2023 is already proving to be tough for cybersecurity, with multiple major companies and organizations falling victim to data breaches and ransomware attacks. Despite the concerns these events continue to raise, however, it hasn’t all been one-way traffic in favour of the cybercriminals. Here’s what’s been happening:
LastPass: LastPass, a popular password manager service, suffered a breach back in August 2022, and initially, the company reported that the hackers had only compromised its source code and proprietary information. However, a recent security notice revealed that some users’ data was also accessed by attackers. As a result, LastPass has advised all its users to change their passwords as soon as possible.
Yum! Brands: The fast food operator Yum! Brands, which runs KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill chains, was hit by a ransomware attack that caused the temporary closure of 300 UK outlets.
And most recently of all, thousands of servers worldwide were targeted by a global ransomware attack aimed at VMware ESXi hardware. Italy’s National Cybersecurity Agency (ACN) warned organizations to take action to protect their systems against this software vulnerability. VMware confirmed the report and urged customers who have not yet applied a patch released in February 2021 (when the vulnerability was discovered) to do so as soon as possible to protect their infrastructure.
Law enforcement hits back – the FBI HIVE takedown
In a much more positive turn of events, an international operation led by the FBI, German law enforcement authorities and supported by the National Crime Agency took down a ransomware service used by cybercriminals to attack and extort businesses globally.
Known as HIVE, it was available for purchase on the dark web and enabled criminals to launch ransomware attacks and encrypt victim systems until a ransom was paid. Failure to pay could result in the victims’ data being published.
As of January 26th, the HIVE servers were taken offline, and anyone attempting to access them is now presented with a law enforcement web page which informs them that the network has been seized by authorities and can no longer be used.
For those organizations concerned about the role of file-based threats in facilitating attacks like these and others, Content Disarm and Reconstruction (CDR) technology can play a crucial and proactive role in preventing bad actors from succeeding. CDR technology works by removing malicious content and reconstructing the original file, leaving behind only safe data.
This means that even if a malicious email attachment or file is received, CDR can neutralize the threat before it has a chance to cause harm. CDR can be used as an additional layer of security in organizations and can help mitigate the risks associated with phishing attacks, malware infections, and ransomware attacks. By removing the threat before it reaches the end-user, CDR technology can help protect sensitive data and prevent data breaches.
To learn more about the wide range of Glasswall CDR use cases, click here.