Latest news with #VerizonDataBreachInvestigationsReport
Express Tribune
5 days ago
- Express Tribune
Cracks in Pakistan's digital armour
A shocking global data breach has compromised the Internet user credentials for over 180 million Pakistanis, according to a recent advisory from the National Cyber Emergency Response Team of Pakistan (PKCERT), exposing serious vulnerabilities and systemic gaps within the country's cybersecurity, law enforcement and legal frameworks. The exposed data includes usernames, passwords, emails, and URLs linked to widely used online services, noted the advisory issued Monday. The services affected range from global tech giants like Google, Apple, Microsoft, Facebook, Instagram and Snapchat, to critical platforms including government portals, banks, educational institutions and healthcare providers. The breach originated from info-stealer malware, a type of malicious software that silently extracts sensitive information from infected devices and transmits it back to cybercriminals. Alarmingly, the stolen data was left completely unencrypted and openly accessible online, providing a goldmine for hackers. This exposure immediately places millions of Pakistani Internet users at risk of identity theft, financial fraud, account takeovers and targeted phishing attacks. It highlights users' widespread habit of password reuse — with just one compromised password, attackers can potentially access multiple accounts across different platforms. The fallout is already fueling a surge in 'credential stuffing' attacks, an automated technique in which hackers test stolen username-password combinations across various websites to hijack accounts. As this data circulates freely online, the scale and speed of such attacks are expected to rise, compounding the threat to Pakistan's digital ecosystem. Data breaches are occurring with increasing frequency and severity around the world. The 2023 Verizon Data Breach Investigations Report found that over 80 per cent of breaches involved compromised credentials, one of the most common and effective cyberattack vectors. While this is a global trend, Pakistan faces additional challenges due to its limited cybersecurity infrastructure and low levels of public awareness. As highlighted in Trends in Cyber Breaches Globally, the country mirrors international patterns in terms of threats but lacks the institutional resilience and public preparedness necessary to respond effectively. This latest breach pulls back the curtain on the recurring and alarming vulnerabilities within Pakistan's digital ecosystem. Between 2019 and 2023, over 2.7 million citizens' records from the National Database and Registration Authority (NADRA) were compromised. When a Joint Investigation Team uncovered the NADRA leak, they found personal information of citizens gathered from Karachi, Multan and Peshawar, underscoring how key parts of the country remain highly susceptible to cyber threats. Such incidents not only compromise individual privacy but also erode public confidence in digital governance, making the need for strong security measures even more urgent. In the wake of the breach, Pakistan's digital security has come under intense international scrutiny. Global partners and investors are questioning the country's capacity to safeguard sensitive data in the face of repeated large-scale leaks. Cybersecurity risks are a key part of international due diligence, and a poor track record significantly diminishes Pakistan's appeal to foreign direct investment (FDI). Digital insecurity doesn't just deter investment, it also jeopardises international partnerships, technology transfers and broader participation in the global digital economy. The reputational damage from such incidents is not easily reversed, and demands wide-ranging reforms and demonstrable improvements. PKCERT has advised the public to immediately change their passwords, ensuring they are strong and unique for each online account. It also recommends enabling multi-factor authentication (MFA) wherever possible. MFA adds an extra layer of security by requiring an additional form of verification — such as a one-time password (OTP), biometric scan or hardware token — alongside the standard password, all but eliminating the risk of unauthorised access, even if a user's password is compromised. That said, cybersecurity responsibility should not fall solely on individuals. The recent breach of a local news channel's databases illustrates a more serious systemic problem: the profound disconnect between rapid advances in technology and the ability of Pakistan's law enforcement, judiciary and legal practitioners to keep up. Investigating cybercrime to an acceptable degree requires a unique blend of technical, legal and forensic skillsets. Digital forensics, malware analysis and cyberthreat intelligence are areas where Pakistan's investigation officers are often inadequately trained and resource-deficient. Unlike traditional crimes that cross geography and national boundaries slowly, cybercrimes can propagate instantly. Tracing the electronic trail they leave behind requires specialists with the right skills and technology. Lack of it leads to poor evidence gathering, resulting in weak prosecution. Lawyers and judicial officers