Latest news with #DeepenDesai
Forbes
31-07-2025
- Business
- Forbes
Hackers Threaten To Publish 3.5 TB Of Stolen Data In 24 Hours
There are two cybersecurity threats that we seem unable to escape from of late: ransomware and data breaches. A recent analysis of more than 1,297 breaches revealed that data breaches increasingly drive ransomware attacks. Although there is the odd anomaly, such as the cybercriminals who threaten to permanently destroy data, the vast majority of ransomware attacks are now more focused on stealing data and using it to extort the victims than ever. "Ransomware tactics continue to evolve, with the growing shift toward extortion over encryption as a clear example," Deepen Desai, Cybersecurity executive vice president at Zscaler, told me just this week. If you want an example of this, look no further than the Safepay ransomware hackers who have given Ingram Micro until August 1 to pay a ransom or face the publication, the group says, of 3.5 TB of stolen data. Here's what you need to know. Safepay Hackers Threaten To Publish 3.5 TB Of Allegedly Stolen Ingram Micro Data Safepay is a group of ransomware hackers that first burst onto the cybercrime scene in 2024, successfully targeting at least 20 organizations. It has been reported that the group appears to 'share a lot of similarities with the LockBit ransomware family,' and, as such, could be a splinter group or rebranding of the notorious threat actors. What is much clearer, however, is that like most modern ransomware threats, Safepay favors double extortion involving not only encrypting systems but holding stolen data to ransom. On July 5, Ingram Micro, a global information technology services giant, confirmed that it had been a victim of a ransomware attack. Stating that it had 'recently identified ransomware on certain of its internal systems,' Ingram Micro said it had taken 'steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures.' What has been less clear, however, is what, if any, data was stolen during this attack. Updates from the company have said that it is continuing to investigate 'the scope of the incident and affected data,' but had not responded to my request for a further statement at the time of publication. The Safepay hackers claiming responsibility, however, have been more vocal. It has now been reported that the ransomware actors have a countdown clock running on their data leak site that gives August 1 as the deadline before 3.5 TB of alleged Ingram Micro stolen data will be published. "This is a tactic threat actors use to place more pressure on victims, hoping to encourage them into paying,' Peter King, principal consultant at Acumen Cyber said, adding that 'given the notice is still up on Safepay's leak site, this suggests Ingram Micro hasn't opted to pay.' "Organizations can protect against SafePay and similar types of ransomware attacks by placing strict access controls on their systems, strong authentication like multi-factor authentication,' Chris Hauk, a consumer privacy champion at Pixel Privacy, advised, 'monitoring for newly discovered vulnerabilities, and implementing secure VPN connections to provide remote access." This is a developing story, and I will update it as more information, from the hackers or Ingram Micro, is forthcoming.
Associated Press
29-07-2025
- Business
- Associated Press
Ransomware Surges as Attempts Spike 146% Amid Aggressive Extortion Tactics
Key Findings: SAN JOSE, Calif., July 29, 2025 (GLOBE NEWSWIRE) -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today published its annual Zscaler ThreatLabz 2025 Ransomware Report. The report examines the latest trends shaping the ransomware threat landscape, revealing how attacks are adapting and escalating. It highlights the most targeted sectors and regions, profiles the most active ransomware families, analyzes shifting attack methodologies, and provides actionable recommendations to help organizations strengthen their defenses. ThreatLabz's findings underscore the critical importance of organizations adopting a comprehensive Zero Trust Everywhere strategy. This approach is essential to prevent ransomware and other malicious threats from lateral movement and compromising sensitive user data, applications, and information. 'Ransomware tactics continue to evolve, with the growing shift toward extortion over encryption as a clear example,' said Deepen Desai, EVP Cybersecurity, Zscaler. 