May 26, 2023Ransomware driving professionalisation of cyber crime | ITWeb
The success of ransomware gangs has spurred a significant trend of professionalisation among cyber criminals, where different groups develop specialised services to offer one another, according to a new report from WithSecure (formerly known as F-Secure Business).Ransomware has been around for decades, but the threat has continuously adapted to improvements in defenses through the years. One notable development is the current dominance of multi-point extortion ransomware groups, which employ several extortion strategies at once (usually both encryption to prevent access to data and stealing data to leak publicly) to pressure victims for payments.According to an analysis of over 3 000 data leaks by multi-point extortion ransomware groups, organisations in the United States were the most common victims of these attacks, followed by Canada, the United Kingdom, Germany, France and Australia. Taken together, organisations in these countries accounted for three-quarters of the leaks included in the analysis.The construction industry seemed to be the most impacted and accounted for 19% of the data leaks. Automotive companies, on the other hand, only accounted for about 6%. A number of other industries sat between the two due to ransomware groups having different victim distributions, with some families targeting one or more industry disproportionately to others.While the threat of ransomware has inflicted considerable pain on organisations in different countries and industries, its transformative impact on the cyber crime industry cannot be overstated.“In pursuit of a bigger slice of the huge revenues of the ransomware industry, ransomware groups purchase capabilities from specialist e-crime suppliers, in much the same way that legitimate businesses outsource functions to increase their profits,” explained Senior Threat Intelligence Analyst Stephen Robinson. “This ready supply of capabilities and information is being taken advantage of by more and more cyber threat actors, ranging from lone, low-skilled operators, right up to nation state APTs. Ransomware didn't create the cyber crime industry, but it has really thrown fuel on the fire.”In one notable example highlighted in the report, WithSecure investigated an incident that involved a single organisation compromised by five different threat actors, each with different objectives and representing a different type of cyber crime service: The Monti ransomware group.Qakbot malware-as-a-service.A cryptojacking group known as the 8220 Gang (also tracked as Returned Libra).An unnamed initial access broker (IAB).A subset of Lazarus Group, an advanced persistent threat associated with North Korea’s Foreign Intelligence and Reconnaissance General Bureau.According to the report, this professionalisation trend makes the expertise and resources to attack organisations accessible to lesser-skilled or poorly resourced threat actors. The report predicts it is likely the number of attackers and size of the cyber crime industry will both grow in the coming years.“We often talk about the damage ransomware attacks cause to the victims. Less attention is paid to how ransom payments provide additional resources to attackers, which has encouraged the professionalisation trend described in the report. Near-term, we’re likely to see this changing ecosystem shape the resources and type of attacks facing defenders,” said WithSecure Head of Threat Intelligence Tim West.The full report, The Professionalisation of Cyber Crime, is available at: https://www.withsecure.com/en/expertise/research-and-innovation/research/the-professionalization-of-cyber-crime.More information on ransomware is available at: https://www.withsecure.com/en/expertise/blog-posts/ransomware-profits-are-transforming-cyber-crime.
May 26, 2023Survey: Backups Are Prime Targets for Ransomware Attacks, Most Remain Exposed
Veeam's 2023 Ransomware Trends Report shows many pay ransom but don't always recover. Organizations with the proper data protection architecture are ...
May 28, 2023Are We Seeing Fewer Ransomware Attacks? Not Now - Government Technology
As I walked the show floor at the RSA conference and held meetings with vendors and clients in San Francisco last month, I heard a surprising theme that I disagreed with.The conversation often started with something like this: “Great book with cyber stories, but isn’t ransomware dying?” (Note: They were referring to the book I co-authored with Shamane Tan called Cyber Mayday and the Day After.)Or, “Ransomware is way down, isn’t it?”Or, “What’s your biggest fear, now that ransomware is going away?”And no, these colleagues and “industry experts” from an assortment of cyber vendors were not delusional, just misinformed. When I asked one colleague to send me some proof, he sent me several articles backing up his claims:Security Magazine — Ransomware attacks decreased 61% in 2022: “The 2022 State of Ransomware Report from Delinea and conducted by Censuswide surveyed 300 U.S.-based information technology (IT) decision-makers about the impact of ransomware on their organizations over the past year. The survey found that 25% of organizations were victims of ransomware attacks over the past 12 months, a 61% decline from the previous 12-month period, when 64% of organizations reported being victims.”Security Week — Ransomware Revenue Plunged in 2022 as More Victims Refuse to Pay Up: “According to data from Coveware, a company that helps organizations respond to ransomware attacks, the percentage of companies that paid up in 2022 dropped to 41%, from 50% in 2021 and 70% in 2020.”TechTarget — July  another down month in ransomware attack disclosures: “SearchSecurity has tracked ransomware in 2022 via a database of public reports and disclosures, as well as an article series that covers the most notable attacks each month. According to SearchSecurity's data sets, there was approximately a 300% drop between attacks in January and June. July saw similar numbers, with just 13 confirmed disclosures last month; in addition, only three disclosures were for attacks in July.”Inside P&C — Cyber frequency fell 22% in 2022 as ransomware dropped 54%: Coalition: "Cyber claims frequency declined 22% year over year in 2022, driven mostly by a 54% drop in ransomware attacks, according to InsurTech Coalition.”BUT NOT SO FASTWhile there is debate about how much ransomware incidents dropped in 2022, the trend (if there ever was one, which I doubt) has certainly flipped in 2023. Consider these reports:Politico — Ransomware comes back with a vengeance: “Researchers at a leading cryptocurrency tracing company have bad news for Washington: Ransomware is back, and it might be worse than ever.“Through the first four months of this year, cybercriminal gangs are on pace to surpass their earnings from a record-setting 2021, according to new data collected by Chainalysis.“The bounceback in extortion revenue follows a 40 percent dip in ransom payments in 2022, which many had interpreted as a promising sign the Biden administration was making headway against keyboard crooks.”WION: Nearly two-thirds of India-based companies victims of ransomware attack: “In an alarming statistic that describes the State of Ransomware in 2023, it has been revealed that 73 percent of India-based organisations surveyed by cybersecurity company Sophos were victims of ransomware attacks.”The Hacker News — Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code: "The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems."While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer designed to search for and archive specified file types," Symantec said in a report shared with The Hacker News."Insurance Journal — Viewpoint: Could Increasing Ransomware Frequency Bring Back Repeat of Hard Market?: “Insurance pricing is cyclical. When loss ratios are sustainably higher, over time prices rise in response, creating a hard market. The last hard market in cyber was in 2021 when an onslaught of ransomware and high-profile cyber attacks drove a spike in demand for cyber insurance and a decreased supply of capital, which led to increased premiums.“Once prices are higher and loss performance begins to improve, the market looks appealing — driving new entrants and adding pressure on existing players trying to stay competitive. This drives prices back down and creates a soft market. Eventually, the loss ratio climbs back up, and the cycle inevitably begins anew.”NEW RANSOMWARE TRENDS TO WATCHSo if ransomware isn't going away, what are some important 2023 ransomware trends to watch?First, be aware that backup repositories are targeted in 93 percent of ransomware attacks, according to Infosecurity magazine and Veeam’s 2023 ransomware trends report: “Veeam also found that in 93% of ransomware incidents, the threat actors target the backup repositories, resulting in 75% of victims losing at least some of their backups during the attack, and more than one-third (39%) of backup repositories being completely lost."Second, the report showed that organizations are still ill-prepared to face this threat: “Most (80%) continue to pay the ransom despite multiple advisories against it. They primarily do that to get their data back, yet 21% don’t, even after paying the ransom.”Third, Infosecurity magazine also claims that the time to deploy ransomware has dropped 94 percent: “Phishing remained the No. 1 initial access vector last year, identified in two-fifths (41%) of incidents, followed by exploitation of public-facing applications (26%).”FINAL THOUGHTI found this U.K. ransomware story with a twist to be interesting: “Rogue IT worker extorted company after hijacking ransomware attack.” Here's an excerpt: “An IT worker in the UK has been convicted of unauthorized computer access and blackmail after attempting to take advantage of a ransomware attack on his employer.“Ashley Liles was found to have attempted to blackmail his employer, Oxford Biomedica, into paying a ransom in the wake of a 2018 security breach. …“Liles accessed board members’ private emails more than 300 times and altered the original ransom note to change the payment address to his own cryptocurrency wallet.”This story just highlights the importance of addressing insider threats and employee ethics and integrity — even during a ransomware emergency.
