Category: storage

iPhone users across Britain are advised to remain vigilant against ongoing phishing attacks. These scams encourage victims to click on links that falsely claim to boost iCloud storage, but actually lead to password theft.

The UK’s National Fraud and Cyber Reporting Centre, known as Action Fraud, has reported nearly 1,639 complaints related to this campaign, with victims experiencing data theft and fraud.

If we dig deep into the campaign, cyber criminals are sending emails via Gmail, Apple Mail and Outlook- asking victims to click on a link that increases their decreasing storage capacities of iCloud- all as a part of loyalty program, thus rewarding an additional 50GB just with the click of the button.

Concernedly, they also ask the victim to enter financial details like card info to deduct the required amount and this is where the hackers steal the details and use them for their personal requirements.

Action Fraud, the UK’s National Fraud Reporting Centre for Fraud and Cyber Crime emphasize that the attack doesn’t end over here, but additionally makes the victim download malware payloads, thus ending up in a malware spread campaign, along with phishing.

So, all the Apple account users of iPhone, Macbook, or iPad are being urged not to click on any links that are sent by unknown senders. And if they get across any such message by any chance, they are being asked to forward the same message to report dot phishing dot gov dot uk.

To those uninterested in going through a detailed procedure, you can also report the incident without registering or creating any sort of account on the website.

However, creating an account makes complete sense as you can see updates about the action in relation to the fraud, additionally add any info to the report, get updates via email or sms and in case if required, the teams can stay in touch with you, just to keep you in loop.

Finally, stay safe and protect your information!

The post iCloud Storage fake warning leading to Phishing and Malware attacks appeared first on Cybersecurity Insiders.

Microsoft is actively engaged in the development of a glass-based data storage medium slated for integration into its data centers that facilitate Azure Cloud services. This innovative ceramics-based storage solution is specifically designed for archival purposes and is touted to be impervious to ransomware attacks. In contrast to conventional SSD and Hard Disk drives, this technology is resistant to infiltration by cybercriminals seeking to deploy file-encrypting malware.

The Windows OS giant showcased its advancements in a 16-page white paper during the 29th ACM Symposium, drawing considerable attention from the tech community. Referred to as ‘Cerabyte,’ this new technology utilizes quartz glass as its foundation for information storage, presenting itself as a virtually eternal storage solution with the remarkable capability to store 1TB of information in just 1 square centimeter.

Cerabyte consists of square glass platters, and the process involves the use of high-speed Femtosecond lasers to inscribe information across the surface. These platters are then vertically stacked using a distinct procedure. Polarized microscopic technology is applied to image the platter in Z patterns, and an AI tool processes and decodes the information into analog signals, seamlessly converting between digital and analog data.

Microsoft asserts that this ransomware-resistant medium holds great potential for application in critical sectors such as healthcare, finance, and research, making cloud data centers more resilient against malware attacks.

It’s crucial to note that while this technology is still in the early stages of development and requires significant research and development efforts to become practical, the use of quartz glass, AI tools for data encoding and decoding, and related technologies may pose economic challenges. As of now, tape storage remains a more economically viable option for archival needs.

The post Microsoft to offer glass based storage tech that is ransomware proof appeared first on Cybersecurity Insiders.

By Doron Pinhas, Chief Technology Officer, Continuity

2022 clearly demonstrated that attacks on data represent the greatest cyber-threat organizations face. The attack pace not only continued, it accelerated. Notable data breaches took place at Microsoft, News Corp., the Red Cross, FlexBooker, Cash App, GiveSendGo, and several crypto firms.

Many of these attacks took advantage of known vulnerabilities and security misconfigurations in storage and backup systems. Continuity exposed the extent of the problem two years ago: on average, enterprise storage devices have 16 security misconfigurations, of which three are critical. And backup and storage systems are rife with unpatched CVEs.

To make matters worse, the political climate is likely to breed more nation-state sponsored cyberattacks. Job dissatisfaction and surging unemployment across the technology sector is likely to spur more insider threats. Organizations are being confronted on all sides by cyber-danger.

Here are our top 4 predictions on how this will play out in 2023:

  1. More Data Attacks, Greater Sophistication, Bigger Monetary Losses

There is an old saying that generals tend to fight the last battle or the last war i.e., they use tactics that would have been best suited to an earlier conflict. The U.S, for example, used World War II and Korean War tactics in Vietnam and came off poorly to the guerilla approach used by the Vietcong.

