Dubai, United Arab Emirates : Sophos, a global leader in innovating and delivering cybersecurity as a service, today shared its sector survey report, “The State of Ransomware in Healthcare 2023,” which revealed that, among those organizations surveyed, cybercriminals successfully encrypted data in nearly 75% of ransomware attacks. This is the highest rate of encryption in the past three years and a significant increase from the 61% of healthcare organizations that reported having their data encrypted last year.In addition, only 24% of healthcare organizations were able to disrupt a ransomware attack before the attackers encrypted their data—down from 34% in 2022; this is the lowest rate of disruption reported by the sector over the past three years.“To me, the percentage of organizations that successfully stop an attack before encryption is a strong indicator of security maturity. For the healthcare sector, however, this number is quite low—only 24%. What’s more, this number is declining, which suggests the sector is actively losing ground against cyberattackers and is increasingly unable to detect and stop an attack in progress.“Part of the problem is that ransomware attacks continue to grow in sophistication, and the attackers are speeding up their attack timelines. In the latest Active Adversary Report for Tech Leaders, we found that the median time from the start of a ransomware attack to detection was only five days. We also found that 90% of ransomware attacks took place after regular business hours. The ransomware threat has simply become too complex for most companies to go at it alone. All organizations, especially those in healthcare, need to modernize their defensive approach to cybercrime, moving from being solely preventative to actively monitoring and investigating alerts 24/7 and securing outside help in the form of services like managed detection and response (MDR),” said Chester Wisniewski, director, field CTO, Sophos.Additional key findings from the report include:In 37% of ransomware attacks where data was successfully encrypted, data was also stolen, suggesting a rise in the “double dip” methodHealthcare organizations are now taking longer to recover, with 47% recovering in a week, compared to 54% last yearThe overall number of ransomware attacks against healthcare organizations surveyed declined from 66% in 2022 to 60% this yearCompromised credentials were the number one root cause of ransomware attacks against healthcare organizations, followed by exploitsThe number of healthcare organizations surveyed that paid ransom payments declined from 61% last year to 42% this year. This is lower than the cross-sector average of 46%“In 2016, the Red Cross Hospital of Córdoba in Spain suffered a ransomware attack that reached servers and encrypted hundreds of files, medical records and other important patient information. It was a major disruption to our operations and interfered with our ability to care for our patients. The stakes are high in ransomware attacks against healthcare organizations—and attackers know that—meaning we’ll always be a target. After this ransomware attack, we worked hard with Tekpyme to bolster our defenses, and now we have reduced our incident response time by 80%. I think the industry as a whole is making improvements, but there is still work to do, because of the constantly changing nature of cybercrime. Hopefully healthcare organizations can leverage the help that is available from security vendors such as Sophos to prevent a very real ‘threat to life’ if systems go offline due to a ransomware attack,” said José Antonio Alcaraz Pérez, head of information systems and communications at Cruz Red Andalusia in Spain.“Cyberspace today is ripe with technically sophisticated actors looking for vulnerabilities to exploit. What all this translates to is a multidimensional cyberthreat of actors who have the tools to paralyze entire hospitals. Partnering with the private sector is critical to our mission. The information [they] share has real-world impacts and can save real businesses and real lives,” said Christopher Wray, FBI Director.Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:Strengthen defensive shields with:Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-ransomware and anti-exploit capabilitiesZero Trust Network Access (ZTNA) to thwart the abuse of compromised credentialsAdaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond24/7 threat detection, investigation and response, whether delivered in-house or by a specialized Managed Detection and Response (MDR) providerOptimize attack preparation, including regularly backing up, practicing recovering data from backups and maintaining an up-to-date incident response planMaintain security hygiene, including timely patching and regularly reviewing security tool configurationsTo learn more about the State of Ransomware in Healthcare 2023, download the full report from Sophos.com.The State of Ransomware 2023 survey polled 3,000 IT/cybersecurity leaders in organizations with between 100 and 5,000 employees, including 233 from the healthcare sector, across 14 countries in the Americas, EMEA and Asia Pacific.

Dubai: United Arab Emirates: Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced that it had uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users and bring in thousands of dollars a month. As detailed in Sophos X-Ops' latest report, “’FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash,” these apps have popped up in both the Google Play and Apple App Store, and, because the free versions have near-zero functionality and constant ads, they coerce unsuspecting users into signing up for a subscription that can cost hundreds of dollars a year. “Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception. With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple App and Google Play Stores to download anything that resembles ChatGPT. These types of scam apps what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription. They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment,” said Sean Gallagher, principal threat researcher, Sophos. In total, Sophos X-Ops investigated five of these ChatGPT fleeceware apps, all of which claimed to be based on ChatGPT’s algorithm. In some cases, as with the app “Chat GBT,” the developers played off the ChatGPT name to improve their app’s ranking in the Google Play or App Store. While OpenAI offers the basic functionality of ChatGPT to users for free online, these apps were charging anything from $10 a month to $70.00 a year. The iOS version of “Chat GBT,” called Ask AI Assistant, charges $6 a week—or $312 a year—after the three-day free trial; it netted the developers $10,000 in March alone. Another fleeceware-like app, called Genie, which encourages users to sign up for a $7 weekly or $70 annual subscription, brought in $1 million over the past month. The key characteristics of so-called fleeceware apps, first discovered by Sophos in 2019, are overcharging users for functionality that is already free elsewhere, as well as using social engineering and coercive tactics to convince users to sign up for a recurring subscription payment. Usually, the apps offer a free trial but with so many ads and restrictions, they’re barely useable until a subscription is paid. These apps are often poorly written and implemented, meaning app function is often less than ideal even after users switch to the paid version. They also inflate their ratings in the app stores through fake reviews and persistent requests of users to rate the app before it’s even been used or the free trial ends. “Fleeceware apps are specifically designed to stay on the edge of what’s allowed by Google and Apple in terms of service, and they don’t flout the security or privacy rules, so they are hardly ever rejected by these stores during review. While Google and Apple have implemented new guidelines to curb fleeceware since we reported on such apps in 2019, developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up. While some of the ChatGPT fleeceware apps included in this report have already been taken down, more continue to pop up and it’s likely more will appear. The best protection is education. Users need to be aware that these apps exist and always be sure to read the fine print whenever hitting ‘subscribe.’ Users can also report apps to Apple and Google if they think the developers are using unethical means to profit,” said Gallagher. All apps included in the report have been reported to Apple and Google. For users who have already downloaded these apps, they should follow the App or Google Play store’s guidelines on how to “unsubscribe.” Simply deleting the fleeceware app will not void the subscription. Learn more about these scam ChatGPT apps and how to avoid them in ’FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash on Sophos.comLearn More About Fleeceware apps on the Google Play and Apple App Store How to use ChatGPT to your advantage when thwarting cyberattackers in GPT for you and me: Applying AI language processing to cyber defensesAttacker behaviors, techniques and tactics in the 2023 Active Adversary Report for Business Leaders, based on analysis of Sophos incident response casesThe threat landscape and trends likely to impact cybersecurity in the 2023 Threat ReportSophos X-Ops and its groundbreaking threat research by subscribing to the Sophos X-Ops blogs

