Category: Security

  • Ransomware Threat Remains Pervasive as Businesses Strengthen Cyber Defenses

    Ransomware Threat Remains Pervasive as Businesses Strengthen Cyber Defenses

    Ransomware attacks continue to pose significant challenges for companies worldwide, despite a modest decline in the percentage of organizations affected. According to a report by Veeam, the figure has decreased from 75% to 69%, yet the risk remains high. The report highlights that organizations are enhancing their preparedness through improved resilience practices and fostering collaboration between IT and security teams. This detail emphasizes the need for proactive cyber resilience strategies to effectively mitigate risks.

    Despite advancements in defense mechanisms, the statistics reveal that seven out of ten organizations experienced an attack within the last year. Of those that were attacked, only 10% successfully recovered more than 90% of their data, while a significant 57% managed to recover less than half of their data. This concerning trend underscores the persistent threat of ransomware, which is expected to challenge businesses throughout 2025 and beyond, as stated by Anand Eswaran, CEO of Veeam.

    Furthermore, the report notes a disturbing shift toward exfiltration-only attacks, where cybercriminals infiltrate networks to steal sensitive data without resorting to encryption. This tactic underscores the urgency for organizations to adopt robust security measures, especially given the reduced dwell time observed in many attacks, which occur in mere hours. Organizations lacking strong cybersecurity protocols are particularly susceptible as threat actors exploit vulnerabilities rapidly.

    Lastly, the report highlights a noteworthy decrease in ransomware payments, with 36% of affected organizations choosing not to pay ransoms. Among those that did, 82% paid less than the initial ransom amount proposed by attackers, illustrating a growing skepticism about the trustworthiness of these criminals. In addition, evolving regulations and legal frameworks are actively discouraging ransom payments as part of global initiatives aimed at strengthening defenses against such cyber threats. The concerted effort towards enhancing cybersecurity illustrates a shift towards prioritizing data resilience and proactive strategies, with organizations encouraged to implement the 3-2-1-1-0 rule for effective data management.

  • Organizations Progress on Zero Trust Journeys, Yet Challenges Remain

    Organizations Progress on Zero Trust Journeys, Yet Challenges Remain

    Zero trust security models are gaining traction globally, with a recent Gartner survey revealing that 63% of organizations have begun implementing such strategies. However, a considerable number of these organizations are still in the early stages, with 58% reporting that less than half of their environments are covered by zero trust measures.

    John Watts, a vice president analyst at Gartner, emphasizes that while most organizations have a strategy in place, many security leaders are still working through necessary technological and architectural changes. The journey toward a zero trust model involves not just technological upgrades but cultural shifts within organizations as well.

    Mary Carmichael, a director at Momentum Technology, underscores the importance of fostering a security-focused culture within organizations. She emphasizes that for zero trust to be successfully adopted, all stakeholders must understand its principles and agree on the necessary changes. Her experience reflects the broader challenge of managing organizational change while implementing complex security architectures.

    Similarly, Niel Harper, formerly CISO at the United Nations Office for Project Services, highlights the importance of balancing security with usability. By instituting a phased approach and engaging users in focus groups, he aimed to implement zero trust controls without detracting from the user experience. This reflects a common concern among organizations: how to enhance security without complicating access for legitimate users.

    Srivatsan Raghavan’s story from OHLA USA is another example of an organization re-evaluating its security measures post-breach. His approach combines elements from established frameworks like those from NIST and Microsoft, showcasing a trend where organizations look to unify people, processes, and technologies in their pursuit of robust security frameworks.

  • Russian APT29 Launches New Phishing Campaign Targeting Embassies with Sophisticated Malware

    Russian APT29 Launches New Phishing Campaign Targeting Embassies with Sophisticated Malware

    In a strategic escalation of cyber espionage, Russian state-sponsored group Midnight Blizzard, also known as APT29 or Cozy Bear, has initiated a new spear-phishing campaign aimed at diplomatic entities across Europe, including embassies. This alarming development was reported by Check Point Research, which outlined that the campaign employs a novel malware loader named ‘GrapeLoader’ along with a revised version of the ‘WineLoader’ backdoor.