Similarly in cybersecurity, enterprises typically proof themselves up against last year’s strategies and attack vectors. By the time they adjust their processes, beef up their defenses, and add new layers of security, they find themselves battling more virulent ransomware strains and cyber-scams. That is why it has been clear for a couple of years that organizations are always playing catchup to cybercriminal gangs. Hence the coming year will inevitably see more data attacks with greater sophistication resulting in ever higher monetary and business losses.

This brings about a vicious circle. As criminals enjoy more success, they reinvest some of the profits in better technology, more powerful systems, and better organized gangs. Thus, we are seeing the appearance of developments such as ransomware-as-a-service and the evolution of a cybercrime supply chain composed of distinct elements, each performing specialized functions that dovetail together into the eventual heist.

  1. Slow Gains on Storage and Backup Security

Awareness about the perils of backup, storage, and data recovery is rising – but nowhere near quickly enough to catch up with the cyber-attack innovation. Only a couple of years ago, the prevailing view was that storage and backup systems were largely immune to attack as they were backend systems. That fallacy is dawning on more and more IT and security personnel. As more backups are infected with ransomware and more storage and backup vulnerabilities are used to infiltrate other enterprise systems, the word is getting out – slowly.

But for every enterprise that takes action to shore up the many storage and backup vulnerabilities and misconfigurations that exist, there is another that is wide open to attack. In 2023, therefore, we will see well-known storage CVEs being exploited for criminal gain as organizations failed to implement available patches. Similarly, we will see cybergangs continuing to exploit gaping holes in organizational security that can be traced back to well-publicized storage and backup misconfigurations.

To lessen the damage, organizations are advised to focus on the protection of their data. Add new layers of protection across their backup and storage infrastructure to thwart efforts that bypass networking and endpoint security. Make it extremely difficult to tamper with backups and exfiltrate data.

  1. Insurance Refusals and Rate Hikes

Many organizations remain unaware of the threat posed to their data by insecure storage and backup systems. But not insurance companies. Those offering cyber-insurance are putting pressure on organizations to up their data protection game. They are demanding more thorough assessments of IT, storage, and backup infrastructure before they offer a policy. Those performing poorly in these assessments face much higher rates or even complete refusal to insure. On the other hand, those organizations that demonstrate excellence in storage and backup security could save money.

  1. The Rise of Automated Storage and Backup Validation

Organizations typically house a LOT of data. Whether it is on-premises or in the cloud, there are numerous repositories of storage and backup data spread all over the place. Most organizations do a poor job assessing where all their data is resides. And an even poorer job of understanding where potential weaknesses may lie.

Automation is needed to inventory the enterprise to find any and all storage and backup resources. Once inventoried, that data needs to be scanned to isolate unpatched vulnerabilities, security misconfigurations, and other weak points. Unfortunately, traditional vulnerability scanners and patch management systems focus on application, network and OS insecurity. They do well at scanning these systems, but are found badly wanting when it comes to scanning storage and backup systems for vulnerabilities.

With growing pressure to improve security and increase compliance efforts, 2023 will see organizations start to invest in automated storage and backup security validation, reporting, and compliance evidence generation. That, in turn, will lead to security professionals becoming more educated in data storage in general. Currently, they are insufficiently versed in data storage and backup technologies and their associated security requirements. We will begin to see that shifting in 2023.

The post 2023 Predictions for Storage and Backup Ransomware appeared first on Cybersecurity Insiders.

DIGISTOR®, a CRU Data Security Group (CDSG) brand, has added to its innovative line of secure DIGISTOR Citadel™ self-encrypting drives with pre-boot authentication by introducing PBA to its Citadel C Series lineup. The new drives, powered by Cigent®, add the critical PBA function to their existing DIGISTOR C Series of self-encrypting drives.

In addition, DIGISTOR is announcing that the Citadel C Series Advanced version has been listed by NIST as a FIPS 140-2 L2 certified storage device with NIST certificate #4294. This certification is an additional assurance that DIGISTOR C Series Advanced SEDs have been tested and validated by the US Government to meet its strict security requirements in the devices’ cryptographic module.

The renamed DIGISTOR Citadel C Series drives with PBA are ideal for developing secure Data at Rest (DAR) storage solutions in commercial and other government applications where protecting critical information against ransomware and other cyber threats is vital. Pre-boot authentication requires that a computer user provide trusted credentials to the drive before the laptop or desktop computer can detect and boot. This prevents unauthorized users from gaining access to the encrypted drive and its sensitive data.

