that may potentially increase is use of password-less technologies, which is really becoming instrumental in reducing digital frauds and becoming the favourite for innovating more such methods to arrest the growth of transaction frauds.”

Also read; Data is the new oil — how companies can shield themselves from cyber attacks

Information security

Information security is a set of processes and tools that are deployed in order to protect sensitive information of businesses and users from data hackers and scammers. “It is important to know that information security is part of the cybersecurity framework and should not be used as a replacement for the wider and holistic term of cybersecurity,” Bajaj says.

Some of the prominent types of information security include application security,  cryptography, vulnerability management, cloud security, and infrastructure security among others. 

“The ability of information security to provide a swift response to cybersecurity attacks is one of the key distinguishing factors that set an excellent security system apart from ordinary ones. Today information security plays a crucial role in safeguarding the data and offering robust protection against the rising threats of data hacking and stealing of sensitive information,” Bajaj adds.

Governments and regulators are also making their contribution in spreading awareness about information security and various laws associated with data breaches and hacking, he says.

“In the future the role of information security will become even more crucial and organisations with robust policies on cybersecurity will be preferred by customers over their competitors,” he adds.

Also read: Microsoft Teams deemed unsafe to use by security researchers: Here is why

Emerging technologies

Artificial intelligence (AI), Machine Learning (ML), and blockchain technology have come to play a major role in cybersecurity. 

“The use of AI is on the rise and its utility against cyber frauds is particularly relevant for keeping and preserving the data from the reach of hackers. ML is proving very useful in identifying the new patterns of cyberattacks and then training the machine to block any kind of suspicious activity,” he explains.

“In addition to these new-age technologies, the distributed network of cloud computing, blockchain technology, and authentication through hardware are finding favour with cybersecurity experts,” Bajaj adds. 

The challenges ahead

According to Bajaj, overcoming all these challenges is not an easy task especially when it comes to the requirement of financial resources and spreading awareness among the masses. “Convincing policymakers and statutory organisations to allocate money for spreading awareness related to cybersecurity is a tough nut to crack,” he says.

In a nutshell, cybersecurity requires a holistic and all-encompassing policy framework  that will take into consideration the interest of each and every stakeholder while planning, designing, and implementing policies related to information security.

Also read: View | Superheroes or supervillains: Rise of vigilantism in increasingly digital world

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Employee-level awareness key for companies to protect against cyberattacks, says expert

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

No company, big or small, is safe from cyberattacks. No method of attack, unremarkable or ambitious, is off the table. This past weekend has, if anything, reinforced this notion, with the likes of Uber and Take-Two Interactive Software Inc being targetted by hackers.

While in Uber’s case, an unspecified amount of data was stolen, Take Two’s Rockstar Games was compromised and three gigabytes of data, including over 90 videos of the highly anticipated, under-development Grand Theft Auto VI, was stolen. The stolen data also includes source code of GTA VI and the wildly popular GTA V.

Meanwhile, on Wednesday, Take Two’s other game developer, 2K Games, had its help desk compromised, with the company issuing a public appeal for its users not to click on any link sent from their official account.

Given all this, how does a company secure its data? Rockstar Games, perhaps, could have benefited by following the zero-trust philosophy, but there really isn’t any single way to keep yourself safe when hackers are becoming bolder and more innovative.

Also read: Rockstar parent company Take-Two says hacker accessed unit 2K Games help desk

According to Kunal Bajaj, Chief Business Officer at eSec Forte Technologies, the most basic way to protect data is by raising awareness among a company’s employees.

“Companies the world over are encouraging their employees to be cautious of potential threats which may target the endpoints. Ways to do this is by deploying effective end-point security, mobile security controls, user behaviour analysis and more,” Bajaj said.

He added, in addition to all these, many companies are integrating flexible technologies and modular approaches so as to reduce exposure and decrease reaction time.

In Rockstar’s case, the hack was a simple case of data theft, even though the hacker, who went by “Tea Pot”, told Rockstar they were ready to negotiate, failing which they would release the game’s source code.

Also read: Hacker targets Rockstar Games, leaks more than 90 videos of GTA VI

Bajaj continued, a weak framework on cybersecurity often leads to instances of data theft. In Rockstar’s case, the hacker accessed an unsecured Slack channel and got an employee to share secure access credentials.