Dubai, United Arab Emirates – Sophos, a global leader in innovating and delivering cybersecurity as a service, today published a new survey report, “The State of Cybersecurity 2023: The Business Impact of Adversaries on Defenders,” which found that, globally, 93% of organizations find the execution of some essential security operation tasks, such as threat hunting, challenging. These challenges also include understanding how an attack happened, with 75% of respondents stating they have challenges identifying the root cause of an incident. This can make proper remediation difficult, leaving organizations vulnerable to repetitive and/or multiple attacks, by the same or different adversaries, especially since 71% of those surveyed also reported challenges with timely remediation.In addition, 71% said they have challenges understanding which signals/alerts to investigate, and the same percent reported challenges prioritizing investigations."Only one fifth of respondents considered vulnerabilities and remote services a top cybersecurity risk for 2023, yet the ground truth is that these are routinely exploited by Active Adversaries. This cascade of operational issues means that these organizations aren't seeing the full picture and are potentially acting on incorrect information. There's nothing worse than being confidently wrong. Having external audits and monitoring helps eliminate blind spots. We can look at you the way an attacker does,” said John Shier, field CTO, commercial, Sophos.Additional findings include:52% of organizations surveyed said that cyberthreats are now too advanced for their organization to deal with on their own64% wish the IT team could spend more time on strategic issues and less time on firefighting, and 55% said that the time spent on cyberthreats has impacted the IT team’s work on other projectsWhile 94% said they are working with external specialists to scale their operations, the majority still remain involved with managing threats rather than taking a fully outsourced approach"Today's threats require a timely and coordinated response. Unfortunately, too many organizations are stuck in reactive mode. Not only is this having an impact on core business priorities, but it also has a sizeable human toll, with over half of respondents stating that cyberattacks are keeping them up at night. Eliminating the guesswork and applying defensive controls based on actionable intelligence will let IT teams focus on enabling the business instead of trying to douse the eternal flame of active attacks,” said Shier.To learn more about The State of Cybersecurity 2023: The Business Impact of Adversaries on Defenders, download the full report from Sophos.com.Data from The State of Cybersecurity 2023: The Business Impact of Adversaries on Defenders comes from an independent study of 3,000 leaders responsible for IT/cybersecurity across 14 countries conducted in January and February 2023.

 Sophos, a global leader in innovating and delivering next-generation cybersecurity as a service, today published a new sectoral survey report, “The State of Ransomware in Manufacturing and Production,” which found that the sector had the highest average ransom payment across all sectors—$2,036,189 versus $812,360, respectively. In addition, 66% of manufacturing and production organizations surveyed reported an increase in the complexity of cyber attacks, and 61% reported an increase in the volume of cyber attacks when compared to the previous year’s survey. The increase in complexity and volume is also 7% and 4% higher than the cross-sector average, respectively.“Manufacturing is an attractive sector to target for cybercriminals due to the privileged position it occupies in the supply chain. Outdated infrastructure and lack of visibility into the OT environment provides attackers with an easy way in and a launching pad for attacks inside a breached network. The convergence of IT and OT is increasing the attack surface and exacerbating an already complex threat environment,” said John Shier, senior security advisor, Sophos. “While having reliable backups is an important part of recovery, today's ransomware threat requires a detailed response plan that includes human-led threat hunting capabilities. Complex attacks require comprehensive protection, which, for many organizations, will include the addition of managed detection and response (MDR) teams who are trained to look for and neutralize active attackers.”While manufacturing and production had the highest average ransom payment, the percentage of organizations that actually paid the ransom was among the lowest across sectors (33% versus 46% for the cross-sector average).Additional findings include:The manufacturing and production sector had the lowest attack rate, tied with financial services, with only 55% of organizations surveyed targeted by ransomwareHowever, the percentage of manufacturing and production organizations hit by ransomware increased by 52% over the previous year’s report (up from 36% in the 2021 survey report)The sector also had the lowest encryption rate (57% versus 65% for the cross-sector average)Only 75% of those surveyed reported having cyber insurance—the lowest percentage across all sectorsIn light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors:Install and maintain high-quality defenses across all points in the environment. Review security controls regularly and make sure they continue to meet the organization’s needsProactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) teamHarden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purposePrepare for the worst, and have an updated plan in place of a worst-case incident scenarioMake backups, and practice restoring them to ensure minimal disruption and recovery time