May 26, 2023Cyber Insurance Cannot Offset the Dangers of Ransomware - CPO Magazine
Data protection against ransomware and cyberattacks is becoming ... associated with data breaches, ransomware, and other cybersecurity incidents.
May 28, 2023Ransomware demands increasingly paid amid growing attack severity | SC Media
SiliconAngle reports that increasingly severe ransomware attacks have been accompanied by the growing willingness to pay attackers' demands.More than 80% of data among one in seven organizations could be compromised in ransomware attacks, with 93% of attacks aimed at backups and 75% of those hindering recovery efforts, while the rate of organizations paying ransoms rose by 4% to 80% in 2022 even though anti-ransomware payment policies were in effect among 41% of organizations, according to a report from Veeam.Researchers also found that risk management programs have been in place among 87% of organizations but only 35% noted that their programs were well-suited. Moreover, cyber insurance coverage for ransomware attacks has also been declining, with 20% of surveyed IT leaders citing ransomware exclusions from their policies, despite increasing insurance costs.Organizations have been urged to conduct regular evaluations of ransomware recoverability in their risk management plans, ensure clean backups, and leverage a staged restoration approach in the event of a ransomware attack.
May 15, 2023Ransomware blurs line between data backup, security | TechTarget
Data protection vendor Rubrik reintroduced itself as cybersecurity specialists at its user conference last year, arguing the future of data backups and disaster recovery lies in merging with security. This year, the vendor will once again make ransomware and data security a focus of discussion as ransomware attacks increase against enterprise customers. Even Rubrik hasn't been immune to the fight; it suffered a data breach in March. Like other data backup vendors, Rubrik unveiled features last year designed with cyberattacks in mind, such as machine learning and AI tools as well as SaaS backup capabilities for Microsoft 365. These capabilities contribute the fight against ransomware, said Phil Goodwin, research vice president at IDC. Ransomware, a risk that traditionally falls under security's purview, remains top of mind for backup administrators. "We see a trend among IT organizations. They are not really differentiating between data security and data protection," Goodwin said. "The label data protection is being applied on a more frequent basis to anomaly and intrusion protection." How vendors respond to the dual needs of security and data protection will become a balancing act of building useful features that don't overpromise nor underdeliver. As Rubrik attempts to redefine itself as a cybersecurity vendor, other backup vendors don't want to muddy the waters. Executives at Commvault, a rival to Rubrik, are adamant their new detection and cyber deception tools are still firmly in the realm of data backup. Backup vendors will need to continue showing they can handle the challenges associated with being a security company as the backups under their control are targeted more. Western Digital, a storage vendor selling a backup SaaS, confirmed it was the victim of a ransomware attack that knocked out services for almost two weeks. "No one company can address it all," Goodwin said. "It's a journey. [Rubrik is] one of the companies that has driven aggressively to address cyber protection and cyber security from a single platform." Thin silicon line Veeam, which will host its VeeamON 2023 conference just days following Rubrik Forward, joined Rubrik last year in positioning itself with greater cybersecurity features. Druva, too, added security features into its data backup platform in 2022. All these vendors are looking to posture their products as hardened against ransomware, according to Christophe Bertrand, an analyst at TechTarget's Enterprise Strategy Group. Ransomware attacks remain a priority for IT teams and executives, dictating strategy and buying decisions, he said. Data backup is now a market where vendors can better differentiate themselves depending on what cybersecurity capabilities they offer. "We're seeing this area of cyber response meets disaster recovery," Bertrand said. "A lot of the data protection vendors work on their security but also improve and enhance their ability to detect ransomware." Backup capabilities often include immutable snapshots or air gaps, but vendors are now expanding their software to include traditional security tools. Customers expect backup software and services to include multifactor authentication to prevent unauthorized access and machine learning capabilities to detect changes in data copies that could contain ransomware payloads. These are positive additions to data backup platforms but do not replace the comprehensive set of security features enterprise IT might need, said Jerome Wendt, an analyst and CEO at Data Center Intelligence Group. Backup companies might be better off going for a partnership than building in security features themselves. "Everyone is getting a little more mature about it," Wendt said. "I'm still not convinced those who do it themselves will do it as well as those partnering with third parties." The cloud hyperscalers, which include AWS, Microsoft Azure and Google Cloud Platform, have remained distant from the data backup and data protection market, said Steve McDowell, an analyst and founding partner of NAND Research. Outside of some simple disaster recovery offerings, such as AWS Elastic Disaster Recovery, McDowell said the hyperscalers have little in their portfolios attempting to replicate the features of dedicated vendors. "It surprises me the big guys [are] not rolling out the robust feature set," McDowell said. "That's a huge opportunity for those guys to grab and control their customers lives a little more." SaaS data backup capabilities will remain popular for backup vendors, analysts agreed, because many users remain unaware of the shared responsibility model they enter into when choosing SaaS applications or platforms. In this model, the service provider is responsible for maintaining quality of service, and the customer is responsible for protecting the data it uses within that service from loss, corruption or attacks. "The adoption lags the hype pretty significantly," Goodwin said. "[SaaS] will continue to be a growing market for a number of years."Ghost in the air gap Like other IT vendors, Rubrik will also likely include a generative AI narrative at this year's Rubrik Forward. The hype and saturation of generative AI, particularly surrounding products such as OpenAI's ChatGPT, will come to the backup space as well. But analysts said enterprise buyers will remain skeptical. I'm still not convinced those who do it themselves will do it as well as those partnering with third parties. Jerome WendtCEO, analyst, Data Center Intelligence Group "It's really hard to separate the hype from the reality," McDowell said. "There's a little bit of AI fatigue right now." Rubrik, Commvault, Cohesity and other backup vendors already include machine learning in their products. Rubrik uses machine learning to find when user data has been compromised as well as find anomalies or encryptions in backups. Cohesity is partnering with Microsoft Azure and OpenAI to add generative AI capabilities into data protection, such as generating readable after-action reports following a security incident or action. AI washing will contribute to the confusion, Bertrand said. Vendors will not use consistent language in their marketing and will inflate AI functionality. "I haven't seen anybody come out with a clean AI message and positioning," Bertrand said. "It's really more of an efficiency play in the end." IT teams should still brace themselves for AI usage both for and against them, however. Goodwin expects more ransomware gangs to take advantage of the technology as well. "If you don't think the bad guys are going to use it against us, you're dreaming," he said. Tim McCarthy is a journalist from the Merrimack Valley of Massachusetts. He covers cloud and data storage news.