'GenAI is also increasingly becoming part of the ransomware threat actor's playbook, enabling more targeted and efficient attacks. As threats advance, security measures must keep pace. The Zscaler Zero Trust Exchange™ platform empowers organizations to shrink their attack surface, identify and block initial compromise threats, prevent lateral movement, and stop data exfiltration to shut down extortion events before they happen.' Data Demand Fuels Steady Attack Growth Ransomware attacks are intensifying at an alarming rate, with attempted attacks blocked in the Zscaler cloud up 146% year-over-year. This escalation reflects a strategic shift: ransomware groups are increasingly prioritizing extortion over encryption. Accordingly, the report details a 92% increase in the total volume of exfiltrated data by 10 major ransomware groups in the past year, rising from 123 TB to 238 TB. This emphasis on data theft—and the threat of exposure—allows attackers to exert greater pressure on victims, amplifying the impact of ransomware on organizations globally. Industries Under Siege Cybercriminals continue to focus on the high-stakes environments of the Manufacturing (1,063 attacks), Technology (922), and Healthcare (672) sectors, making them the most frequently hit by ransomware over the past year. These industries are particularly vulnerable due to the potential for operational disruption, the sensitivity of stolen data, and the associated risks of reputational damage and regulatory fallout. The Oil & Gas sector has seen a staggering increase in ransomware attacks, spiking over 900% year-over-year. This surge is likely a result of increased automation of systems that control critical infrastructure, including drilling rigs and pipelines, expanding the sector's attack surface, coupled with outdated security practices. United States Is the Target of Half of All Ransomware Attacks Leak site data highlights a distinct geographic disparity, with victims in the United States accounting for 50% of ransomware attacks, significantly outpacing Canada (5%) and the United Kingdom (4%). Ransomware attacks in the U.S. more than doubled to 3,671, exceeding the combined total number of attacks reported across all other countries in the top 15 most-targeted countries. This concentration demonstrates how threat actors continue to strategically target digitally concentrated, high-value economies. Ransomware Groups Driving the Surge Several highly active groups continued to dominate the ransomware ecosystem, with RansomHub leading the pack, claiming the highest number of publicly named victims at 833. Akira and Clop have both moved up in the ransomware attack rankings since last year. Akira, associated with 520 victims, has steadily expanded its reach through numerous affiliates and initial access brokers. Clop, known for its focus on supply chain attacks, is close behind with 488 victims, employing an effective strategy of exploiting vulnerabilities in commonly used third-party software. Zscaler ThreatLabz identified 34 newly active ransomware families over the past year, bringing the total number tracked to 425 since their research began, and has a public GitHub repository that now hosts 1,018 ransomware notes, with 73 added in the last year. How Zscaler Stops Ransomware with Zero Trust + AI Ransomware flourishes in environments with fragmented security, limited visibility, implicit trust, and outdated legacy architectures that amplify risk rather than reduce it. The Zscaler Zero Trust Exchange mitigates these risks by replacing traditional, network-centric models with a cloud-native, AI-driven zero trust architecture, and stops ransomware at every stage of the attack life cycle by: Additional AI-powered ransomware protections from Zscaler include: Download the Report Get the full ThreatLabz 2025 Ransomware Report to explore how Zscaler ThreatLabz plays an active role in protecting enterprises worldwide. Download today. Research Methodology The research methodology for this report is a comprehensive process that uses multiple data sources to identify and track ransomware trends. The ThreatLabz team collected data between April 2024 and April 2025 from sources including the Zscaler global security cloud, and the team's own analysis of ransomware samples and attack data. About ThreatLabz ThreatLabz is the security research arm of Zscaler. This world-class team is responsible for hunting new threats and ensuring that the thousands of organizations using the global Zscaler platform are always protected. In addition to malware research and behavioral analysis, team members are involved in the research and development of new prototype modules for advanced threat protection on the Zscaler platform, and regularly conduct internal security audits to ensure that Zscaler products and infrastructure meet security compliance standards. ThreatLabz regularly publishes in-depth analyses of new and emerging threats on its portal, About Zscaler Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange™ platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 160 data centers globally, the SASE-based Zero Trust Exchange is the world's largest in-line cloud security platform. Media Contact: Nick Gonzalez [email protected] A photo accompanying this announcement is available at
Techday NZ
24-04-2025
- Business
- Techday NZ
AI use in enterprises soars but brings surge in cyber risks