    The phishing effort reportedly began in January 2025, leveraging emails masquerading as communications from a Ministry of Foreign Affairs. These emails, sent from domains such as ‘bakenhof.com’ or ‘silry.com’, invite recipients to a wine-tasting event. Embedded within is a malicious link designed to download a ZIP archive labeled ‘wine.zip’ when certain targeting criteria are satisfied. Alternatively, if these criteria fail, victims are redirected to the legitimate website of the Ministry.

    The contents of the ZIP archive comprise a benign PowerPoint executable and a legitimate DLL file, alongside the malicious GrapeLoader payload (ppcore.dll). GrapeLoader employs DLL sideloading techniques to execute, gathering host information and establishing persistence via modifications to the Windows Registry. Its operations are shrouded in sophistication, including memory protection measures to evade detection by antivirus and EDR tools. The malware’s execution strategy includes a calculated ten-second delay prior to activating shellcode, further enhancing its stealth.

    GrapeLoader’s primary objectives involve covert reconnaissance and the delivery of the WineLoader backdoor, which is camouflaged as a trojanized VMware Tools DLL. WineLoader itself is designed to amass detailed information from infected hosts, encompassing data such as IP addresses, Windows usernames, and process details. This intelligence is vital for determining the nature of the environment within which the malware is operating and for optimizing subsequent payload delivery targets.

    Experts at Check Point emphasize that the most recent variant of WineLoader demonstrates significant advancements in obfuscation compared to its predecessors, making it increasingly resistant to reverse engineering efforts. Enhanced techniques such as RVA duplication and export table mismatches complicate the analysis process. Cybersecurity professionals are urged to adopt multi-layered defenses and maintain elevated vigilance against these evolving threats, as APT29 continues to refine its tactics and tools.

    A comprehensive overview of the group’s previous activities can also be found in a report by Bleeping Computer [here](https://www.bleepingcomputer.com/news/security/us-uk-warn-of-russian-apt29-hackers-targeting-zimbra-teamcity-servers/).

  • Organizations Struggle to Address Cyber Vulnerabilities, Despite Increased Pentesting Efforts

    Organizations Struggle to Address Cyber Vulnerabilities, Despite Increased Pentesting Efforts

    Recent findings from Cobalt reveal that organizations are addressing less than half of all exploitable vulnerabilities, with a concerningly low 21% of flaws in Generative AI (GenAI) applications being resolved. A substantial 94% of firms recognize the importance of penetration testing (pentesting), highlighting its critical role in enhancing security programs. Pentesting serves not only as a defensive measure but also reflects the inadequacies of existing security measures, as breaches frequently occur despite established safeguards.

    Compliance emerges as a significant motivator for pentesting, with 91% of respondents citing it as a key reason for conducting these tests. Notably, 92% of firms assert that pentests are vital to their organizational strategy and have the backing of senior leadership. However, while the rate of fixing serious pentest findings surged from 27% in 2017 to 55% in 2021, this figure has plateaued. Currently, serious vulnerabilities are resolved in a third of the time it took in 2017, cutting the exposure window from 112 to just 37 days.

    Large organizations face notable delays, taking over a month longer than smaller firms to address serious vulnerabilities (61 days versus 27 days). Despite three-quarters of organizations establishing Service Level Agreements (SLAs) promising fixes within two weeks, the average median time to resolution stands at a staggering 67 days, five times longer than the stipulated SLA. Alarmingly, 81% of security leaders express confidence in their organizations’ security posture, even as 31% of serious findings remain unresolved.

    A crucial area of concern is the security of GenAI LLM web applications, with 95% of firms having conducted pentests on these systems in the past year. Unfortunately, 32% of tests identified serious vulnerabilities, yet a mere 21% of these were remedied. This issue raises significant concerns about risks such as prompt injection, model manipulation, and data leakage. With 72% of organizations ranking AI-related attacks as their top security threat, it is evident that there are inadequacies in preparedness against potential exploits.

