Usernames and passwords of billions of users have been exposed online after the digital risk protection company DarkBeam left an online database unprotected.
Unfortunately over 3.8 billion user records were accessible to anyone during the period in which the database was exposed. The leaked email addresses and passwords contained on the database actually came from previous data breaches. Ionically DarkBeam had collected this information to alert its customers in regards to future data breaches, though it’s highly likely that this leak will affect non-customers as well.
Any such leak contains usernames and passwords from both reported and unreported data breaches, and there is a chance that your login credentials could be compromised, even though you had never heard of DarkBeam. it’s likely that hackers downloaded it to use in future attacks. For instance, they could use exposed email addresses in targeted phishing attacks. It’s more likely that cybercriminals with this data will try and use the usernames and passwords at a number of different sites to see if any of the victims reused the same passwords. Password reuse is a big problem and when you use the same password and username for multiple accounts, hackers use stolen credentials to login to your other accounts. Create strong, complex , unique for all of your accounts.
If that is not bad enough there is also a new open-source Windows malware Exela Stealer uses Discord to send stolen data back to hackers. Besides stealing login credentials, personal data and financial information, the malware can also steal session details from popular apps and online services including social media and gaming platforms. Once downloaded on a computer, Exela’s builder will run when there is a compatible version of Python (version 3.10.0 or 3.11.0) is installed on the machine and the builder can create a.exe file.
When the malware’s builder batch file inside the Exela setup folder is executed, a Discord webhook URL is required, and when a victim doesn’t provide this URL, an error message is displayed until they do. The Exela Stealer uses this Discord webhook URL to act as a remote server for the hackers who deployed the malware. to send all of a victim’s stolen data back to the hackers.
After installation on a victim’s PC, Exela Stealer persists by copying itself into a new directory in the local app data folder. It adds a startup entry in Windows Registry so that the malware continues to run even after the infected PC is rebooted.
Exela Stealer then targets any Chromium-based web browsers like Chrome, Edge, Brave, Opera or Vivaldi that are installed on a victim’s computer. Besides credentials, the malware can also steal credit card information, cookies and other browser data while logging keypresses and taking screenshots of the system. Exela Stealer can steal l info from social media platforms including Instagram, X, TikTok and Reddit along with data from both Steam and Roblox.Stolen data is sent back to the hackers behind Exela Stealer who can use it to commit fraud or identity theft.
You risk a bad malware infection should you try to download games or software illegally.. The Exela Stealer is distributed through phishing pages and websites offering free software downloads. However, given the malware’s capabilities, cybercriminals could devise new distribution method so be ever more vigilant about phishing emails, strong passwords, multi factor authentication, ant virus updates etc. Whenever there is a big data leak like this one, check whether your own credentials are compromised. T Cybernews has its own personal data leak checker, or use Troy Hunt’s popular HaveIBeenPwned ,or Mozilla’s Firefox Monitor.
Comments Off on Major Data breach – new Windows malware. »
The Federal Tax Authority (FTA) has stressed the need for taxpayers to abide by accurate, emirate-specific Value Added Tax (VAT) reporting requirements in relation to e-Commerce.
The Authority noted that recent updates to the VAT legislation in the UAE, specifically around the reporting of e-Commerce supplies result in additional obligations for a number of persons when preparing their VAT returns.
The FTA emphasized that businesses must carefully assess whether they fall under the new reporting obligations, noting that failure to comply or compliance with the updated reporting when not required may result in mistakes and expose companies to potential penalties.
Starting from 1 July 2023 and in the VAT return for the first tax period starting on or after that date, “qualifying registrants” are required to:
report supplies made through e-commerce in box 1 of their VAT Return, based on the Emirate in which the supply of goods or services is received by the customer.
They are also required to retain the relevant supporting evidence.
If a taxpayer is not a qualifying registrant or if a supply is not an e-commerce supply, then the taxable business must report its supplies in the Emirate where its fixed establishment related to the supplies made is located.
The FTA of UAE has recently issued certain user manuals on
The FTA explained that starting from 1 July 2023, and in the VAT return for the first tax period starting on or after that date, “qualifying registrants” are required to report supplies made through e-commerce in box 1 of their VAT Return, based on the Emirate in which the supply of goods or services is received by the customer. They are also required to retain the relevant supporting evidence. If a taxpayer is not a qualifying registrant or if a supply is not an e-commerce supply, then, generally, the taxable business must report its supplies in the Emirate where its fixed establishment related to the supplies made is located.
