LATEST HEADLINES

May 27, 2024
Tape is so dead, 152.9 exabytes worth of LTO shipped in 2023 - The Register
Tape – as a digital storage medium – has been considered dead for your correspondent's entire 29-year career. But that didn't stop manufacturers behind the Linear Tape-Open (LTO) standard shipping 152.9* exabytes worth of the stuff last year.HPE, IBM, and Quantum are the only three LTO Program Technology Providers, and last week jointly released The Annual LTO Program Media Shipment Report [PDF] which revealed that 152.9-exabyte figure along with the tidbit that it represents 3.14 percent shipment growth compared to 2022.The three attributed some of that growth to "rapid data generation and the increased infrastructure requirements of hyperscalers and enterprises." Which is good news for tape – if hyperscalers are using it that likely means demand will continue for the foreseeable future.Because it's 2024 they also attributed some demand for tape to AI, which the trio described as just the sort of workload that spawns unstructured data and can "cause increases in storage requirements and costs."Tape has huge capacity, and can easily be taken offline. Purveyors therefore commend it as an ideal medium for bulk data that isn't often accessed – a role in which it can often be cheaper than disk – and to protect data by literally putting it on the shelf and therefore out of reach of ransomware infections.Just don't mention access or restore times, which are not swift. Or the reason for that asterisk* up there, which we included because the LTO trio's 152.9EB figure refers to compressed tape capacity.That matters, because each generation of LTO tape has a native capacity and a compressed capacity. In the case of the latest LTO generation – the ninth – compressed capacity is 45TB and native capacity is 18TB. LTO-8's numbers are 30TB and 12TB.So suffice to say the 152.9EB figure is therefore a little less impressive that it appears at first blush. And again, remember that read and write times – and therefore recovery efforts – take even longer when there's compression or decompression to be done.Know, also, that Seagate alone shipped 99 exabytes worth of hard disk drives in Q3 2024, as revealed in its late April results presentation [PDF]. Other hard disk makers will also have shipped many exabytes, as will vendors of solid state storage.That said, 152.9 exabytes is a decidedly non-trivial sum, even if the native capacity of tapes shipped last year was probably around a third of the headline figure.Even at 50EB – 50,000 petabytes – that's a lot of cat videos, scraped-for-free LLM corpus data, log files, and whatever else it is that people put on tape so it's always around. Just like tape itself. ®
May 28, 2024
Not bad for a 'dead' storage medium, tape shipments reached 152.9 exabytes in 2023.
Magnetic tape storage, once thought to be obsolete, continues to defy expectations with its enduring relevance in the digital storage landscape. Despite predictions of its demise, manufacturers adhering to the Linear Tape-Open (LTO) standard shipped an impressive 152.9 exabytes of magnetic tape capacity in 2023, marking a 3.14 percent increase from the previous year. This growth underscores the ongoing demand for magnetic tape among hyperscalers and enterprises, driven by the exponential growth of data and the need for efficient storage solutions.The Annual LTO Program Media Shipment Report, provided by key industry players such as HPE, IBM, and Quantum, highlights the continued significance of magnetic tape in today’s data-driven world. This resilience is noteworthy considering the skepticism surrounding magnetic tape’s future in the mid-1990s, when newer storage technologies were expected to supplant it. However, magnetic tape has proven its durability and efficacy over the years, boasting advantages that continue to resonate with users across various industries.One of the key advantages of magnetic tape is its vast storage capacity, which remains unmatched by many alternative storage mediums. Additionally, its ease of offline storage makes it an attractive option for organizations seeking cost-effective archival solutions. Magnetic tape has demonstrated its ability to safeguard data for extended periods, with some tapes capable of preserving data for up to 30 years. This longevity makes magnetic tape an ideal choice for archival purposes, where data retention is paramount.Cost-effectiveness is another driving factor behind the continued use of magnetic tape for backup and archival needs. Despite the emergence of newer storage technologies, magnetic tape remains a cost-efficient option, often outperforming traditional hard disk drives (HDDs) in terms of affordability. Furthermore, magnetic tape serves as a reliable safeguard against ransomware attacks, offering an added layer of security for stored data.From an environmental perspective, magnetic tape storage has also been shown to have less of an ecological footprint compared to HDDs and solid-state drives (SSDs). This eco-friendly attribute further underscores the appeal of magnetic tape as a sustainable storage solution. However, magnetic tape is not without its drawbacks, particularly in terms of data retrieval speed.Accessing and restoring data from tape backups can be a time-consuming process, making magnetic tape best suited for storing data that does not require frequent access. Despite this limitation, magnetic tape continues to find favor among organizations seeking long-term data retention solutions.In comparison to hard disk drives, the volume of magnetic tape capacity shipped may appear modest. For example, Seagate alone shipped a substantial 99 exabytes worth of hard drives in just the third quarter of 2024. However, this disparity does not diminish the significance of magnetic tape as a reliable and cost-effective storage solution for archival and backup purposes.Magnetic tape storage, once thought to be on the brink of obsolescence in the face of advancing digital technologies, has demonstrated remarkable resilience and enduring relevance in the modern digital storage landscape. Despite initial predictions of its demise, the data from the Linear Tape-Open (LTO) standard paints a compelling picture of magnetic tape’s continued importance. In 2023 alone, manufacturers adhering to this standard collectively shipped an impressive 152.9 exabytes of magnetic tape capacity, showcasing a notable 3.14 percent increase compared to the previous year. This surge in demand underscores the enduring appeal of magnetic tape among hyperscalers and enterprises, driven by the relentless growth of digital data and the critical need for efficient and reliable storage solutions to manage it effectively.The insights gleaned from The Annual LTO Program Media Shipment Report, meticulously compiled by key industry players such as HPE, IBM, and Quantum, offer valuable perspectives on the ongoing significance of magnetic tape technology. Such resilience is particularly striking when considering the doubts that pervaded the tech landscape in the mid-1990s, when emerging storage technologies were widely expected to eclipse magnetic tape. However, magnetic tape has defied these expectations, steadfastly maintaining its position as a cornerstone of data storage infrastructure across diverse sectors.If you like the article please follow on THE UBJ.