“Organisations and individuals who are not serious about their privacy and data often fall prey to hackers and scammers,” he elaborated. “Unprotected systems, weak passwords, and unawareness of cybersecurity laws are some other prominent factors that lead to data theft. In order to keep yourself safe from data theft, it is very essential to adopt a comprehensive data security policy, both as an individual and as an organisation,” shared.

Another method to protect data is information security, Bajaj said. “Information security is a set of processes and tools that are deployed to protect sensitive information. But information security is a part of the cybersecurity framework and should not be used as a replacement for a wider and holistic cybersecurity,” he added.

Also read: If security is ‘slack’ — what happened at Rockstar Games could happen to your company too

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

India, UK lead 26 countries in counter-ransomware exercises

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

India’s National Security Council Secretariat (NSCS) and the UK Government, in collaboration with BAE Systems, successfully conducted a cybersecurity exercise for 26 countries as part of the International Counter Ransomware Initiativeˀ— Resilience Working Group which is being led by India under the leadership of National Cyber Security Coordinator (NCSC).

The exercise has been facilitated by BAE Systems via the Immersive Labs platform, and the scenario has been written specifically for the participants based on Threat Intelligence and operational experiences.

The theme of the exercise is based on Energy Sector in which the respective National Cyber Crisis Management Teams of the CRI Partner Nations will have to deal with a ransomware attack on multiple electricity distribution companies.

Also read: Critical state of healthcare: India had 2nd highest number of cyber attacks in the world in 2021

These companies are responsible for the distribution of electricity to domestic customers and are the last link to the public supply. The exercise explores the complexity of decision-making around response to ransomware on Critical National Infrastructure.

There are over 26 invitees, from CRI Partner Nations and their respective organisations; including Cyber Security, National Crisis Management, National Security Policy, Critical National Infrastructure, and Law Enforcement Agencies.

The aim to organise this virtual Cyber Exercise on Ransomware Resilience is to simulate a large, wide-spread cybersecurity incident affecting organisations within a country. This exercise has been designed to support the mission of the CRI, and aims to allow participating CRI Members to test their capability to respond to a major ransomware incident; Demonstrates the benefit of sharing information and collaborating during a major incident; provide opportunities for the CRI Nations to share their approaches to countering ransomware.

Also read: Data is the new oil — how companies can shield themselves from cyber attacks

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Data is the new oil — how companies can shield themselves from cyber attacks

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Zero-day attacks, ransomware, corporate espionage, disgruntled employees compromising internal data — there’s no shortage of threats faced by today’s companies. Their IT or tech team is always scrambling to put out a 100 little fires everywhere — some caused by malicious actors and some by a simple, off-the-shelf lack of awareness.

In such an evolving, riskier-by-the-day scenario, it is more important than ever to ensure companies protect their core data.

As the saying goes, data is the new oil.

“The primary cause of these challenges is that today, data lives in more places than ever before,” says Rajesh Dhar, Senior Director — Infrastructure Hardware Growth, Hewlett Packard Enterprise, India.

While hackers are becoming more brazen and inventive by the day, in choosing and attacking their targets, in case of ransomware attacks, some companies that are vulnerable say they have either paid, or are ready to pay, the ransom to get their data back. Surprisingly, many of the same companies also said they have to plans to upgrade, or strengthen their security infrastructure.

According to Palo Alto Networks’ ‘Unit 42 Ransomware Threat Report, 2022’,  America is the most-targeted region for ransomware attacks, followed by Europe, Middle East, and Asia, with Asia-Pacific coming up third.

According to the same report, India ranks 10th globally in the number of ransomware attacks, with the United States, Canada and the United Kingdom taking the top three spots.

The “2022 Thales Data Threat Report” claimed that one in four Indian organisations suffered a ransomware attack in 2021, which was higher than the global average of 21 percent. Of the targeted organisations, 30 percent suffered a significant business disruption after the attack, the report claimed.

“At any given point, businesses store huge volumes of precious information across on-premises, public cloud, private cloud and other SaaS applications which can prove to be increasingly complex,” Dhar explains, adding that this move to cloud has created a serious challenges for IT organisations as it creates data silos, which are among the biggest obstacles to data protection.