The Authority called upon the taxpayers to review the relevant legislation and the clarifications provided by the FTA prior to their next VAT return submission process, to determine if:
They have made e-commerce supplies in the calendar year ending on 31 December 2022
The value of these e-commerce supplies made in the previous calendar year exceeded AED100 million.
The Federal Tax Authority noted that in order to assist taxpayers in preparing a correct VAT return, the FTA’s Tax administrations system (“EmaraTax”) will request taxpayers to respond to a set of 2 questions to confirm if they are indeed qualifying registrants with respect to the new e-commerce supplies reporting requirement. This double-check will aid taxpayers to submit a correct VAT reporting, avoiding any later corrections or penalties.
Comments Off on UAE e-commerce Emirate specific VAT reporting »
The Ministry of Finance has called on the public to rely only on official publications and posts issued by MoF and the Federal Tax Authority regarding the Federal Decree Law 47 of 2022 on the Corporate Tax Law and the associated Cabinet and Ministerial Decisions.
A number of posts circulating on social media and other platforms are being published by independent parties, and those may contain inaccurate and unreliable interpretations and analysis of Corporate Tax
.
Comments Off on UAE Corporate tax – its important to use official sources of information »
FileHold Document Management Software has all of the essential features organizations need to make their documents secure, organized and compliant right “out of the box”.
FileHold delivers essential, document, records and workflow management.
FileHold scales to support thousands of users and millions of documents.
Ease of use
The FileHold filing structure mirrors the physical office filing environment. Document cabinets contain drawers that contain folder groups and or folders that contain documents. This familiar document filing approach ensures that users can easily browse for documents in a logical and efficient fashion.
Web browser access
FileHold software can be accessed from anywhere in the world via a web browser. Multiple browsers are supported and all functionality is available including system administration and library administration.
Mobile FileHold
Manage your documents while out of the office with the easiest mobile document management software you will ever use.
Search
Search documents from a simple Google-like search or an advanced search using metadata. Save the searches to create reports whenever you need.
Document viewers
A FileHold Level 1 viewer comes with every registered user license and allows users to see an image of a document without the need to have the native software installed on their computer the viewers work with both the web client and the desktop application.
Microsoft Office integration
Tight integration with Microsoft Office is provided that gives direct access from the document software to: Word, Excel, Outlook, PowerPoint and Visio.
Records management software
Manage both short and long term working and archived documents.
Advanced Record retention and disposition policies for both electronic and paper based records are standard in the software. Document, data and usage history is fully captured to stay in compliance.
Electronic forms (e-Forms)
Metadata information can be extracted from electronic forms created using the standard Microsoft Word tools found in Office or PDF forms. Once created the form data can be automatically extracted into FileHold metadata when the form is added to the system.
Courier
FileHold Courier allows you to transmit documents for viewing or approving to people inside or outside the document management system. Courier is a “proof of delivery” system where unlike email it is a secure method of sending documents. With email there is no way to know if the documents ever arrived or whether the attachment could be opened by the recipient. With Courier, recipients are notified by email containing a secure link which is then fully tracked and logged in FileHold.
Calendar
Differentiate your daily tasks and become more proficient at accomplishing your document management goals using the FileHold calendar.
Document version control
Document version control software provides: check in / checkout ability to prevent documents from being overwritten or deleted when documents are updated by more than one party. All versions of a document are maintained by the software.
Document scanning and imaging
FileHold ships with scanning and imaging software that support all scanners types to allow organizations to “go paperless”. Basic and advanced third party scanning software is supported for both simple and complex document scanning operations. Partner software to process scanned documents, to look for text using zonal OCR, and pre-populating metadata fields before import into FileHold. This is particularly powerful with standardized forms like invoices as part of the AP process. We offer a complimentary license of this software with installs, which can be installed on multiple workstations, although only one copy can be running at a time.
Optical Character Recognition (OCR) and indexing
Using the scanning software that ships with the paperless office software users can convert the text on typed paper documents into editable and searchable information using Optical Character Recognition (OCR). The information that is zonally OCR’ed can be imported into the metadata fields of FileHold.
Synergy Software Systems can further assist you to further automate your document based processes with our RPA tools
Check documents out / Check documents in
Users are able to check in and check out documents from the software from within Microsoft Office applications, or from the Desktop Application or from anywhere in the world using the web interface.
Document “tagging” or metadata capture
Capturing metadata or “tagging” (key data about the document) is the key to successful search and document organization. The software has easy to use controlled document tagging to ensure documents are classified.