May 28, 2024
LTO magnetic tape shipments reached a record 152.9 exabytes in 2023 - TechSpot
In context: The Linear Tape-Open (LTO) format for tape-based magnetic data recording was developed in the Nineties as an open-standard alternative to proprietary tape formats. The technology provides native encryption and compression support, and it is still one of the most used "cold" storage media in data center and enterprise environments. The three companies behind the LTO Consortium recently released the latest annual report on magnetic tape technology shipments, which set a new storage capacity record in 2023. the LTO members-- Hewlett Packard Enterprise, IBM, and Quantum Corporation – jointly stated jointly said that tape media shipped to market have now reached 152.9 exabytes of total (compressed) capacity, with 1 exabyte being equal to 1 million terabytes or 1 billion gigabytes.LTO magnetic tapes grew by 3.14 percent over 2022, the consortium said, with hyperscalers and enterprises increasing their storage needs due to "rapid data generation" and increased infrastructure requirements. Needless to say, the LTO Consortium is quoting AI as one of the main reasons for the new record-setting results achieved by LTO shipments.The LTO Ultrium technology has been around for decades now, providing a cheap and supposedly reliable way to store massive amounts of digital data that can be easily archived offline by simply removing the tapes and physically putting them on the shelves. LTO magnetic tapes aren't exactly quick in I/O operations though, which means that they are mostly used to archive "unstructured data" that doesn't necessarily need constant access.According to the LTO Consortium, tape is a great solution for the storage challenges created by AI services and other related, data-hungry technologies. Chatbots and ML algorithms increase storage requirements and infrastructure costs, while LTO tapes should make the management of vast amounts of digital data more cost-effective and sustainable. LTO is an ever-evolving, backward-compatible standard that is now at its ninth generation (LTO-9). An LTO-9 drive provides a 45 TB compressed capacity with a 50 percent increase over LTO-8, or a 1,400 percent increase over LTO-5 tapes introduced a decade ago. LTO-9 transfer speeds go up to 400 megabytes per second in native mode or 1,000 megabytes in compressed mode, with additional embedded features such as hardware-based encryption, immutable WORM (Write-Once, Read-Many) operations.According to storage analyst Tom Coughlin, the latest annual report by the LTO Consortium highlights the "continued importance" of LTO technology for the world's storage needs. LTO tapes will continue to improve and have a critical role in enterprise storage architectures, providing digital companies and data centers with a solution specifically designed to handle large volumes of data and more intensive workloads. The future of AI is definitely written on tape.
May 29, 2024
Despite being older than the PC, magnetic tape storage is far from dead, in fact it's growing ...
If you want super-fast storage, you get an SSD. If you need lots of storage, you get an HDD. But does anyone want very slow and fragile storage, like magnetic tape? Turns out the answer is an emphatic yes, as almost 153 exabytes of the stuff was shipped around the world in 2023—3% more than the previous year.Many of you will be like me, in that you grew up around computers that stored all data on cassettes or cartridges that held a spool of magnetic tape. The use of ferromagnetic materials as a medium for data storage is as old as the electronic computer itself, but tape is fragile, slow to use, and entirely linear (which makes doing random reads a very tedious process).So as the floppy disk, then later the hard disk drive came to dominate the storage market, it was generally thought that magnetic tape would soon be consigned to history. As reported by Ultrium LOT (via Tom's Hardware), details on the amount of tape storage shipped throughout 2023 showed that this is very much not the case.Hewlett Packard Enterprise, IBM, and Quantum Corporation co-develop the LTO (Linear Tape-Open) Ultrium format and it gets used in magnetic tape cartridges that can store up to 18TB, with a read speed of 400 MB/s. Those numbers might not seem very good but LTO is primarily used for system backups and data archives, so raw speeds aren't important.What is important is the very low cost-per-GB of tape and even though the medium itself is quite fragile, LTO storage cartridges themselves are reliable and robust. This is why, as the world creates ever more data, magnetic tape is still a popular choice for cheap, large-scale, long-term storage.That said, while 153 EB (153,000,000 TB) sounds a lot, the shipment report notes that this value is based on a 2.5:1 compression ratio being used by the magnetic tape storage, so the raw figure is 'only' a little over 60 exabytes. Okay, that's still a huge amount but in the last three months of 2023, total HDD shipments were estimated to be around 212 EB, so it's not like tape is any kind of threat to even that market.If you're wondering what the numbers are like for SSDs, nearly 780 EB of flash was shipped throughout last year, so when it comes to raw capacity, the humble HDD is still king. Large-capacity SSDs, those bigger than 4TB, are still painfully expensive and although it's the storage medium of choice when it comes to raw performance, if you want lots of reliable, reasonable quick terabytes, then hard disks are the way to go.Until large flash chips became cheap as…well…chips (potato not silicon), then HDDs and magnetic tape are still going to be around for a long time yet.
May 30, 2024
AI Data Boom Drives Tape Storage Growth - IDM Magazine
Shipment of high capacity LTO Tape storage capacity hit a record of 152.9 Exabytes (EB) in 2023, driven in part by rapid data generation and the increased infrastructure requirements of enterprises for AI solutions.LTO vendors HPE, IBM and Quantum claim the growth of 3.14% over 2022 shows the tape technology remains to be a choice solution for mitigating common challenges created by the proliferation of unstructured data due to recent advancements in technologies such as AI.“The latest annual tape capacity shipment media report signifies the continued importance of LTO tape technology in the digital storage hierarchy not only today, but also far into the future as storage needs evolve in complexity and cost,” said Tom Coughlin, Storage Analyst and President, Coughlin Associates.“LTO tape will endure as a critical component of storage architectures across the enterprise, especially as tape technology itself continues to improve to handle even larger volumes of data and more intensive workloads.”LTO generation 9 is the latest format specification for LTO Ultrium tape drives and media, providing significantly more capacity and higher performance than the previous generation.In addition to full backward read and write compatibility with LTO-8 cartridges, LTO generation 9 specifications include multi–layer security support with hardware–based encryption, immutable WORM (Write–Once, Read–Many) functionality, and fast data access with the Linear Tape File System (LTFS).LTO generation 9 technology offers a 45TB compressed tape cartridge, representing a 50% capacity boost over LTO generation 8 and a 1400% increase over LTO-5 technology launched a decade ago, with transfer speeds of up to 400 MB/s (native), 1,000 MB/s (compressed).In 2022, the LTO Program announced an extended LTO tape roadmap that calls for plans to achieve up to 1.4 Petabytes (PB) of compressed capacity per cartridge by LTO generation 14.The LTO Program’s annual shipment reports for tape media is available for download from the LTO Program website, https://www.lto.org/ 
May 13, 2024
Boeing Confirms LockBit Hackers Demanded $200 Million Ransom After 2023 Data Breach
