What CIOs Can Do To Prepare For Ransomware Attacks | #ransomware | #cybercrime

This is the published version of Forbes’ CIO newsletter, which offers the latest news for chief innovation officers and other technology-focused leaders. Click here to get it delivered to your inbox every Thursday.

When it comes to big changes in messaging platforms, there’s been an outsized amount of attention paid to whether iPhones are going to change the color of messages from those who use Android devices in iMessage. Even though Apple is going to be adopting a new messaging standard this year that is the same as the one used on Android devices, messages from those devices will still come in green bubbles instead of blue ones.

While people are getting passionate about the color of text bubbles, however, they’re missing an actual huge change coming to the user experience of Meta-owned messaging platform WhatsApp. Next month, people using any messaging platform can send text messages, images and videos and files to WhatsApp accounts. So it won’t matter if the person sending the message is using Signal, iMessage or Telegram—it will get to WhatsApp.

This change is courtesy of the EU’s Digital Markets Act, a law passed in 2022 designed to make common platforms online more open and interoperable. The EU has been spending time determining which companies are able to be classified as “gatekeepers”—operators of core platform services that businesses and individuals pretty much cannot avoid—therefore needing to be more open with their platforms. Once a “gatekeeper” is classified, the law gives the company six months to comply with the law. In September, Alphabet, Amazon, ByteDance, Meta and Microsoft were all designated gatekeepers. Some companies have started making changes (which is why Apple is shifting to another messaging platform). Some have appealed the designation. TikTok owner ByteDance argued that the new rules would lead to disclosing non-public information about its user profiling practices, but a court ruled against the company. Apple also appealed iMessage’s gatekeeper status. The court ruled in favor of Apple, so the company’s messaging app doesn’t have to accept messages from other platforms, including WhatsApp or Telegram.

While these shifts are hashed out across the Atlantic Ocean, it’s important to note they will have an outsized impact on how tech companies operate in the United States as well. The online world is global, and it makes the most sense for many companies to enact the strictest set of policies for all users.

Online threats are as global as websites and messaging apps. According to Palo Alto Networks Unit 42, which focuses on cybercrime, 2023 saw 3,998 ransomware attacks—a 49% increase when compared to 2022. I talked to Wendi Whitmore, senior vice president of Unit 42, about why threats are increasing and what companies are doing about them. An excerpt of our conversation is later in this newsletter.


To no one’s surprise, AI chip titan Nvidia dazzled Wall Street with its quarterly report yesterday afternoon, hitting record profits and sales for the third consecutive quarter. “Few things are more certain than death, taxes, and Nvidia beats on earnings,” Carson Group strategist Ryan Detrick said in an email to Forbes.

The specifics are also stunning. Nvidia’s quarterly revenue was $22.1 billion, a 265% year-over-year jump. Data center revenue was $18.4 billion, up 409% from a year ago. And its full-year revenue was $60.9 billion, up 126% from 2022. “Accelerated computing and generative AI have hit the tipping point. Demand is surging worldwide across companies, industries and nations,” Nvidia CEO and founder Jensen Huang said in the earnings release. Shares of Nvidia hit an all-time high Thursday morning, increasing more than 15% and pushing the S&P 500 to a record high.

But Nvidia isn’t just helping established AI tech companies. Forbes senior writer Richard Nieva profiled the company’s relatively new venture capital arm Nventures, looking at its portfolio companies and their market performance. The upshot: Nvidia’s VC arm brings startups a huge boost in their tech capabilities. “We just saw much, much better performance,” Jacob Berlin, CEO of Nventures portfolio company AI biotech firm Terray Therapeutics, told Forbes. “And we couldn’t have gotten there without the collaboration with Nvidia and their support.”


As technology becomes more powerful, some of the largest tech companies are utilizing it to make their platforms more secure. Apple announced an iMessage update yesterday that will guard against future hacking threats using quantum computing. The update is coming this year, and the new encryption standard will periodically reissue encryption keys. Apple’s move isn’t in response to a particular attack, but because a powerful quantum computer could someday break into many of today’s security systems, members of Apple Security Engineering and Architecture team wrote in a blog post.