May 24, 2023LTO Tape Capacity Shipments Set Another New Record - Yahoo Finance
148.3 Exabytes of total capacity shipped in 2022Demand driven by hyperscaler and enterprise adoption of LTO tape for low cost, secure, green data storageSILICON VALLEY, Calif., May 23, 2023--(BUSINESS WIRE)--The LTO Program Technology Provider Companies (TPCs), Hewlett Packard Enterprise Company, International Business Machines Corporation and Quantum Corporation, today released their annual tape media shipment report, detailing year-over-year shipments through the fourth quarter of 2022. The report reveals 148.3 Exabytes* (EB) of total tape capacity (compressed) shipped in 2022, an increase of 0.5% over 2021, and a strong result driven by continued hyperscaler and enterprise investment in LTO tape technology."LTO tape capacity shipments reached another record in 2022, outperforming alternative storage technologies that experienced declines," said Bruno Hald, General Manager, Secondary Storage, Quantum. "Both hyperscale and enterprise customers continue to value LTO tape as low cost, secure, and green data storage for data protection and archiving. Our ongoing efforts to improve and innovate the capabilities of LTO tape reflect our commitment to meeting the changing needs of our customers and staying at the forefront of the industry. We believe that these efforts, combined with the inherent advantages of LTO tape, will ensure its continued relevance and success in the years to come."As global business and technical leaders track emerging trends in data storage and management, LTO tape technology provides an effective solution to the challenges posed by the exponential growth of unstructured data, while simultaneously delivering cost savings and environmental sustainability benefits. Further, LTO tape offers an ultra-secure place to keep an air-gapped copy of data to protect against ransomware and malware."LTO tape offers a low cost, secure solution for ransomware protection," said Christophe Bertrand, Practice Director, Enterprise Strategy Group. "We’re seeing that LTO technology continues to represent a high value for traditional customers in need of airgap and long-term data storage, which is one of the factors driving a resurgence in enterprise demand."The latest LTO generation is LTO-9, which is designed to support increased tape cartridge storage capacity of up to 45TB when compressed. LTO-9 drives offer comprehensive backward read and write compatibility with LTO-8 cartridges, along with various previously established functionalities, such as hardware-based encryption that supports multi-layer security, WORM capability, and Linear Tape File System (LTFS) support. In September of 2022, the LTO program announced an extended LTO tape roadmap that calls for plans to achieve up to 1.4 Petabytes of compressed capacity per cartridge by generation 14 of the technology.The LTO Program will continue to produce annual shipment reports for tape media, which are available for download from the LTO Program website, www.lto.org.About Linear Tape-Open (LTO)The LTO Ultrium format is a powerful, scalable, adaptable open tape format developed and continuously enhanced by technology providers Hewlett Packard Enterprise (HPE), IBM Corporation and Quantum Corporation (and their predecessors) to help address the growing demands of data protection in the midrange to enterprise-class server environments. This ultra-high capacity generation of tape storage products is designed to deliver outstanding performance, capacity and reliability combining the advantages of linear multi-channel, bi-directional formats with enhancements in servo technology, data compression, track layout, and error correction.The LTO Ultrium format has a well-defined roadmap for growth and scalability. The roadmap represents intentions and goals only and is subject to change or withdrawal. There is no guarantee that these goals will be achieved. The roadmap is intended to outline a general direction of technology and should not be relied upon in making a purchasing decision. Format compliance verification is vital to meet the free-interchange objectives that are at the core of the LTO Program. Ultrium tape mechanism and tape cartridge interchange specifications are available on a licensed basis. For additional information on the LTO Program, visit www.lto.org.*Assumes a 2.5:1 compression achieved with larger compression history buffer available beginning with LTO generation 6 drives.Note: Linear Tape-Open, LTO, the LTO logo, Ultrium, and the Ultrium logo are registered trademarks of Hewlett Packard Enterprise Company, International Business Machines Corporation and Quantum Corporation in the US and other countries.View source version on businesswire.com: https://www.businesswire.com/news/home/20230523005362/en/ContactsAnthony ArenagmvfSyrvfuznaUvyyneqnagubal.email@example.com
May 24, 2023LTO Tape Capacity Shipments Set Another New Record - Tullahoma News
SILICON VALLEY, Calif.--(BUSINESS WIRE)--The LTO Program Technology Provider Companies (TPCs), Hewlett Packard Enterprise Company, International Business Machines Corporation and Quantum Corporation, today released their annual tape media shipment report, detailing year-over-year shipments through the fourth quarter of 2022. The report reveals 148.3 Exabytes* (EB) of total tape capacity (compressed) shipped in 2022, an increase of 0.5% over 2021, and a strong result driven by continued hyperscaler and enterprise investment in LTO tape technology.“LTO tape capacity shipments reached another record in 2022, outperforming alternative storage technologies that experienced declines,” said Bruno Hald, General Manager, Secondary Storage, Quantum. “Both hyperscale and enterprise customers continue to value LTO tape as low cost, secure, and green data storage for data protection and archiving. Our ongoing efforts to improve and innovate the capabilities of LTO tape reflect our commitment to meeting the changing needs of our customers and staying at the forefront of the industry. We believe that these efforts, combined with the inherent advantages of LTO tape, will ensure its continued relevance and success in the years to come.”As global business and technical leaders track emerging trends in data storage and management, LTO tape technology provides an effective solution to the challenges posed by the exponential growth of unstructured data, while simultaneously delivering cost savings and environmental sustainability benefits. Further, LTO tape offers an ultra-secure place to keep an air-gapped copy of data to protect against ransomware and malware.“LTO tape offers a low cost, secure solution for ransomware protection,” said Christophe Bertrand, Practice Director, Enterprise Strategy Group. “We’re seeing that LTO technology continues to represent a high value for traditional customers in need of airgap and long-term data storage, which is one of the factors driving a resurgence in enterprise demand.”The latest LTO generation is LTO-9, which is designed to support increased tape cartridge storage capacity of up to 45TB when compressed. LTO-9 drives offer comprehensive backward read and write compatibility with LTO-8 cartridges, along with various previously established functionalities, such as hardware-based encryption that supports multi-layer security, WORM capability, and Linear Tape File System (LTFS) support. In September of 2022, the LTO program announced an extended LTO tape roadmap that calls for plans to achieve up to 1.4 Petabytes of compressed capacity per cartridge by generation 14 of the technology.The LTO Program will continue to produce annual shipment reports for tape media, which are available for download from the LTO Program website, www.lto.org.About Linear Tape-Open (LTO)The LTO Ultrium format is a powerful, scalable, adaptable open tape format developed and continuously enhanced by technology providers Hewlett Packard Enterprise (HPE), IBM Corporation and Quantum Corporation (and their predecessors) to help address the growing demands of data protection in the midrange to enterprise-class server environments. This ultra-high capacity generation of tape storage products is designed to deliver outstanding performance, capacity and reliability combining the advantages of linear multi-channel, bi-directional formats with enhancements in servo technology, data compression, track layout, and error correction.The LTO Ultrium format has a well-defined roadmap for growth and scalability. The roadmap represents intentions and goals only and is subject to change or withdrawal. There is no guarantee that these goals will be achieved. The roadmap is intended to outline a general direction of technology and should not be relied upon in making a purchasing decision. Format compliance verification is vital to meet the free-interchange objectives that are at the core of the LTO Program. Ultrium tape mechanism and tape cartridge interchange specifications are available on a licensed basis. For additional information on the LTO Program, visit www.lto.org.*Assumes a 2.5:1 compression achieved with larger compression history buffer available beginning with LTO generation 6 drives.Note: Linear Tape-Open, LTO, the LTO logo, Ultrium, and the Ultrium logo are registered trademarks of Hewlett Packard Enterprise Company, International Business Machines Corporation and Quantum Corporation in the US and other countries.