Aerospace giant Boeing has confirmed that the LockBit ransomware gang demanded a staggering $200 million extortion payment after breaching the company’s network and stealing sensitive data in October 2023.In early November, the notorious Russia-linked cybercrime group published approximately 43 gigabytes of data allegedly stolen from Boeing’s IT systems, including backups of management software configurations, monitoring logs, and auditing tools. LockBit initially posted a 4GB sample of the stolen data in December, threatening to leak more if Boeing did not “cooperate.” The hackers dumped the full trove online when the company refused to engage.While 43GB represents a significant volume of information, some cybersecurity experts believe it may not reflect the full extent of data exfiltrated from Boeing’s network.“If they only got 43 GB of data from Boeing they obviously didn’t get very far into the Boeing network,” one researcher noted. “That’s barely a couple of lightly utilized laptop backups, or maybe one satellite office’s design data.”Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackersIn a statement, Boeing acknowledged Cyberscoop that “elements of our parts and distribution business” were impacted by the incident but asserted that it posed no threat to aircraft or flight safety. The company declined to comment further, citing an ongoing investigation in coordination with law enforcement.The $200 million ransom demand, one of the largest publicly known extortion attempts to date, was revealed in a U.S. Department of Justice indictment unsealed this week. Authorities identified a Russian national, Dmitry Yuryevich Khoroshev, as the mastermind behind the LockBit operation, which has reaped over $500 million from victims worldwide since emerging in late 2019.LockBit’s attack on Boeing, one of the world’s largest aerospace and defense contractors, underscores ransomware’s growing threat to even the most well-resourced organizations. “If multibillion-dollar companies cannot secure their networks, what chance do cash-strapped school districts have?” said Emsisoft threat analyst Brett Callow. “Governments really do need to rethink their counter-ransomware strategies.”On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
May 13, 2024
Cyber security focus: Ransomware attacks is a prominent threat for maritime - safety4sea
Cybersecurity in the maritime industry is becoming increasingly crucial as vessels, ports, and supply chains embrace digitalization. With the integration of IoT (Internet of Things) devices, automation, and interconnected systems, the sector faces a growing threat landscape that includes risks such as data breaches, ransomware attacks, and sabotage attempts.According to European Union Agency for cyber security, this shift is accompanied by a notable rise in cyberattacks targeting critical maritime infrastructure like ports and shipping firms, underscoring the necessity for enhanced focus and action on maritime cybersecurity.The report utilizes the ENISA Cybersecurity Threat Landscape Methodology, analyzing a total of 98 publicly reported incidents during the specified timeframe. Data collection primarily focuses on EU member states and extends to global incidents impacting the EU. Major incidents were identified through open-source intelligence (OSINT) and cyber threat intelligence capabilities.ENISA highlights that during the period of January 2021 to October 2022, the prime threats identified include:ransomware attacks (38%): a type of attack where threat actors take control of a target’s assets and demand a ransom in exchange for the return of the asset’s availabilitydata related threats (30%): Sources of data are being targeted with the aim of unauthorised access and disclosure and manipulating data to interfere with the behaviour of systems.malware (17%): Malware is an overarching term used to describe any software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality, integrity or availability of a system.denial-of-service (DoS), distributed denial-of-service (DDoS) and ransom denial-of-service (RDoS) attacks (16%): Availability is the target of a plethora of threats and attacks, among which DDoS stands out. DDoS attacks target system and data availability and, though not a new threat, have a significant role in the cybersecurity threat landscape of the transport sector.phishing / spear phishing (10%): Social engineering encompasses a broad range of activities that attempt to exploit a human error or human behaviour with the objective of gaining access to information or services.supply-chain attacks (10%): A supply-chain attack targets the relationship between organisations and their suppliers.During the reporting period, the threat actors with the biggest impact on the sector were state-sponsored actors, cybercriminals and hacktivists. We observed the following trends:Ransomware attacks became the prominent threat against the sector in 2022. Ransomware has been steadily increasing and the transport sector has been affected similarly to the other sectors.Cybercriminals are responsible for the majority of attacks on the transport sector (54%), and they target all subsectors.Threat actors will increasingly conduct ransomware attacks with not only monetary motivations.The increased hacktivist activity targeting the transport sector is likely to continue.The increasing rate of DDoS attacks targeting the transport sector is likely to continue.The main targets of DDoS attacks by hacktivists are European airports, railways and transport authorities.During this reporting period, we did not receive reliable information on a cyberattack affecting the safety of transport.The majority of attacks on the transport sector target information technology (IT) systems. Operational disruptions can occur as a consequence of these attacks, but the operational technology (OT) systems are rarely being targeted.Ransomware groups will likely target and disrupt OT operations in the foreseeable future.According to the report, in 2022, ransomware attacks emerged as the primary threat to the sector, surpassing the data-related threats that dominated in 2021. Nevertheless, ransomware groups are still seen as opportunistic and not specifically targeting the transport sector more than others. Recent trends suggest no notable increase in ransomware attacks targeting transportation compared to other sectors. Ransomware incidents have been on the rise overall, affecting the transport sector in line with other industries.Credit: ENISAKey challenges to manage cyber security According to DNV, effectively managing cybersecurity in the dynamic and intricate energy sector is far from simple. The sector is experiencing significant digitalization, innovation, and shifts toward cleaner energy sources amid changing global demand and the impacts of conflict in Europe, which are influencing global energy prices and distribution patterns.#1 The ‘wait and see’ effect is holding back progress: Six in 10 C-suite respondents acknowledge, for example, that their organization is more vulnerable to attack than ever before, but far fewer (44%) expect to make urgent improvements in the next few years to prevent an attack.#2 The air gap is closing fast: When considering the risk of a cyber-attack on their industrial control systems, energy businesses have taken some comfort from the knowledge that their OT platforms have traditionally had an ‘air gap’ insulating them from the IT network.#3 A global shortage of expertise: In an unfolding cyber incident, where hackers have infiltrated the network and need to be contained, every second counts. It’s therefore concerning that just 31% of respondents assert confidently that they know exactly what to do if they became concerned about a potential cyber risk or unfolding attack.#4 Complex supply chains disguise critical vulnerabilities: Supply chains in the energy sector are global in scale and increasingly complex, relying on third and fourth parties whose cyber security systems and processes are harder to assess with certainty. Consequently, cyber security across the supply chain is an area in hich respondents are less confident than they need to be to protect their critical systems and data.Where we stand The issuance of the Navigation and Vessel Inspection Circular (NVIC) by the US Coast Guard (USCG) in March 2024 underscores the critical importance of cybersecurity in the maritime sector. With cyber incidents such as ransomware attacks, data breaches, and IT disruptions becoming the primary concern for companies globally, as highlighted in the Allianz Risk Barometer 2024, the maritime industry is not immune to these threats.As the maritime sector increasingly relies on digital technologies for navigation, communication, and operational efficiency, it becomes more vulnerable to cyber threats. A breach in cybersecurity could not only disrupt operations but also compromise the safety and security of vessels, crew, and cargo.Moreover, in the broader context outlined in the Global Risks Report, rapid technological change presents both opportunities and challenges. While advancements in technology enhance efficiency and connectivity, they also introduce new vulnerabilities and risks. Economic uncertainty, exacerbated by factors such as geopolitical tensions and climate change, further complicates the landscape.In conclusion, the transport sector faces an evolving cyber threat landscape characterized by ransomware’s increasing prominence and hacktivists’ use of DDoS attacks for geopolitical motives. As cyber threats become more complex and targeted, proactive cybersecurity measures and collaboration between transport stakeholders and cybersecurity professionals are imperative to mitigate risks and ensure the resilience of critical transportation infrastructure.
May 13, 2024
Healthcare System Ascension Confirms Ransomware Attack - Williamson Source
On May 8, one of the largest private healthcare systems, Ascension, detected unusual activity in their network systems, which was later determined caused by a ransomware attack.Systems that are currently unavailable include the electronic health records systems and various systems utilized to order certain tests, procedures and medications. Ascension hospitals and facilities remain open and are providing care. However, due to downtime procedures, several hospitals are currently on diversion for emergency medical services in order to ensure emergency cases are triaged immediately.An Ascension spokesperson released the latest update on May 11:“We continue to diligently investigate and address the recent ransomware incident, working closely with industry leading cybersecurity experts to assist in our investigation and restoration and recovery efforts. Additionally, we have notified law enforcement, as well as government partners including the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the American Hospital Association (AHA). We remain in close contact with the FBI and CISA, and we are sharing relevant threat intelligence with the Health Information Sharing and Analysis Center (H-ISAC) so that our industry partners and peers can take steps to protect themselves from similar incidents.While our restoration work continues in earnest, our focus is on restoring systems as safely as possible. While we expect this process will take time to complete, we are making progress and systems are being restored in a coordinated manner at each of our care sites. We will continue to share updates on our recovery process.”This is an ongoing situation.Please join our FREE Newsletter This article is a press release provided to the media for distribution.
May 13, 2024
Hackers Exploiting MS-SQL Severs To Deploy Mallox Ransomware - Cyber Security News
Information such as financial records, customer information, and intellectual property that may be sold on the black web markets is what MS-SQL servers commonly store. In addition, a hacked MS-SQL server can present an entry point into the organization’s network, from where ransomware can be deployed or other malicious activities can be carried out. Due to weak passwords, unpatched vulnerabilities, and misconfigurations in MS-SQL installations, threat actors using automated scanning and exploitation tools find them appealing.Recently, cybersecurity researchers at Sekoi discovered that hackers have been actively exploiting the MS-SQL servers to deploy Malloz ransomware.Technical AnalysisAn MS-SQL honeypot deployed on April 15th was swiftly compromised via brute-force attacking the weak “sa” account from XHost Internet Solution IPs, around 320 attempts per minute.Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackersPost-intrusion, the attackers leveraged MS-SQL exploits to deploy Mallox ransomware using PureCrypter. Investigating Mallox samples revealed two affiliate groups – one exploiting vulnerabilities, the other conducting broader system compromises.On April 15th at 2:17 pm, exploitation attempts began on the tampered MS-SQL honeypot from AS208091 IPs only hours after the initial “sa” account breach.When analyzing the logged attacker actions, two different recurring exploitation schemes were revealed. These schemes were likely executed using scripts or tools.By examining IoCs and TTPs, it was found that 19 out of many attempts identified a pair of separate patterns corresponding to one and the same intrusion set.Mallox deployment flow (Source – Sekoia)The MS-SQL exploitation attempts deployed payloads corresponding to PureCrypter, which downloaded files with random multimedia extensions containing encrypted .NET libraries. These libraries were Reflectively loaded, decrypting, and executing the next stage of PureCrypter payload that finally loaded the Mallox ransomware from its resources. PureCrypter employs evasion techniques like environment detection, privilege adjustments, and deflating or decrypting embedded resources. When PureCrypter failed, the attacker attempted direct Mallox deployment. PureCrypter uses protobuf definitions to store the encrypted Mallox executable under a randomized name like “Ydxhjxwf.exe”.Mallox is a notorious ransomware-as-a-service (RaaS) operation that distributes multiple variants of the Mallox ransomware, also known as Fargo, TargetCompany, etc. It accelerated attacks in late 2022 using double extortion, becoming one of the most distributed ransomware families in early 2023. Mallox operators exploit vulnerabilities in MS-SQL servers, brute-force weak credentials, and leverage phishing for initial access. Operated likely by former tier ransomware group members, Mallox transitioned to a RaaS model in mid-2022 with personas like “Mallx” and “RansomR” recruiting Russian-speaking affiliates on forums like RAMP. By mid-2022, the Mallox ransomware learned to use the double extortion technique of data exfiltration and publicizing stolen data. It then shifted to specialized negotiation sites on TOR and used a triple extortion strategy, reads the report.In 2022-2023, Mallox soiled its hands by heavily impacting Asian victims in various fields such as manufacturing and retail, despite claiming to avoid attacking Eastern Europe.Affected countries (Source – Sekoia)The website for releasing dumped information contained over 35 victims’ names. An analysis showed that MS-SQL gaps were exploited by “maestro” among the employees of Mallox during the initial compromise.On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
April 05, 2024
7 reasons why LTO won't die - Preferred Media
Magnetic tape was first used to record computer data way back in 1951. If you see the tape decks that feature in ‘computers’ in vintage movies, it’s hard to believe the medium is still around… let alone at the cutting edge of data storage. In fact, magnetic tape is thriving with strong sales of LTO Ultrium, the current de facto standard.Just like vintage fashions that won’t die (mom jeans, dad sneakers, bum bags anyone?) LTO might seem daggy and basic at first glance. It doesn’t have the shiny new excitement of cloud or other more marketable storage offerings. But it is very popular in the Australian production industry and with us. LTO is hard to beat as a long-term archive medium and here’s why:1.    LifespanLTO boasts an impressive 15 to 30-year lifespan. In comparison, HDDs are more volatile with a higher failure rate and a life expectancy of around 5 years.But buyer beware. The 30-year prediction only applies to tapes stored in a clean, controlled environment. With both temperature and humidity regulation. The ideal environmental conditions for LTO storage are 18°C and 40% relative humidity. (Luckily for us, we already have a custom-built film and tape vault).This is one of the reasons studios and networks list LTO as a deliverable. Also one reason it’s favoured by insurance companies.2.    