Virtual folders
The Virtual Folders feature in the software allows limitless aggregation of documents throughout the library into personal “views“. A Project Manager might have a virtual folder containing project documentation, project legal contract documents, invoices, design documentation and emails even though each document is stored in different locations of the library.
Language packs
FileHold offers two language packs as standard features: French and Spanish. The user interface can be translated into any language by customers or partners. Some languages that have been translated by customers include Polish, Arabic and Chinese.
Work offline
If you are travelling or out of the office and are not connected to the FileHold document management server, then you can still work on your important documents offline. The software will recognize the document changes and can be synchronized with the Library once you are back online.
Document linking
Document to document linking builds parent or child relationships between documents and allows users to link and organize documents in logical groups. Linking provides the ability to create document shortcuts to documents frequently needed.
Matter-centric filing (Auto-tagging)
Metadata is automatically applied to a document when added to a specific destination folder. Matter Centric filing is a feature / term commonly used in the legal industry.
User roles and security
FileHold ships with a choice out of 11 different user security roles ranging from “read only” to “System Administration” to provide an appropriate level of user access permissions for workers at all levels. Users see only documents that administrators want them to see.
FIPS compliance
The US Federal Government requires compliance in order to meet security and interoperability standards. Filehold Licenses and passwords are encrypted using a FIPS-140 compliant algorithm to meet full compliance.
Watched folders
FileHold software can be configured so that certain folders on the local computer or network are “watched” by FileHold and then automatically moved into the library. The documents imported into FileHold by the watched folder functionality can be automatically tagged and destination folder pre-configured.
User audit logging and tracking
FileHold tracks and records every user activity to ensure a complete audit trail of document activity in the software. This document auditing capability ensures compliance and protects intellectual property.
Email
Email documents via attachments or links.
Document subscriptions
FileHold software allows users to subscribe to and to be notified of edits to documents or changes to folders they have subscribed to. When an existing document is updated or a document is added to a folder, the user receives email notification that the change has occurred, who has changed it, and receives a secure link to directly access the document.
Document naming standards
The software can be configured to automatically create document names to enforce adherence to document or record naming conventions.
Third-party integration
A well documented Web Services API allows direct integration with third party applications and flexible integration with existing back office systems. These web services are available to third parties to provide easy integration with other enterprise solutions and productivity applications.
URL support
Provides the ability to send a secured link to a document, rather than emailing the document and cluttering up the mail inbox. This link can then be clicked on to launch the Web Client or Desktop Client to work on the document in a few seconds.
Document control numbering
This feature provides for the automatic application of document control numbers to documents.
Reporting and document compliance
FileHold comes with many built in reports to give administrators information about the usage of documents and users.
Comments Off on Filehold – what do customers think? »
Microsoft 365 Copilot combines the power of large language models (LLMs) with your data in the Microsoft Graph and the Microsoft 365 apps to turn your words into the most powerful productivity tool on the planet.
Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmability model to access the tremendous amount of data in Microsoft 365, Windows, and Enterprise Mobility + Security. Use the wealth of data in Microsoft Graph to build apps for organizations and consumers that interact with millions of users. Custom applications can use the Microsoft Graph API to connect to data and use it in custom applications to enhance organizational productivity.
Microsoft Graph provides a single endpoint that the app can use to access the required data and to simplify the overall development process.
Organizations store vast amounts of data and intelligence across Microsoft cloud services, but how accessible is the data to users?
For example, a salesperson is setting up a meeting with a customer, wants to easily access files and previous meetings and notes but are those emails and chats between a salesperson and customer easy to find? What people within the organization can the customer contact for support?
Data and intelligence like the following types can be accessed through the Microsoft Graph REST APIs and client libraries:
Users and groups
Teams data
Tasks
Files
Mail
Meetings and calendars
Organizational charts
Copilot is an AI-powered tool that uses natural language processing and machine learning to understand users’ requests and provide personalized recommendations, tips, and assistance. Users can ask Copilot questions and get instant answers, guidance, and suggestions to help them work more efficiently.
Copilot is designed to be available across multiple Microsoft 365 applications, including :Word, Excel, PowerPoint, Teams and Outlook, and is intended to be context-aware. It ‘understands’ the user’s specific needs and the task at hand. Some examples of this functionality are the ability to point copilot to a word document, and request to create a power point presentation based on the data in the document.
Copilot will also work with tools from the Power Platform and Dynamics 365 products. Copilot for Power Virtual Agents is already in preview.