face challenges too. Judges hearing cybercrime cases need to understand complex technical evidence and means used to obtain it. Prosecutors and defence lawyers must, likewise, be familiar with the technicalities of digital evidence, which requires constant multidisciplinary study. Often the divide between technological complexity and legal capacity means justice is delayed or denied, a vulnerability cybercriminals exploit with impunity. The Prevention of Electronic Crimes Act (PECA) 2016 more or less covers cyber offences like unauthorised access, data breaches, electronic fraud and forgery, and cyberterrorism. It also provides outlines the framework for digital evidence and the investigation procedure. However, implementation remains challenging. Law enforcement is still developing awareness and capacity to address crimes under PECA, even as they must stay updated on rapidly evolving threats. Meanwhile, dedicated cybercrime courts and specialised prosecution units remain in early stages of development. Cyber law is rapidly evolving worldwide to address issues related to data privacy, protection, and cross-jurisdictional enforcement. A leading example is the European Union's General Data Protection Regulation, which has set a global benchmark with its stringent requirements on data handling and breach notifications. Pakistan's lawmakers and regulators can learn from such models to develop strong data protection frameworks that mandate encryption of sensitive information and require prompt disclosure of data breaches. Academic institutions and educational programmes have a vital role to play as bridges between technology developers, legal experts and law enforcement agencies. Pakistani universities are increasingly offering degrees and diplomas in cyber-related fields, equipping professionals to tackle cyber threat from multiple perspectives. By integrating computer science, criminology and legal studies, scholars and educators are crafting interdisciplinary curricula that prepare a new generation of experts fluent in both technological systems and regulatory frameworks. While demand for skilled cyber law professionals continues to grow, the current supply remains insufficient. To bridge this gap, universities and research institutions must expand their role by prioritizing applied research, interdisciplinary training, and partnerships with law enforcement. These collaborations should focus on hands-on training programmes, internships, and joint research initiatives tailored to Pakistan's specific cybercrime landscape. International journals such as the Journal of Cybersecurity and Digital Forensics, along with policy guidance from the International Telecommunication Union (ITU), consistently stress the importance of integrated approaches. Such collaboration fosters synergy that enhances the consistency of cybercrime investigations, ensures the admissibility of forensic evidence in court, and contributes to the development of technologically informed, practically enforceable legal frameworks. Moreover, cyber literacy efforts must extend beyond universities to schools, workplaces, and public awareness campaigns. A significant portion of Pakistani society remains vulnerable due to limited basic knowledge of cybersecurity. This gap is frequently exploited through social engineering tactics, phishing attacks, and misinformation campaigns. Cultivating a national culture of cybersecurity is essential for building digital resilience and safeguarding the broader digital ecosystem. From a law enforcement perspective, Pakistan must invest in specialised cybercrime units equipped with advanced forensic tools, malware analysis software, blockchain investigation capabilities, and AI-driven threat detection systems. Continuous training programmes are essential to keep pace with evolving cyber threats and digital investigative techniques. Collaboration with international cybercrime task forces can facilitate knowledge exchange and improve operational effectiveness. Equally important is capacity building within the judiciary to ensure the fair interpretation of often complex digital evidence. Establishing dedicated cyber courts with judges trained in cyber law and digital forensics would streamline case management and potentially improve conviction rates. To support these efforts, stronger public-private partnerships are vital for reinforcing Pakistan's cyber defence ecosystem. Private companies and critical infrastructure providers are frequent targets of cyber incidents. Therefore, government-led initiatives should promote information sharing, conduct joint cybersecurity drills, and coordinate responses to cyberattacks. Such collaboration is key to building a resilient and secure digital environment. International cooperation is another critical pillar of effective cyber governance. Cybercriminals often operate from foreign jurisdictions, making cross-border collaboration essential. Pakistan's active engagement in global frameworks — such as the Budapest Convention on Cybercrime — and the formation of bilateral cyber law enforcement agreements will enhance its ability to track, apprehend, and prosecute offenders across borders. Technological safeguards must also be standardised and legally mandated. Core security