CrowdStrike is also bringing AI to the cybersecurity table with its new Falcon platform, which runs with its Charlotte AI. Forbes senior contributor Tony Bradley talked to the company’s chief technology officer Elia Zaitsev about the release, which basically allows security analysts to ask complex queries in plain language and get immediate actionable insights. Bradley writes that this adds tremendous speed and efficiency to cybersecurity—tasks that once took hours now take minutes or less. And cybersecurity tasks are more accessible and manageable through the AI assistant.


Yes, you are legally responsible for what your AI chatbot says. Air Canada recently lost a small claims court case in Canada against a passenger who received incorrect information from a chatbot about the carrier’s bereavement policy, reported Forbes senior contributor Marisa Garcia. The passenger asked the chatbot if the airline offered reduced bereavement fares for travel that had already happened. The chatbot said it did, though in its response it gave a link to the airline’s bereavement fares policy, which says there are no discounts available for travel that has already taken place. Air Canada offered the passenger a $200 voucher when it learned about the chatbot’s mixup, and the passenger sued.

The court found that Air Canada owns responsibility for the chatbot. “While a chatbot has an interactive component, it is still just a part of Air Canada’s website. It should be obvious to Air Canada that it is responsible for all the information on its website. It makes no difference whether the information comes from a static page or a chatbot,” Civil Resolution Tribunal Member Christopher C. Rivers wrote in his decision. This decision only cost Air Canada $812.02, but the legal precedent could foreshadow much larger damages in the future.


AI-generated videos may soon be much easier to make. Last week, OpenAI unveiled Sora, its new model that can create a video up to a minute long from a simple text prompt. Videos made through Sora, showcased on OpenAI’s X account, display detailed scenes featuring cities, emotions, landscapes and a bit of fantasy. Sora isn’t available to the general public just yet, and the company did not give a release date. OpenAI is working on safety steps for the tool, and is “adversarially” testing it with experts in misinformation, hate and bias.

Days after announcing Sora, a deal between OpenAI and VC firm Thrive Capital that would boost the startup’s valuation to $80 billion or more through an existing share sale was reported in the New York Times. The deal gives OpenAI a nearly threefold valuation increase in nine months, and would make it the third highest valued tech startup in the world, behind TikTok parent ByteDance and Elon Musk’s SpaceX.


Palo Alto Networks Unit 42’s Wendi Whitmore On Why Ransomware Attacks Are Increasing

Ransomware attacks only seem to be getting bigger and more detrimental as time goes on. According to Palo Alto Networks Unit 42 Ransomware Retrospective 2024, there was a 49% increase in attack victims, with 3,998 posts from various ransomware groups. I talked to Wendi Whitmore, the senior vice president of Unit 42, about ransomware and cybercrime, as well as how businesses can prepare. This interview has been edited for length, clarity and continuity.

Why has there been such a big increase in ransomware attacks in the last year?

Whitmore: Because it’s working. These attackers are making money off of these attacks, so their ROI is pretty high, in terms of [being] low risk when the crimes are being perpetrated from countries where there are not penalties for these types of attacks.

How much has ransomware attacking changed in the last five years?

One of the stats in the report was that 49% increase in extortion, and that’s a year-over-year stat. Ransomware used to be much more focused on the actual encryption part of the ransomware, where they didn’t steal the data. Over the course of the last two years in particular, we’ve seen a pretty marked increase in that, but now I would say it’s a massive percentage of the cases. It’s unusual if we respond to a case where they haven’t stolen the data.

It all kind of relates back to the ROI piece, but when they do that, they not only create a revenue stream for the encryption piece, but now they create multiple revenue streams of potential payment. One of which is the extortion piece, which is, ‘Hey Company A, I stole your data. I need you to pay me so that I don’t blast it all over the internet and cause reputational damage. See, I’m going to reach out to your clients, whether it’s an end consumer, or maybe it’s a business-to-business relationship. I’m going to let them know that I stole their data from you, which you’re responsible for protecting, and I’m going to demand payment from them as well.’ And then something we don’t see as often, but in some of the cases, you’ll see a DDoS component, where they also [say] ‘Pay us money so that you don’t have us wage that attack against you as well.’