May 24, 2023Tape Storage Trundles On, Increases Yearly Volume to 128 Exabytes | Tom's Hardware
"Tape storage is dead" is one of those prophecies that has never seemed to actualize itself: demand for slow yet cost-effective and reliable storage solutions hasn't gone the way of the dodo. On the contrary; the LTO (Linear Tape-Open) Program group (a collective of tape specialist companies made up of HPE, IBM and Quantum Corporation) just announced a 5% YoY increase in shipments compared to the same period last year.That may not seem like much, but the bigger context is that that 0.5% growth rests atop a staggering 40% volume increase seen last year. In a market that's seen contractions, layoffs, and lowering sales volumes, that has to count as a win (a number of well-known hardware companies would have loved to show these results in their latest earnings report, after all).The LTO shipments report also demonstrate the speedy adoption of the latest technology, LTO-9, compared to other technological leaps. LTO-8 continues to be a great seller for value-conscious buyers — its 30 TB of compressed capacity and up to 750 MB/s data transfer rates are nothing to scoff at. But LTO-8 has been superseded by the 9th iteration, which has increased compressed data density (up to 45 TB) and transfer rates of up to 900 MB/s. And while total number of tapes shipped has been declining, it's important to remember that a tape of today can offer the same storage capacity as many tapes of yesterday. If you wanted 45TB of compressed storage on an LTO-5 product stack, you'd be looking at buying 30 1.5 TB LTO-5 tapes — volume lies in capacity, not on number of units.No, tape isn't dead, and contrary to what you may have read, HDDs aren't going to be extinct by 2028, either. But while HDD shipments cratered by around 35% this year, tape still found room to grow. Technologies last much longer than we give them credit for, and the AI boom for unstructured data means increased demand for cheap, reliable, and capacious storage. The LTO Program's growth being mostly fuelled by hyperscalers and enterprises is a testament to that.Image 1 of 2YoY shipments for LTO-based storage technology increased 40% from 2020 through 2021, and continued its growth in 2022 (albeit at a much more modest .5%) (Image credit: LTO Program)
May 24, 2023Total LTO Shipped Capacity Up Slightly in 2022 - IT Jungle
Total LTO Shipped Capacity Up Slightly in 2022 May 24, 2023 Alex Woodie More than 148 exabytes of compressed LTO tape capacity was shipped in 2022, a slight increase from the previous year, the LTO Program announced yesterday. The growth signals the continued relevancy of tape in a changing landscape marked by the predicted demise of spinning disk, the ubiquity of ransomware, and the continued growth of unstructured data.Shipped LTO capacity reached a record high last year of 148.3 exabytes, a half-percent increase over 2021, according to the LTO Program, which is comprised of IBM, HPE, and Quantum. While unit shipments of tape cartridges declined slightly, capacity still grew thanks to more spacious LTO-8 and LTO-9 tape cartridges.The continued growth of LTO stands in contrast to the declines met by other data storage formats, says Bruno Hald, the general manager of secondary storage at Quantum. “Both hyperscale and enterprise customers continue to value LTO tape as low cost, secure, and green data storage for data protection and archiving,” he says in a press release.Source: LTO ProgramThe recent history of LTO delivery has been a bit turbulent, thanks to legal disputes and COVID. In 2018, lawsuits between Sony and Fujifilm, the only two makers of LTO media, delayed the delivery of LTO-8 cartridges for over a year, until they two parties settled their differences at the end of 2019. The onset of the pandemic helped to initially dampen demand, and 2020 was marked by about a 10 percent decrease in overall shipped capacity.Demand came roaring back in 2021, thanks in part to full availability of LTO-8 gear as well as the ransomware epidemic. Shipped LTO capacity surged 40 percent in 2021 compared the previous year, growth the LTO Program attributed in part to tape being a low-cost and reliable method to airgap data and protect it from ransomware.The LTO Program resumed delivering on its planned roadmap in September 2021, when it started shipping LTO-9 gear with up to 45TB of compressed capacity per cartridge. The following month, IBM and Quantum announced they would work together on LTO-10, which ostensibly would come to market in the 2024-2025 timeframe.Source: LTO ProgramIn September of 2022, the LTO Program announced it has pushed its LTO tape roadmap out two more generations, to LTO-14. That generation of tape, expected in about a decade or so, would deliver up to 1.4PB of compressed capacity per cartridge.Efficiency and security two big advantages LTO tape holds other storage media, says Christophe Bertrand, an analyst with Enterprise Strategy Group.“LTO tape offers a low cost, secure solution for ransomware protection,” Bertrand says in a press release. “We’re seeing that LTO technology continues to represent a high value for traditional customers in need of airgap and long-term data storage, which is one of the factors driving a resurgence in enterprise demand.”The amount of data created in the world continues to increase at an exponential rate, and tape seems poised to capture at least some of it. According to the recent IDC Global DataSphere report, 64.2 zettabytes of data was created in 2020. With a compound annual growth rate (CAGR) of 23 percent, we are on pace to have more than 180ZB of data by 2025.Where will all that data – much of it unstructured words, images, video, and sound files – go? It doesn’t seem feasible that it will go on spinning disk, which are on their way out, according to some press reports. And solid state disks (SSDs) are still too expensive for archiving and unstructured data storage.Tape seems to have a decent shot at capturing some of those backup and archival storage workloads. Considering the big investments that public cloud vendors are making in tape – and in LTO gear specifically – it’s worth asking whether enterprises should keep tape in their long-range plans, too.RELATED STORIESLTO Group Pushes Roadmap Out to Generation 14Shipped Tape Capacity Up 40 Percent, LTO Program SaysLTO-9 Drives and Cartridges Finally Get Out the Door
May 11, 2023Ransomware Attacks Adapt With New Techniques: Kaspersky Report
Attackers are employing more sophisticated ransomware attack methods and incorporating key attributes from defunct criminal groups to target individuals, according to the latest report from Kaspersky.The changes underscore evolving concerns in the cybersecurity landscape.The report, New ransomware trends in 2023, was published today ahead of Anti-Ransomware Day 2023 on Friday.According to the report, the top five ransomware groups that have the most impact and produce the most attacks have undergone significant changes in the past year.In the first half of 2022, REvil and Conti were ranked second and third respectively, in terms of attacks. However, in Q1 2023, these groups were replaced by Vice Society and BlackCat. The remaining ransomware groups in the top five for Q1 2023 are Clop and Royal.Read more on Vice Society threat actors: Vice Society Claims Ransomware Attack Against University of Duisburg-EssenKaspersky added that, according to their review of last year’s ransomware trends, all of these groups persisted. The researchers have taken notice of some significant cross-platform ransomware variations, such as Luna and Black Basta.As for 2023, Kaspersky experts highlighted three key ransomware trends. Firstly, ransomware groups are incorporating self-spreading functionality or imitations into their malware, as seen with examples like Black Basta, LockBit and Play.Secondly, cybercriminals are exploiting vulnerabilities in antivirus drivers, even targeting industries like gaming. Finally, large ransomware gangs are adopting capabilities from leaked or purchased code, strengthening their offensive capabilities.“Ransomware gangs continually surprise us and never stop developing their techniques and procedures,” said Dmitry Galov, a senior security researcher at Kaspersky’s Global Research and Analysis Team.Further, over the past 18 months, the executive said the company observed that ransomware gangs are transitioning their operations into fully-fledged businesses.“This fact makes even amateur attackers quite dangerous. So, to make your business and your personal data safe, it’s very important to keep your cybersecurity services updated,” Gavlov concluded.More information about ransomware trends in 2023 is available in this analysis by Recorded Future CISO, Jason Steer.
May 11, 2023Advice from the ISACA Ransomware Response Checklist - Security Boulevard
A decade ago, most companies realized that being hit with a data breach was inevitable—the well-known “when, not if” statement drove that idea home.The time has come to make a similar realization about ransomware. Tenacious cybercrime rings and the easy availability of ransomware toolkits, as well as the financial rewards, are why ransomware attacks are increasing.But even if an organization anticipates a ransomware attack is likely, they may not understand how vital it is to have a plan already in place, with a very detailed outline of what all parties should be doing.When an attack happens, the immediate reaction is how to get the data back. At that point, the CISO may be getting advice from leadership, legal and others in the company on how to best approach the ransomware response.However, all this helpfulness is not the right response here, according to Pam Nigro, VP security at Medecision and ISACA board chair, and Rob Clyde, executive chair of the board of directors for White Cloud Security and ISACA board director.Perhaps the most important voice during ransomware recovery is that of the communications officer, Nigro and Clyde said in a conversation at RSAC 2023.Designating a Communications OfficerOrganizations often underestimate the importance of having a dedicated voice to guide the company through the attack and its aftermath, both internally and, equally important, externally with customers and media. It allows for one voice to answer questions and prevent conflicting messaging from coming from the company.But this voice shouldn’t be chosen in the midst of an attack response, said Nigro and Clyde. The communications officer, as well as the rest of the ransomware response team, should be put in place when things are calm—in other words, before an attack happens.The problem is too many organizations don’t know where to start in planning for a ransomware attack. The incident response plan in place for data breaches and other types of attacks won’t necessarily cover a ransomware attack. How do you go forward when your data is locked and there’s a chance your system is corrupted?A ransomware attack could impact your company’s email system or internal communications, for example. After the attack is not the time to come up with a solution about how to continue to communicate with employees. A communications officer would be charged with setting up an alternative communication infrastructure, like a Slack channel or a group SMS (especially in a small company) that can be put into action immediately to keep employees up to date and keep misinformation from spreading.Putting Together a PlanDuring RSAC, ISACA introduced the Ransomware Incident Management Quick Reference, which guides organizations through the steps to improve ransomware readiness across key areas of planning and preparation, identification and detection, analysis, containment, eradication, recovery, and postmortem, lessons learned and