Over the past week, while the concerns have been mounting over cyber attacks initiated from Russia against Ukraine, government, business and investors across the world are shifting to the larger focus of cyber security and information privacy.
If evidences of the cyber security as a solid concern were to be requested from real world, the FBI, and Cybersecurity and Infrastructure Security Agency as well, alerted the U.S. companies over the weekend of the danger of potential ransomware hits, which hold hostage of data internal to an organization until payment – the ransom – is paid to the hacker. As such, the security breach of data cast the cyber security and privacy of users in question.
As covered on the media, ransomware gangs and extortionists have breached 52 US critical infrastructure organizations, including those belong to energy, financial services, government, critical manufacturing, and information technology sectors. Cyber attacks, especially taking the form of ransomware attack, target companies and cause damages including:
- Financial costs
A few cases and facts in focus to spot the damage caused by ransomware attack are provided. Cyber attacks come with a price to pay, and frequently a huge one. As of 2021, companies were cost of up to $4.24 million by cyber attacks on average, which registered an increase of around 10 percent compared to that in 2020 since IBM publishing the data.
- Leakage of company data/privacy
Last week, NVDIA Corp. experienced an ransomware attack and found its company data stolen in the cyber attack. Following the ransomware operation initiated by LAPSUS$, employee passwords, credentials and other information proprietary to NVDIA online were leaked, and the extortionists threatened the company to remove its Lite Hash Rate technology from its graphics cards. Unless the ‘ransom’ was paid through the company’s compliance, NVDIA would be further threatened to more data leakage.
Just a few days after the data leakage at the global leading chipmaker NVDIA, the ransomware gang LAPSUS$ was claiming in high profile to have Samsung Electronics as its another victim, and the time has come to release the data stolen from the global consumer electronics giant.
- Supply chain disruption and reputation damage
The damage that ransomware attacks cause on companies extends beyond technical to reputational and business level. As with the case of Samsung Electronics, loss of consumer confidence and supply chain disruptions are anticipated as LAPSUS$ announced with pride on its Telegram channel to have a taste of biometric authentication information and source code of Samsung and its supplier, Qualcomm.
Cyber Security Risks and Ransomware Here to Stay
Even for large, state-of-the-art tech firms such as Samsung is no easy escape of a target of such ransomware hit. The interest in writing this blog is to inform the persisting challenge of this cyber security concern, in terms of the costs caused and large scale of impact involving multiple stakeholders. In the most recent cases of NVIDIA and Samsung, they alert us the vulnerabilities of data-focused security.
References
Vumetric Cyber Portal. (2022, March 7). FBI: Ransomware gang breached 52 US critical infrastructure orgs. Retrieved from https://cyber.vumetric.com/security-news/2022/03/07/fbi-ransomware-gang-breached-52-us-critical-infrastructure-orgs/
Bracken, B. (2022, March 7). The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked. Threatpost. Retrieved from https://threatpost.com/samsung-lapsus-ransomware-source-code/178791/
Hill, M. (2022, March 7). Extortion group teases 190GB of stolen data as Samsung confirms security breach. CSO. Retrieved from https://www.csoonline.com/article/3652335/extortion-group-teases-190gb-of-stolen-data-as-samsung-confirms-security-breach.html
Navillier, L. (2022, March 8). Why Cybersecurity Stocks Are Soaring. Investorplace. Retrieved from https://investorplace.com/2022/03/why-cybersecurity-stocks-are-soaring/
Very well written blog, to be honest, up to date, alot of cyber attacks are happening and alot of organizations pay the ransomware because they hold alot of private information. There are alot of black hat hackers these days and most of them just aim at getting the money paid as ransom, this should be carefully examined as there are many errors and we should avoid the errors because they are what causes the hackers to obtain the private information from the companies. Cyber attacks are everywhere now.
Very interesting blog, especially the focus on the risks to private business. One thing that I would add is that in the cases of infrastructure hits, as you described, there are also risks to health and safety that can arise. For example, if the data that was for ransom was important health information, this could cost lives and disrupt medical treatments. I was also interested in your point that reputation damage occurs, despite the fact that avoiding these attacks is quite difficult. It makes me wonder if, as more companies get hit by these attacks, if the reputational damage involved in being attacked will lessen.
This is a fascinating blog post. In these uncertain times, seeing a cyberwar unfolding is surely terrifying for businesses, investors, and governments, and it has placed their attention on the security of their networks since many of these corporations store private data that hackers and attackers may exploit. These hacks definitely create significant financial and reputational damage to the firm. To keep their data safe, businesses must develop security procedures ahead of time. Companies should evaluate their security systems and, in the event of an attack, incorporate additional safeguards for the future.
It was a well-written post! I started to believe that it became hard for a person to avoid hacks. One can suggest that buisness and companies should start securing their security more as attacks became everywhere. people started paying for ransom-ware to get information from the hackers.I believe nowadays people sarted “playing” with hacks. I also believe each one should secure their private information. Overall, that was a very interesting post to read.
Interesting Post! Despite the countries having a higher security to protect their data and using high technology to prevent other people from accessing it, Other countries still try to steal their data and expose it despite the protection provided by the high tech security and how much money they have spend on it people still find ways to attack other people’s data hence we should be more careful and protect our data and take precautions.
Good Post! It is interesting (and rather scary) to see how successful ransomware attacks have become. The idea of having your data stolen and held hostage is a scary one, especially (as another commenter pointed out) if that data relates to critical systems such as healthcare software. One would think that large technology companies such as Samsung Electronics and NVIDIA would be safe from these attacks, but I guess not. I imagine that as the frequency and success of these attacks rises, more and more companies are going to be putting more of their budgets into cybersecurity measures to defend against these types of attacks.
It’s not only hacker now a days. It’s the big companies who are paying a lot of money to hackers for data. Which means we are losing our our privacy and security to the companies which we trust the most. However, thank you for this amazing post