In 2022, while the COVID-19 is rampant, the online world is also unsafe. In the first half of this year, NVIDIA, the global GPU leader, Bridgestone, the tire giant, and IKEA, the home furnishing giant, all suffered cyber attacks. The epidemic has changed people’s lives and the working methods of many companies. Cloud office is becoming more and more popular, and the data of major companies are gradually exposed to the Internet world.
The digitization process is accelerating, but the protection level of network security and data security has not kept pace with the times. This also provides opportunities for many extortion organizations, and the data and information of many companies have been attacked and even leaked. Among them, lockbit, conti and lapsus$are particularly prominent. What is their background? Why are cyber attacks so unscrupulous? How should we protect them? If lapsus$is mentioned in 2021, even network security professionals rarely hear of it. However, in 2022, lapsus$is famous like thunder. As an emerging extortion organization, lapsus$can’t help but surprise its rapid rise. Lapsus$became famous quickly because of its continuous attacks on a series of large technology giants. Lapsus$emerged in
December 2021.
At that time, they attacked the Brazilian Ministry of health and stole and deleted a large amount of data for blackmail. In February 2022, the organization attacked many Portuguese media groups and Vodafone Portugal. What really made lapsus$famous was the attack on NVIDIA. In February of that year, the organization announced that they had been lurking in the internal system for a week before the official attack on NVIDIA, and had also obtained 1TB of confidential data, including the unpublished design blueprints, drivers, firmware, various confidential documents, SDK development kits of 40 Series graphics cards, and backed up all data. As one of the best hardware technology companies in the world, NVIDIA immediately fought back and successfully hacked lapsus$computer. However, due to lapsus$data backup, NVIDIA’s counterattack failed. Subsequently, NVIDIA said in a statement that the company found a network security incident affecting it resources on February 23, 2022; Not long after it was discovered, the company further strengthened network security, hired network security incident response experts, and notified the relevant law enforcement departments.
It can be seen that “the technology industry is specialized”. Even if the hardware technology is as strong as NVIDIA, it also needs the assistance of professional network security experts. Not only NVIDIA, but also Samsung, another technology giant, was attacked by lapsus$in March 2022. Lapsus$blackmail released a report containing a large amount of confidential data from Samsung Electronics and snapshots of c/c++ instructions in Samsung software. In addition to conti providing ransomware as a service product, lockbit, another major ransomware organization, also provides similar products.
According to industry media security 419, the latest research of security personnel shows that lockbit ransomware encryption efficiency is amazing, and 100000 Windows files can be encrypted in four minutes, which also means that once the virus program is executed on the side of the organization, there is not much time left for the enterprises involved to breathe. On the one hand, the blackmail software attack ability is amazing; On the other hand, the attack form of RAAS further enhances the concealment of the attack. According to insiders, at present, extortion attacks have shifted from individual or single hacker group attacks to black industry activities with clear levels and division of labor, and extortion is becoming increasingly professional. On the one hand, in order to realize the multi-directional realization of value, in addition to their own extortion attacks, hacker gangs also rent or sell mature extortion software products and services through the dark network and virtual currency technology, which promotes the gradual formation of the “industrial chain” of data extortion.
The extortion software developers, extortion executors in the upstream, middle and downstream, as well as the emerging ransom negotiation and ransom trustee cooperate with each other to share the proceeds of extortion, The technical threshold of attack is greatly reduced. On the other hand, different hacker groups began to build a blackmail business alliance with precise cooperation, expand the blackmail business model and further enhance the blackmail attack ability and concealment by sharing victim information and other means pklikes.com.
So, in the face of powerful and hidden extortion attack organizations, how should enterprises, institutions and individuals protect them? For enterprises, it is necessary to take relevant blackmail protection measures in advance, during and after the event, such as relevant security awareness training in advance (people are the most uncontrollable link in the whole security chain), and then do relevant threat drills.
Cloud backup has changed the way people back up computer device data. Gone are the days when replica data security must be maintained on external devices. Now, various cloud backup services can ensure data security and can be accessed at any time, which is convenient and fast. If you are a business user running a business, it is very important to back up your data. After all, there are so many cyber attacks and security vulnerabilities every day. The most important thing is server backup.
With Vinchin Backup & Recovery, you can also easily build an offsite disaster recovery (DR) center by duplicating XenServer backups at the primary site to a remote site or external storage. Many people will still worry about whether their data transmission will have the risk of leakage, especially enterprises. In fact, there is no need to worry about this. Vinchin encrypts the data transmission, which will not have the risk of leakage, and it is safe and reliable.