after action.The ISACA reference is set up as a detailed checklist that includes suggestions on what roles are needed on the response team, policies and procedures to follow and information about cyberinsurance. The document also offers guidelines to follow as you make your way post-attack.Even if your company has a ransomware attack and response plan in place, reviewing it against the ISACA reference can help you identify some things you may have missed or not even thought of. For example, you probably have backup systems in place, but are you also replicating data? By replicating data, it will always be fresh and offers more current data than the standard backup will.Microsharding is another suggestion that your organization may not be practicing. Microsharding separates your data into different storage areas but also digitally shreds the data to scrub it of any identifiers. If the company is hit with a ransomware attack, you can get better insight into what data was corrupted.Ransomware hits everyone, no matter the size or type of business. You don’t need a large budget or a large team to create an incident response plan. The ISACA reference offers a starting point, especially for organizations lacking security maturity. It provides structure on how to best understand your landscape and your security posture, allowing you to make sure you know where you need protection and how to recover your data. Most importantly, it will allow you to determine who will act as the voice of your incident response to avoid confusion and conflicting messages.Because, remember, the threat actors want to create chaos, which makes you an easier target. If you have a script to follow, you have a better shot at thwarting their objectives. If they can’t make money off you, quick and easy, they’ll move on to the next potential victim.Recent Articles By Author
May 11, 2023CACTUS ransomware evades antivirus and exploits VPN flaws to hack networks
The Cyber Threat Intelligence team at Kroll risk consultation and corporate investigation firm has disclosed their findings on a brand-new ransomware strain dubbed CACTUS. This ransomware strain is leveraging known vulnerabilities in VPNs to infiltrate targeted networks.Reportedly, CACTUS ransomware operators target large-scale commercial organizations with double extortion to steal sensitive data before encryption.Self-Encrypting CACTUS Ransomware Operation DetailsIn all the incidents Kroll researchers assessed, the hacker used a VPN server and gained access with a VPN service account. However, CACTUS is different from other operations because it protects its ransomware binary with encryption. The attacker uses a batch script using 7-Zip to obtain the encryptor binary. It removes the original ZIP archive and deploys the binary with a specific flag to be executed. This process prevents the CACTUS ransomware encryptor from getting detected.Known VPN Flaws Leveraged for Network AccessThe operation was launched in March and is financially motivated as researchers believe the attackers want big payouts from their targets. The CACTUS ransomware obtains initial access to the network by exploiting already-known flaws in Fortinet VPN tools. It successfully exploits vulnerable VPN devices and sets up an SSH backdoor to maintain persistence using a series of PowerShell commands executed to carry out network scanning and detect a list of devices worth encrypting.How is it Executed?There are three modes of execution each of which is selected using a specific command line switch-Setup (-s)Read configuration (-r)Encryption (-i) The -S and -R arguments let the threat actors maintain persistence and save data in a file (C:\ProgramData\ntuser.dat), which the encryptor reads when running the -r argument. Encryption is performed using a unique AES key, which only the attackers know. This key is obtained using the -i command argument. This key is essential for decrypting ransomware’s configuration files. The public RSA key, available as a hardcoded HEX string in the encryptor binary, is required for file encryption.What Happens After Network Infiltration?CACTUS operators enumerate network and local user accounts, create new user accounts, and leverage custom scripts to automate the deployment/detonation of the CACTUS ransomware encryptor through scheduled tasks.In their report, researchers observed sensitive data exfiltration and victim extortion over the Tor messaging service. However, so far, they haven’t discovered any data leak site of the actor.Attackers use Cobalt Strike and Chisel tunnelling tools for establishing C2 communication. They can uninstall/disable security solutions and extract credentials stored in web browsers and LASS (local security authority subsystem service) for privilege escalation.They can move laterally to multiple systems and deploy legit remote monitoring and management (RMM) tools such as AnyDesk for achieving persistence on their exploited network, deploy ransomware with TotalExec.ps1 script previously used by Black Basta ransomware operators, and exfiltrate data using Rclone tool. The entire infection chain takes 3 to 5 days to complete.Why CACTUS?The name CACTUS is derived from a filename mentioned in the ransom note- cAcTuS.readme.txt. Moreover, all encrypted files are appended with .cts1, but Kroll researchers noted that this number at the end of the extension varies across victims and incidents. Blank Images Used to Evade Anti-Malware ChecksNew ransomware locks files & asks victims to play PUBG gameNew ransomware steals PayPal data with phishing link in ransom note
May 11, 2023Ransomware attacks are getting much better at encrypting data - TechRadar
Ransomware operators are getting better at encrypting data during attacks, causing extra headaches for the IT teams trying to parry the attack, a new report has claimed. The Sophos state of ransomware (opens in new tab) 2023 report, based on a vendor-agnostic survey of 3,000 cybersecurity and IT leaders,found in three-quarters (76%) of ransomware attacks, threat actors managed to encrypt the data - the highest percentage since Sophos started tracking the metric three years ago.High recovery costs for those that payThe report also gives another reason why businesses should refrain from paying the ransom. Those that did doubled their recovery costs - $750,000, versus $375,000 for those that merely used their backups. Furthermore, it takes longer to recover the files with the decryptor. Almost half (45%) of organizations using backups recovered within a week, compared to two in five (39%) of those that paid up. Sophos also warns that despite other reports out there stating otherwise, the number of ransomware attacks isn’t dwindling - it’s plateauing. This year, 66% of surveyed firms reported being attacked by ransomware, the same as last year. “Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes," said Chester Wisniewski, field CTO, Sophos.“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski.Sophos’ report also claims that system vulnerabilities are most commonly used to launch ransomware attacks (36%), and not compromised credentials (29%), showing the importance of keeping software and hardware updated.
May 11, 2023Why take the whole-of-state approach to ransomware protection and remediation - GCN
The rise of ransomware attacks severely threatens state and local governments. Cities and local jurisdictions, already limited by staff and budget shortages, face an uphill battle against ransomware, especially when they have to go it alone. By adopting a whole-of-state approach, state leaders can share resources and knowledge with local, tribal and territorial leaders to create a trusted partnership and ensure jurisdictions have the necessary tools to implement proper security measures. Local governments can better counter ransomware and other attacks when they can tap into larger IT budgets, leverage staff and expertise from the state and share data and threat analysis. This approach breaks down silos and enables real-time collaboration, making states, cities and counties more resilient. The governor of New York formed a Joint Security Operations Center to serve as the nerve center for local, state and federal cyber efforts, which includes data collection, response efforts and information sharing. And Colorado, Virginia and North Carolina have also created intergovernmental commissions integrating CIOs and local officials to help with security policy. This cooperative, whole-of-state approach enables states, cities and counties to drive operational efficiency and increase cybersecurity postures. Providing local governments with access to protection and remediation solutions allows them to punch above their weight in the fight against ransomware. How data security aligns with whole of stateThreat actors can bypass government protection systems to avoid detection, leave backdoors in backups and launch an initial attack via email, a malicious link or social engineering. They have developed sophisticated processes and infrastructure geared toward exploiting gaps in municipal and county systems. For example, earlier this year, an attack on Oakland, California, resulted in network outages to the city’s systems prompting the declaration of a state of emergency. This impacted many city systems, which remained inaccessible while departments worked to safely provide services to the public. Time to restore in these instances is crucial, and every day that systems aren't online that means critical services are unavailable, causing disruption, lost revenue and subpar support to citizens.To combat ransomware, jurisdictions must be able to rapidly restore from a data backup or archive. A multilayered data protection architecture should be the centerpiece of a whole-of-state framework. True multitenancy, secure data backup and rapid restoration dramatically increases the survivability of an organization. Using data security techniques like immutability, isolation, multiperson authorization, clean room operations and rapid granular or at-scale recovery ensures a clean, untampered data backup that can be easily and quickly restored. It prepares states, counties and cities to protect themselves against attacks and allows them to quickly recover their data confidently and without paying a ransom. Additionally, a single-platform technology with a single user interface offers flexibility in data storage and multitenancy for multiple jurisdiction backups and data sources on the same platform.A multilayered data security architecture aligns with this holistic approach. Engineered with the right technologies, it can discover sensitive data and identify who can access it. It can also effectively capitalize on artificial intelligence to detect anomalies that indicate suspicious behavior, allowing IT security teams to contain an attack’s blast radius before extensive damage is done. Before anyone pays the ransom … or tries a point restoreA whole-of-state approach makes it easier for all stakeholders to come together before ransomware or malware strikes to share knowledge and expertise to prevent it. In addition, as the risk of ransomware attacks continues to grow, using the best cybersecurity policies and data protection technology in a statewide framework allows local agencies to say no to any ransom demands, confident that their data is securely backed up and easily accessible.In conclusion, the whole-of-state approach is essential for protecting local governments against ransomware. By pooling resources and knowledge, using multilayered data protection architecture and technology and promoting collaboration between state, local, tribal and territorial leaders, governments can be better equipped to prevent and remediate ransomware attacks.Ron Nixon is the Federal CISO at Cohesity.
