United Church of God Birmingham, A Christian Fellowship

Be Aware - Watch

Home | Blog | Born To Win Daily Broadcast | Statement of Teachings | Caring Corner Outreach | Be Aware - Watch | Prayer Requests | Announcements | Annual Holy Days | Calendars | Typical Sabbath Services | Weekly Sabbath Messages | Bible Studies | Holy Day Messages | Reference Material

 Matthew 24:42  “Therefore be on alert, for you do not know which day your Lord is coming!"

"Ransomware Boom Comes From Gangs That Operate Like Cloud - Software Unicorns - ‘A Truly Incredible Business Model' " 

From "marketwatch.com"

Roughly 1,000 businesses every week are being hit by hacks that lock up computer networks for ransom, and an extortion attempt on Apple shows a new approach as ransomware-as-a-service attacks explode into view.

If ransomware attacks call to mind hoodie-wearing hackers in basements or bunkers full of coding soldiers, think again. These online assaults are proxy wars where organized cybercrime syndicates adopt business models straight out of Silicon Valley.

JBS SA JBSS3, -0.71%, the world's largest meat-processing company, recently resumed most of its operations after hackers targeted its servers in North America and Australia and issued a ransom demand. Other recent targets have included the ferry operator that connects Martha's Vineyard and Nantucket to the mainland, and Colonial Pipeline in May. Meanwhile, the insurer CNA Financial Corp. reportedly paid $40 million back in March to unfreeze its networks.

While those organizations have grabbed headlines, they're not alone. Roughly 1,000 organizations are being hit by ransomware attacks each week, Check Point Software Technologies Ltd. CHKP, +0.46% recently reported, having more than doubled from the same time last year. Essentially, ransomware is software that threatens to encrypt data or make a victim's computer network useless unless a ransom is paid. The tactic has been adopted by criminal enterprises taking advantage of our increasingly connected world, known as "enablers" or "ransomware-as-a-service" (RaaS) providers, which have adopted the software-as-a-service, or SaaS, model common among cloud-software providers.

RaaS provider "REvil" was behind the JBS incident, and one called "DarkSide" was identified with the Colonial incident, according to the FBI. RaaS providers supply criminals with the software needed to attack and lock up networks for as little as a few dollars along with a cut of any ransom the perpetrators receive, suggesting a business model capable of ridiculously expansive profit margins because the ransoms demanded have skyrocketed in just the past few years.

Unit 42, the global threat intelligence team at Palo Alto Networks Inc. PANW, +2.85%, said the average ransom paid by organizations nearly tripled to about $312,000 in 2020, up from $115,000 in 2019. Late Wednesday, JBS disclosed that it had paid $11 million ransom in bitcoin BTCUSD, +1.33% to avoid further disruption to their plants. In the Colonial attack, the pipeline operator reportedly paid hackers $4.4 million in ransom, but the Justice Department said Monday it has been able to claw back about $2.3 million of that. "It's becoming a booming, lucrative business," Sandra Joyce, head of global intelligence at FireEye Inc. FEYE, +5.70%, told MarketWatch. "And it is not going away." "When I say it is a business, it is a truly incredible business model," Joyce said. "You have ransomware operators, crew affiliates, they supply these affiliates with all the tools and support that they need to go after victims." Now, the continuing trend by cybercriminals appears to be blurring right past seeking a ransom to unlock data and heading straight into extortion with threats to leak intellectual property or corporate secrets online or to the media, Joyce said.

"The future of this could be straight to extortion," Joyce said. "It's a real crisis at this point."


One recent example of the developing approach to ransomware is what Check Point has termed a "triple extortion" attack, the likes of which it says targeted Apple Inc. AAPL, -0.80% business partner Quanta Computer, a Taiwan-based laptop designer, back in April. Hackers, using the REvil service, originally demanded a $50 million ransom from Quanta, Check Point said. "Since the company refused to communicate with the threat actors, the threat actors went on to extorting Apple directly, demanding that Apple purchase back blueprints of their products found on Quanta Computer's network," Check Point said. "Approximately a week later, REvil peculiarly removed Apple's drawings from their official data leak website." Apple declined to comment to MarketWatch regarding the incident.

George Kurtz, CrowdStrike Holdings Inc. CRWD, +6.85% co-founder and chief executive, told MarketWatch in an interview that one of his biggest concerns in cybersecurity is how quickly criminals are learning to flout protections.

"The pace of innovation in terms of these attacks continues to ramp up," Kurtz said. "Just ransomware-as-a-service, just how organized they are, the new techniques they come out with, it's very rapid." "It's working, and they're getting paid," Kurtz said. "Big payments are being made at very little risk to the actors."

On the whole, healthcare, utilities and insurance are the industries most often hit, according to Check Point, while Unit 42 said in a recent report that it found cybercriminals tend to favor overworked networks, "often to the point that it overwhelms DevOps and Security teams."


"For example, the number of security incidents in the retail, manufacturing, and government [categories] rose by 402%, 230%, and 205%, respectively," the Unit 42 report said. "This trend is not surprising as these industries were among those facing pressures to adapt and scale in the face of the pandemic - retailers for basic necessities, manufacturing and government for COVID-19 supplies and aid." These cybercriminals are putting organizations in an impossible situation, FireEye's Joyce said. Hospitals have to decide whether to pay up or cease treating patients, and companies have to decide whether to pay or have their corporate secrets released, all the while cognizant that paying up further finances and incentivizes these groups, she said.