Copilot enables marketers to create targeted customer experiences and interactions that are informed by data-driven decision making. With access to the natural language data discovery feature in Customer Insights, they can build confidence by validating and discovering customer insights for their marketing strategies. For example, a marketer can ask Copilot how many of their customers fit the profile of currently residing in Washington, DC, who are over the age of 25, who have also attended a promotional event in the last six months.
With just a few clicks, Copilot will present the results of their query, including the number of customers that match the attributes or behaviors, as well as other useful information such as the customer lifetime value, product preferences, or average purchase price.
Copilot in Dynamics 365 Customer Insights removes the barrier of needing to craft queries in SQL to get a deeper understanding of customers, enabling marketers to speed and scale the delivery of hyper-personalized experiences that customers expect.
Copilot in Viva Sales
Automatically generate contextual email replies and meeting summaries with Copilot in Viva Sales, available to Dynamics 365 Sales customers. Copilot in Microsoft Dynamics 365 Sales and Viva Sales helps sellers dramatically reduce the time they spend on clerical tasks. AI helps write email responses to customers and can even create an email summary of a Teams meeting in Outlook. The meeting summary pulls in details from the seller’s CRM such as product and pricing information, as well as insights from the recorded Teams call. With sellers spending as much as 66% of their day checking and responding to emails, this presents a significant business upside to give the seller more time with their customers.
. For example, with Viva Sales, Copilot can learn how to connect to CRM systems of record to pull customer data — like interaction and order histories — into communications. As Copilot learns about new domains and processes, it will be able to perform even more sophisticated tasks and queries.
Copilot in Microsoft VivaGoalssimplifies goal setting by guiding leaders through the process of creating objectives and key results (OKRs) as well as simplifying goal management across the organization. Copilot can suggest draft OKR recommendations based on existing Word documents, such as an annual business plan or a product strategy paper. Once created, Copilot saves employees time by summarizing the status of OKRs, identifying blockers, and suggesting next steps. Lastly, Copilot can consolidate existing data to generate more comprehensive check-ins so teams can leverage a breadth of knowledge across different sources of truth.
An entirely new experience is Business Chat that works across he Microsoft 365 apps, and your data — your calendar, emails, chats, documents, meetings and contacts — to do things you’ve never been able to do before. You can give it natural language prompts like “Tell my team how we updated the product strategy,” and it will generate a status update based on the morning’s meetings, emails and chat threads.
You will be able to access Business Chat from Microsoft 365.com, from Bing when you’re signed in with your work account, or from Teams.
Copilot will fundamentally change how people work with AI and how AI works with people. As with any new pattern of work, there’s a learning curve — but those who embrace this new way of working will quickly gain an edge. Copilot is integrated into Microsoft 365 and automatically inherits all your company’s valuable security, compliance, and privacy policies and processes. Two-factor authentication, compliance boundaries, privacy protections, and more make Copilot the AI solution you can trust.
I have only scratched the surface – Teams swept the business world during COVID now Co-Pilot and VIVA integrated across your favourite apps erps and crm systems – we often read about game changing software and paradigm shifts- but this times it’s for real and faster than we realise.
Recently, the UAE Cabinet issued a resolution that stipulates penalties for violating the UAE Federal Decree by Law No 32 of 2021 concerning Commercial Companies (“Commercial Companies Law”).
This applies to all UAE onshore or mainland companies, including Limited Liability Companies (LLCs). Penalties for Non-Compliance · Accounting Registers: A fine of AED 15,000 for failing to maintain accounting registers. · Trade Name Change: A monthly fine of AED 500 for failing to comply with the decision to change the trade name, with a maximum annual amount of AED 5,000. · Ownership: When the LLC carries out activities with strategic significance, it may face a fine of AED 100,000 for non-compliance with the required UAE national ownership percentage or minimum number of Emirati board members. · Memorandum of Association: A fine of AED 1,000 on the director or chairman of the board for not having updated the MOA as per the Commercial Companies Law. · Loss Disclosure: A fine of AED 50,000 will be given to the director, chairman of the board, or their representative when a general assembly is not called to disclose losses equal to 50% or more of its capital. · Data Access: A fine of AED 5,000 for refusing access to minutes of meetings, books, and other related transaction documents with respect to shareholders. · Board Meetings: A fine of AED 3,000 for failing to invite a director or board member to a board meeting. · Refusal of Information or Misleading Information: AED 5,000 fine on the director or chairman of the board of directors of the LLC, their representative, or the auditor upon refusal, concealment or providing misleading information to authority inspectors. · Penalties for Share Disposal: A fine of AED 20,000 may be imposed on any individual who disposes shares in violation of the Commercial Companies Law. · General Assembly: The director or chairman of the LLC board may be fined AED 5,000 for failing to call the annual general assembly meeting, with a fine of AED 10,000 for failing to call the meeting when requested by the Ministry.