This data may become siloed because of location, data type, data owner, and many other factors, he explains.

While these statistics are alarming, Dhar says, they illustrate the need for modern data protection solutions — such as HPE’s own GreenLake Platform — to address the increasing and evolving threats. “GreenLake cloud platform, offers a unique edge-to-cloud architecture that empowers organisations to harness the power of all their data,” he adds.

“Traditional legacy backup appliances and strategies aren’t made for today’s dynamic and distributed business environment. They are time consuming and costly to manage,” Dhar explains.

Just this year, major companies like NVIDIA, Samsung and Microsoft were hit by data breaches, in which gigabytes of sensitive information was leaked.

“Companies, however big, need to ensure that they avoid basic mistakes that lead to data — include poor management of access credentials, little or minimal security awareness trainings, reliance on silver-bullet security solutions, among others,” Dhar adds.

Also read: SpiceJet’s brush with ransomware is a timely reminder to protect yourself against this cyber menace

To tackle this, Ram Vaidyanathan, cybersecurity evangelist at ManageEngine, the enterprise IT management arm of Zoho Corp, advocates “Zero Trust” — a philosophy under which a company’s employees, regardless of their position and the number of years they spend working there, are treated as a potential threat actor (for security purposes only) and are only given access to data that is necessary for their daily responsibilities.

“The kind of security we had to protect against ransomware attacks is not going to be enough anymore,” says Ram, adding that the issue is compounded by the move to cloud, as now, a company’s data is not restricted to a geographical perimiter.

“Earlier, companies had firewalls guarding their core data as it was confined to their premises, and once employees got in, they were ‘trusted’. But that is is not the case anymore, as with the move to cloud, we don’t know where a company’s boundary is,” says Ram.

And this is where “zero trust” comes in. “All it means it you get the right kind of controls and the right kinds of checks and balances before you give the access to data,” he explains.

One way to prevent rogue employees from causing serious damage is “the principle of least access”, which, as Ram explains it, is granting just enough access to enable an employee to do his or her job. “There is also just-enough-access — basically, giving access for only the period of time necessary,” Ram explains.

“Data has quickly emerged as an essential catalyst for revenue generation in the digital era of business,” Dhar adds.

As a result, every organisation, in a bid to scale revenue and profitability, generates increasingly larger volumes of data from a wider variety of sources, leading to a proportional increase in the difficulty of protecting this data along with maintaining regulatory compliance.

“The threat of sophisticated malware and ransomware attacks is only growing, but IT organisations are spread too thin and too burdened with outdated technology,” he adds.

What’s the solution? “Businesses are increasingly turning to cloud backup solutions — but they are still complex, requiring add-on gateways, and virtual appliances. They are still just an insurance, restricted to an organisation restoring and using its data,” Dhar adds.

Enter hybrid cloud solutions.

“Hybrid cloud solutions allow for greater flexibility — businesses can store their most sensitive data in secure, on-premise data centres and use public cloud storage to easily and quickly process and analyse less-sensitive data,” he adds.

A hybrid cloud’s centralised management makes it easier to implement strong technical security measures such as encryption, automation, access control, orchestration, and endpoint security so you can manage risk effectively.

The end result of any cyber attack is the company’s website or servers going down, and this bears a serious cost to the organisation.

“The cost of downtime often includes the risk of losing customers, data loss, lost revenue, and a negative impact on the business’ reputation,” Dhar explains.

“Therefore, given the 24x7x365 nature of today’s businesses, it is imperative for companies to invest heavily in protection against such downtimes to efficiently meet customer demands at all times,” Dhar says, adding, “Adoption of the right data protection strategy along with appropriate technology and implementation policies is critical.”

ManageEngine too offers a whole suite of 90 kinds of software to enterprises on a subscription model, with the company providing year-round support to ensure their solutions work seamlessly.

But ultimately, nothing beats raising awareness at both the company and employee level.

As Ram puts it, “at the end of the day, all a bad actor needs is that one employee they can exploit to execute their attack”.

Also read: 76% Indian companies suffered ransomware attacks in 2021, many paid extortion, finds survey

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow