May 13, 2024
Boeing Confirms LockBit Hackers Demanded $200 Million Ransom After 2023 Data Breach
Aerospace giant Boeing has confirmed that the LockBit ransomware gang demanded a staggering $200 million extortion payment after breaching the company’s network and stealing sensitive data in October 2023.In early November, the notorious Russia-linked cybercrime group published approximately 43 gigabytes of data allegedly stolen from Boeing’s IT systems, including backups of management software configurations, monitoring logs, and auditing tools. LockBit initially posted a 4GB sample of the stolen data in December, threatening to leak more if Boeing did not “cooperate.” The hackers dumped the full trove online when the company refused to engage.While 43GB represents a significant volume of information, some cybersecurity experts believe it may not reflect the full extent of data exfiltrated from Boeing’s network.“If they only got 43 GB of data from Boeing they obviously didn’t get very far into the Boeing network,” one researcher noted. “That’s barely a couple of lightly utilized laptop backups, or maybe one satellite office’s design data.”Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackersIn a statement, Boeing acknowledged Cyberscoop that “elements of our parts and distribution business” were impacted by the incident but asserted that it posed no threat to aircraft or flight safety. The company declined to comment further, citing an ongoing investigation in coordination with law enforcement.The $200 million ransom demand, one of the largest publicly known extortion attempts to date, was revealed in a U.S. Department of Justice indictment unsealed this week. Authorities identified a Russian national, Dmitry Yuryevich Khoroshev, as the mastermind behind the LockBit operation, which has reaped over $500 million from victims worldwide since emerging in late 2019.LockBit’s attack on Boeing, one of the world’s largest aerospace and defense contractors, underscores ransomware’s growing threat to even the most well-resourced organizations. “If multibillion-dollar companies cannot secure their networks, what chance do cash-strapped school districts have?” said Emsisoft threat analyst Brett Callow. “Governments really do need to rethink their counter-ransomware strategies.”On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
May 13, 2024
Cyber security focus: Ransomware attacks is a prominent threat for maritime - safety4sea
Cybersecurity in the maritime industry is becoming increasingly crucial as vessels, ports, and supply chains embrace digitalization. With the integration of IoT (Internet of Things) devices, automation, and interconnected systems, the sector faces a growing threat landscape that includes risks such as data breaches, ransomware attacks, and sabotage attempts.According to European Union Agency for cyber security, this shift is accompanied by a notable rise in cyberattacks targeting critical maritime infrastructure like ports and shipping firms, underscoring the necessity for enhanced focus and action on maritime cybersecurity.The report utilizes the ENISA Cybersecurity Threat Landscape Methodology, analyzing a total of 98 publicly reported incidents during the specified timeframe. Data collection primarily focuses on EU member states and extends to global incidents impacting the EU. Major incidents were identified through open-source intelligence (OSINT) and cyber threat intelligence capabilities.ENISA highlights that during the period of January 2021 to October 2022, the prime threats identified include:ransomware attacks (38%): a type of attack where threat actors take control of a target’s assets and demand a ransom in exchange for the return of the asset’s availabilitydata related threats (30%): Sources of data are being targeted with the aim of unauthorised access and disclosure and manipulating data to interfere with the behaviour of systems.malware (17%): Malware is an overarching term used to describe any software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality, integrity or availability of a system.denial-of-service (DoS), distributed denial-of-service (DDoS) and ransom denial-of-service (RDoS) attacks (16%): Availability is the target of a plethora of threats and attacks, among which DDoS stands out. DDoS attacks target system and data availability and, though not a new threat, have a significant role in the cybersecurity threat landscape of the transport sector.phishing / spear phishing (10%): Social engineering encompasses a broad range of activities that attempt to exploit a human error or human behaviour with the objective of gaining access to information or attacks (10%): A supply-chain attack targets the relationship between organisations and their suppliers.During the reporting period, the threat actors with the biggest impact on the sector were state-sponsored actors, cybercriminals and hacktivists. We observed the following trends:Ransomware attacks became the prominent threat against the sector in 2022. Ransomware has been steadily increasing and the transport sector has been affected similarly to the other sectors.Cybercriminals are responsible for the majority of attacks on the transport sector (54%), and they target all subsectors.Threat actors will increasingly conduct ransomware attacks with not only monetary motivations.The increased hacktivist activity targeting the transport sector is likely to continue.The increasing rate of DDoS attacks targeting the transport sector is likely to continue.The main targets of DDoS attacks by hacktivists are European airports, railways and transport authorities.During this reporting period, we did not receive reliable information on a cyberattack affecting the safety of transport.The majority of attacks on the transport sector target information technology (IT) systems. Operational disruptions can occur as a consequence of these attacks, but the operational technology (OT) systems are rarely being targeted.Ransomware groups will likely target and disrupt OT operations in the foreseeable future.According to the report, in 2022, ransomware attacks emerged as the primary threat to the sector, surpassing the data-related threats that dominated in 2021. Nevertheless, ransomware groups are still seen as opportunistic and not specifically targeting the transport sector more than others. Recent trends suggest no notable increase in ransomware attacks targeting transportation compared to other sectors. Ransomware incidents have been on the rise overall, affecting the transport sector in line with other industries.Credit: ENISAKey challenges to manage cyber security According to DNV, effectively managing cybersecurity in the dynamic and intricate energy sector is far from simple. The sector is experiencing significant digitalization, innovation, and shifts toward cleaner energy sources amid changing global demand and the impacts of conflict in Europe, which are influencing global energy prices and distribution patterns.#1 The ‘wait and see’ effect is holding back progress: Six in 10 C-suite respondents acknowledge, for example, that their organization is more vulnerable to attack than ever before, but far fewer (44%) expect to make urgent improvements in the next few years to prevent an attack.#2 The air gap is closing fast: When considering the risk of a cyber-attack on their industrial control systems, energy businesses have taken some comfort from the knowledge that their OT platforms have traditionally had an ‘air gap’ insulating them from the IT network.#3 A global shortage of expertise: In an unfolding cyber incident, where hackers have infiltrated the network and need to be contained, every second counts. It’s therefore concerning that just 31% of respondents assert confidently that they know exactly what to do if they became concerned about a potential cyber risk or unfolding attack.#4 Complex supply chains disguise critical vulnerabilities: Supply chains in the energy sector are global in scale and increasingly complex, relying on third and fourth parties whose cyber security systems and processes are harder to assess with certainty. Consequently, cyber security across the supply chain is an area in hich respondents are less confident than they need to be to protect their critical systems and data.Where we stand The issuance of the Navigation and Vessel Inspection Circular (NVIC) by the US Coast Guard (USCG) in March 2024 underscores the critical importance of cybersecurity in the maritime sector. With cyber incidents such as ransomware attacks, data breaches, and IT disruptions becoming the primary concern for companies globally, as highlighted in the Allianz Risk Barometer 2024, the maritime industry is not immune to these threats.As the maritime sector increasingly relies on digital technologies for navigation, communication, and operational efficiency, it becomes more vulnerable to cyber threats. A breach in cybersecurity could not only disrupt operations but also compromise the safety and security of vessels, crew, and cargo.Moreover, in the broader context outlined in the Global Risks Report, rapid technological change presents both opportunities and challenges. While advancements in technology enhance efficiency and connectivity, they also introduce new vulnerabilities and risks. Economic uncertainty, exacerbated by factors such as geopolitical tensions and climate change, further complicates the landscape.In conclusion, the transport sector faces an evolving cyber threat landscape characterized by ransomware’s increasing prominence and hacktivists’ use of DDoS attacks for geopolitical motives. As cyber threats become more complex and targeted, proactive cybersecurity measures and collaboration between transport stakeholders and cybersecurity professionals are imperative to mitigate risks and ensure the resilience of critical transportation infrastructure.
May 13, 2024
Healthcare System Ascension Confirms Ransomware Attack - Williamson Source
On May 8, one of the largest private healthcare systems, Ascension, detected unusual activity in their network systems, which was later determined caused by a ransomware attack.Systems that are currently unavailable include the electronic health records systems and various systems utilized to order certain tests, procedures and medications. Ascension hospitals and facilities remain open and are providing care. However, due to downtime procedures, several hospitals are currently on diversion for emergency medical services in order to ensure emergency cases are triaged immediately.An Ascension spokesperson released the latest update on May 11:“We continue to diligently investigate and address the recent ransomware incident, working closely with industry leading cybersecurity experts to assist in our investigation and restoration and recovery efforts. Additionally, we have notified law enforcement, as well as government partners including the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the American Hospital Association (AHA). We remain in close contact with the FBI and CISA, and we are sharing relevant threat intelligence with the Health Information Sharing and Analysis Center (H-ISAC) so that our industry partners and peers can take steps to protect themselves from similar incidents.While our restoration work continues in earnest, our focus is on restoring systems as safely as possible. While we expect this process will take time to complete, we are making progress and systems are being restored in a coordinated manner at each of our care sites. We will continue to share updates on our recovery process.”This is an ongoing situation.Please join our FREE Newsletter This article is a press release provided to the media for distribution.
May 13, 2024
Hackers Exploiting MS-SQL Severs To Deploy Mallox Ransomware - Cyber Security News
Information such as financial records, customer information, and intellectual property that may be sold on the black web markets is what MS-SQL servers commonly store. In addition, a hacked MS-SQL server can present an entry point into the organization’s network, from where ransomware can be deployed or other malicious activities can be carried out. Due to weak passwords, unpatched vulnerabilities, and misconfigurations in MS-SQL installations, threat actors using automated scanning and exploitation tools find them appealing.Recently, cybersecurity researchers at Sekoi discovered that hackers have been actively exploiting the MS-SQL servers to deploy Malloz ransomware.Technical AnalysisAn MS-SQL honeypot deployed on April 15th was swiftly compromised via brute-force attacking the weak “sa” account from XHost Internet Solution IPs, around 320 attempts per minute.Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackersPost-intrusion, the attackers leveraged MS-SQL exploits to deploy Mallox ransomware using PureCrypter. Investigating Mallox samples revealed two affiliate groups – one exploiting vulnerabilities, the other conducting broader system compromises.On April 15th at 2:17 pm, exploitation attempts began on the tampered MS-SQL honeypot from AS208091 IPs only hours after the initial “sa” account breach.When analyzing the logged attacker actions, two different recurring exploitation schemes were revealed. These schemes were likely executed using scripts or tools.By examining IoCs and TTPs, it was found that 19 out of many attempts identified a pair of separate patterns corresponding to one and the same intrusion set.Mallox deployment flow (Source – Sekoia)The MS-SQL exploitation attempts deployed payloads corresponding to PureCrypter, which downloaded files with random multimedia extensions containing encrypted .NET libraries. These libraries were Reflectively loaded, decrypting, and executing the next stage of PureCrypter payload that finally loaded the Mallox ransomware from its resources. PureCrypter employs evasion techniques like environment detection, privilege adjustments, and deflating or decrypting embedded resources. When PureCrypter failed, the attacker attempted direct Mallox deployment. PureCrypter uses protobuf definitions to store the encrypted Mallox executable under a randomized name like “Ydxhjxwf.exe”.Mallox is a notorious ransomware-as-a-service (RaaS) operation that distributes multiple variants of the Mallox ransomware, also known as Fargo, TargetCompany, etc. It accelerated attacks in late 2022 using double extortion, becoming one of the most distributed ransomware families in early 2023. Mallox operators exploit vulnerabilities in MS-SQL servers, brute-force weak credentials, and leverage phishing for initial access. Operated likely by former tier ransomware group members, Mallox transitioned to a RaaS model in mid-2022 with personas like “Mallx” and “RansomR” recruiting Russian-speaking affiliates on forums like RAMP. By mid-2022, the Mallox ransomware learned to use the double extortion technique of data exfiltration and publicizing stolen data. It then shifted to specialized negotiation sites on TOR and used a triple extortion strategy, reads the report.In 2022-2023, Mallox soiled its hands by heavily impacting Asian victims in various fields such as manufacturing and retail, despite claiming to avoid attacking Eastern Europe.Affected countries (Source – Sekoia)The website for releasing dumped information contained over 35 victims’ names. An analysis showed that MS-SQL gaps were exploited by “maestro” among the employees of Mallox during the initial compromise.On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
April 05, 2024
7 reasons why LTO won't die - Preferred Media
Magnetic tape was first used to record computer data way back in 1951. If you see the tape decks that feature in ‘computers’ in vintage movies, it’s hard to believe the medium is still around… let alone at the cutting edge of data storage. In fact, magnetic tape is thriving with strong sales of LTO Ultrium, the current de facto standard.Just like vintage fashions that won’t die (mom jeans, dad sneakers, bum bags anyone?) LTO might seem daggy and basic at first glance. It doesn’t have the shiny new excitement of cloud or other more marketable storage offerings. But it is very popular in the Australian production industry and with us. LTO is hard to beat as a long-term archive medium and here’s why:1.    LifespanLTO boasts an impressive 15 to 30-year lifespan. In comparison, HDDs are more volatile with a higher failure rate and a life expectancy of around 5 years.But buyer beware. The 30-year prediction only applies to tapes stored in a clean, controlled environment. With both temperature and humidity regulation. The ideal environmental conditions for LTO storage are 18°C and 40% relative humidity. (Luckily for us, we already have a custom-built film and tape vault).This is one of the reasons studios and networks list LTO as a deliverable. Also one reason it’s favoured by insurance companies.2.    It’s open formatLTO stands for Linear Tape-Open. ‘Open’ refers to ‘open standards’. That means that the tech is available for license by multiple vendors. LTO was developed by Certance (now Quantum), Hewlett Packard Enterprise, and IBM in the late 1990s. They created LTO to compete with existing proprietary formats of digital tape. The three companies form the LTO Consortium and they work together to manage the medium, certification and licensing.With multiple sources of media and drives, the format has resilience. Obsolescence doesn’t hinge on the success or failure of one manufacturer. Competition keeps prices in check. And affordable media is popular media, which is less likely to become an entry in the Museum of Obsolete Media.3.    There’s a roadmapWouldn’t it be great if you could see exactly what storage options will be available in 10 years’ time? Especially if you are pondering the capex outlay required for an LTO setup. Well, you can get a decent idea with the LTO Roadmap.The LTO Consortium publish a roadmap with predicted specs for future generations of tape, to provide certainty.Media format obsolescence is inevitable, but a roadmap makes it manageable. LTO drives are also mandated to be backwards compatible to at least one generation.Recent research shows that 330TB capacity cartridges are a real possibility. So the roadmap is not just wishful thinking.4.    The lowest error rateAll digital storage media are subject to error, but LTO is reportedly four orders of magnitude better than disk.5.    It’s secure tooOne of the beauties of tape, particularly as an archive medium, is its removability. Not a sexy quality at all. But very useful. It means that tape is portable, cartridges are easily stored offline or transported offsite. And storing tapes offline is a sure way to thwart sophisticated cyberattacks like ransomware. Ransomware attacks have more than doubled this year. As we saw from the attack on WPP in 2017, the threat is real. Especially for creative companies who not only rely on data for day-to-day operations but also create value in IP.Storing tapes offline also preserves files against glitches and accidental deletion. And LTO can be encrypted on-the-fly. In fact, IBM are developing protections against attack from computers that don’t even exist yet.6.    CapacityVideo files are only getting larger. So it’s handy that the current generation of tape is capable of storing up to 1600 HD movies per cartridge.Unfortunately, video files also don’t compress well. So the reported potential capacity of 30TB compressed doesn’t mean much to us. But 12TB per cartridge native for LTO-8 is not to be sniffed at.7.    Cost-effectiveAll the reliability and capacity in the world would mean nothing if LTO wasn’t affordable. That might sound miserly. But content creatives and audiovisual archives are facing the reality of growing data sizes every day. Technology marches on. Better cameras and more of them, higher shoot ratios, and higher resolution files. All multiplied across a growing archive of content… Add downward pressure on budgets and the bottom-line looms large.Individual tapes are cheap especially when compared to disk. But there are many factors to consider when calculating cost. It’s important to consider the total cost of ownership of a tape storage system:There is a large capex outlay to start. You will need hardware, software and media.You need people to manage the tape drives/libraries.Unlike disk, tapes are energy efficient because you don’t need to keep them kept powered up.On the other hand, air-conditioning and humidity regulation will add to the expense.But the cost per GB drops the more data you archive.LTO works for us because we already have the experts, the climate-controlled vault (with a solar installation), and the data volume. So happily we can pass those cost savings on to our clients.Other considerationsTape is far from dead – but there are some things to watch out for.What about speed?Tape doesn’t have the fast access speeds of HDDs or SSDs for retrieval. It is linear by nature and that is both its strength (allows for capacity) and its weakness (slower to access).But speed is not a deal breaker. We mostly use LTO for archive content that doesn’t require instant or frequent access. And with large files like media files, the random-access time issue is less relevant.Read and write speed is still good – especially compared to cloud offerings.Is Cloud a tape-killer?Tape has been proclaimed dead many times. Amazon Glacier and now Deep Glacier have been called ‘tape-killers’. Cloud storage is still the bright, shiny and new storage option. But upload and download speed along with restore fees mean that sometimes it promises more than it can deliver.We do use cloud in our storage mix, so we’re not knocking it. But Cloud hasn’t put an end to tape yet. Indeed, if you look behind the scenes at major cloud providers, you’ll often find a huge tape library. Although they have denied it, there are even whispers that Amazon built Glacier on tape. And Google and Microsoft Azure definitely use LTO tape.Is there a tape shortage?Despite having an accessible open standard, the number of LTO tape manufacturers has whittled down. From six in recent years to just two – Sony and Fujifilm. And it seems like each is trying to shrink the pool further – to just one supplier.The two recently settled a patent row over LTO-8 technology that saw imports banned and production halted on the latest version of tape. None were available up until recently. Suppliers introduced stopgap measures. LTO-7 ‘Type M’ tapes were created using LTO-8 standards to squeeze more capacity from LTO-7 tapes. This was an imperfect solution as it complicates lifecycles. Future LTO-9 drives will not be able to read the Type M tapes.The whole saga highlighted the weakness of relying on just two manufacturers. It goes to show that no type of media is completely secure. You can’t eliminate risk. The best you can do is mitigate it by combining different media in your storage mix. Or you can outsource the risk to a service provider to manage it for you.Is a tape-based storage system difficult to manage?The manual tape management processes are labour intensive. A level of technical knowledge is required. As Fujifilm states, tape systems require four elements – ‘software, hardware, media and people.’There is lifecycle management to consider. You’ll need to decide when to upgrade and plan regular migrations. If you don’t have an IT Admin to manage the tapes, or you do have an IT Admin but their time is spent better elsewhere, LTO may not be for you.Our LTO servicesWe love LTO for long-term archive. If you sign up to our digital archive or library service, you’ll always have a copy of your original data written to tape. Usually two copies, stored separately, depending on your plan.We also store clients’ own LTO tapes in our climate-controlled media vault in Lane Cove. Offsite tape vaulting is a great option if you have your own LTO infrastructure. You can keep a geographically separate copy, improve tape lifespan, and simply make space.If you’re interested in the benefits of LTO but don’t want the hassle of managing it, get in touch. We’re be happy to talk through our archive setup or recommend options to suit.
April 04, 2024
Ransomware attacks ravaged municipal governments in March - TechTarget
Ransomware attacks caused prolonged disruptions for several municipalities in March, impairing public services and forcing government workers to use pen and paper.Despite recent law enforcement actions, including a takedown operation against the LockBit ransomware gang in February, the threat continued last month. Municipalities took the brunt of attacks, with Medusa ransomware gang claiming responsibility for two of them. Following the attacks, cities and counties across the U.S. struggled to restore services; for some municipalities, it wasn't the first they were disrupted by ransomware.On March 26, government officials in Gilmer County, Ga., disclosed that multiple services were down following a ransomware attack. Officials posted a notice on the city's website to warn residents of the disruptions, though it has since been taken down. The Record reported that the notice stated the county "recently detected and responded to a ransomware incident and has taken affected systems offline." Officials warned residents to expect delays as the city worked to restore services. Gilmer has not released an official statement.One day prior, the police department for the City of St. Cloud, Fla., disclosed through Facebook that the city was experiencing a ransomware attack. While they confirmed 911 lines remained operational, residents were instructed to make payments to the city in cash only due to affected systems.The city posted additional information on the St. Cloud website, though it referred to the incident as a cyber attack and did not mention ransomware. The statement confirmed law enforcement was investigating the attack and that the city implemented additional measures to continue services while systems remained down. While the transfer station remained open and accepted cash payments, the Toho Water Authority's customer service office at City Hall was closed.Veronica Miller, St. Cloud city manager, issued an update on Tuesday that revealed the city was still "working to determine the full nature, scope and any impacted data." She emphasized the incident did cause disruptions but applauded the IT staff for their rapid response.On March 22, The Record reported that Henry County, Ill., was hit by ransomware on March 18. Mat Schnepple, director of the emergency management office for Henry County, told The Record that the city forced systems offline and engaged law enforcement following the attack. Medusa claimed responsibility for the attack through its public leak site and demanded $500,000.Municipality attacks continueTarrant County in Texas suffered a ransomware attack on March 21 that it disclosed on March 22. The attack forced its website offline, so the city provided information through the City of Haslet, Texas. The statement confirmed Tarrant County suffered disruptions due to ransomware and that an investigation was ongoing.Fox 4 News reported that Vince Puente, chairman of the Tarrant Appraisal District, led an emergency meeting on March 25 where he revealed Medusa was behind the attack and demanded $700,000 to resume operations.Bernalillo County, N.M.,  disclosed it responded to a ransomware attack on March 15. Disruptions affected at least three district attorney's offices, according to the statement. Government officials implemented security measures in an attempt to limit the attack scope. "These measures include blocking suspicious email; disabling inbound network access from DAs offices; and disabling the public defender's office Wi-Fi at the Metropolitan Detention Center," Bernalillo County wrote in the statement.March's incident marked the county's second ransomware attack in two years. In June 2022, the Albuquerque Journal reported that the county's Metropolitan Detention Centre was forced to close due to ransomware.On March 16, Pensacola, Fla. experienced its second ransomware attack since 2019. City officials posted updates to its Facebook page beginning on March 18, confirming phone disruptions across all departments. On March 27, the city said phone systems were fully restored but online bill pay services remained down. On April 2, thee city confirmed the attack led to a data breach, though it is unclear what information and how many individuals are affected.Birmingham, Ala. experienced weeks of disruptions following an attack last month. Government officials disclosed in a Facebook post on March 6 that the city was experiencing a network disruption. While they confirmed emergency services were unaffected, some in-person and online services such as the 311-call center were down. A temporary number was established for the call center on March 22.On Tuesday, reported that outages continued, and Birmingham city officials were forced to continue using pen and paper to conduct business. The Birmingham-based news outlet also said "multiple officials" confirmed the network disruption was the result of ransomware.Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.
March 16, 2024
'Underinvestment In Cybersecurity Fuelling Cyber Attacks In SMEs Sector'
The absence of competent security operations staff at small and medium-sized businesses (SMBs) is the reason behind the surge in cyber attacks against them, a report has revealed.Findings of the report by cybersecurity firm, Sophos, revealed that nearly 50 per cent of malware detections for SMBs were keyloggers, spyware, and stealers, malware that attackers use to steal data and credentials.According to the report, hackers use stolen data to launch ransomware, blackmail victims, and obtain illegal remote access, among other things. While SMBs know the importance of data protection, they typically rely on a single software application or service for every function within their business, the report averred.“For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts.“There’s a reason that more than 90 per cent of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorised remote access, or simply data theft,” it explained.On the biggest cyberthreat to SMBs, Sophos said: “Out of the SMB cases handled by Sophos Incident Response (IR), which helps organisations under active attack, LockBit was the top ransomware gang wreaking havoc. Akira and BlackCat were second and third, respectively. SMBs studied in the report also faced attacks by lingering older and lesser-known ransomware, such as BitLocker and Crytox.“Ransomware operators continue to change ransomware tactics. This includes leveraging remote encryption and targeting managed service providers (MSPs). Between 2022 and 2023, the number of ransomware attacks that involve remote encryption—when attackers use an unmanaged device on organisations’ networks to encrypt files on other systems in the network—increased by 62 per cent.”After ransomware, Sophos said, business email compromise (BEC) attacks were the second-highest type of attack that SMBs faced in 2023.According to the report, these BEC attacks and other social engineering campaigns contain an increasing level of sophistication. Rather than simply sending an email with a malicious attachment, attackers are now more likely to engage with their targets by sending a series of conversational emails back and forth or even calling them. 
March 15, 2024
Big data needs big storage solutions - NZ Herald
Tape still best for storing the world’s colossal levels of data.It seems entirely out of sync that a product developed in the 1950s, is still king when it comes to housing the almost indescribable volume of data that needs to be stored in the 21st century with LTO tape.It may seem something of an anachronism, but it turns out one of the best media for long term data storage is the humble tape. However, today’s LTO tape storage systems bear little resemblance to those first introduced back in the 1950s, delivering capacity, security and cost advantages that can’t be ignored – not even by the world’s biggest cloud services providers.That’s according to Fujifilm New Zealand, where New Zealand General Manager, Imaging Solutions, Peter Bonisch says the data storage medium declared dead nearly two decades ago is alive, well, and has a lengthy future ahead of it.“Microsoft in 2006 said ‘tape is dead, disk is tape, flash is disk, and RAM locality the king,” notes Bonisch. “But in 2015, they updated that to ‘all cloud vendors will be using tape and will be using it at a level never seen before’.”By ‘disk is tape, and flash is disk’, Microsoft was referring to the then-rapid transition away from tape as a mass storage medium as hard disk drive capacities went up and costs came down (relative to the cost of disk, it must be noted, and not tape).But problems soon emerged: disk drives, sometimes deprecatingly called ‘spinning rust’, fail frequently. And even if capacities were shooting up, the laws of mathematics had something to say about the cost per gigabyte. Then, just like today, even cheap disk was far more expensive and required a lot more electricity than tape.While the ‘flash is disk’ part of the story refers to the emergence and subsequent popularisation of solid-state drives, SSDs are more expensive yet than their now practically obsolete electromechanical predecessors.Meanwhile, with the emergence of the cloud era, data creation went through the roof and keeps climbing into the stratosphere. Market researcher IDC notes that worldwide data volume is growing at a compound annual growth rate of 25 per cent, but IT spending lags far behind at 6.5 per cent growth.“What that means, in simple terms, is that organisations can’t keep up with data storage costs. They need to reorganise data into tiers to minimise the costs,” says Bonisch.Tiered storage isn’t a new idea and refers to placing data on an appropriate medium, depending on factors including frequency of access, performance requirements and value. “By classifying data and assigning it to different tiers, organisations optimise their IT architecture and storage costs,” he says.It’s horses for courses and into that course fits LTO – that’s Linear Tape Open, a common standard and specification for tape solutions which has a roadmap out to 2036. LTO is also known as Ultrium.If tape storage solutions sound terribly analogue, Bonisch dismisses the notion. “It is not analogue; LTO is a digital tape format using magnetic recording technology,” he says.It’s a digital solution which, in tiered architectures, slots in below the ‘RAM locality’ referred to by Microsoft in the opening paragraph (and by which Microsoft means ‘in memory’ data – information directly available to a processor and the person in front of a computer), SSD near-line storage, traditional disk or cloud archives, and the LTO as the ‘storage of last resort’.He’s made a case for LTO-stored data being far less costly than disk alternatives at the expense of the speed of access. Those aren’t wild claims, with TPC (Technology Provider Companies, which are Hewlett Packard Enterprise, IBM and Quantum) providing backing numbers showing a 70 to 74% reduction in costs for storing data over 10 years over local disk and cloud disk (local disk refers to on-premises disk storage systems, while cloud refers to data stored in major cloud service providers).Source: TCO Tool - Ultrium LTOThe calculations encompass energy consumption, egress charges (the cost of accessing data, in other words), capital costs, storage maintenance, and admin/maintenance.As one might imagine, with spiralling data volumes pushing the world towards nearly 200 zettabytes (a zettabyte equals a trillion gigabytes) of data, a 70 per cent-plus discount becomes attractive.There’s another trick up tape’s sleeve, beyond immortality and cost of ownership. LTO is secure by nature. Once written to the tape medium, the tape sits perfectly still, often unpowered, and isolated from the internet. This puts it completely outside of the reach of hackers, explains Bonisch.“LTO is a preferred choice for organisations with stringent data protection requirements as it includes built-in encryption capabilities and has an air gap.”An air gap refers to that physical isolation from the network. “Tape meets this requirement inherently as it disconnects on completion of the backup or archival process, providing an extra layer of protection against cyber threats like ransomware attacks.”That air gap also contributes to the lower dollar cost of operating tape storage subsystems and delivers a substantial sustainability advantage: Brad Johns Research notes that with no need for constant power, tape produces 97 per cent less CO2 than hard drives.Finally, Bonisch says leading technology providers are using tape because it simply works. “Microsoft is one of the biggest tape users in the world. It’s not only Microsoft, but other hyperscale cloud solution providers, social media companies, and the like. They’re introducing tape to their archiving and backup systems to efficiently manage massive and ever-expanding amounts of data.”For more information:
February 19, 2024
FBI, British authorities seize infrastructure of LockBit ransomware group - CyberScoop
An international law enforcement operation on Monday seized servers and disrupted the infrastructure used by the LockBit ransomware syndicate, a government official confirmed to CyberScoop after websites used by the ransomware group displayed messages that they had been seized.An operation carried out by the Federal Bureau of Investigation and the UK’s National Crime Agency together with a range of international partners took control of a site used by LockBit to leak data belonging to its victims, the group’s file share service and communications server, various affiliate and support servers and a server for LockBit’s administrative panel, the government official said. The takedown is the latest in a string of FBI operations targeted at disrupting cybercrime and cyberespionage infrastructure around the world under Rule 41, a legal framework that enables the FBI to access computers across multiple jurisdictions and modify them. Last week, the agency announced the takedown of a Russian military intelligence-controlled botnet. In January, the FBI disrupted a Chinese botnet used to penetrate sensitive U.S. targets.LockBit first emerged in September 2019 and is believed to be the world’s most widely used ransomware variant.The takedown operation against LockBit raises questions about how lasting it will be. Previous operations against such groups have seen their operations temporarily disrupted only for the groups to return using new infrastructure. In December, the FBI seized some of ALPHV’s infrastructure, but the group “unseized it,” and a version of the site remains active.
February 15, 2024
How To Optimize Your Data Center Against Ransomware Attacks
Many strategies for fighting ransomware, like taking regular backups, are the same no matter where you host data — in the public cloud, in a private data center, or on-prem.However, companies that operate data centers can deploy some special practices that may reduce their risk of falling victim to ransomware attacks. When you control all aspects of your infrastructure and hosting facility, you can do things to mitigate ransomware threats that wouldn't be possible elsewhere.Related: 'Cactus' Ransomware Strikes Schneider ElectricTo that end, keep reading for a look at actionable strategies for mitigating ransomware risks in your data center.Basic Ransomware Mitigation StrategiesBefore diving into anti-ransomware strategies that apply to data centers in particular, let's discuss generic tips for preventing ransomware in any type of environment. Standard best practices include:Back up data: If you take regular backups of your data, you can restore from a backup following a ransomware attack instead of paying the ransom.Monitor for threats: Continuous monitoring can help you detect the presence of malware that ransomware attackers use to encrypt data, making it possible in some cases to stop the attack before your information is held for ransom.Educate users: Educating employees, customers, contractors, and other stakeholders about ransomware and related risks reduces the chances that someone will fall for a scam that results in the deployment of ransomware inside your IT estate.Minimize exposure: Practices like closing unnecessary network ports, following the principle of least privilege, and turning off extraneous workloads make it harder for threat actors to carry out ransomware attacks.Related: A Guide to Cloud Resilience: Maximize Security, Minimize DowntimeAgain, you can do these things anywhere, not just in environments hosted in private data centers.Stopping Ransomware in the Data CenterHowever, when you operate your own data center (or use a colocation facility) to host workloads, you can take additional measures to protect against ransomware — measures that would be challenging or impossible to take in most other environments.Air-gappingFor one, you can air-gap data and workloads. Air-gapping means disconnecting resources from the internet completely, which will totally prevent any network-born attacks. This is especially valuable in the context of ransomware protection because it means you can virtually guarantee that data backups won't be accessed by attackers, who sometimes seek to compromise backups so their victims can't recover data without paying the ransom.Air-gapping is not typically possible in the public cloud because there is no way to disconnect cloud resources from the network; the best you can do is place them on private networks that are not directly exposed to the internet but may still be exposed to attackers who already have a presence inside your environment. With a private data center, however, you have total control over your infrastructure, and you can physically disconnect data from the network if you wish.Offsite backupsPrivate data centers also make it easier to maintain offsite backups, meaning backup data that is stored in a physical location separate from the one that hosts production workloads. Offsite backups provide another line of defense against ransomware by ensuring that you have a secure set of information you can recover, even if your entire data center facility is compromised in an attack.While it's possible to create offsite backups from the public cloud by downloading backup data to a location of your choosing, you have to rely on the network to move the data, which can take a long time if you have lots of data to move. With your own data center, you can copy your data directly to storage media, then move the media to a location of your choosing.Digital twinningIn the context of data centers, a digital twin is a complete replication of an IT environment. Digital twins help protect against ransomware risks by providing an environment that organizations can switch to in order to maintain continuity if their primary environment is compromised through a ransomware attack.You can maintain digital twins in the public cloud if you wish, but doing so tends to be more expensive and complicated because it essentially doubles the volume of the cloud resources you pay for. You also have to implement a plan for switching from one cloud environment to your backup environment, which can be complex due to the many variables (like network rules and IAM policies) that are involved.In a data center, you can maintain a digital twin more cost-effectively by, for example, using older hardware to host the twinned environment. You also don't need to worry about adjusting configurations such as IAM rules to redirect requests to your backup environment in the wake of a ransomware attack.Physical securityRansomware attacks carried out by malicious insiders (such as employees) are an increasing risk. Here, private data centers offer the advantage of giving organizations more control over physical security, helping them to manage in a granular way who can access infrastructure and data inside.Physical security controls are excellent in the public cloud, too, but the difference is that if you use the public cloud, you have to entrust physical security to a third party, which can't guarantee that no malicious insiders are present in its facilities. In your own data center, you have full ability to manage access to the facility, as well as to monitor activities as a means of detecting ransomware risks and other threats.ConclusionIt would be wrong to conclude that data centers are inherently less prone to ransomware attacks. Like any setting, data centers can be and often are hit with ransomware. However, data center operators can take precautions against ransomware that are not practical in other types of environments. By adopting those measures, companies that use data centers to host their workloads gain a leg up in the fight against ransomware.
February 15, 2024
Ransomware disrupts utilities, infrastructure in January - TechTarget
Ransomware disrupted important U.S.-based utilities and services organizations in January, including a municipal water treatment organization, which is a sector that's become a growing target for attackers.The persistent ransomware threat continued last month following what many cybersecurity vendors and threat reports called a record year for ransomware in 2023. New victims emerged last month, but many of the targeted sectors and industries remained consistent from last year.Throughout January, ransomware impeded operations for victims in the government and critical infrastructure sectors, including water and wastewater treatment services. Last month, CISA published an incident response guide for water utilities warning that attacks "could cause cascading impacts across critical infrastructure." The guide also confirmed that the sector has already been hit by ransomware in recent years.On Jan. 19, Boston-based Veolia North America disclosed that ransomware had hit its municipal water division the previous week, affecting "some software applications and systems." In response to the attack, Veolia took its internal back-end systems offline, which disrupted customer access to the billing system. The water utilities company operates in 550 communities across North America.As of Jan. 19, Veolia said there was "no evidence" that the attack affected its water or wastewater treatment operations. However, the company said the personal information of a "limited number of individuals" was stolen. An investigation into the attack remains ongoing, and the incident forced Veolia to reexamine its cybersecurity posture."We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take to help prevent incidents of this kind in the future. We are putting our full resources behind these efforts," Veolia wrote in the statement.There were more public sector utilities and services disrupted last month. A ransomware attack on Jan. 21 against Bucks County in Pennsylvania temporarily disrupted the county's emergency communications database. The Akira ransomware group claimed responsibility for the attack, which rendered Bucks County's computer-aided dispatch (CAD) system inoperable for nine days. Law enforcement agencies, the fire department and ambulance services use the tool to record incident data, but the attack forced them to revert to pen and paper. Around 650,000 residents live in Bucks County and were able to make 911 calls despite the attack, but fallout was still substantial.On Feb. 7, the Bucks County Board of Commissioners approved contracts with cybersecurity forensic and legal firms and issued a Declaration of Disaster Emergency to help with restoration efforts. While CAD is now functional, the Board of Commissioners said the system requires additional rebuilding."The County did not engage in negotiations with those claiming responsibility for the attack, nor did it pay any ransom to restore functionality to its systems. Rather, the County's IT and Emergency Communications departments' meticulous cyber maintenance and backup practices were key to the system's quick restoration," Bucks County wrote in the statement.The Medusa ransomware group, which was highly active throughout 2023, claimed responsibility for an attack against the Kansas City Area Transportation Authority (KCATA) that occurred on Jan. 23. KCATA disclosed the attack on Jan. 24 and confirmed that it disrupted the regional RideKC call centers and landline service. However, transportation services remained operational. Customers looking to schedule a trip were redirected to new phone numbers while KCATA worked "around the clock" to restore systems. KCATA engaged the FBI and security professionals following the ransomware attack.Medusa's public data leak site also listed Denver-based nonprofit Water for People, which provides drinking water and sanitation services to communities in nine countries around the world. A Water for People spokesperson told cybersecurity news outlet The Record that the affected data predated 2021, and more importantly, the attack did not disrupt business operations.U.S. government agencies have issued multiple advisories of increasing threats against critical infrastructure organizations. Earlier this month, CISA, the National Security Agency and the FBI warned that a Chinese nation-state threat actor known as Volt Typhoon had compromised organizations in the communications, energy, transportation systems, and water and wastewater sectors. U.S. agencies also confirmed that the threat actor has been hiding in some victims' IT environments for at least five years to maintain access in preparation for any major conflict that could arise with the U.S.Education, financial services also hitRansomware did not spare the education sector last month. One particularly damaging attack occurred against Clackamas Community College in Oregon, which has an enrollment of more than 18,000 students. The Clackamas Print reported that authorities traced the attack to a Russian IP address.In a Facebook post on Jan. 21, Clackamas revealed that the incident began on Jan. 19 and shuttered online services, including its website, internal systems and ability to disburse financial aid. Because online services were affected, Clackamas canceled two days of classes, and teachers were instructed to push back assignment due dates for at least five days. The attack also coincided with the last day to drop winter classes, so that deadline was delayed.As of Feb. 12, some websites were restored. In response to the attack, students were asked to reset their passwords. The infamous LockBit ransomware group claimed responsibility for the attack on its public data leak site.One of the biggest attacks in January hit an enterprise in the financial sector. California-based mortgage lender LoanDepot disclosed an attack on Jan. 8 in a Securities and Exchange Commission filing, in which the company said the attack "included access to certain Company systems and the encryption of data."In a press release on Jan. 22, LoanDepot said it forced systems offline to contain the incident, but doing so disrupted and delayed many customer portals used for services and payments. LoanDepot also said it was still working to restore all services and that the attack affected a significant number of customers."Although its investigation is ongoing, the Company has determined that an unauthorized third party gained access to sensitive personal information of approximately 16.6 million individuals in its systems," LoanDepot wrote.Arielle Waldman is a Boston-based reporter covering enterprise security news.
February 15, 2024
2023 Ransomware Payments Hit $1.1B Record - InformationWeek
It seemed that the tide had turned in the ransomware landscape in 2022. Reports showed a declining numbers of attacks and more victims refusing to pay. But in 2023, ransomware activity surged. Ransomware gangs successful extorted a record $1.1 billion in cryptocurrency payments from victims, according to a report from blockchain analysis firm Chainanalysis.What factors drove the upswing in ransomware activity? And following a year of record payments, what can enterprise security leaders expect in the ransomware landscape of 2024?The Top Threat ActorsRansomware remains a lucrative business for cybercriminals, and the barrier to entry is relatively low. Threat actors can seek easily exploitable vulnerabilities or opt to pay for ransomware-as-a-service. While the volume of attacks is significant, several notorious groups take the lead as repeat offenders.“LockBit we see … almost 25% of all ransomware attacks are from that group,” Jonathan Braley, director of threat intelligence at the Information Technology-Information Sharing and Analysis Center (IT-ISAC), tells InformationWeek. “So, every week we’re seeing 10 to a dozen attacks coming just from LockBit.”Taiwan Semiconductor Manufacturing Company (TSMC) and IT products and services company CDW were among LockBit’s victims in 2023. The group demanded $70 million from TSMC and $80 million from CDW. In 2024, the group claimed responsibility for attacks on Saint Anthony Hospital and Lurie Children’s Hospital in Chicago.Related:China's Volt Typhoon Found Lurking in Critical Infrastructure for YearsThe Clop Ransomware Gang was also a big player last year. The group was linked to the MOVEit breach, which impacted thousands of organizations and millions of people, according to software company Emsisoft.ALPHV/Blackcat was another prominent player in 2023. The group made waves in the fall when it reported one of its breach victims to the US Securities and Exchange Commission (SEC) for not disclosing the breach. In December, the Justice Department announced that the FBI developed and offered a decryption tool to more than 500 ALPHV/Black Cat victims. The disruption campaign saved victims approximately $68 million in ransom demands.“You’re seeing some wins on the law enforcement side to help to degrade the ability of these groups to operate there effectively as they have been,” says Craig Hoffman, partner and cybersecurity team leader at law firm BakerHostetler.While law enforcement works to disrupt ransomware activity, threat actors continue to evolve.“Originally, when ransomware started it was quite disjointed, but I believe that the actors have become more streamlined. I think they’re working closer together,” Andrew Costis, chapter lead of the adversary research team at AttackIQ, a security optimization platform, shares.Related:Expect the Unexpected: How to Reduce Zero-Day RiskThreat actors are also increasingly leveraging data exfiltration as a means of extortion and profit: pushing companies to pay ransoms to prevent publication of sensitive data or selling that sensitive data.Richard Caralli, senior cybersecurity advisor at Axio, a cybersecurity performance management company, points out that major cyberattacks on companies like MGM and 23andMe in 2023 involved data exfiltration. “It’s far more lucrative for these groups on the dark web, selling it or using it for future attacks, than I think we’re giving them credit for,” he says.The Popular Attack VectorsRansomware groups do not necessarily need to pursue the most sophisticated techniques to gain access and exploit their victims. Social engineering and phishing tactics have proved effective. “We’re not giving enough attention to the basic fundamental practices and fundamental controls,” says Caralli.Threat actors are also exploiting zero-day vulnerabilities, like the one in the MOVEit file transfer tool, to execute ransomware attacks.Related:Sign Up for InformationWeek's New Cyber Resilience NewsletterWhile ransomware groups are more than happy to pick the low-hanging fruit, they are also finding new ways to execute their attacks.“They’re switching to different programming languages, so using things like Rust,” Braley explains. “They can go after macOS, they can go after Linux. They can go after potentially even some of these mobile operating systems as well.”Threat actors are also leveraging more advanced social engineering tactics, according to Costis. “So, for example, multifactor authentication [MFA] fatigue attacks or SMS phishing rather than traditional email phishing. Obviously, AI and generative AI are starting to play into this as well,” he says.The Worst-Hit Ransomware VictimsRansomware groups are financially motivated; their activity tends to be opportunistic.“If you’re connected to the internet and you use a VPN that bad guys know to be vulnerable, they will just scan the internet look for that VPN,” says Hoffman. “In a way, they don’t care who they find as long as they find someone they can attack that [becomes] someone who might pay them.”Ransomware attacks are reported in many different sectors, ranging across finance, health care, education, government, and more. IT-ISAC tracks ransomware activity across critical US sectors. “Critical manufacturing is typically number one, sitting around 15 percent,” says Braley.Critical infrastructure victims may be more likely to pay because they cannot afford downtime, and they offer threat actors the tantalizing possibility of valuable data. “I think we might start seeing more targeted ransomware attacks … in the future,” says Costis.In December 2023, a group affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC) hacked a municipal water authority in Pennsylvania. The month prior, a water utility in Texas was hit with a ransomware attack.“To some degree, that is about disrupting operations and putting fear out there,” says Caralli.A Continuing TrendIn 2024 thus far, Comparitech has tracked more than 60 ransomware attacks across the business, education, government, and healthcare sectors. Braley shares that IT-ISAC has seen 185 attacks in January, up from 120 attacks last January. What could enterprise leaders expect to see as ransomware activity continues?Dual ransomware is a growing concern. “No sooner has a company paid out a ransom and then they’ll get infected by a different variant. So, we might see an uptick in that,” says Costis. Threat actors will likely continue to execute social engineering campaigns and look for zero-day vulnerabilities to exploit. The increasing use of AI could power more sophisticated attacks. Ransomware groups may also increasingly target hypervisors.“If groups start focusing more on virtual environments -- and those are sometimes less hardened than other parts of a company’s network -- you may see, at least temporarily until companies adapt, more impactful ransomware events,” says Hoffman.Public company compliance with the SEC’s cybersecurity incident reporting rule that went into effect in December 2023 may shed more light on ransomware activity. More visibility and continued threat actor activity could mean that we will see a new record amount of known victim payments. “I would not be shocked if we get another report by the end of the year or this time next year with a much higher … figure,” says Costis.Yet, there is hope for enterprises and the cybersecurity community. Basic cyber hygiene, patch management, and access control can go a long way toward mitigating the risk of ransomware. “We should see companies being more resilient and needing to pay less often,” says Hoffman.While 2023 was a record year for ransomware payments, Hoffman shares a positive trend seen in his work. “In 2022, in our ransomware matters, our clients paid about 40% of the time, and that was kind of split between our smaller clients paying for a decryptor and our larger clients paying to prevent publication,” Hoffman shares. “In 2023, we dropped; our clients paid about 25% of the time.”
February 09, 2024
Rediscovering tape storage: The unconventional innovation for modern data challenges
Matt Ninesling, Senior Director of Tape Portfolio Management, Spectra Logic, highights the secure and sustainable nature of tape storage and why its steady resurgence shouldn’t be ignored amid data explosion requirements.Matt Ninesling, Senior Director of Tape Portfolio Management, Spectra LogicData is relentlessly expanding and is slated to reach a staggering 175+ zettabytes by 2025. The unprecedented storm of data generation in recent years has left many organisations seeking more scalable and cost-effective storage solutions. Amid this data deluge, traditional tape storage technology has always provided safe harbour, offering unparalleled advantages in scalability, security and sustainability. But through recent innovation and adaptability, modern tape storage solutions are helping organisations navigate the ocean of data to be protected and preserved in new ways.From humble beginnings as magnetic tape reels in the early days of computing, tape technology has undergone a transformation, evolving in formulations, read/write mechanisms and storage densities. Today, as a testament to its resilience and adaptability, tape remains a cornerstone in long-term data retention and security.Tape meets growing AI storage demandsOne of the key drivers behind the resurgence of tape technology is its inherent ability to accommodate vast volumes of information, making it an ideal storage solution for Artificial Intelligence (AI) initiatives. Multi-petabyte archives are becoming standard as AI increasingly drives every aspect of business, research and development. Modern Linear Tape-Open (LTO) technology, for instance, offers up to 19TB of data storage per cartridge in its latest generation. Moreover, offerings such as IBM’s TS1170 take it a step further, providing 50TB of native storage capacity and up to 150TB of compressed format capacity per cartridge.When compared to other storage methods such as disk and cloud, tape not only maintains its cost-competitive edge but is also the dominant leader in affordability due to new developments in tape density.While disk-based storage systems cater to the instantaneous demands of real-time operations, tape’s role as a secondary or tertiary storage tier meets the need to store AI training data and outputs for the long term. Preservation of training data is crucial given recent lawsuits over the use of copyrighted materials for AI models and defamation litigation in response to false information generated by AI chatbots. Moreover, these long-term archives must be accessible and searchable. The introduction of S3-compatible object-based tape makes today’s tape technology the ideal building block for such archives. Object-based tape is highly scalable, searchable and can even be tagged for future retrieval. In the case of catastrophic data loss or corruption, AI training data archived on tape provides for a reliable means of recovery. Tape can be stored offline, making it less susceptible to accidental deletions through true air-gapped protection. Archiving AI training data on tape also ensures data remains intact and can be successfully retrieved if, and when, it is needed.The role of tape in cybersecurityAnother significant factor propelling the resurgence of tape technology is the escalating importance of data security. Amid the increasing frequency and sophistication of ransomware attacks, tape’s offline nature provides a robust defence, making it an invaluable asset across diverse sectors.AI is expected to heighten the near-term impact of the global ransomware threat. Over the next two years, organisations can expect with an almost certain likelihood that AI will increase the volume and impact of cyberattacks, as reported by the UK’s National Security Centre. As threat actors are able to analyse exfiltrated data faster and more effectively, the assessment predicts they will use this data to train AI models to enhance existing tactics, techniques and procedures.Tape storage technology, with its air-gapped nature, provides the most resilient layer of protection against such threats, ensuring that the data remains secure and accessible in the event of an attack. Modern tape solutions that incorporate an object storage interface are particularly useful as a secondary storage target for S3-compatible applications. A mainspring of modern data protection, object-based tape allows organisations to maintain traditional methods of backup while simultaneously deploying S3-compatible applications in a single infrastructure. The technology is often seen in large backup environments leveraging cloud-based APIs, where tape serves as a cost-effective repository for storing cold data at scale.Tape as a pillar of complianceCompliance with long-term retention requirements is crucial for businesses today. The focus is on ensuring that records, whether related to architecture or performance, can withstand the test of time and iterations.Mandates for compliance are typically instated by top-level executives such as a compliance officer, CIO, or security manager. These mandates may involve the retention of critical records, especially for industries where changes to formulations or architectures need to be preserved for legal reasons. For example, companies like Coca-Cola will often implement long-term data retention mandates to preserve previous formulations offline and protected, ensuring records can be accessed into the future in the event of litigation but remain shielded from unauthorised access.The decision to retain data for an extended period is not arbitrary; it involves evaluating the value of the data to the company. The length of retention is directly proportional to the significance and utility of the data for the business.Tape’s longevity makes it the ideal technology for retaining data for extended periods. The advantages of tape storage include Write Once Read Many (WORM) functionality, air-gapped security and the ability to be taken offsite for added protection. Furthermore, to ensure minimal data degradation over time, modern tape offerings feature greater data integrity and reliability by incorporating error correction codes and automated data integrity verification checks.Sustainability in data storageThe energy consumption of data centres is a pressing global concern, with data centres consuming approximately 200 terawatt-hours of electricity annually. Tape storage’s minimal power consumption and reduced cooling requirements provide a more sustainable alternative to disk-based storage systems, delivering significant savings in electricity usage and contributing to a reduction in CO2 emissions.Tape technology’s durability and cost-effectiveness make it an attractive proposition for organisations seeking long-term data retention solutions that are not only reliable and secure but also environmentally friendly.The road aheadTape storage technology’s adaptability, resilience and enduring relevance make it a worthy contender in the data storage arena. Moreover, when it comes to storing large amounts of infrequently accessed data for the long term, tape is in fact the undeniable leader. Whether it’s managing the surge of Big Data, safeguarding against cybersecurity threats, ensuring regulatory compliance, or championing sustainability, tape storage continues to thrive, demonstrating its timeless value.The horizon promises even more sophisticated tape solutions, hinting at greater storage capacities, enhanced data transfer speeds and strengthened data integrity checks. Modern tape storage technology, with its ability to complement big data analytics, fortify cybersecurity defences, meet compliance mandates and contribute to a greener planet, underscores a compelling truth – sometimes, the tried-and-true ways prove to be the most successful.Click below to share this article
February 13, 2024
WORM Functionality – Understanding its Importance in Data Storage - Tycoonstory Media
In our digital world, keeping data safe is crucial. WORM functionality (Write Once, Read Many) helps by ensuring that data, once written, cannot be changed. This article explains why WORM is important, how it’s used, its benefits, and challenges. Let’s explore why WORM matters in data security.Understanding WORM FunctionalityWORM functionality embodies the principle of immutability, whereby data can be written to a storage medium only once and subsequently accessed multiple times for reading purposes. Once it’s written, the data becomes impervious to alteration, deletion, or tampering. That ensures an effective creation of a digital seal of authenticity. This attribute is particularly invaluable in industries governed by strict regulatory frameworks, like finance, healthcare, legal, and archival sectors.The Implementation of WORM TechnologyImplementing WORM functionality encompasses a spectrum of storage technologies, each offering unique advantages and considerations. Historically, optical disks like CD-R and DVD-R served as the primary medium for WORM storage, owing to their innate write-once nature. However, with the evolution of sophisticated storage solutions, including tape drives, specialized disk arrays, and cloud-based platforms, WORM functionality has transcended traditional boundaries and embraced modern architectures.Contemporary WORM implementations often rely on software-based mechanisms integrated into storage arrays or cloud platforms, facilitating seamless integration with existing IT infrastructures. This software-driven approach enhances flexibility and scalability, and that’s not all! It also enables organizations to adapt to evolving regulatory requirements and technological advancements.Applications of WORM FunctionalityThe versatility of WORM functionality extends across diverse domains, where data integrity, compliance, and security are paramount considerations. Some notable applications include:Financial Transactions and Audit TrailsIn finance, WORM plays a key role in creating unchangeable audit trails and transaction logs. That helps organizations be more transparent, accountable, and compliant with regulations.Healthcare Records ManagementThe healthcare industry heavily relies on electronic health records (EHRs) to store patient information. WORM storage ensures the integrity and confidentiality of EHRs, helping healthcare providers comply with regulations like HIPAA.Data Archiving and Long-Term PreservationWORM storage is vital for archiving historical data and documents for extended periods. Whether it’s financial records, legal contracts, or scientific research data, WORM technology helps maintain the integrity and authenticity of archived information.Compliance and Regulatory Requirements:Industries like finance, healthcare, and law use WORM to meet strict data retention and security regulations; by making critical records unchangeable, organizations in these sectors can reduce compliance risks and avoid legal liabilities.Benefits of WORM Functionality:Adopting WORM functionality yields many benefits, ranging from enhanced data integrity to regulatory compliance even beyond. Some key advantages include:Data Integrity and AuthenticityWORM makes sure data stays the way it was first written. That keeps information true and reliable, and this helps build trust among the people who use it and the ones who make the rules.Compliance AssuranceIn businesses where there’re strict rules to follow, like finance or healthcare, WORM helps to stick to these rules. It helps store data safely and meet legal requirements without any worries.Protection Against Cyber ThreatsWORM keeps data safe from hackers and malicious online stuff. Even if there’s a cyberattack, data stays safe and unchanged, which lessens the harm caused.Cost-Effective Storage ManagementEven though setting up WORM systems may seem expensive, in the beginning, they save money in the long run. They do so by preventing data loss and legal troubles, which ultimately helps avoid costly fixes and fines.Legal AdmissibilityIn legal matters or fights, data protected by WORM stands strong as proof. Since it can’t be changed, it’s trusted and believed subsequently, making an organization’s position stronger.Challenges and ConsiderationsDespite its undeniable benefits, the implementation of WORM functionality presents several challenges and considerations that organizations must address:Initial InvestmentSetting up WORM-enabled storage systems requires a considerable upfront investment in specialized hardware, software licenses, and infrastructure upgrades. Before diving into WORM implementation, organizations must carefully assess the costs against the potential benefits and regulatory requirements. This evaluation ensures that the investment aligns with the organization’s strategic goals and budgetary constraints.Performance ImpactSome WORM storage solutions may experience slower write speeds or higher latency when compared to traditional storage systems. This performance difference can potentially impact overall system performance and user experience. To mitigate these issues, organizations should conduct thorough performance testing and optimization measures. By fine-tuning the system, they can minimize any adverse effects on operational efficiency and ensure smooth performance.Data AccessibilityOnce data is written to a WORM storage medium, it becomes immutable, meaning it can’t be changed. That poses challenges in situations where data amendments or updates are necessary. To address this, organizations must establish robust data management policies and procedures. These policies should cover aspects such as data access, retention, and archival requirements. By implementing clear guidelines, organizations can ensure data accessibility while complying with regulatory mandates.Compatibility and InteroperabilityEnsuring compatibility between WORM-enabled systems and existing IT infrastructure is crucial for seamless integration and data accessibility. Organizations need to assess interoperability considerations, including data formats, protocols, and APIs. By understanding these factors, they can facilitate smooth data exchange and interoperability across different systems. That ensures that WORM functionality integrates effectively with existing workflows and technologies, enhancing overall operational efficiency.Regulatory ComplianceMeeting regulatory requirements is a key consideration for organizations implementing WORM functionality. Industries such as finance, healthcare, and law are subject to stringent data retention and security regulations. WORM technology helps organizations comply with these regulations by ensuring data immutability and tamper-proof storage. By adhering to regulatory mandates, organizations mitigate the risk of non-compliance penalties and legal sanctions, safeguarding their reputation and financial well-being.ConclusionWORM technology is crucial in modern data storage and management, providing unmatched benefits such as data integrity, compliance, and security. By using WORM storage, organizations protect critical data, meet regulations, and reduce risks like breaches and legal issues. Despite challenges in setup and operation, WORM technology significantly improves data governance and risk management.As regulations and cyber threats become more complex, WORM’s importance grows. It has become a key part of data protection and governance strategies for organizations. Embracing WORM helps strengthen defenses, build trust, and fully utilize data assets in the digital world. Overall, WORM is vital for organizations looking to navigate the evolving landscape confidently and effectively protect their data.
February 13, 2024
New media could bring fresh competition to tape archive market | TechTarget
Tape is king of the cold archive, but as data needs grow and the line between cold and active archive continues to blur, it might have to share the court with some new entrants.Tape is a well-established archive player, being performant, energy-efficient and low in cost. But several archive alternatives such as optical disks, data etching on ceramics and DNA polymer, which share these tape characteristics and can achieve similar results, are looking to soon bring new tech to market.Archive is becoming increasingly important, and has been for decades, according to Marc Staimer, president of Dragon Slayer Consulting."IT people -- storage people -- are some of the most risk-averse people you'll ever meet," he said.But now it turns out that being risk averse could be valuable to businesses, as IT admins have continued to oversee sprawling data storage programs, Staimer said. Analytics and AI have enabled the value of this data. But to reap that value, companies need to be able to store it and access it. For a long time, tape storage has been the answer.Whoever is going to be able to do storage at scale, meeting performance requirements as well as advanced use cases, could potentially replace the spot where tape is. But tape is not standing still.Christophe BertrandAnalyst, Enterprise Strategy GroupFor any archive option to share in tape's dominance, it will have to solve the problem of scale, according to Christophe Bertrand, an analyst at TechTarget's Enterprise Strategy Group."Whoever is going to be able to do storage at scale, meeting performance requirements as well as advanced use cases, could potentially replace the spot where tape is," he said. "But tape is not standing still."Reigning champMagnetic tape has been used in data storage since the 1950s, just before the onset of hard disk drives and about a decade before flash memory came about. Today, tape comes in two form factors -- Linear Tape-Open (LTO), and enterprise tape or TS11xx -- and is widely used in archives. Beyond its high density of up to 150 TB compressed and low costs, tape is difficult for nefarious actors to gain access to given its physical air gap, and it only consumes energy while in use.Tape has also kept up with the times, now fully supporting object data. And it continues to prove to be adaptable, according to Matt Ninesling, senior director of tape portfolio management at Spectra Logic. Data management vendors such as Hammerspace are now extending their file systems to tape to better utilize the media as well.Another advantage of tape is that when looking at its roadmap, the production lines won't have to change in order to produce higher densities, Bertrand said.Tape has found a place for both cooler data such as backups and cold data such as archives, according to Rich Gadomski, head of tape evangelism for Fujifilm and a director of the Active Archive Alliance, which helps guide and implement modern active archive strategies. Once data goes cold, customers can't afford to keep it on spinning disk, which is where tape comes in.Different spinning disksBut estimates of persistent data that needs to be stored are increasing into the tens of zettabytes by the end of the decade, Gadomski said.To help tackle the growing archive needs, companies might want to consider alternatives."If what the prognosticators say is true, and we are faced with this incredible avalanche of data, it is not a bad idea to have other technologies," he said.Optical disk drives, commonly thought of in the form of Blu-rays, are one such example. Optical disks plateaued at a set layer count, limiting density until recently. In 2022, Folio Photonics unveiled a new fluorescent film that was capable of increasing the storage per disk from 128 GB per disk to 500 GB to 1 TB per disk, or 10 TB per disk pack. Folio, which hopes to bring its new technology to market before 2026, is targeted at $5 per terabyte, which would be lower than LTO.As Folio moves closer to a commercialization date, CEO Steve Santamaria isn't looking to replace tape outright. Instead, he's focused on specific use cases where things such as time to first byte -- the time it takes to access and retrieve the first bit of data stored -- and better random access to data are desirable. He also said hyperscalers are looking for different, cheap cold storage options."I think there's room for everybody," Santamaria said. "I really don't think it's a winner-take-all."Optical disk drives aren't without issue, according to Staimer. They are faster at random reads, but slower at sequential reads. Folio has shown speeds up to 365 MBps, while LTO-9 lists speeds up to 1,770 MBps. The infrastructure for tape libraries is common, while companies would have to invest in optical, and the density is currently lacking, he said."Hitting 1 TB per disk gives you 10 TB in a disk pack. Tape is significantly larger," Staimer said. An LTO-9 tape drive can hold 18 TB without compression.VIDEOThrough the storage glassGlass is becoming another alternative to tape. Microsoft's Project Silica uses femtosecond lasers to write data to quartz glass and "polarization-sensitive microscopy using regular light to read," according to Microsoft.Another company, Cerabyte, uses lasers to etch patterns into ceramic nanocoatings on glass. Ceramic is resistant to heat, moisture, corrosion, UV light, radiation and electromagnetic pulse blasts.Ceramic also has another advantage over tape: Its high durability leads to fewer refresh cycles, according to Martin Kunze, chief marketing officer and co-founder of Cerabyte, a startup headquartered in Munich."Tape has limited durability and needs to be either refreshed or all migrated onto new formats," Kunze said.This undertaking is expensive and time-consuming, he said.Kunze added that tape is vulnerable to vertical market failure. Western Digital is the only company manufacturing the reading and writing heads for tape."Assume there is a decision on the board: 'We don't [want to] run this company anymore because it doesn't bring in as much revenue,'" he said. The single point of failure could leave enterprises in the lurch.He sees another problem with tape -- it's stodgy."It's not sexy to work in tape," Kunze said, adding that younger generations of archive technologists are looking beyond tape and will bring innovative ideas to young, new tech.Storage in DNAOver the last 3.5 billion years, information has been stored in DNA, noted Murali Prahalad, president and CEO of Iridia."That tells you that if it's done right, under the right conditions, [DNA] is the perfected storage model," Prahalad said.Iridia is looking to release its DNA storage product as a service, which would be placed in a similar market to Amazon Glacier.Compared with tape, DNA has advantages similar to those of ceramic in that it needs fewer refresh cycles and can withstand harsh environments, although not to the same degree as ceramic or even optical drives. Prahalad also sees DNA as an addition to the archive market rather than as a way of replacing tape outright.Another DNA company, Biomemory, believes the data archive deluge will be so vast that it cannot be solved using current media, according to Erfane Arwani, its CEO and co-founder."Let's go for technologies that do not rely on electronics, but something else -- polymers," Arwani said.Biomemory currently sells DNA storage in the form of cards, at roughly $1,000 per kilobyte, but sees the price dropping in the future.Dragon Slayer's Staimer said DNA has a lot of potential because it is easier to replicate over copying a bunch of data to more tape drives, and it could be inexpensive over a long period of time. But performance is still an issue."It is very slow to read and very slow to write," Staimer said. "DNA will miss the AI boat because it takes too long to get the data out."The market of todayAs companies consider alternatives to tape, Staimer suggested they remember two things. First, that newer media types are still in the development phase, and how they'll work in production or how much they'll cost is not yet known. But, second, that every technology is at risk for replacement."Any technology can be superseded," Staimer said. "If you come out with a technology that matches the performance or is a lot cheaper and lasts longer, it will supersede tape."Adam Armstrong is a TechTarget Editorial news writer covering file and block storage hardware and private clouds. He previously worked at
November 28, 2023
Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states
Washington CNN  —  A cyberattack that diverted ambulances from hospitals in East Texas on Thanksgiving Day is more widespread than previously known and has also forced hospitals in New Jersey, New Mexico and Oklahoma to reroute ambulances, hospital representatives told CNN on Monday. All of the affected hospitals are owned, or partly owned, by Ardent Health Services, a Tennessee-based company that owns more than two dozen hospitals in at least five states. Among the hospitals currently unable to accept ambulances are a 263-bed hospital in downtown Albuquerque, New Mexico; a 365-bed hospital in Montclair, New Jersey; and a network of several hospitals in East Texas that serve thousands of patients a year. It’s just the latest example of how the scourge of ransomware – which locks computers so hackers can demand a fee – has disrupted services at health care providers throughout the coronavirus pandemic. In a statement Monday, Ardent Health Services confirmed that a ransomware attack caused the disruption and that its facilities were “diverting some emergency room patients to other area hospitals until systems are back online.” Hospital facilities were also forced to reschedule some non-emergency surgeries. Patient care “continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics,” Ardent Health said on Monday. A nurse working at one of the affected New Jersey hospitals told CNN that staff rushed “to print out as much patient information as we could” as it became clear that the hospital was shutting down networks because of the hacking incident. “We are doing everything on paper,” said the nurse, who spoke on condition of anonymity because they were not authorized to speak to reporters. “Everything becomes a lot slower,” the nurse said, referring to the reliance on paper, rather than computers, to track things like lab work for patients. “We drill on that a few times a year, but it still sucks.” Chiara Marababol, a spokesperson for two New Jersey hospitals – Mountainside Medical Center and Pascack Valley Medical Center – affected by the hack, said the hospitals continue to care for patients in emergency rooms. “[H]owever, we have asked our local EMS systems to temporarily divert patients in need of emergency care to other area facilities while we address our system issues,” Marababol told CNN in an email. Officials with the federal US Cybersecurity and Infrastructure Security Agency (CISA) reached out to Ardent Health Services on November 22, the day before Thanksgiving, to warn the company of malicious cyber activity affecting its computer systems, a person familiar with the matter told CNN. Ardent Health spokesperson Will Roberts confirmed CISA officials contacted the company “to make us aware of information about suspicious activity in our system.” But that was after Ardent Health detected “an anomaly” on its computer systems on November 20 and “engaged additional external cybersecurity resources to investigate,” Roberts told CNN. On Thanksgiving Day, Ardent Health realized it was ransomware. A CISA spokesperson referred questions about the communications to Ardent Health. The outreach to Ardent Health was part of a program CISA began this year to try to warn organizations in critical industries that they risk falling victim to ransomware attacks unless they take defensive measures. CISA officials claim to have thwarted numerous ransomware attacks through the program. The broad fallout from the Ardent Health hack shows how cyberattacks that hit a parent company or key service provider can have cascading impacts on critical infrastructure operators such as hospitals. Cybercriminals, often based in Eastern Europe or Russia, have throughout the coronavirus pandemic repeatedly disrupted healthcare organizations across the US, locking computers and demanding a ransom. Many of the hacks have hit smaller health clinics that are ill-equipped to deal with the threat. And in the last nine months alone, other cyber attacks have resulted in ambulances being diverted from hospitals in Connecticut, Florida, Idaho and Pennsylvania. A 2021 study by CISA specialists found that a ransomware attack can hinder patient care and strain resources at a hospital for weeks, if not months.