The implementation i suggests that authorities are considering a stringent examination of companies’ adherence to the Commercial Companies Law. so thoroughly assess your corporation’s practices to minimise the likelihood of fines due to non-compliance.
Companies Are Required to Achieve 1% Emirationsation by 1 July 2023 to Avoid Penalties – The penalties for private companies that fail to meet Emiratisation targets under the amended scheme will now be imposed ‘semi-annually‘. – Firms that don’t achieve the 1 per cent Emiratisation target growth by 1 July 2023 will be fined Dh7,000 for each UAE national who has not been hired. – Violating companies will be charged from 1 July 2023. – Private firms are now required to increase the number of Emiratis in skilled jobs by 1 per cent every six months, while remaining on track to achieve the overall 2 percent target by the end of the year. – The penalties for non-compliance from 2022 will continue to be collected.
Comments Off on New Penalties for violating the UAE Federal Decree by Law No 32 of 2021 concerning Commercial Companies (“Commercial Companies Law”). »
Corporate Tax is a form of direct tax levied on the net income of corporations and other businesses. Corporate Tax is sometimes also referred to as “Corporate Income Tax” or “Business Profits Tax” in other jurisdictions.
Broadly, Corporate Tax applies to the following “Taxable Persons”: ● UAE companies and other juridical persons that are incorporated or effectively managed and controlled in the UAE; ● Natural persons (individuals) who conduct a Business or Business Activity in the UAE as specified in a Cabinet Decision to be issued in due course; and ● Non-resident juridical persons (foreign legal entities) that have a Permanent Establishment in the UAE (which is explained under Section 8). Juridical persons established in a UAE Free Zone are also within the scope of Corporate Tax as “Taxable Persons” and will need to comply with the requirements set out in the Corporate Tax Law. However, a Free Zone Person that meets the conditions to be considered a Qualifying Free Zone Person can benefit from a Corporate Tax rate of 0% on their Qualifying Income (the conditions are included in Section 14). Non-resident persons that do not have a Permanent Establishment in the UAE or that earn UAE sourced income that is not related to their Permanent Establishment may be subject to Withholding Tax (at the rate of 0%). Withholding tax is a form of Corporate Tax collected at source by the payer on behalf of the recipient of the income. Withholding taxes exist in many tax systems and typically apply to the cross-border payment of dividends, interest, royalties and other types of income.
During this month, FTA will also be running a series of online orientation sessions for EmaraTax users. There will be two sessions per day:
• 10 – 11 am providing you an opportunity to raise specific questions about using EmaraTax; • 3 – 4 pm focusing on specific aspects of EmaraTax, in particular password reset, returns submission and payments.
This You Tube recording has already been released and will soon also be available in Arabic.
Comments Off on Federal Decree-Law No. 47 of 2022 – – the legislative framework for corporate tax on business profits in the UAE »
Power BI innovation never stops. For several years in a row now, it is positioned as a leader in the 2021 Gartner Magic Quadrant for Analytics and Business Intelligence Platforms, furthest to the right for completeness of vision and furthest up in the ability to execute within the Leaders’ quadrant.
The gaps are widening with interactive reports, paginated reports, datasets, dataflows, deployment pipelines, scorecards, dashboards, metrics, data alerts, and much more, and recently announced in public preview, self-service datamarts. No wonder, customers are adopting Power BI at an accelerated pace. Boost Office 365 productivity with Power BI integrated into PowerPoint and Microsoft Teams, connect to data anywhere with hundreds of built-in connectors, leverage industry-leading AI, go quickly from insight to action with the Microsoft Power Platform, and provide best-in-class mobile experiences with Power BI Mobile.
Reports can be mobile friendly, they can be paginated, and you can link into Azure Analysis Services.
Comments Off on Why now is the time to adopt Power Bi – ask Synergy Software Systems, Dubai »
According to the recent “2022 Ransomware Trends Report” (Veeam), compiled by surveying 1,000 global IT leaders, paying a ransom for an organization’s hijacked data doesn’t ensure return of the stolen data.
24 percent of organizations that paid the amount demanded by ransomware attackers ended up not recovering their stolen data.
19 percent of those affected by ransomware were able to recover their data through their own means and without having to pay off the attackers.
When data is eventually recovered after remediation through payment, data recovery took an average of 18 days.
(22 percent) reported it took one to two months to fully recover the data,
3 percent said they were down for two to four months.
Some time was spent decrypting the encrypted stolen data, but much of the downtime is attributed to deep scans of restored systems to confirm they were “clean” from any ransomware remnants.
Backup repositories were targeted 94 percent of the time.
Specific production platforms or application types were targeted in 80 percent of successful ransomware attacks, making ransomware prevention not just the duty of IT security
Phishing e-mails and malicious links and Web sites continue to be the top (44 percent) ransomware entry points,
Infected patches and software are close behind with 41 percent of all ransomware attacks by those surveyed.
The remaining entry point sources:
Compromised credentials and spraying attacks (35 percent).
Insider threats (32 percent).
Zero-day vulnerabilities (26 percent).
Only 1 percent of those who experienced a ransomware attack were not able to identify the entry point
About 25 years ago a business report indicated that a majority of companies that lost their computer system for more than one week went out of business within 18 months. A sobering thought given our increased dependence on systems in the digital age, and the surge in state sponsored cybercrime.
The 2022 Ransomware Trends Report” indicates that most organizations don’t have the tools or know-how to recover their hijacked data before they end up paying for their data back.
A strong Modern Data Protection strategy requires a commitment to a clear policy that the organization will never pay the ransom, but do everything in its power to prevent, remediate and recover from attacks,.
IT should routinely test their data protection solutions and protocols and ensure that employees are well-versed in spotting possible ransomware attacks.
Veeam credits the improvements in monitoring tools and a concerted effort toward ransomware prevention by many IT shops for the high success in identifying the source of ransomware.
The report finds that.
“This alone should drive broader conversations within IT, so cyber security isn’t just the delegated to the security team; database administrators should also help ensure that database servers are secure and administrators should help ensure hypervisors are patched, that Windows updates are routinely run, etc.,”
How to protect yourself against ransomware
Whether a simple ransomware attack, a double- or triple-extortion attack, a self-contained threat family, or a RaaS attack executed by an affiliate network, the defense strategy is the same: employ the principles of zero trust to limit vulnerabilities, prevent and detect attacks, and limit the blast radius of successful breaches.
Here are some best practices recommendations to safeguard your organization against ransomware:
Get your applications off of the internet. Ransomware actors start their attacks by performing reconnaissance on your environment, looking for vulnerabilities to exploit, and to calibrate their approach. The more applications you have published to the internet, the easier you are to attack.
Use a zero trust architecture to secure internal applications, make those invisible to attackers.
Enforce a consistent security policy to prevent initial compromise. With a distributed workforce, it is important to implement a security services edge (SSE) architecture that can enforce consistent security policy no matter where your users are working (in office or remotely).
Use sandboxing to detect unknown payloads. Signature-based detection is not enough in the face of rapidly changing ransomware variants and payloads. Protect against unknown and evasive attacks with an inline, AI-powered sandbox that analyzes the behavior rather than the packaging of a file.
Implement a zero trust network access (ZTNA) architecture. Implement granular user-to-application and application-to-application segmentation, brokering access using dynamic least-privileged access controlsto eliminate lateral movement. This allows you to minimize the data that can be encrypted or stolen, reducing the blast radius of an attack.
Deploy inline data loss prevention. Prevent exfiltration of sensitive information with trust-based data loss prevention tools and policies to thwart double-extortion techniques.
Keep software and training up to date. Apply software security patches and conduct regular security awareness employee training to reduce vulnerabilities that can be exploited by cybercriminals.
Have a response plan. Prepare for the worst with cyber insurance, a data backup plan, and a response plan as part of your overall business continuity and disaster recovery program.
To strengthen defences against ransomware, embrace layered defenses that can disrupt the attack at each stage—from reconnaissance to initial compromise, lateral movement, data theft, and ransomware execution.
The amount of time cyber criminals intruders are spending inside victims’ networks is increasing, providing them with the ability to carry out higher complexity campaigns and more damaging cyber attacks.
According to analysis by cybersecurity researchers at Sophos, who examined incidents targeting organisations around the world and across a wide range of industry sectors, the median dwell time which cyber criminals spend inside compromised networks is now 15 days, up from 11 days the previous year.
The 2022 ThreatLabz State of Ransomware report breaks down a year’s worth of intelligence from a variety of sources, including over 200 Billion daily transactions and 150M daily blocked threats across the Zscaler Zero Trust Exchange, and shows that ransomware is becoming even more attractive to criminals. Attackers are able to wage increasingly profitable campaigns based on three major trends:
Supply chain attacks,
ransomware-as-a-service ecosystems,
multi-extortion tactics.