    OWASP has acknowledged these vulnerabilities, updating the 2025 edition of its Top 10 for LLM and GenAI to address new threats like Denial of Wallet (DoW), which exploit the cost-per-use model of AI services. As organizations strive to keep pace with technological advancements, they increasingly experience pressure from leadership to prioritize speed over thorough security measures. Nearly half of security leaders report that they are being urged to compromise security to achieve faster deployment timelines, significantly jeopardizing their overall security landscape.

    In light of these findings, Gunter Ollman, CTO of Cobalt, emphasizes the critical importance of regular pentesting, especially amidst the rapid adoption of AI technologies and the associated vulnerabilities that emerge. He points out that the persistent issue of unresolved vulnerabilities signals a need for heightened awareness and proactive mitigation strategies. Organizations adopting an offensive security approach not only strengthen their defenses but also position themselves favorably in meeting compliance obligations and reassuring customers of their commitment to safety in business transactions. Source

  • Cyber Attacks: Shutting Down Systems Can Exacerbate Damage

    Cyber Attacks: Shutting Down Systems Can Exacerbate Damage

    In the face of rising cyber attacks, businesses often confront the instinct to shut down systems to contain potential damage. However, experts warn that this reaction, while understandable, may not always be the best response. Premature shutdowns can complicate incidents, leading to operational disruptions and a more challenging recovery process.

    According to Chad LeMaire, deputy CISO at ExtraHop, several factors can define the severity of a cyber attack for an organization, primarily reliant on preparation. Companies that invest in comprehensive incident response plans, ongoing monitoring, and a culture of cyber resilience stand far better equipped to manage attacks effectively.

    Shutting down systems can lead to unintended consequences, particularly during ransomware incidents, where abrupt shutdowns might corrupt encrypted files, complicating data restoration efforts. Instead, maintaining essential operations while isolating compromised systems is recommended. This strategic approach aims to minimize disruption and prevent the attack from escalating.

    Long-term resilience against cyber threats requires a multifaceted approach, including robust data backup solutions and efficient real-time threat detection. Furthermore, effective communication during an incident—internally and externally—is crucial. Such preparedness ensures that misinformation does not exacerbate an already tense situation and helps maintain trust with customers.

  • Distinguishing Privacy from Security: Lessons from the DOGE Incident

    Distinguishing Privacy from Security: Lessons from the DOGE Incident

    The recent comments by Connecticut Attorney General William Tong regarding the Department of Government Efficiency’s (DOGE) access to Treasury Department records signal what he termed the largest data breach in American history. This incident highlights a pervasive issue faced by organizations: the misconception that data privacy and security are interchangeable, a conflation that can result in severe consequences for both businesses and consumers.

    Data privacy fundamentally involves the ethical management of personal information, requiring companies to handle data transparently and with explicit consumer consent. Notably, regulations such as the EU’s GDPR, the HIPAA, and the CCPA outline the requirements for data access, sharing, and deletion, safeguarding individuals’ rights. In contrast, data security focuses on protecting information against unauthorized access and fraud through advanced measures like encryption and security audits.

    The DOGE incident serves as a glaring example of why the distinction between data privacy and security is critical. Reports indicate that DOGE allegedly accessed sensitive federal information without proper authorization. This breach was not a matter of collecting data improperly, but rather a failure of adequate security measures. Businesses that emphasize compliance with privacy laws over actual security investments leave themselves vulnerable to incidents like this.

    As organizations continue to grapple with the dual imperatives of privacy and security, it is essential for them to adopt distinct strategies rather than merging them into one. Privacy strategies should concentrate on compliance and ethical data governance, while security must focus on proactive risk management and threat detection. Misaligning these responsibilities can create gaps that malicious entities can exploit, posing risks that could lead to significant legal and financial repercussions.

    Ultimately, companies must clearly define roles within their organizations to optimize their response to security threats. By fostering collaboration between privacy and security teams, conducting regular assessments of both domains, and investing in dedicated security measures, businesses can effectively mitigate risks and maintain consumer trust in an increasingly complex digital landscape.