It’s open formatLTO stands for Linear Tape-Open. ‘Open’ refers to ‘open standards’. That means that the tech is available for license by multiple vendors. LTO was developed by Certance (now Quantum), Hewlett Packard Enterprise, and IBM in the late 1990s. They created LTO to compete with existing proprietary formats of digital tape. The three companies form the LTO Consortium and they work together to manage the medium, certification and licensing.With multiple sources of media and drives, the format has resilience. Obsolescence doesn’t hinge on the success or failure of one manufacturer. Competition keeps prices in check. And affordable media is popular media, which is less likely to become an entry in the Museum of Obsolete Media.3.    There’s a roadmapWouldn’t it be great if you could see exactly what storage options will be available in 10 years’ time? Especially if you are pondering the capex outlay required for an LTO setup. Well, you can get a decent idea with the LTO Roadmap.The LTO Consortium publish a roadmap with predicted specs for future generations of tape, to provide certainty.Media format obsolescence is inevitable, but a roadmap makes it manageable. LTO drives are also mandated to be backwards compatible to at least one generation.Recent research shows that 330TB capacity cartridges are a real possibility. So the roadmap is not just wishful thinking.4.    The lowest error rateAll digital storage media are subject to error, but LTO is reportedly four orders of magnitude better than disk.5.    It’s secure tooOne of the beauties of tape, particularly as an archive medium, is its removability. Not a sexy quality at all. But very useful. It means that tape is portable, cartridges are easily stored offline or transported offsite. And storing tapes offline is a sure way to thwart sophisticated cyberattacks like ransomware. Ransomware attacks have more than doubled this year. As we saw from the attack on WPP in 2017, the threat is real. Especially for creative companies who not only rely on data for day-to-day operations but also create value in IP.Storing tapes offline also preserves files against glitches and accidental deletion. And LTO can be encrypted on-the-fly. In fact, IBM are developing protections against attack from computers that don’t even exist yet.6.    CapacityVideo files are only getting larger. So it’s handy that the current generation of tape is capable of storing up to 1600 HD movies per cartridge.Unfortunately, video files also don’t compress well. So the reported potential capacity of 30TB compressed doesn’t mean much to us. But 12TB per cartridge native for LTO-8 is not to be sniffed at.7.    Cost-effectiveAll the reliability and capacity in the world would mean nothing if LTO wasn’t affordable. That might sound miserly. But content creatives and audiovisual archives are facing the reality of growing data sizes every day. Technology marches on. Better cameras and more of them, higher shoot ratios, and higher resolution files. All multiplied across a growing archive of content… Add downward pressure on budgets and the bottom-line looms large.Individual tapes are cheap especially when compared to disk. But there are many factors to consider when calculating cost. It’s important to consider the total cost of ownership of a tape storage system:There is a large capex outlay to start. You will need hardware, software and media.You need people to manage the tape drives/libraries.Unlike disk, tapes are energy efficient because you don’t need to keep them kept powered up.On the other hand, air-conditioning and humidity regulation will add to the expense.But the cost per GB drops the more data you archive.LTO works for us because we already have the experts, the climate-controlled vault (with a solar installation), and the data volume. So happily we can pass those cost savings on to our clients.Other considerationsTape is far from dead – but there are some things to watch out for.What about speed?Tape doesn’t have the fast access speeds of HDDs or SSDs for retrieval. It is linear by nature and that is both its strength (allows for capacity) and its weakness (slower to access).But speed is not a deal breaker. We mostly use LTO for archive content that doesn’t require instant or frequent access. And with large files like media files, the random-access time issue is less relevant.Read and write speed is still good – especially compared to cloud offerings.Is Cloud a tape-killer?Tape has been proclaimed dead many times. Amazon Glacier and now Deep Glacier have been called ‘tape-killers’. Cloud storage is still the bright, shiny and new storage option. But upload and download speed along with restore fees mean that sometimes it promises more than it can deliver.We do use cloud in our storage mix, so we’re not knocking it. But Cloud hasn’t put an end to tape yet. Indeed, if you look behind the scenes at major cloud providers, you’ll often find a huge tape library. Although they have denied it, there are even whispers that Amazon built Glacier on tape. And Google and Microsoft Azure definitely use LTO tape.Is there a tape shortage?Despite having an accessible open standard, the number of LTO tape manufacturers has whittled down. From six in recent years to just two – Sony and Fujifilm. And it seems like each is trying to shrink the pool further – to just one supplier.The two recently settled a patent row over LTO-8 technology that saw imports banned and production halted on the latest version of tape. None were available up until recently. Suppliers introduced stopgap measures. LTO-7 ‘Type M’ tapes were created using LTO-8 standards to squeeze more capacity from LTO-7 tapes. This was an imperfect solution as it complicates lifecycles. Future LTO-9 drives will not be able to read the Type M tapes.The whole saga highlighted the weakness of relying on just two manufacturers. It goes to show that no type of media is completely secure. You can’t eliminate risk. The best you can do is mitigate it by combining different media in your storage mix. Or you can outsource the risk to a service provider to manage it for you.Is a tape-based storage system difficult to manage?The manual tape management processes are labour intensive. A level of technical knowledge is required. As Fujifilm states, tape systems require four elements – ‘software, hardware, media and people.’There is lifecycle management to consider. You’ll need to decide when to upgrade and plan regular migrations. If you don’t have an IT Admin to manage the tapes, or you do have an IT Admin but their time is spent better elsewhere, LTO may not be for you.Our LTO servicesWe love LTO for long-term archive. If you sign up to our digital archive or library service, you’ll always have a copy of your original data written to tape. Usually two copies, stored separately, depending on your plan.We also store clients’ own LTO tapes in our climate-controlled media vault in Lane Cove. Offsite tape vaulting is a great option if you have your own LTO infrastructure. You can keep a geographically separate copy, improve tape lifespan, and simply make space.If you’re interested in the benefits of LTO but don’t want the hassle of managing it, get in touch. We’re be happy to talk through our archive setup or recommend options to suit.