Ransomware attacks increased by 80% year-over-year, accounting for all ransomware payloads observed in the Zscaler cloud.
Double extortion ransomware overall increased by 117%.
Manufacturing was the most targeted industry for the second year running, – almost 20% of double-extortion ransomware attacks.
Some industries saw particularly high growth of double-extortion attacks, including:
healthcare (643%),
food service (460%),
mining (229%),
education (225%),
media (200%),
manufacturing (190%).
Some recent events………
The DeadBolt ransomware started 2022 with attacks that targeted internet-facing Network-Attached Storage (NAS) devices.
First target was QNAP Systems, Inc. in January 2022. According to a report from Censys.io, Jan. 26, 2022, out of 130,000 QNAP NAS devices that were potential targets, 4,988 services showed signs of a DeadBolt infection.
ASUSTOR, another NAS devices and video surveillance solutions vendor, also experienced DeadBolt ransomware attacks that targeted an unknown number of its devices.
In March, DeadBolt attackers again targeted QNAP devices; and the number of infections reached 1,146 by March 19, 2022.
On May 19,2022, QNAP released a product security update stating that internet-connected QNAP devices were again bargeted by DeadBolt, this time aiming at NAS devices using QTS 4.3.6 and QTS 4.4.1.
The number of DeadBolt-infected devices is very high for a ransomware family that exclusively targets NAS devices.
LockBit 2.0 is ransomware as a service (RaaS)
This first emerged in June 2021 as an upgrade to its predecessor LockBit (aka ABCD Ransomware), which was first observed in September 2019.
Since its inception, the LockBit 2.0 RaaS attracted affiliates via recruitment campaigns in underground forums, and thus became particularly prolific during the third quarter of calendar year 2021. The LockBit 2.0 operators claimed to have the fastest encryption software of any active ransomware strain as of June 2021, claiming accordingly that this added to its effectiveness and ability to disrupt the ransomware landscape.
An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it’s only getting bigger.
Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful. Just one landing page – out of around 400 Pixm found – got 2.7 million visitors in 2021, and has already tricked 8.5 million viewers into visiting it in 2022.
The flow of this phishing campaign isn’t unique: Like many others targeting users on social media, the attack comes as a link sent via DM from a compromised account.
The Vice Society ransomware group has claimed responsibility for the recent cyber attack on the city of Palermo in Italy, which has caused a large-scale service outage.
The attack occurred last Friday, and all internet-relying services remain unavailable, impacting 1.3 million people and many tourists visiting the city.
The authorities admitted the severity of the incident on Monday and explained that all systems had to be taken offline to contain the damage, warning that the outages might last a few more days.
Shields Health Care Group Inc., which provides imaging and ambulatory surgical services at dozens of locations, said in a notice on its website Tuesday that data including names, Social Security numbers, dates of birth, and medical or treatment details is among the information that may have been compromised.
The breach has been reported to federal law enforcement and the U.S. Department of Health and Human Services Office for Civil Rights.
That agency reported on its website that 2 million people were affected.
An FBI spokesperson said the agency had no comment.
The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks.
Cuba ransomware’s activity reached a peak in 2021 when it partnered with the Hancitor malware gang for initial access.
By the end of the year, it had breached 49 critical infrastructure organizations in the United States.
Russia-Ukraine
The Kremlin-backed cyberattack against satellite communications provider Viasat, which happened an hour before Russia invaded Ukraine, was “one of the biggest cyber events that we have seen, perhaps ever, and certainly in warfare,” according to Dmitri Alperovitch, co-founder of CrowdStrike and chair of security-centric think tank Silverado Policy Accelerator.
An obvious purpose of the attack was to disrupt Ukrainian communications during the invasion, by wiping the modems’ firmware remotely, it also disabled thousands of small-aperture terminals in Ukraine and across Europe.
The attack disrupted satellite connectivity for thousands, and disabled remote monitoring of 5,800 wind turbines in Germany.
The Russia-Ukraine conflict has the world on high alert.
Several attacks associated with the Russia-Ukraine conflict, combined multiple tactics, such as HermeticWiper and PartyTicket ransomware.
Most of this activity has targeted Ukraine.
Government agencies have warned organizations to be prepared for more widespread attacks as the conflict persists.
Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India.
The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.
“Bohrium actors create fake social media profiles, often posing as recruiters,” said Amy Hogan-Burney, GM of Microsoft’s Digital Crimes Unit. “Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target’s computers with malware.”