practices — such as robust encryption, mandatory multi-factor authentication, continuous vulnerability assessments, and a secure software development lifecycle — should be non-negotiable. Data protection must be a legal obligation, especially for organizations in finance, healthcare, and government sectors. These entities must be held accountable for safeguarding user data and reporting breaches swiftly and transparently. Emerging technologies bring both unprecedented threats and powerful opportunities. Cybercriminals are increasingly weaponising artificial intelligence to execute highly targeted attacks, perpetrate social engineering scams, and create convincing deepfakes for misinformation campaigns. At the same time, AI-driven cybersecurity tools can proactively detect anomalies in network traffic, identify zero-day vulnerabilities, and autonomously respond to threats. To stay ahead of such risks, Pakistan's cybersecurity strategy must prioritise investment in AI and machine learning. These technologies can also enhance data security and privacy through innovations such as blockchain and decentralised identity management, reducing dependence on traditional passwords and mitigating the risk of credential leaks. The recent breach affecting 180 million Pakistani users is a stark reminder of the urgency for comprehensive reform. Cybersecurity is not merely a technical issue — it is a societal challenge requiring multidisciplinary solutions, coordinated public policy, legal reform, and active public participation. Bridging the divides between technology, law enforcement, the judiciary, and academia is essential to building a resilient and secure digital future. By constructing such an integrated ecosystem, Pakistan can protect citizen privacy, strengthen national security, foster digital economic growth, and uphold justice in the digital era. This future is within reach — but it demands vision, commitment, and sustained collaboration. The massive data leak is not just a crisis; it is a clarion call. Ignoring it would be perilous. Rising to meet it could position Pakistan as a regional leader in cyber resilience. Ayaz Hussain Abbasi is a researcher and PhD scholar in the field cyber security and cybercrime All facts and information are the sole responsibility of the writer
Time Business News
27-05-2025
- Business
- Time Business News
Layer 2 Computers Strengthens Cybersecurity Solutions for Local Homes and Businesses
As cyber threats grow more sophisticated each year, reliable and affordable cybersecurity has become a necessity—not a luxury. With data breaches, phishing scams, ransomware, and online fraud on the rise, individuals and businesses in Centerville and the surrounding areas are searching for ways to protect their digital lives. That's where Layer 2 Computers comes in. Known for delivering high-quality IT support with a personal touch, Layer 2 Computers has expanded its focus on cybersecurity services, offering proactive solutions that defend clients against modern threats. With the company's commitment to clear communication, fast response times, and long-term protection, local customers are now turning to Layer 2 not just for tech support—but as a trusted digital security partner. Gone are the days when antivirus software alone was enough to keep your system safe. Today, cybercriminals use complex tactics such as: Social engineering and phishing scams Ransomware attacks Keyloggers and spyware Credential stuffing Fake software updates and rogue browser extensions Whether it's a small business with valuable customer data or a home computer filled with personal information, every device connected to the internet is a potential target. Layer 2 Computers takes a proactive approach to cybersecurity—focusing on prevention, detection, and rapid response. Instead of waiting for problems to appear, the company offers layered protection that includes real-time monitoring, threat analysis, software patching, and education for safer digital behavior. Layer 2 Computers provides a wide range of cybersecurity services tailored to the needs of both residential and commercial clients. These services include: Firewall configuration and management Real-time antivirus and anti-malware solutions Email filtering to prevent spam and phishing attempts Secure remote access solutions for businesses and remote workers Operating system and software update management Data backup and disaster recovery planning Network security assessments and vulnerability testing These solutions help minimize downtime, protect sensitive information, and prevent a cyberattack's financial and emotional toll. Layer 2 works closely with clients to assess risk, identify weak spots, and build personalized cybersecurity strategies—without unnecessary services or inflated costs. Small businesses are particularly vulnerable to cyber threats. According to the Verizon Data Breach Investigations Report, over 40% of cyberattacks target small businesses, and many don't recover from the financial loss. Layer 2 Computers understands small businesses' unique challenges and offers affordable, scalable protection that grows with the company. Whether securing a point-of-sale system, protecting client records, or creating a reliable backup strategy, Layer 2 helps