Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Our partner program is designed with flexibility in mind for partners who are at various stages of their business lifecycle. With financial investment and dedicated resources, you will continue to grow with TuxCare.
Would you like to work with a leader in open source and Linux security that values innovation and partnerships?
Partners receive benefits that are designed to reward the commitment that they have made to the sale of our products and services.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
September 21, 2022
data exfil, data exfiltration, ransomware
Ransomware has become such a common threat over the last few years that companies anticipate coming face to face with an attack at some point. Nonetheless, victims’ lack of adequate preparedness still drives many of the attacks, while the high price of cryptocurrencies added fuel to the fire.
Many threat actors worldwide jumped in on the ransomware action, driving rapid growth as companies opened the door to extortion through poor security, lackluster patch management, and backups that just don’t work.
While ransomware isn’t going away anytime soon, it is somewhat losing its shine for criminals. This is partly happening because some organizations are getting better at defending their technology assets, and lower crypto valuations have reduced gains.
While looking for another opportunity, threat actors have focused on something more dangerous than ransomware: data exfiltration.
Data exfiltration – or just exfil – is becoming a more common threat. We noticed its growing prevalence emerging earlier this year as we saw attacks at Microsoft, Nvidia, and other large tech firms.
Take this year’s attack on Nvidia, for example. Threat group Lapsus$ entangled Nvidia in a complex exchange where the chipmaker was threatened with the public exposure of source code for its proprietary Deep Learning Super Sampling (DLSS) technology. If Nvidia’s code were published publicly, it would substantially undermine the company’s competitive position.
And that’s what exfil is all about. Instead of focusing on encrypting data and threatening data loss, exfil attacks are about exposing consequential, private data to the public. The next step is similar to ransomware: the attacker proceeds to extort the victim, threatening to release the data to the public or to sell it to a third party.
In fact, Seventy percent of ransomware attacks now involve a threat to leak the data exfiltrated by the ransomware. This was up 43 percent from the previous quarter, confirming that the threat of data exfiltration has rapidly become part of the new ransomware normal.
In the tech sector, proprietary technology is the core competitive advantage. How this technology works – or the source code for it – is incredibly valuable. Competitors accessing trade secrets can completely undermine the company that initially developed the technology.
And it’s not even just the proprietary technology itself – it’s confidential business processes, algorithms, conference call recordings… and this is relevant across all industries.
It’s not difficult to see those malevolent actors that access this information can pose a genuine, very worrying threat – the threat to take away a company’s competitive advantage. It’s a much more significant danger than ransomware: lost data is lost data and no more. Often this data can be recovered to a degree, and practices are being put in place to reduce the impact of this type of attack. Leaked information, on the other hand, can cause much more damage.
There’s a cross-border complicating factor to exfil too. Information exfiltration is increasingly the result of the complex state of the world today. There is a significant demand for the transfer of intellectual property from one country to the next – across competing geopolitical lines. Moreover, some countries might even be “lenient” to local threat actors that focus their attacks on the other side of the geopolitical line.
One of the themes driving the information exfiltration game is how malicious actors are increasingly choosing to stay undetected for as long as possible. Cybersecurity teams have been noting this behavior for quite some time – where threat actors linger for a much longer time in a system before revealing their presence.
It completely contrasts with past actions that took the approach of a “you’ve been hacked” message flashing across the screen. By taking this approach, the attacker has more time to observe how information flows across a network, doing more intensive reconnaissance – with more opportunities to find the juicy stuff. Quietly lingering for longer allows for more opportunities for harm.
The cybersecurity strategies against ransomware will also guard against exfil extortion – it’s just that organizations are now even more critical to take these measures. Many companies have ransomware protection in place – backup strategies and more finely-grained access to systems and data, for example.
These measures still work against ransomware and will be a strong deterrent against attacks driven by information exfiltration. As we’ve suggested many times, that includes one of the most critical parts of cybersecurity risk management: keeping your systems patched consistently because patching closes many easy paths to a successful cyberattack.
However, traditional patching that relies on maintenance windows won’t cut it anymore. It’s simply not sufficiently responsive against fast-moving threats. Instead, consider live patching from TuxCare.
Our KernelCare Enterprise solution immediately protects your workloads against threats, eliminating the lag caused by maintenance windows – and reducing the opportunity for attackers to find a way in. Learn more about what KernelCare Enterprise can do here.
Talk To An Cybersecurity Expert
Follow Us on Social
TuxCare services automate, simplify, & enhance Linux ops, giving your organization more flexibility.
Follow, like, retweet ≠ endorsement
Ransomware Attack on Medical Associates of the Lehigh Valley Affects 75K Patients. via HIPAA Journal #HIPAA #cybersecurity #healthit #PHI #ransomware
Attackers Used OAuth Apps to Control Exchange Servers and Spread Spam - https://www.integraldefence.com/cyber-news/attackers-used-oauth-apps-to-control-exchange-servers-and-spread-spam/ - #cyber #cybernews #cybersecurity #cyberdefense #cyberattack #integraldefence #vpn
#SysAdmins are responsible for tens of thousands of #servers; even a minor slowdown can result in significant technical issues. Does #LivePatching cause or aid in resolving these issues?
Learn More: https://bit.ly/3PcUg3l
#Linux #CyberSecurity #Vulnerability #CVEPatching
Tell us your challenges and our experts will help you find the best approach to address them with the TuxCare product line.