A surge of over 3,000% in enterprise use of artificial intelligence and machine learning tools has been revealed by Zscaler's ThreatLabz 2025 AI Security Report, with significant security concerns arising alongside this sharp growth. The ThreatLabz 2025 AI Security Report analysed more than 536 billion AI transactions processed between February and December 2024 within the Zscaler Zero Trust Exchange platform. This study highlights real-world threats including AI-enhanced phishing, fraudulent AI platforms, and increased risks related to agentic AI and open-source models such as DeepSeek. The report found that ChatGPT dominated usage, accounting for 45.2% of all AI/ML transactions, making it both the most popular and the most-blocked AI application. Grammarly and Microsoft Copilot followed as the second and third most-blocked tools, reflecting widespread enterprise concerns about data leakage and unsanctioned use of these platforms. "We had no visibility into [ChatGPT]. Zscaler was our key solution initially to help us understand who was going to it and what they were uploading," said Jason Koler, Chief Information Security Officer at Eaton Corporation. Agentic AI and the open-source DeepSeek model have opened new avenues for threat actors to exploit AI technologies, allowing them to automate and scale attacks at an unprecedented rate. The report notes that DeepSeek, originating from China, has begun to challenge established American players such as OpenAI, Anthropic, and Meta, providing strong performance, open access, and affordability, yet also introducing significant security challenges. Enterprises provided substantial data volumes to AI tools, sending a total of 3,624 terabytes during the review period. This data movement signifies deep integration of AI into business operations. However, organisations blocked 59.9% of all AI/ML transactions, reflecting heightened awareness and proactive efforts to manage risks around data exposure, unauthorised access, and regulatory compliance. "As AI transforms industries, it also creates new and unforeseen security challenges," said Deepen Desai, Chief Security Officer at Zscaler. "Data is the gold for AI innovation, but it must be handled securely. The Zscaler Zero Trust Exchange platform, powered by AI with over 500 trillion daily signals, provides real-time insights into threats, data, and access patterns—ensuring organisations can harness AI's transformative capabilities while mitigating its risks. Zero Trust Everywhere is the key to staying ahead in the rapidly evolving threat landscape as cybercriminals look to leverage AI in scaling their attacks." Regionally, Australia has emerged among the top generators of AI/ML transactions, alongside the United States, India, Canada, Germany, Japan, and the United Kingdom. In the Asia-Pacific region, India led with 36.4% of activity, followed by Japan (15.2%) and Australia (13.6%). The global distribution saw the United States with 46.2% of transactions, followed by India (8.7%), the United Kingdom (4.2%), Germany (4.2%), Japan (3.6%), Canada (3.6%), and Australia (3.3%). The finance and insurance sector generated the largest share of enterprise AI/ML traffic at 28.4%, with manufacturing following at 21.6%. The services (18.5%), technology (10.1%), healthcare (9.6%), and government (4.2%) sectors also showed substantial AI/ML activity, each encountering unique regulatory and security challenges amidst new AI-driven use cases such as fraud detection, risk modelling, supply chain optimisation, robotics automation, and customer service automation. "The rapid rise of AI adoption across Australia and New Zealand is reshaping the way employees and organisations work, driving productivity and unlocking new possibilities. Industries like finance and manufacturing are leading the way, but this surge in AI usage also shines a spotlight on the urgent need for robust security measures to protect sensitive data and sustain innovation," said Eric Swift, Vice President & Managing Director, Zscaler Australia and New Zealand. "At Zscaler, we're seeing AI usage skyrocket—ThreatLabz has recorded a staggering 36-fold increase in AI transactions year-on-year globally. While this surge is helping businesses supercharge their operations, it also brings new cyber risks that we can't afford to ignore. The Zscaler Zero Trust Exchange is here to help businesses confidently embrace AI. With unmatched visibility, control, and security, we're ensuring that organisations in Australia and New Zealand can scale their AI adoption safely, boost innovation, and build trust in how sensitive information and data is handled." The report indicates that, while the adoption of AI is delivering substantial productivity gains, it has also exposed organisations to a "rapidly evolving threat landscape". The need for upskilling is pronounced, with 83% of Australian business leaders prioritising AI adoption by 2025 and 40% identifying training as essential. Zscaler continues to promote its zero trust security model as a measure to address these emerging risks. Key strategies detailed in the report include data classification, breach prediction, real-time AI insights, threat protection, and app segmentation, all designed to manage risk and limit exposure as enterprises increase their use of AI tools.
