Ransomware attacks are NOT going away
Here is why ransomware attacks are persistent and unlikely to disappear: 1. High Profitability and Low Risk for Criminals Ransomware is fundamentally a business model for organized crime, and it is overwhelmingly successful and profitable. Low Barrier to Entry: The rise of Ransomware-as-a-Service (RaaS) means even novice criminals can purchase sophisticated malware and infrastructure. This franchise model ensures high attack volume regardless of law enforcement efforts. Guaranteed Revenue Stream: The evolution to multi-extortion (encrypting data and stealing it) ensures that victims are forced to pay—either to regain system access or to prevent catastrophic data leaks and regulatory fines. This dual leverage guarantees profit even if the victim has backups. Anonymity: The use of cryptocurrency for payments, coupled with geopolitical safe zones for many RaaS groups, keeps the risk of prosecution extremely low for the attackers. 2. Attackers Are Outpacing Traditional Defenses The tactics used by ransomware groups are specifically designed to neutralize traditional defense and recovery measures: Targeting the Supply Chain: Attackers are finding success by targeting trusted vendors and IT providers to compromise dozens of companies simultaneously, making defense exponentially harder for individual organizations. Attacking Backups: Modern ransomware campaigns specifically target accessible backups to delete them or malware-infect them, eliminating the victim’s recovery option and forcing them to pay the ransom. AI for Stealth and Speed: The adoption of AI is accelerating reconnaissance and stealth, dramatically compressing the time between network access and payload deployment. Attackers can move faster than human defenders can react. 3. Cyber Resilience is the New Standard The industry has shifted its mindset from trying to achieve absolute prevention (which is impossible) to guaranteeing resilience. This shift acknowledges the persistence of ransomware. The focus is now on ensuring organizations can: Anticipate and detect threats early (low MTTD). Withstand the attack without immediate operational collapse. Recover guaranteed clean data within minutes (low MTTR). Ransomware will not disappear until the criminal model becomes unprofitable, and current data shows that attackers are highly successful and rapidly adapting their strategies.🚨 Cyber Security Alert: 🚨 The Culture Clash That's Weakening Collaborative Defense
A cultural conflict between security and compliance/legal is severely slowing down the sharing of vital threat intelligence among security community, according to an interview with David Schwed, J.D., COO of SVRN. The bottleneck is not exactly tech, but risk aversion and bureaucracy that dilute timely alerts. The path forward involves using AI and privacy-enhancing technologies (like zero-knowledge proofs) to share security insights globally without ever revealing the underlying data. Ultimately, David's conclusion is that a collaborative defense requires a compliance shift: organizations must focus on more of a defensible decision-making process rather than avoiding all risk. Read the full article here: Collaborative Defense: How the Security and Compliance Clash Puts Defense at Risk ❓Question to the Community: What specific compliance or legal hurdles is your team facing when trying to share threat intelligence quickly, and do you see AI/privacy-enhancing tech as a viable solution for your organization? Click through to read the entire article above and let us know your thoughts around it in the comments below!MFA Downgrade Attacks: Good to know.
Short article on MFA downgrade attacks; provides the basics on what it is and how to defend. Good to know for considering your own policies and processes when folks lose devices. https://www.scworld.com/perspective/why-mfa-downgrade-attacks-could-be-the-next-ai-security-crisisWhere to get cyber news: Useful links.
Here are a number of publications I use to 'try' to keep up with everything happening in cyber security: https://thehackernews.com/ https://www.darkreading.com/ https://www.scworld.com/ https://www.securityweek.com/ https://www.cybersecuritydive.com/ https://www.infosecurity-magazine.com/From Passive to Proactive: A New Cyber Resilience Foundation
We are thrilled to announce a significant evolution of the Pure Storage Cyber Resilience solution, designed to transform your defense posture from passive to proactive. The announcements on September 25th deliver on three core pillars that are essential for modern defense: 1. Dynamic Response and Recovery: Recovery time must be measured in minutes, not days. We're introducing Pure Protect™ Recovery Zones to automatically provision Isolated Recovery Environments (IREs), plus a new Cyber Resilience delivered as a Service model with Veeam to guarantee instant, validated recovery. 2. Connected Detection: We’re eliminating security blind spots by embedding detection into the data layer itself. We have several new native detection capabilities and new integrations with CrowdStrike Real-Time Threat Graph and Superna Next-Gen SIEM to accelerate threat detection and remediation. 3. Built-in Security: Security is foundational. Our platform now features mandatory safeguards like TPM and UEFI Secure Boot and Enterprise-Grade Identity and Access Management to ensure the integrity of your platform from the ground up. See our Cyber Resilience announcement blog for more details.Ransomware’s Worst Nightmare: New Cyber Resilience Arsenal (new blog post)
With the barrage of new announcements coming out of NYC Accelerate, I wrote a new blog post that is relevant to all customers, but specific to State / Local Government and Education customers summarizing what is new and the value it brings in terms of Active Cyber Resilience. Your feedback is welcome: https://goo.gle/3xzWj8P zAccelerate Breakout Replay: Pure Protect: Bringing Orchestration and Simplicity to Enterprise Cyber Resilience
Explore Pure Protect: simplify DR, cut costs, and boost cyber resilience with cloud-scale recovery and seamless security integration. Speakers: Suresh Madhu Chad Monteith Eric Simpson, Ark DOT https://www.purestorage.com/video/webinars/pure-protect-bringing-orchestration-and-simplicity-to-enterprise/6375807764112.htmlCyber resilience news from last week
Here is a summary of some of the major events: Colt Technology Services: The UK-based telecommunications company, Colt, experienced a ransomware attack that resulted in a multi-day outage of some of its services, including hosting and its online platforms. The Warlock ransomware gang claimed responsibility, asserting they stole over a million documents. Security researchers suggest the attack may have exploited a Microsoft SharePoint vulnerability. Workday Data Breach: Workday, a provider of human resources software, confirmed that some customer information was compromised in a social engineering attack. This incident is part of a broader campaign by the ShinyHunters threat group targeting companies' Salesforce instances by impersonating IT support staff via voice phishing. Other companies affected by this campaign include Air France and KLM. Manpower Data Breach: Staffing giant Manpower disclosed a data breach that affected nearly 145,000 individuals. The incident, which occurred in late 2024 but was disclosed this past week, was caused by a ransomware attack. US Justice Department Takedown: In a significant law enforcement action, the U.S. Department of Justice announced coordinated actions against the BlackSuit (Royal) ransomware group. This operation included the seizure of servers, domains, and over $1 million in cryptocurrency, dealing a critical blow to the group's infrastructure. N-able Vulnerabilities: Security researchers identified hundreds of internet-exposed N-able N-central instances that are unpatched and vulnerable to two recently disclosed exploits. These vulnerabilities, which N-able has since patched, have been added to CISA's catalog of known exploited vulnerabilities, making them a high-priority threat for ransomware actors.