Last month the notorious Russian ransomware gang Conti threatened that if a ransom wasn’t paid it would overthrow Costa Rica’s government.
This month, the Hive ransomware gang hit Costa Rica’s Social Security system, and also struck the country’s public health agency, which had to shut down its computers on Tuesday to prevent the spread of a malware outbreak.
The Costa Rican government said at least 30 of the agency’s servers were infected, and its attempt at shutting down systems to limit damage appears to have been unsuccessful. Hive is asking for $5 million in Bitcoin to unlock infected systems.
As ransomware becomes less profitable or carries a higher risk for attackers It is logical for ransomware actors to eventually convert their operations to business email compromise (BEC) attacks.
In the US, the Federal Bureau of Investigation has repeatedly found that total money stolen in BEC scams far exceeds that pilfered in ransomware attacks—though ransomware attacks can be more visible and cause more disruption and associated losses.
The newer Industrial Spy group is applying greater pressure on victims by hacking their websites to display ransom notes.
The Canadian Department of National Defence confirmed recently that a key supplier – CMC Electronics a key supplier to a critical defence initiative.– reported that they were victim of a ransomware attack.
CMC makes cockpit systems integration, avionics, display solutions, and high-performance microelectronics for military and commercial aircraft.
It was recently selected to supply the avionics and software applications for the Royal Canadian Air Force’s new Calidus B-250 turboprop light attack combat and training aircraft
It was reportedly attacked by a gang calling itself AlphV. The FBI say the gang also operate under the name BlackCat. and had compromised over 60 organizations worldwide as of March of this year.
Comments Off on Cybercrime update – increasingly scary »
The Power Apps April release wave 1 for Model-driven apps is now available for you to take advantage of. In this release wave you can take advantage of cohesive and modern experiences while collaborating with team members in Power Apps.
Collaboration with colleagues and task productivity is more important than ever before for business users. These are two main focuses of the Wave 1 release, and we have several features you can opt into in order to streamline productivity.
Task productivity updates include:
Modern Power Apps grid and view pages have been enhanced and will be auto enabled during this wave
Opt-In Updates:
Modern Advanced Find allows users to access any table and use advanced filters to explore data
Users can be alerted to key items to address, which makes them more likely to be successful leveraging In App Notifications
Collaboration opt-in updates include:
See colleagues who are currently working on the record and easily start chats with them
See on-line status of colleagues in-app and easily start chats with them via improved people card
Easily share links to records with colleagues
Task Productivity
Power Apps grid
Model-driven apps are first to feature the new Power Apps grid, a new read-only grid control, both inside the view page and inside forms (sub-grids). The new grid control follows Microsoft Accessibility Standard and will be auto enabled as part of this wave release.
In addition to improved performance, the new control supports:
Remembering grid view settings across the session
Ability to resize columns
Ability to reorder columns (via column options UI)
The grid view page in Model-driven apps now features column options settings that let app users customize which columns are shown in the grid. Additional text make sit easy for your end users to discover this capability.
With this feature, users can:
Add new columns, from current or related tables.
Remove columns.
Change the order of columns in the grid
When the grid is auto enabled with this release, the classic jump bar experience is disabled by default, but can be enabled. Infinite scrolling will be an option in future waves. To opt out of the new Power Apps read-only grid control, the Power Platform Admin Center to toggle the “Enable the modern-read only grid experience” switch under the “Grids and views” section.
Modern Advanced Find
With modern advanced find, you can access any table in a model-driven app through search and use advanced filters to explore the data easily. The new view management experience will provide you with options to share views so you can collaborate with your team easily. Managing views is simpler with personalization options to build your own set of views.
In App Notifications are Generally Available starting in April 2022
The in-app notification feature that was announced for public preview July 2021 with Model-driven app adds in-app notifications will reach general availability in April 2022. A maker can opt-in to this feature using the modern app designer preview. Open the settings > Upcoming features and then enable “In-app notifications”.
Multiplayer App Collaboration
Co-presence in records and Owner field online presence
Now you can see who’s currently working on a record including their online status. You can also start a chat or send them an email and take collaboration to the next level. This feature is currently available on the Account, Case, Opportunity, and Contact tables.
Avatar and on-line availability of colleagues is immediately obvious in the UI with the new persona card shown in the form owner field, lookups and grids. Click on the avatar to expose the improved contact card to start a chat or email.
Easy record sharing
Share records as easy as Office documents. Use the new share button to email a link or copy the link and share it with someone else. A link to the record can only be shared with users who have permissions to access the record currently, but we are working on expanding this in the future.