May 11, 2023New Akira Ransomware Attacking Organizations and Exposes Sensitive Data - GBHackers
A new ransomware variant called “Akira” has emerged, targeting multiple organizations and employing a double-extortion technique by exfiltrating and encrypting sensitive data, with the threat of selling or leaking it on the dark web unless the ransom is paid for decryption.Ransomware, a significant cybersecurity threat, poses severe consequences such as financial and data loss and reputational damage, making it highly profitable for cybercriminals and a significant challenge for organizations.Ransomware Attacking OrganizationsThe Akira ransomware, which surfaced in April 2023, has affected more than 15 publicly identified victims that are primarily based in the United States, spanning industries like:-BFSIConstructionEducationHealthcareManufacturingResearchers from Cyble uncovered the ransomware operation and their targets.While apart from this, the homepage of the Akira ransomware leak site offers various options for users, and not only that, even features a retro design that allows visitors to navigate through command inputs.When executed, ransomware retrieves a list of available logical drives using the API function GetLogicalDriveStrings() and subsequently deposits a ransom note named “akira_readme.txt” in multiple folders.Following the deposition of the ransom note, it utilizes the following API functions to conduct a search for files and directories to encrypt:-FindFirstFileW()FindNextFileW()While here below, we have mentioned the files, directories, and extensions that were excluded by the ransomware:-To encrypt the victim’s system, the ransomware utilizes the “Microsoft Enhanced RSA and AES Cryptographic Provider” libraries, along with multiple CryptoAPI functions like:-CryptAcquireContextW()CryptImportPublicKeyInfo()CryptGenRandom()CryptEncrypt()Akira ransomware employs RSA and AES encryption algorithms and a static base64 encoded public key, appending the “.akira” extension to encrypted files and employing a PowerShell command to execute a WMI query to restrict system restoration that removes shadow copies.The ransom note left by the Akira Ransomware Gang provides contact details for negotiating the ransom while also issuing threats of leaking exfiltrated corporate data, selling confidential information on the dark web, and publicly exposing stolen data through their Onion site unless the ransom is paid.The recently identified Akira ransomware strain primarily targets businesses in the United States and Canada, demanding substantial ransom payments.The increased security measures prompt new ransomware groups that constantly evolve their tactics and scale their activities for greater financial gain.RecommendationsHere Below we have mentioned all the recommendations:-Ensure you regularly back up your database and keep those backups offsite or in a separate network.Ensure the automatic software updating feature is turned on on your connected devices.Ensure that all your connected devices, including PCs, laptops, and mobile devices, are protected with a reputable anti-virus and Internet security application.Please avoid opening links or attachments in emails that do not appear to belong to the sender or you do not know.To detect suspicious events, always make sure to inspect the system logs.Struggling to Apply The Security Patch in Your System? – Try All-in-One Patch Manager Plus
May 11, 2023Paying Cyber Hijackers' Ransoms Doubles Cost of Recovery, Sophos Study Shows
by D. Howard Kass • May 11, 2023 In three out of four cyberattacks, the hijackers succeeded in encrypting victims’ data, cybersecurity provider Sophos said in its newly released State of Ransomware 2023 report.Data Encryption Tops Ransomware ExploitsThe rate of data encryption amounted to the highest from ransomware since Sophos first issued the report in 2020, the company said. Overall, roughly two-thirds of the 3,000 cybersecurity/IT leaders’ organizations were infected by a ransomware attack in the first quarter of 2023, or the same percentage as last year.Much advice has been doled out by cybersecurity providers and law enforcement urging cyber-kidnapped organizations to not pay a ransom. According to Sophos’ survey, the data shows that when organizations paid a ransom to decrypt their data, they ended up doubling their recovery costs. On average, those organizations paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organizations that used backups to recover their data.Moreover, paying the ransom usually meant longer recovery times, with 45% of those organizations that used backups recovering within a week, compared to 39% of those that paid the ransom.Chester Wisniewski, Sophos field chief technology officer, explained that rates of encryption returning to very high levels after a temporary dip during the pandemic is “concerning”:“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation.”Education Sector Most AttackedAdditional key findings from the report include:The most common cause of a ransomware attack was an exploited vulnerability (36% of cases), followed by compromised credentials (29% of cases).In 30% of cases where data was encrypted, data was also stolen, suggesting this double dip method (data encryption and data exfiltration) is becoming commonplace.The education sector reported the highest level of ransomware attacks, with 79% of higher education organizations surveyed and 80% of lower education organizations surveyed reporting that they were victims of ransomware.Overall, 46% of organizations surveyed that had their data encrypted paid the ransom.Larger organizations were far more likely to pay ransoms. In fact, more than half of businesses with revenue of $500 million or more paid the ransom, with the highest rate reported by those with revenue over $5 billion. Cyber insurance policies may be the modifying factor.Human-led threat hunting is very effective at stopping cyber criminals in their tracks, said Wisniewski:“Experienced analysts can recognize the patterns of an active intrusion in minutes and spring into action. This is likely the difference between the third who stay safe and the two thirds who do not. Organizations must be on alert 24×7 to mount an effective defense these days.”Steps to Defense Against RansomwareSophos recommends the following best practices to help defend against ransomware and other cyberattacks:Deploy security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access to thwart the abuse of compromised credentials.Use adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond.Implement 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist managed detection and response (MDR) provider.Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan.Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations.
April 25, 2023What is the Benefit of LTO to High-Volume Video Editors?
IntroductionIn today's digital age, video content has become king, and high-volume video editing workflows have become essential. With the rise of 4K and 8K video resolutions, the need for efficient and reliable storage solutions has become more important than ever. In this context, LTO technology has emerged as a popular solution for high-volume video editing workflows. LTO, or Linear Tape-Open, is a magnetic tape storage technology that offers high-capacity storage, fast data transfer rates, and long-term data retention. In this blog post, we will explore the benefits of using LTO in high-volume video editing workflows and why it has become a critical component of modern video editing. LTO technology has become a critical component of high-volume video editing workflows due to its high-capacity storage, reliability, cost-effectiveness, fast data transfer rates, and compatibility. As video resolutions continue to increase, and file sizes become larger, the need for efficient and reliable storage solutions like LTO will only become more important. By using LTO in their video editing workflows, video editors can ensure that their data is safe, secure, and easily accessible, making their jobs easier and more efficient. In the world of video editing, one of the biggest challenges that video editors face is the need for large amounts of storage. Video files are notoriously large, and as video resolutions continue to increase, the need for storage solutions that can handle these large files becomes even more critical. This is where LTO technology comes in. LTO, or Linear Tape-Open, is a magnetic tape storage technology that was developed to provide high-capacity storage for data backup and archiving. LTO offers high-capacity storage, with the ability to store up to 30TB of uncompressed data on a single tape. This is significantly more than most hard drives or solid-state drives, which typically max out at around 2-4TB. With LTO, video editors can store and access large amounts of data quickly and efficiently, without worrying about running out of storage space. Benefits of LTO: High-Capacity StorageReliability Cost-Effectiveness Fast Data Transfer Rates Compatibility High-Capacity Storage One of the most significant advantages of using LTO in video editing workflows is its high-capacity storage. LTO tapes can store up to 30TB of uncompressed data, which is significantly more than most hard drives or solid-state drives. This high-capacity storage makes it an ideal solution for high-volume video editing workflows that involve the processing of large files. Video editors can store and access large amounts of data quickly and efficiently, without worrying about running out of storage space. One of the primary advantages of LTO technology is its high-capacity storage capabilities. Compared to other storage solutions, LTO offers a much larger capacity, which is ideal for video editing workflows that involve the processing of large files. In addition, LTO tapes are designed to last for decades, making them an ideal solution for long-term storage needs. Another advantage of LTO technology is its reliability. LTO tapes are designed to be highly durable and resistant to data loss due to wear and tear. This makes them an ideal solution for video editing workflows that involve the processing of large files, as video editors can have confidence in their storage solution, knowing that their data is safe and secure. In comparison to hard drives and solid state drives, LTO offers some distinct advantages. While hard drives and solid state drives are faster and more convenient for day-to-day use, they simply cannot match the storage capacity of LTO. This makes LTO an ideal solution for long-term storage needs, particularly for video editing workflows that involve the processing of large files. The importance of high-capacity storage in video editing workflows cannot be overstated. Video projects often involve the processing of large files, and having a storage solution that can handle these files is essential. Without high-capacity storage, video editors may run into issues with file corruption, data loss, or the inability to access important files when they need them. With LTO, video editors can have confidence in their storage solution, knowing that they have the capacity they need to handle even the largest video files. Overall, high-capacity storage is essential for high-volume video editing workflows, and LTO technology offers a reliable and efficient solution. With LTO, video editors can store and access large amounts of data quickly and easily, without worrying about