businesses stay operational and compliant with evolving industry standards. Small business owners trust Layer 2 to secure their digital assets and keep their operations running smoothly, from local retail shops to law offices and contractors. Technology is only as secure as the person using it. That's why Layer 2 Computers focuses not only on protecting devices—but also on educating users. Clients learn to recognize phishing emails, avoid risky websites, and create strong, unique passwords. The company regularly provides tips and insights on staying safe online, helping customers take an active role in their protection. This human-first approach builds trust and equips clients with the knowledge they need to navigate today's digital landscape more confidently. Sometimes, the first sign of a cybersecurity issue is a sluggish or misbehaving computer. Viruses, spyware, and bloatware can quietly degrade performance or open backdoors for cybercriminals to exploit. Layer 2 Computers offers diagnostics and clean-up services that improve performance and identify and remove hidden security threats. These services are part of their broader PC Repair offerings, which include virus removal, hardware upgrades, and operating system optimization. By starting with a clean, secure foundation, users can feel confident that their systems are protected and running at their best. As a locally owned business, Layer 2 Computers provides Centerville and nearby communities with practical, accessible, and easy-to-understand cybersecurity services. Unlike national chains or remote tech support, clients get fast, personal service from a genuinely caring team. Whether answering a quick question, scheduling a home visit, or implementing enterprise-grade security for a growing business, the Layer 2 team is known for its friendly attitude and dedication to helping people feel secure. Visit Layer 2 Computers—Tech Support, Computer Repairs, and IT Services to explore cybersecurity services, request support, or connect with a technician. In an era when nearly everything is online—from banking and health records to work documents and personal memories—cybersecurity is essential. The stakes are high, but the proper support can make all the difference. Layer 2 Computers is committed to helping its clients stay one step ahead of cyber threats with innovative, reliable, and local protection. Whether securing a home network, preparing for remote work, or upgrading your company's defenses, Layer 2 offers the tools and experience to keep your digital life safe. Don't wait until something goes wrong. Take the first step toward stronger security and peace of mind by contacting Layer 2 Computers today. TIME BUSINESS NEWS
Forbes
29-04-2025
- Business
- Forbes
How Machine Learning Is Helping Prevent Data Breaches In Web Apps
Melkon Hovhannisyan is a tech entrepreneur and the CTO and cofounder of Direlli, providing outsourcing and outstaffing services. As web applications become more sophisticated to meet our daily needs, such as shopping and communication, they also become more vulnerable to data breaches. In 2024, web applications were the target of nearly 50% of all data breaches, according to the Verizon Data Breach Investigations Report (DBIR). Cybercriminals see our increasing reliance on web applications as an opportunity to steal sensitive data for financial gain and other selfish motives. Web application owners must invest in and integrate advanced technologies like machine learning into their security systems. The use of machine learning in security started gaining popularity in the 2010s, thanks to advancements in cloud computing and big data. Today, machine learning is integrated into several security tools, including popular ones like Splunk and Microsoft Sentinel. Let's discuss how machine learning is advancing web app security. Machine learning-capable security systems use algorithms that learn from data to detect and respond to security threats instead of relying solely on predefined rules like traditional security solutions. Here are some of the key advantages of ML-driven security systems: • Proactive Threat Detection: This allows security systems to identify emerging threats before they cause harm. • Faster Response Time: ML-capable security systems automate incident detection and response, reducing reaction time and the impact of any potential damage. • Reduced False Positives: ML-capable systems learn to differentiate between normal and suspicious activities, which reduces false positives. • Scalability: Security systems that use machine learning can analyze vast amounts of security data in real time, making them ideal for modern web applications. • Adaptability: ML-capable systems continuously learn and evolve to recognize new attack patterns, making it harder for attackers to trick them. Modern security systems use ML algorithms to analyze user and system behavior to detect deviations from normal patterns. Changes in the behavior of the systems or users may indicate potential security threats such as unauthorized access, data exfiltration or DDoS attacks. Some common examples of behavior changes that these algorithms look out for include: • Unusual login patterns, such as logging in from a new location • Repeated incorrect