"This is very organized, and there's an entire business model in place so not only is the software platform very user-friendly and sophisticated, they interview their potential candidates, in one case they had to speak fluent Russian to pass," FireEye's Joyce said. That would support findings from cybersecurity firm Check Point that called attention to the REvil "working rules" that were posted to underground forums. Potential REvil clients were told that it is "forbidden" to target organizations in the Commonwealth of Independent States and Ukraine, comprising much of the former Soviet Union.

"It's open season on U.S. businesses and the West," FireEye's Joyce said. "The chatter places limits on Russian targets." While a few years ago most ransomware demands in the six figures would be considered "unbelievable," demands for seven- and eight-figure sums have become much more commonplace, she said. Both FireEye's Joyce and CrowdStrike's Kurtz told MarketWatch that the only real solution to the growing problem is through policy making, and getting nations where cybercriminals are based to hold them accountable for their crimes.

Last week, President Joseph Biden called ransomware attack a "rising national-security concern" and has said that he will raise the issue of cyberattacks with Russian President Vladimir Putin at a meeting later this month, according to the White House. Reuters reported that the Justice Department is raising ransomware investigations to the same level as those for terrorism. A request to the Justice Department for comment on the action has yet to be returned.

Across the board, such cybersecurity companies as CrowdStrikePalo Alto NetworksFireEye and Zscaler Inc. ZS, +4.55% have reported surging revenue over the past year as the COVID-19 pandemic broadened the threat landscape out to work-from-home situations and vulnerable industries became low-hanging fruit for cybercriminals.

That, however, has had an uneven effect on stocks in the sector as it seems that both sales of cybersecurity services and high-profile attacks are surging in tandem. Over the past 12 months, the ETFMG Prime Cyber Security ETF HACK, +1.46% has risen 35%, while the S&P 500 index SPX, +0.47% has advanced 33%.


"G-7 Countries Agree to Back a Minimum Global Tax of 15% for Corporations"

From "barrons.com"

In a statement following a Saturday meeting, the G-7 countries-Canada, France, Germany, Italy, Japan, the United Kingdom, and the U.S.-said they would support a plan to impose a global minimum tax of 15% on multinational companies and to allocate taxes from large, profitable global firms to the regions where they operate. The finance ministers said they hope to make further progress toward a global agreement at the July meeting for the Group of 20 finance officials.

Treasury Secretary Janet Yellen said in a statement Saturday morning that "the G-7 Finance Ministers have made a significant, unprecedented commitment today that provides tremendous momentum towards achieving a robust global minimum tax at a rate of at least 15%."

The move had previously garnered support from U.S. President Joe Biden, who floated the idea to Republicans as a way to finance an ambitious infrastructure package, Reuters reports.


According to economists at Bank of America, about 60% of U.S. multinationals' reported foreign income was booked in seven small countries with "relatively small economies" in 2019: Bermuda, the Cayman Islands, Ireland, Luxembourg, the Netherlands, Singapore, and Switzerland. 

While that share of revenues stopped increasing after the U.S. passed the 2017 Tax Cuts and Jobs Act, which included a handful of measures to limit companies' ability to shift profits to lower-tax jurisdictions, "the share did not decrease meaningfully and so profit shifting remains a major concern," the economists wrote. 

"Democrats and Republicans are likely to disagree on the efficacy of the proposed changes. But beneath this disagreement there is common ground on cracking down on profit shifting," they added. 

The 15% figure is lower than the 21% global minimum tax originally supported by the White House, which Reuters reports has been offered instead of raising the U.S. corporate tax rate to 28% from 21%. 

As of late April, strategists at Goldman Sachs expected tax increases on foreign and domestic profits to reduce earnings of S&P 500 companies by about 3% in 2022, compared with what companies would otherwise earn under current U.S. tax policy.


"Meat Supplier JBS Paid Ransonware Hackers $11 Million" 

From "cnbc.com"

JBS, the largest beef supplier in the world, paid the ransomware hackers who breached its computer networks about $11 million, the company said Wednesday.

The company was hacked in May by REvil, one of a number of Russian-speaking hacker gangs, leading to meat plants across the U.S. and Australia shutting down for at least a day. News of the payment was first reported by The Wall Street Journal. Like many ransomware groups, REvil has made millions in recent years by hacking organizations, encrypting their files and demanding a fee, often a large bitcoin payment, in exchange for a decryptor program and a promise not to leak those files to the public.

In a statement, JBS indicated that while it was able to get most of its systems operational without REvil's help, it chose to pay to keep its files safe. "At the time of payment, the vast majority of the company's facilities were operational," the company said in an emailed statement, adding that it "made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated."

The U.S. government has long recommended ransomware victims not pay their attackers, though most ransomware gangs are not sanctioned entities and paying them is not illegal. JBS CEO Andre Nogueira defended the decision to pay.

"This was a very difficult decision to make for our company and for me personally," Nogueira said in the statement. "However, we felt this decision had to be made to prevent any potential risk for our customers."

The news of JBS' payment comes on the heels of congressional testimony from Joseph Blout, CEO of Colonial Pipeline, a major U.S. fuel pipeline that was recently hacked by a different Russian ransomware group, called DarkSide. In Senate testimony Tuesday, he called the decision to pay "the right thing to do for the country."

In an unusual move, the Justice Department announced Monday that it was able to recover part of the payment that Colonial sent to its hackers. The FBI declined to give specifics on how, however, leaving it unclear how frequently such a tactic could be deployed.


Enter supporting content here

Powered by Register.com