April 04, 2024
Ransomware attacks ravaged municipal governments in March - TechTarget
Ransomware attacks caused prolonged disruptions for several municipalities in March, impairing public services and forcing government workers to use pen and paper.Despite recent law enforcement actions, including a takedown operation against the LockBit ransomware gang in February, the threat continued last month. Municipalities took the brunt of attacks, with Medusa ransomware gang claiming responsibility for two of them. Following the attacks, cities and counties across the U.S. struggled to restore services; for some municipalities, it wasn't the first they were disrupted by ransomware.On March 26, government officials in Gilmer County, Ga., disclosed that multiple services were down following a ransomware attack. Officials posted a notice on the city's website to warn residents of the disruptions, though it has since been taken down. The Record reported that the notice stated the county "recently detected and responded to a ransomware incident and has taken affected systems offline." Officials warned residents to expect delays as the city worked to restore services. Gilmer has not released an official statement.One day prior, the police department for the City of St. Cloud, Fla., disclosed through Facebook that the city was experiencing a ransomware attack. While they confirmed 911 lines remained operational, residents were instructed to make payments to the city in cash only due to affected systems.The city posted additional information on the St. Cloud website, though it referred to the incident as a cyber attack and did not mention ransomware. The statement confirmed law enforcement was investigating the attack and that the city implemented additional measures to continue services while systems remained down. While the transfer station remained open and accepted cash payments, the Toho Water Authority's customer service office at City Hall was closed.Veronica Miller, St. Cloud city manager, issued an update on Tuesday that revealed the city was still "working to determine the full nature, scope and any impacted data." She emphasized the incident did cause disruptions but applauded the IT staff for their rapid response.On March 22, The Record reported that Henry County, Ill., was hit by ransomware on March 18. Mat Schnepple, director of the emergency management office for Henry County, told The Record that the city forced systems offline and engaged law enforcement following the attack. Medusa claimed responsibility for the attack through its public leak site and demanded $500,000.Municipality attacks continueTarrant County in Texas suffered a ransomware attack on March 21 that it disclosed on March 22. The attack forced its website offline, so the city provided information through the City of Haslet, Texas. The statement confirmed Tarrant County suffered disruptions due to ransomware and that an investigation was ongoing.Fox 4 News reported that Vince Puente, chairman of the Tarrant Appraisal District, led an emergency meeting on March 25 where he revealed Medusa was behind the attack and demanded $700,000 to resume operations.Bernalillo County, N.M.,  disclosed it responded to a ransomware attack on March 15. Disruptions affected at least three district attorney's offices, according to the statement. Government officials implemented security measures in an attempt to limit the attack scope. "These measures include blocking suspicious email; disabling inbound network access from DAs offices; and disabling the public defender's office Wi-Fi at the Metropolitan Detention Center," Bernalillo County wrote in the statement.March's incident marked the county's second ransomware attack in two years. In June 2022, the Albuquerque Journal reported that the county's Metropolitan Detention Centre was forced to close due to ransomware.On March 16, Pensacola, Fla. experienced its second ransomware attack since 2019. City officials posted updates to its Facebook page beginning on March 18, confirming phone disruptions across all departments. On March 27, the city said phone systems were fully restored but online bill pay services remained down. On April 2, thee city confirmed the attack led to a data breach, though it is unclear what information and how many individuals are affected.Birmingham, Ala. experienced weeks of disruptions following an attack last month. Government officials disclosed in a Facebook post on March 6 that the city was experiencing a network disruption. While they confirmed emergency services were unaffected, some in-person and online services such as the 311-call center were down. A temporary number was established for the call center on March 22.On Tuesday, AL.com reported that outages continued, and Birmingham city officials were forced to continue using pen and paper to conduct business. The Birmingham-based news outlet also said "multiple officials" confirmed the network disruption was the result of ransomware.Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.
March 16, 2024
'Underinvestment In Cybersecurity Fuelling Cyber Attacks In SMEs Sector'
The absence of competent security operations staff at small and medium-sized businesses (SMBs) is the reason behind the surge in cyber attacks against them, a report has revealed.Findings of the report by cybersecurity firm, Sophos, revealed that nearly 50 per cent of malware detections for SMBs were keyloggers, spyware, and stealers, malware that attackers use to steal data and credentials.According to the report, hackers use stolen data to launch ransomware, blackmail victims, and obtain illegal remote access, among other things. While SMBs know the importance of data protection, they typically rely on a single software application or service for every function within their business, the report averred.“For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts.“There’s a reason that more than 90 per cent of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorised remote access, or simply data theft,” it explained.On the biggest cyberthreat to SMBs, Sophos said: “Out of the SMB cases handled by Sophos Incident Response (IR), which helps organisations under active attack, LockBit was the top ransomware gang wreaking havoc. Akira and BlackCat were second and third, respectively. SMBs studied in the report also faced attacks by lingering older and lesser-known ransomware, such as BitLocker and Crytox.“Ransomware operators continue to change ransomware tactics. This includes leveraging remote encryption and targeting managed service providers (MSPs). Between 2022 and 2023, the number of ransomware attacks that involve remote encryption—when attackers use an unmanaged device on organisations’ networks to encrypt files on other systems in the network—increased by 62 per cent.”After ransomware, Sophos said, business email compromise (BEC) attacks were the second-highest type of attack that SMBs faced in 2023.According to the report, these BEC attacks and other social engineering campaigns contain an increasing level of sophistication. Rather than simply sending an email with a malicious attachment, attackers are now more likely to engage with their targets by sending a series of conversational emails back and forth or even calling them. 
March 15, 2024
Big data needs big storage solutions - NZ Herald
Tape still best for storing the world’s colossal levels of data.It seems entirely out of sync that a product developed in the 1950s, is still king when it comes to housing the almost indescribable volume of data that needs to be stored in the 21st century with LTO tape.It may seem something of an anachronism, but it turns out one of the best media for long term data storage is the humble tape. However, today’s LTO tape storage systems bear little resemblance to those first introduced back in the 1950s, delivering capacity, security and cost advantages that can’t be ignored – not even by the world’s biggest cloud services providers.That’s according to Fujifilm New Zealand, where New Zealand General Manager, Imaging Solutions, Peter Bonisch says the data storage medium declared dead nearly two decades ago is alive, well, and has a lengthy future ahead of it.“Microsoft in 2006 said ‘tape is dead, disk is tape, flash is disk, and RAM locality the king,” notes Bonisch. “But in 2015, they updated that to ‘all cloud vendors will be using tape and will be using it at a level never seen before’.”By ‘disk is tape, and flash is disk’, Microsoft was referring to the then-rapid transition away from tape as a mass storage medium as hard disk drive capacities went up and costs came down (relative to the cost of disk, it must be noted, and not tape).But problems soon emerged: disk drives, sometimes deprecatingly called ‘spinning rust’, fail frequently. And even if capacities were shooting up, the laws of mathematics had something to say about the cost per gigabyte. Then, just like today, even cheap disk was far more expensive and required a lot more electricity than tape.While the ‘flash is disk’ part of the story refers to the emergence and subsequent popularisation of solid-state drives, SSDs are more expensive yet than their now practically obsolete electromechanical predecessors.Meanwhile, with the emergence of the cloud era, data creation went through the roof and keeps climbing into the stratosphere. Market researcher IDC notes that worldwide data volume is growing at a compound annual growth rate of 25 per cent, but IT spending lags far behind at 6.5 per cent growth.