running out of storage space. Reliability Another critical benefit of using LTO in video editing workflows is its reliability. LTO tapes are designed to withstand harsh environments and can last for up to 30 years. This makes them an ideal solution for long-term data retention, which is particularly important for video editing workflows. Video projects may need to be revisited or revised years after they were initially created, and LTO provides a reliable storage solution for these long-term needs. With LTO, video editors can have peace of mind, knowing that their data is safe and secure. When it comes to video editing workflows, one of the most important aspects is the ability to store large files for long periods of time. This is where LTO technology really shines, as it offers exceptional reliability and durability that other storage solutions simply cannot match. LTO (Linear Tape-Open) tapes are designed to withstand harsh environments and are highly resistant to data loss due to wear and tear. They are also designed to last for decades, making them an ideal solution for long-term data retention needs. This is particularly important for video editing workflows, where projects may be revisited and updated years down the line. With LTO, video editors can have confidence that their data will be accessible and reliable for years to come. In comparison to other storage solutions, LTO offers a level of reliability that is unmatched. Hard drives and solid state drives are prone to mechanical failures and data loss due to physical impact, while LTO tapes are designed to be highly durable and resistant to physical damage. This makes LTO an ideal choice for video editors who need a storage solution that can withstand the rigors of a high-volume video editing workflow. Cost-Effectiveness In addition to its reliability and high-capacity storage, LTO is also cost-effective. While the initial investment in LTO hardware and software may be higher than other storage solutions, the cost per gigabyte of storage is significantly lower. This makes LTO an attractive option for high-volume video editing workflows that require large amounts of storage. With LTO, video editors can benefit from a cost-effective storage solution that offers high-capacity storage and long-term data retention. LTO technology has become a popular solution for high-volume video editing workflows due to its reliability, durability, and cost-effectiveness. The cost-effectiveness of LTO technology is one of the main reasons why it is preferred by businesses and organizations that need to manage large amounts of data on a regular basis. One of the key advantages of LTO technology is its lower cost per gigabyte of storage compared to other storage solutions like hard drives and solid-state drives. These alternatives can be quite expensive, especially when dealing with large amounts of data. In contrast, LTO tapes have a much lower cost per gigabyte of storage, making them a more cost-effective solution for long-term data retention needs. This is particularly important for video editing workflows, where large amounts of raw footage and edited content need to be stored for future use. In comparison to other storage solutions, LTO tapes offer a lower total cost of ownership over the long term. While the upfront cost of LTO hardware may be higher than other storage solutions, the lower cost per gigabyte of storage and the longevity of LTO tapes make them a more cost-effective solution in the long run. This is particularly important for businesses and organizations that need to manage large amounts of data on a regular basis. LTO technology is designed to be scalable, which means that video editors can easily increase their storage capacity as their needs grow. This eliminates the need to invest in new hardware or software, making LTO a more cost-effective solution over time. When considering the long-term cost of managing large amounts of data, the scalability of LTO technology becomes an important factor. In a high-volume video editing workflow, cost-effectiveness is critical. The ability to store large amounts of data at a lower cost per gigabyte is important for businesses and organizations that need to manage their resources efficiently. By choosing LTO technology, video editors can save money and improve their workflow efficiency, without sacrificing reliability or durability. Overall, LTO technology offers exceptional cost-effectiveness that is critical to high-volume video editing workflows. With a lower cost per gigabyte of storage, scalability, and a lower total cost of ownership over the long term, LTO tapes are an ideal storage solution for businesses and organizations that need to manage large amounts of data on a regular basis. By choosing LTO technology, video editors can ensure that they have a reliable, durable, and cost-effective solution for their data storage needs. Fast Data Transfer Rates LTO technology has been known for its cost-effectiveness and scalability, but it's the fast data transfer rates that make it a must-have for high-volume video editing workflows. LTO offers fast data transfer rates, making it possible to transfer large files quickly and efficiently between different stages of the video editing workflow. LTO-8, the latest supported version of the technology, can transfer data at speeds of up to 900MB/s, which is faster than most hard drives. This means that video editors can spend less time waiting for files to transfer and more time focusing on the creative aspects of the video editing process. Compared to other storage solutions such as hard drives and solid state drives, LTO-8's data transfer rate is significantly faster. For instance, a standard hard drive might have a transfer rate of around 150 MB/s, which is less than half the speed of LTO-8's 360 MB/s. This difference becomes even more significant when you consider the size of video files. Video editing projects can easily run into hundreds of gigabytes or even terabytes of data, and transferring such large amounts of data can be time-consuming and frustrating. LTO-8's fast data transfer rate ensures that video editors can transfer large amounts of data in a fraction of the time it would take with other storage solutions. The importance of fast data transfer rates in video editing workflows cannot be overstated. Video editing projects are often time-sensitive, and deadlines must be met. With LTO-8, video editors can transfer large amounts of data quickly and efficiently, which helps them meet tight deadlines. The fast data transfer rates also mean that video editors can work on multiple projects simultaneously without worrying about delays caused by data transfer. The fast data transfer rates of LTO-8 are also important for businesses and organizations that need to manage large amounts of data on a regular basis. With faster data transfer rates, they can improve their workflow efficiency and reduce the time and resources required to manage their data. This can help businesses save money and improve their overall productivity. Moreover, LTO-8's data transfer rates are particularly useful for businesses and organizations that rely on remote collaboration. With more and more people working remotely, the ability to transfer large amounts of data quickly and efficiently is critical. LTO-8's fast data transfer rates make it an ideal solution for businesses and organizations that need to collaborate remotely on video editing projects. LTO-8's fast data transfer rates make it an ideal storage solution for high-volume video editing workflows. The ability to transfer large amounts of data quickly and efficiently helps video editors meet tight deadlines, improve their workflow efficiency, and collaborate remotely with ease. With LTO-8, businesses and organizations can also manage their data more efficiently, save money, and improve their overall productivity. Compatibility LTO technology is also compatible with a wide range of software applications used in video editing workflows, making it easy to integrate into existing workflows. This compatibility ensures that video editors can seamlessly incorporate LTO technology into their workflow without any disruptions. When it comes to video editing, managing large files and high-resolution footage can be a challenge. This is where LTO technology comes in as an ideal storage solution for high-volume video editing projects. LTO tapes can be seamlessly integrated into video editing workflows as a primary storage solution or as a backup for other storage solutions such as hard drives and solid-state drives. They are also easily transportable and can be stored off-site, providing an additional layer of data protection. One of the key advantages of using LTO in video editing workflows is its ability to handle large files and high-resolution footage. As video resolutions continue to increase, the amount of data required to store video files also increases. LTO's high-capacity tapes can store up to 30TB of compressed data, making it an ideal solution for managing large video files. This means that video editors can continue to work on their projects without the worry of running out of storage space. LTO tapes also offer fast data transfer rates, which means video editors can quickly transfer large amounts of data, saving time and reducing the risk of missing deadlines. This is especially important in the fast-paced world of video editing, where time is of the essence. By using LTO tapes, video editors can ensure that they can get their work done on time and without any hiccups. Conclusion LTO technology has become an essential tool for high-volume video editing workflows. The benefits of LTO tapes cannot be overlooked as they offer ample storage capacity, data security, and cost-effectiveness. The reliability of LTO tapes has been tested and proven over the years, making them the go-to solution for professionals in the industry. The increasing importance of efficient and reliable storage solutions in the industry is evident. As the demand for high-quality video content continues to grow, video production companies and professionals need to ensure that their data is safe and accessible. The consequences of data loss in the industry can be disastrous, leading to missed deadlines and lost revenue. The need for reliable storage solutions has never been more critical, and LTO technology offers precisely that. If you are a video production company or professional in the industry, it is time to consider implementing LTO tapes in your workflows. The benefits are undeniable, and LTO technology is a reliable and cost-effective solution that can take your video editing workflows to the next level. Don't let storage limitations or the risk of data loss hold you back from creating high-quality content. Investing in LTO technology today is crucial for the success of your business. In summary, implementing LTO technology in high-volume video editing workflows is a must. With LTO tapes, professionals can enjoy ample storage capacity, data security, and cost-effectiveness. As the demand for high-quality video content continues to grow, the importance of efficient and reliable storage solutions will only increase. Video production companies and professionals need to prioritize the safety and accessibility of their data, and implementing LTO tapes is one of the best ways to do this. Don't wait any longer, invest in LTO technology today and take your video editing workflows to the next level.