November 23, 2023
Offline backups are a key part of a ransomware protection plan - TechTarget
Ransomware is a major threat today, and it can be particularly harmful when it targets data backups. Offline backups are one method IT administrators lean on to protect against ransomware. Offline backups are stored on an isolated storage infrastructure that is disconnected from production applications and infrastructure, as well as from the primary backup environment. The result is an air-gapped backup copy that businesses can use for recovery in the event that the primary backup copy becomes compromised. Historically, an offline backup environment would be a good fit for data that requires less frequent access, such as long-term retention data, and data that is less business-critical. However, the simultaneous rise of cyber attacks and introduction of data privacy legislation have led to an increase in offline backups for mission-critical, frequently accessed data. While offline backup ransomware protection is an effective option, it is a complex process. Offline backups play a role in ransomware protection, and there are numerous paths to get there. Before deciding to use offline backups for ransomware protection, organizations must consider some key factors. The backup method's practicality, cost, effectiveness and ability to meet recovery objectives are critical to keep in mind. The longstanding approach to creating an offline backup environment is shipping backup copies to an off-site, disconnected tape storage location. Offline backup can be a complex and slow process The longstanding approach to creating an offline backup environment is shipping backup copies to an off-site, disconnected tape storage location. The problem with this approach is that today's IT operations teams are understaffed and significantly strapped for time, particularly in the area of cybersecurity. Many simply do not have the cycles to deploy and manage yet another infrastructure -- especially considering that the isolated infrastructure will require manual software updates to avoid security vulnerabilities.Another backup environment to protect and pay for A potential pitfall of these alternatives is infiltration of the isolated environment. As a result, the environment must be closely audited for network isolation, control over when the network connection is open, and role-based access to and control over the network and vault environment. In addition, IT operations staff must look for an option that has data immutability and indelibility. Immutability renders the backup copy read-only, so no one can make unapproved changes to the data. Indelibility inhibits the backup copy from being deleted before the conclusion of a dedicated hold period. These safeguards help protect against data exfiltration and corruption in the event that a malicious actor is able to access the isolated environment.Be aware of offline backup window and recovery time For any implementation, admins must consider the backup window. They must know how long it will take to complete the backups, as well as any potential lags or gaps between backup jobs. This fundamentally affects the business's ability to meet required recovery points. Also important to factor in is the required recovery time. Both the backup window and recovery time are largely dependent on the frequency and size of backups jobs, as well as how much data the organization backs up. VIDEO Can cloud backups be offline? New options are emerging that offer an operational isolation, such as hosting the data off site in the cloud or through a service provider. These methods require a network connection to production-facing portions of the environment in order to transfer the backup copy to the isolated environment. There are a few drawbacks to using the cloud for offline data backups. Since it is isolated, but not completely offline like tape libraries, the cloud is easier for a ransomware attack to reach. In addition, any cloud-hosted option is potentially subject to egress fees when data is recovered. This is important for IT operations staff to be aware of upfront because it is potentially a very expensive factor to overlook. Krista Macomber, senior analyst at Futurum Group, writes about data protection and management for TechTarget's Data Backup site. She previously worked at Storage Switzerland and led market intelligence initiatives for TechTarget.
October 09, 2023
Autonomous Fleets Are Almost Here. Are They Safe From Cyberattacks? | Opinion
As our society transforms into a more connected world, an essential component of this shift is the need for safe and secure driving experiences on our roads. The recent hacking of a Tesla in under two minutes by France security firm Synacktiv demonstrates how serious a concern this is—attackers were able to breach the cyber controls of the vehicle to carry out a number of malicious acts, including opening the trunk of the vehicle while in motion and accessing the infotainment system.As more connected and autonomous vehicles (CAVs) and electric vehicles (EVs) hit the market, it is clear that manufacturing speed is outpacing security measures. The cybersecurity of vehicles is often overlooked in the auto rollout, even though the connected nature of modern vehicles makes them susceptible to hacking and other cyber challenges.The cybersecurity of a vehicle is vital—without it, serious injuries or even fatalities can occur. Imagine the above Tesla scenario but worse—a hacker takes control over the car and locks the doors while speeding up the vehicle on a highway. The driver or passenger of the car then gets a notification on his mobile phone asking for a ransomware in bitcoins—otherwise the hacker will crash the vehicle into the side of the road.This is an extreme scenario, but such a Ransomware 2.0 incident is possible today. The big question is—Are we ready to enable incident management for such auto cyber challenges?Another complicated part of this challenge is that the cyber risk is carried by the owner or operator of either individual vehicles or perhaps an entire EV fleet. The fleet could be made up of cars, buses, or trucks, and the necessary cybersecurity controls must be in place to enable greater cyber hygiene of these vehicles. As EVs are computers on wheels, the potential for a distributed denial of service (DDoS) attack on multiple vehicles could disable an entire fleet of vehicles on our roads. Imagine hundreds of delivery or critical service vehicles out of service and those potential repercussions.Fleets also depend on other critical systems to work. An Idaho hospital cyberattack earlier this year, where ambulances were diverted to other hospitals, demonstrates just how important it is to secure the entire vehicle ecosystem and not just the vehicle itself. This attack also allows us to imagine how serious it would be if the reverse scenario was true—What if the ambulance fleet itself was rendered inoperable?If that's not enough, think about the fragile state of our current supply chain and all the issues it has faced since the pandemic. Now imagine if a cyberattack was responsible for an entire delivery fleet to stall. The supply chain and transportation infrastructure would be totally crippled, leading to major economic disruptions.It is important to highlight that these cyber challenges multiply manifold as trucking fleets move to autonomous trucks and lead to questions around legal liability in case of any cyber incident.Data collection cannot be overlooked either. CAV and EV data is rich in personally identifiable information (PII) and might also contain other sensitive information such as payment card information or commercial data (such as fleet tracking and performance). Data governance regulations need to be implemented to secure the transmission and storage of this data to ensure privacy and compliance to legal and contractual obligations.A close-up of a self-driving car.Smith Collection/Gado/Getty ImagesAlthough there are generic cybersecurity mandates in many countries, jurisdictions must legislate automotive cybersecurity specific legislations for cars operating on our roads. Countries are actively exploring the best ways to move forward with vehicle regulation—there has been emphasis on ensuring automotive manufacturers enable cybersecurity in all future models, however, with regard to operations of EVs, policies and best practices are still, slowly, being developed and legislated.One area where more focus is needed is from an owner/operator perspective, both for individual users and for fleet owners. As consumers, we are concerned about the safety features of our new vehicle, but we do not ask any questions about the cybersecurity level of the car. There is a need for user awareness of the ordinary consumer on the criticality of cybersecurity for the smooth operations of the modern vehicle.Fleet owners need to ensure they have effective cyber controls in place. They should have an asset inventory of all the software on their vehicles and ensure that they are aware of vulnerabilities and breaches for these software applications. Furthermore, they should carry out active cyber risk assessments for any third parties that develop vehicle software.Finally, they must carry out real-time cyber monitoring of the vehicles and ensure that incident management processes are in place to mitigate against any adverse cyber events. Only by proactively enabling this holistic cyber governance can these fleet owners survive in this brave new connected world.AJ Khan is the founder and CEO of Vehiqilla Inc and a Catalyst Industry Fellow at Rogers Cybersecure Catalyst, Toronto Metropolitan University's center for research, training, and innovation in cybersecurity.The views expressed in this article are the writer's own.