“What that means, in simple terms, is that organisations can’t keep up with data storage costs. They need to reorganise data into tiers to minimise the costs,” says Bonisch.Tiered storage isn’t a new idea and refers to placing data on an appropriate medium, depending on factors including frequency of access, performance requirements and value. “By classifying data and assigning it to different tiers, organisations optimise their IT architecture and storage costs,” he says.It’s horses for courses and into that course fits LTO – that’s Linear Tape Open, a common standard and specification for tape solutions which has a roadmap out to 2036. LTO is also known as Ultrium.If tape storage solutions sound terribly analogue, Bonisch dismisses the notion. “It is not analogue; LTO is a digital tape format using magnetic recording technology,” he says.It’s a digital solution which, in tiered architectures, slots in below the ‘RAM locality’ referred to by Microsoft in the opening paragraph (and by which Microsoft means ‘in memory’ data – information directly available to a processor and the person in front of a computer), SSD near-line storage, traditional disk or cloud archives, and the LTO as the ‘storage of last resort’.He’s made a case for LTO-stored data being far less costly than disk alternatives at the expense of the speed of access. Those aren’t wild claims, with TPC (Technology Provider Companies, which are Hewlett Packard Enterprise, IBM and Quantum) providing backing numbers showing a 70 to 74% reduction in costs for storing data over 10 years over local disk and cloud disk (local disk refers to on-premises disk storage systems, while cloud refers to data stored in major cloud service providers).Source: TCO Tool - Ultrium LTOThe calculations encompass energy consumption, egress charges (the cost of accessing data, in other words), capital costs, storage maintenance, and admin/maintenance.As one might imagine, with spiralling data volumes pushing the world towards nearly 200 zettabytes (a zettabyte equals a trillion gigabytes) of data, a 70 per cent-plus discount becomes attractive.There’s another trick up tape’s sleeve, beyond immortality and cost of ownership. LTO is secure by nature. Once written to the tape medium, the tape sits perfectly still, often unpowered, and isolated from the internet. This puts it completely outside of the reach of hackers, explains Bonisch.“LTO is a preferred choice for organisations with stringent data protection requirements as it includes built-in encryption capabilities and has an air gap.”An air gap refers to that physical isolation from the network. “Tape meets this requirement inherently as it disconnects on completion of the backup or archival process, providing an extra layer of protection against cyber threats like ransomware attacks.”That air gap also contributes to the lower dollar cost of operating tape storage subsystems and delivers a substantial sustainability advantage: Brad Johns Research notes that with no need for constant power, tape produces 97 per cent less CO2 than hard drives.Finally, Bonisch says leading technology providers are using tape because it simply works. “Microsoft is one of the biggest tape users in the world. It’s not only Microsoft, but other hyperscale cloud solution providers, social media companies, and the like. They’re introducing tape to their archiving and backup systems to efficiently manage massive and ever-expanding amounts of data.”For more information: www.fujifilm.com
February 19, 2024
FBI, British authorities seize infrastructure of LockBit ransomware group - CyberScoop
An international law enforcement operation on Monday seized servers and disrupted the infrastructure used by the LockBit ransomware syndicate, a government official confirmed to CyberScoop after websites used by the ransomware group displayed messages that they had been seized.An operation carried out by the Federal Bureau of Investigation and the UK’s National Crime Agency together with a range of international partners took control of a site used by LockBit to leak data belonging to its victims, the group’s file share service and communications server, various affiliate and support servers and a server for LockBit’s administrative panel, the government official said. The takedown is the latest in a string of FBI operations targeted at disrupting cybercrime and cyberespionage infrastructure around the world under Rule 41, a legal framework that enables the FBI to access computers across multiple jurisdictions and modify them. Last week, the agency announced the takedown of a Russian military intelligence-controlled botnet. In January, the FBI disrupted a Chinese botnet used to penetrate sensitive U.S. targets.LockBit first emerged in September 2019 and is believed to be the world’s most widely used ransomware variant.The takedown operation against LockBit raises questions about how lasting it will be. Previous operations against such groups have seen their operations temporarily disrupted only for the groups to return using new infrastructure. In December, the FBI seized some of ALPHV’s infrastructure, but the group “unseized it,” and a version of the site remains active.
February 15, 2024
How To Optimize Your Data Center Against Ransomware Attacks
Many strategies for fighting ransomware, like taking regular backups, are the same no matter where you host data — in the public cloud, in a private data center, or on-prem.However, companies that operate data centers can deploy some special practices that may reduce their risk of falling victim to ransomware attacks. When you control all aspects of your infrastructure and hosting facility, you can do things to mitigate ransomware threats that wouldn't be possible elsewhere.Related: 'Cactus' Ransomware Strikes Schneider ElectricTo that end, keep reading for a look at actionable strategies for mitigating ransomware risks in your data center.Basic Ransomware Mitigation StrategiesBefore diving into anti-ransomware strategies that apply to data centers in particular, let's discuss generic tips for preventing ransomware in any type of environment. Standard best practices include:Back up data: If you take regular backups of your data, you can restore from a backup following a ransomware attack instead of paying the ransom.Monitor for threats: Continuous monitoring can help you detect the presence of malware that ransomware attackers use to encrypt data, making it possible in some cases to stop the attack before your information is held for ransom.Educate users: Educating employees, customers, contractors, and other stakeholders about ransomware and related risks reduces the chances that someone will fall for a scam that results in the deployment of ransomware inside your IT estate.Minimize exposure: Practices like closing unnecessary network ports, following the principle of least privilege, and turning off extraneous workloads make it harder for threat actors to carry out ransomware attacks.Related: A Guide to Cloud Resilience: Maximize Security, Minimize DowntimeAgain, you can do these things anywhere, not just in environments hosted in private data centers.Stopping Ransomware in the Data CenterHowever, when you operate your own data center (or use a colocation facility) to host workloads, you can take additional measures to protect against ransomware — measures that would be challenging or impossible to take in most other environments.Air-gappingFor one, you can air-gap data and workloads. Air-gapping means disconnecting resources from the internet completely, which will totally prevent any network-born attacks. This is especially valuable in the context of ransomware protection because it means you can virtually guarantee that data backups won't be accessed by attackers, who sometimes seek to compromise backups so their victims can't recover data without paying the ransom.Air-gapping is not typically possible in the public cloud because there is no way to disconnect cloud resources from the network; the best you can do is place them on private networks that are not directly exposed to the internet but may still be exposed to attackers who already have a presence inside your environment. With a private data center, however, you have total control over your infrastructure, and you can physically disconnect data from the network if you wish.Offsite backupsPrivate data centers also make it easier to maintain offsite backups, meaning backup data that is stored in a physical location separate from the one that hosts production workloads. Offsite backups provide another line of defense against ransomware by ensuring that you have a secure set of information you can recover, even if your entire data center facility is compromised in an attack.While it's possible to create offsite backups from the public cloud by downloading backup data to a location of your choosing, you have to rely on the network to move the data, which can take a long time if you have lots of data to move. With your own data center, you can copy your data directly to storage media, then move the media to a location of your choosing.Digital twinningIn the context of data centers, a digital twin is a complete replication of an IT environment. Digital twins help protect against ransomware risks by providing an environment that organizations can switch to in order to maintain continuity if their primary environment is compromised through a ransomware attack.You can maintain digital twins in the public cloud if you wish, but doing so tends to be more expensive and complicated because it essentially doubles the volume of the cloud resources you pay for. You also have to implement a plan for switching from one cloud environment to your backup environment, which can be complex due to the many variables (like network rules and IAM policies) that are involved.In a data center, you can maintain a digital twin more cost-effectively by, for example, using older hardware to host the twinned environment. You also don't need to worry about adjusting configurations such as IAM rules to redirect requests to your backup environment in the wake of a ransomware attack.Physical securityRansomware attacks carried out by malicious insiders (such as employees) are an increasing risk. Here, private data centers offer the advantage of giving organizations more control over physical security, helping them to manage in a granular way who can access infrastructure and data inside.Physical security controls are excellent in the public cloud, too, but the difference is that if you use the public cloud, you have to entrust physical security to a third party, which can't guarantee that no malicious insiders are present in its facilities. In your own data center, you have full ability to manage access to the facility, as well as to monitor activities as a means of detecting ransomware risks and other threats.ConclusionIt would be wrong to conclude that data centers are inherently less prone to ransomware attacks. Like any setting, data centers can be and often are hit with ransomware. However, data center operators can take precautions against ransomware that are not practical in other types of environments. By adopting those measures, companies that use data centers to host their workloads gain a leg up in the fight against ransomware.