“To safeguard data, robust cybersecurity features, like PBA, are needed in security-conscious industries like financial services, healthcare, and critical infrastructure such as power grids and water supplies, the defense sector, and government agencies,” said Randal Barber, CDSG President and CEO. “The Citadel C Series makes PBA affordable for the wide range of applications that do not demand the stringent certification requirements seen with some military and government customers.”

Citadel C Series drives offer additional cybersecurity functions such as multi-factor authentication (MFA), zero-trust file access, unreadable storage partitions protected by non-recoverable keys, automated threat response that renders data invisible if Cigent Data Defense is disabled, and secure access logs that capture all insider threat activity.

Citadel C Series SSDs are built on DIGISTOR TCG Opal or FIPS 140-2 L2/Common Criteria self-encrypting drives. The new drives will be available in Q4 2022 in standard M.2 NVMe and SATA form factors and 2.5-inch SATA form factors, for commonly used laptops, desktops, and tactical servers.

“DIGISTOR is an important partner who aligns closely with our vision and product offerings,” said Tom Ricoy, Chief Revenue Officer, of Cigent. “We are delighted to extend our collaboration and help the company broaden its important Citadel family of PBA self-encrypting storage solutions.”

These new drives with PBA are part of the extended Citadel family including the Citadel K Series SSDs, powered by CipherDrive™ and its CSfC-listed PBA (EE), which have been adopted widely with military and government agencies. The Citadel family rounds out the DIGISTOR secure SSD product line that includes FIPS-certified and TCG Opal-compliant SSDs, all of which are TAA-compliant, and are suitable for a wide range of security solutions.

For more information visit digistor.com/citadel.

ABOUT THE COMPANY

DIGISTOR, a CRU Data Security Group (CDSG) brand, provides secure storage solutions for Data at Rest. CDSG is a leading provider of data security solutions and data transport and storage devices for government and military agencies, small and medium-sized businesses, the entertainment industry, corporate IT departments, data centers and digital forensic investigators. Its other brands include CRU removable storage devices, ioSafe fireproof and waterproof data storage devices and WiebeTech digital investigation devices.

The post DIGISTOR® EXTENDS COMMERCIALLY PRICED SELF-ENCRYPTING DRIVE PRODUCTS WITH KEY PRE-BOOT AUTHENTICATION FEATURE TO SECURE DATA AT REST (DAR) appeared first on Cybersecurity Insiders.

As the adoption of cloud storage is growing, it is becoming easy to carry documents, passwords, movies, images, music, etc. on one go. Though it is convenient for us, data upload to a third-party platform might fetch some security risks that are as follows. First, we never know what is happening behind the screens in the server farms, as anyone working in or for the data center can easily have access to data.

Thus, to avoid all future digital embarrassments, it is better to take precautionary steps to ensure that the data on the cloud is safe and secure.

So, here are a few tips that could help in keeping data safe on cloud-

Using a strong password makes sense as it helps keep information from being accessed by prying eyes. Therefore, using a strong password- in sense, the combination of alpha-numeric characters tucked with one or two special characters that are 10-14 characters longs makes complete sense. Avoid using phrases that are commonly used like ‘I love you’ and such.

2FA usage is a must– This is nothing but a double or a triple authentication requirement before accessing an account. It can be a text or an OTP sent to a phone or email, thus making it a challenge for a threat actor to access an account.

Storing sensitive info offline– It is always better to store sensitive information offline and away from the cloud. And anyone having access to the server can sneak into the data and analyze what is being stored.

Avoid using public wi-fi- While on the go, better to not access a cloud platform from a public wi-fi as it can allow hackers sniff the credentials and re-launch an attack. Better to use mobile data as 4G and 5G are considered as most secure networks.

Use a CSP with several security levels– Using a cloud storage platform having several security levels like encryption and 2FA makes complete sense.

Backing up files on a regular note will make recovery possible, if/when the situation arises.

Using an anti-virus platform makes complete sense and helps in protecting the data from being stolen or corrupted.

Figure out the access policies in advance. Keeping a limit to who can access files like who can read them or edit them will help in keeping unwanted activity at bay.

Using an ISO 27001 certified cloud storage provider makes sense as they are certified in keeping information security high, as per the international standards.

Hope it helps!

 

The post How to keep cloud storage secure and safe appeared first on Cybersecurity Insiders.