The nature of these types of attacks, these ransomware actors and cyber criminals in general, they have just become so much more business-focused in the lens that they understand how businesses operate. They understand contractual relationships between businesses, suppliers, vendors, subcontractors in a way that we haven’t seen before. I’d have to give them some credit, these separate criminal actors, that they’ve really done some work to understand this so that they can be even more effective in their attacks.

According to the 2024 Incident Response Report, software and API vulnerabilities are the most common way ransomware hackers get into systems. Tell me about that statistic.

For the first year in history, we actually saw exploitation of mass vulnerabilities be a higher percentage of initial access into environments than spearphishing. …Oftentimes the software that’s being exploited, it’s on some perimeter system. There’s a ton of shadow IT going on, meaning different divisions of companies are operating different types of software. They may not have had to get some approval for this. Now you have these systems being exposed to the internet, and oftentimes A CIO or CISO is like, ‘We don’t even know it is.’ I can’t tell you how many CISOs I spoke with who were like, ‘I didn’t even know what MOVEit was.’ And it turns out it’s deployed—it may be 10 systems, it may have been 100 within an environment—and they hadn’t approved it. That wasn’t unusual because it’s one small piece of software that has a usage for file transfer. Oftentimes you saw it was like, ‘Oh, the recruiting department was using it for applicants to upload resumes.’ It wasn’t something that was widespread, But then the question becomes, ‘Where is it in my environment and what is it connected to on the backend?’ Because the attacker just is trying to use that as a foothold to get in and then from there off to the races.

That’s a huge challenge for executives across the board. Now you have so many applications that are everywhere. They’re tough to manage. That’s a question we get a lot: What does my attack surface even look like?

How often does the ransomware defense playbook change, and how much does it change?

There are many constants, if you will, that do stay the same in terms of best practices: Here’s how we need to initiate when one of these situations occurs. Here’s how we initiate the command center virtually, and here are the people who we get involved in the response. Here are the things we do to lock down our systems and make sure that we can immediately have access to review the data that was accessed, the data that was exfiltrated. What I think changes right now that’s pretty dynamic is depending on the attacker, especially on the cyber criminal side, the way that they’re operating and what they’re doing once they get in.

All of those kinds of things are changing fairly rapidly, so that’s an area where it’s tough for CIOs and executives to keep their team dynamically trained on all the latest tactics.

What can CIOs and other executives do to make their organizations more prepared?

Increase awareness. Just making sure that not only them and their teams, but the other executives across the board that are responsible for security, are aware of what are the latest tactics, what’s happening, especially for their industry in particular.

There’s so much you can do to prepare in advance in terms of having a playbook for: What happens if an attacker gets into our security systems and all of a sudden we can’t use our email? What kind of communication mechanisms are you going to use? You can have that pre-planned and ready to go in advance so that you can quickly move to a secure system. I think having things like holding statements in place, which are the communication side of the house. What are we going to say if Forbes reaches out to us to ask, ‘Hey, what’s going on with your system? It seems like things are down. Is there a problem?’ Having communications already planned, having relationships with suppliers from incident responders to outside legal counsel to communications firms that specialize in that.

The reality is most organizations of any decent size are under attack on a daily basis. For them, it’s just a matter of, ‘How quickly can we identify this?’ It’s detect it, and then taking action: ‘Hey, this one system or this one account looks problematic. Let’s take that offline immediately and isolate it so we can make decisions and then we can decide to go back online.’ If you can do that within a matter of one minute, or 10 minutes, within the first hour, you are going to greatly decrease the likelihood that that expands into, ‘Oh my God, our whole environment’s compromised and now we have a major situation.’


The U.K.’s National Crime Agency infiltrated ransomware gang LockBit in a joint operation with the FBI and Europol, then trolled them by posting information about it on LockBit’s website.

2,000+: Global LockBit victims

$120 million+: Ransom payments to LockBit

‘We know who they are and will be watching’: An NCA video detailing the operation posted to X says


Google is pausing its Gemini AI’s ability to create images of people. Why?

A. It has too many problems rendering hands and fingers

B. It creates historically inaccurate depictions of race

C. Its AI-generated people are actually pulled from searches of personal photo websites

D. It creates images that correspond to racial stereotypes

See if you got the answer right here.

Source link


National Cyber Security