February 15, 2024
Ransomware disrupts utilities, infrastructure in January - TechTarget
Ransomware disrupted important U.S.-based utilities and services organizations in January, including a municipal water treatment organization, which is a sector that's become a growing target for attackers.The persistent ransomware threat continued last month following what many cybersecurity vendors and threat reports called a record year for ransomware in 2023. New victims emerged last month, but many of the targeted sectors and industries remained consistent from last year.Throughout January, ransomware impeded operations for victims in the government and critical infrastructure sectors, including water and wastewater treatment services. Last month, CISA published an incident response guide for water utilities warning that attacks "could cause cascading impacts across critical infrastructure." The guide also confirmed that the sector has already been hit by ransomware in recent years.On Jan. 19, Boston-based Veolia North America disclosed that ransomware had hit its municipal water division the previous week, affecting "some software applications and systems." In response to the attack, Veolia took its internal back-end systems offline, which disrupted customer access to the billing system. The water utilities company operates in 550 communities across North America.As of Jan. 19, Veolia said there was "no evidence" that the attack affected its water or wastewater treatment operations. However, the company said the personal information of a "limited number of individuals" was stolen. An investigation into the attack remains ongoing, and the incident forced Veolia to reexamine its cybersecurity posture."We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take to help prevent incidents of this kind in the future. We are putting our full resources behind these efforts," Veolia wrote in the statement.There were more public sector utilities and services disrupted last month. A ransomware attack on Jan. 21 against Bucks County in Pennsylvania temporarily disrupted the county's emergency communications database. The Akira ransomware group claimed responsibility for the attack, which rendered Bucks County's computer-aided dispatch (CAD) system inoperable for nine days. Law enforcement agencies, the fire department and ambulance services use the tool to record incident data, but the attack forced them to revert to pen and paper. Around 650,000 residents live in Bucks County and were able to make 911 calls despite the attack, but fallout was still substantial.On Feb. 7, the Bucks County Board of Commissioners approved contracts with cybersecurity forensic and legal firms and issued a Declaration of Disaster Emergency to help with restoration efforts. While CAD is now functional, the Board of Commissioners said the system requires additional rebuilding."The County did not engage in negotiations with those claiming responsibility for the attack, nor did it pay any ransom to restore functionality to its systems. Rather, the County's IT and Emergency Communications departments' meticulous cyber maintenance and backup practices were key to the system's quick restoration," Bucks County wrote in the statement.The Medusa ransomware group, which was highly active throughout 2023, claimed responsibility for an attack against the Kansas City Area Transportation Authority (KCATA) that occurred on Jan. 23. KCATA disclosed the attack on Jan. 24 and confirmed that it disrupted the regional RideKC call centers and landline service. However, transportation services remained operational. Customers looking to schedule a trip were redirected to new phone numbers while KCATA worked "around the clock" to restore systems. KCATA engaged the FBI and security professionals following the ransomware attack.Medusa's public data leak site also listed Denver-based nonprofit Water for People, which provides drinking water and sanitation services to communities in nine countries around the world. A Water for People spokesperson told cybersecurity news outlet The Record that the affected data predated 2021, and more importantly, the attack did not disrupt business operations.U.S. government agencies have issued multiple advisories of increasing threats against critical infrastructure organizations. Earlier this month, CISA, the National Security Agency and the FBI warned that a Chinese nation-state threat actor known as Volt Typhoon had compromised organizations in the communications, energy, transportation systems, and water and wastewater sectors. U.S. agencies also confirmed that the threat actor has been hiding in some victims' IT environments for at least five years to maintain access in preparation for any major conflict that could arise with the U.S.Education, financial services also hitRansomware did not spare the education sector last month. One particularly damaging attack occurred against Clackamas Community College in Oregon, which has an enrollment of more than 18,000 students. The Clackamas Print reported that authorities traced the attack to a Russian IP address.In a Facebook post on Jan. 21, Clackamas revealed that the incident began on Jan. 19 and shuttered online services, including its website, internal systems and ability to disburse financial aid. Because online services were affected, Clackamas canceled two days of classes, and teachers were instructed to push back assignment due dates for at least five days. The attack also coincided with the last day to drop winter classes, so that deadline was delayed.As of Feb. 12, some websites were restored. In response to the attack, students were asked to reset their passwords. The infamous LockBit ransomware group claimed responsibility for the attack on its public data leak site.One of the biggest attacks in January hit an enterprise in the financial sector. California-based mortgage lender LoanDepot disclosed an attack on Jan. 8 in a Securities and Exchange Commission filing, in which the company said the attack "included access to certain Company systems and the encryption of data."In a press release on Jan. 22, LoanDepot said it forced systems offline to contain the incident, but doing so disrupted and delayed many customer portals used for services and payments. LoanDepot also said it was still working to restore all services and that the attack affected a significant number of customers."Although its investigation is ongoing, the Company has determined that an unauthorized third party gained access to sensitive personal information of approximately 16.6 million individuals in its systems," LoanDepot wrote.Arielle Waldman is a Boston-based reporter covering enterprise security news.