April 21, 2023What are 5 top cloud data storage risks? - TechTarget
Whether it's data loss, a lack of privacy or cyber attacks, storage administrators must consider cloud data storage risks carefully before a migration. Admins should regularly review these risks during and after a cloud storage installation. Data confidentiality, integrity and availability are critical. Unauthorized access to data Access to cloud-based data and systems usually involves an internet connection. Only approved and verified users should have access to data. Role-based access, decided by the user's position and activity, helps prevent unauthorized access. Authentication, ideally with at least two factors for granting access, protects the data from potential breaches. Encryption of access-related activities also protects data.Data loss When users host data and systems in a cloud service, they are still responsible for data protection, which may restrict user control of the data. Generate additional copies of critical data, and store them in another storage platform, ideally in a different data center. A hybrid arrangement is also an option. Users store critical data locally, such as in a NAS appliance, and in a cloud repository. This enables users to access critical data locally off the NAS appliance and to host backups of that data in the cloud. Carefully review cloud service providers' service-level agreements. Understand their rules for who is responsible for data protection. Implement a data protection policy to minimize cloud data storage risks. This document establishes guidelines for how users create, store, access, change and delete data. Data protection is also an important regulatory requirement, as specified in the EU's GDPR. Any organization that accesses data generated by an EU member nation must comply with GDPR.Security in the cloud While cloud storage security has improved in recent years, it's still important to encrypt data at rest and in transit. Establish an air gap to further protect data. Some cloud vendors offer an air gap, while tape storage is another common option.Loss of data privacy Unauthorized access is one of the top cloud data storage risks. It can mean a loss of privacy, especially for personally identifiable information and personal health information. HIPAA regulations, for example, have specific requirements in Part 164 of the Code of Federal Regulations to ensure that admins establish and maintain data privacy.Cyber attacks and breaches As the frequency and severity of cyber attacks -- such as phishing and ransomware -- increase, users who store data in a cloud service must ensure the same cybersecurity protection as they would for on-site storage. Look for products that offer the most direct user control. Examples of cloud security products include the following: Check Point CloudGuard. Supports multi-cloud environments, as well as most major cloud platforms. CloudPassage Halo. Uses IaaS to support cloud servers and containers. Symantec Cloud Workload Protection. Supports all major cloud platforms and provides resource scalability to support changing user needs.
April 25, 2023DHS Outlines Cyber Priorities in Release of Delayed Review - Nextgov
The Department of Homeland Security is working to deter cyberattacks targeting the nation’s critical infrastructure systems by prioritizing enhanced public-private collaboration, expanding its pool of high-skilled cyber talent and partnering with international allies to mitigate threats, according to a long-delayed strategy document released on April 20.The Quadrennial Homeland Security Review—which was last released in 2014—outlined how the department is responding to a host of challenges facing the homeland, including the rise in cyberattacks targeting public and private sector entities. DHS said in a press release that the review “assesses the ways homeland security has evolved since the department was formed over 20 years ago and the significant changes to the threats and challenges facing the nation since the last report was issued nearly a decade ago.”The report warned that “threats to the homeland have become more complex and have arisen on new fronts,” noting that “the convergence of cyber-physical technologies and systems underpinning our critical functions—from manufacturing, to healthcare, to transportation—means that single events can have a cascading impact on multiple industries, sectors and national critical functions.” The review referenced, in part, the 2021 ransomware attack on the Colonial Pipeline, which it said “quickly had cascading supply chain impacts” on the “distribution of gasoline and jet fuel to the Eastern United States—becoming a logistics problem more often experienced in response to natural disasters.”“As commercial network technologies are woven increasingly into our businesses, personal lives and federal as well as [state, local, tribal and territorial] government functions to provide the most critical services upon which we depend, there remain cyber risks and vulnerabilities that leave networks and systems at risk of exploitation and disruption,” the review said. “The ransomware attack on Colonial Pipeline illustrated that the real-world impacts of software vulnerabilities are not hypothetical.”The document reiterated DHS’s commitment to “protect the American people by preventing and mitigating active threats,” including the ongoing work of the department’s cyber-focused agency—the Cybersecurity and Infrastructure Security Agency—to “continue advancing national efforts to secure and protect against critical infrastructure risks, including implementing a national plan that recognizes both the expanding scale of terrorism and other threats and the emerging cybersecurity challenge of increasingly networked and internet-enabled infrastructure systems.” Given the fact that “the majority of the nation’s critical infrastructure is owned by the private sector,” DHS said close collaboration between industry and government remains critical. The department noted that it “is investing in initiatives to enhance public-private collaboration,” such as “the Cybersecurity Advisory Committee for pre-event strategic planning, the [Joint Cyber Defense Collaborative] for planning and real-time event coordination and the Cyber Safety Review Board for after-action analysis.” The document also outlined a number of steps that the Biden administration, DHS and CISA have taken to strengthen the cyber resilience of both federal agencies and critical infrastructure systems. These include, in part, ensuring “that infrastructure projects funded by the Infrastructure Investment and Jobs Act are built with cybersecurity in mind,” pushing federal agencies “to remediate vulnerabilities on aggressive timelines” and working to support “the development of secure software and technologies.” To enhance the department’s digital capabilities, DHS has also focused in recent years on expanding its pool of high-skilled cyber talent. The report said DHS launched the Cybersecurity Talent Management System in 2021 “to grow the future cybersecurity workforce.” As of the document’s release, the department said it “has processed over 5,000 applicants across a wide range of experience levels for an initial cohort of positions in both CISA and the Office of the Chief Information Officer.” The review also noted the impact that global events and international partnerships have had on DHS’s work, particularly when it comes to shoring up the security of critical infrastructure systems and guarding against the possibility of retaliatory cyberattacks from adversarial nations. The department said, for example, that “when it became clear that Russia was planning its 2022 invasion of Ukraine, DHS and CISA mobilized the private sector to harden its cyber defenses proactively against disruptive Russian retaliatory or spillover actions through a public awareness campaign called Shields Up, the largest effort of its kind in history.” “DHS shared threat information broadly and in real time with our public and private sector partners, and we identified and mitigated vulnerabilities,” the review added. “These ongoing efforts are important for the homeland security enterprise to reduce the likelihood of a damaging cyber intrusion, including taking steps to detect a potential intrusion quickly, ensuring that the organization is prepared to respond if an intrusion occurs and maximizing the organization’s resilience to a destructive cyber incident.” The department said that international partnerships, such as the recent expansion of the Abraham Accords “to include cybersecurity,” have also provided officials with “actionable technical information on shared cyber threats and vulnerabilities, including on specific cyber activity targeting critical infrastructure.”During a speech at the Council on Foreign Relations on Friday following the report’s release, Homeland Security Secretary Alejandro Mayorkas noted that the review also outlined DHS’s new focus on “combating crimes of exploitation—such as human trafficking, child exploitation and labor exploitation—as a dedicated homeland security mission alongside our work countering terrorism, securing our borders, administering our immigration system, securing cyberspace and critical infrastructure and building resilience and responding to disasters.”During the same event, Mayorkas also said that DHS was undertaking a 90-day sprint to assess how the U.S. could more effectively counter the threat posed by the Chinese government—particularly if Beijing decides to launch an invasion of Taiwan. He said a critical component of this review will include an examination of “the defense of our critical infrastructure against [the People's Republic of China] or PRC-sponsored attacks designed to disrupt or degrade provision of national critical functions, sow discord and panic and prevent mobilization of U.S. military capabilities.”“A PRC invasion of Taiwan would have profound reverberations in the homeland, putting our civilian critical infrastructure at risk of a disruptive cyberattack,” Mayorkas added. “We must ensure we are poised to guard against this threat today and into the future.”