password attempts • Sudden increase in data transfers • A user accessing sensitive files they don't usually open • Running unusual command-line scripts • A sudden surge in outbound traffic • Abnormal interactions with APIs Security systems that use machine learning can also identify and classify malware, including new and previously unseen versions of the malware. To detect previously unseen malware, ML models analyze system behaviors to detect unusual occurrences such as high CPU usage, unexpected network traffic, frequent crashes and more. In addition to detecting previously unseen malware, ML systems analyze malware behavior, code and execution to classify threats and suggest responses. Phishing is typically the initial step in an attempt to breach data. Machine learning enhances the detection rates for phishing by analyzing email patterns, URLs and sender behavior to identify phishing attempts. ML-powered tools like Microsoft Defender for Office 365 are used to analyze email patterns, attachments and URLs to prevent phishing attacks. One of the ways web app admins can minimize the damage of a data breach in case it happens is by responding as quickly as possible. Security orchestration, automation and response (SOAR) platforms use machine learning for faster and more efficient threat mitigation. Modern SOAR platforms like Splunk Phantom use machine learning to: • Isolate infected devices or block malicious IP addresses. • Reduce response times by prioritizing critical threats. • Lower false positives. The effectiveness of ML models largely depends on the size and quality of the data set used to train them. Poor-quality or biased data can lead to inaccurate threat detection, making security systems unreliable. Popular security platform vendors such as Microsoft and Splunk generally have an advantage in this area because their tools have access to more data. While ML automates many security processes, human oversight is still necessary. Over-reliance on automation can lead to overlooked security risks or incorrect responses to some threats that might go unseen or be misinterpreted by ML systems that are always learning. Machine learning-powered security systems should be used as a tool, not as a replacement for security teams for web apps. Cybersecurity is usually a game of who is ahead (between attackers and the security teams). Attackers will always try and look for security loopholes in any system, including those that use machine learning. Today, attackers can manipulate some machine learning models by feeding them misleading data to evade detection. It is common for ML models to generate false positives or false negatives. Too many false positives can overwhelm security teams, while false negatives can lead to undetected breaches. To minimize false positives and negatives: • High-quality and regularly updated data should be used to train models. • Optimize models with fine-tuning and ensemble methods. • Implement adaptive learning with feedback loops. • Balance detection sensitivity with accuracy. Training and deploying machine learning-based security solutions requires significant computing power and expertise. Security platform vendors will always pass these costs on to the end users. This makes modern security tools that utilize the latest and most powerful models a huge expense that small and medium-sized businesses may struggle to afford. AI and machine learning have gradually become a core part of several security tools over the last 15 years, with many platform vendors integrating these capabilities into their solutions. As web applications become more sophisticated and handle more sensitive user data, there has never been a better time for them to utilize these modern security tools. Despite the limitations discussed in this article, ML-powered security tools are still a much better option than traditional security solutions that rely on pre-configured rules. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Techday NZ
25-04-2025
- Business
- Techday NZ
Organisations increasingly refuse ransom demands, says DBIR report
The latest edition of the Verizon Data Breach Investigations Report (DBIR) has highlighted significant shifts in global cyberthreat trends, particularly surrounding the ongoing challenge of ransomware attacks. The report, published this week, provides a comprehensive analysis of notable incidents and tactics used by cybercriminals over the past year and offers insight into both the evolution of cyberattacks and changing defensive strategies in organisations globally. One of the key findings in this year's report is a notable decline in the number of organisations paying ransoms following a ransomware attack. The DBIR indicates that ransomware was involved in 44% of data breach incidents, but 64% of affected organisations did not accede to ransom demands. This development suggests an increasing awareness of best practices among businesses and a potential shift in strategy by corporate leadership and IT teams in response to ransomware's perennial threat. Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ, reflected on these findings, stating, "It's encouraging to see a decline in ransomware payments. This could be partially due to greater awareness, plus various takedown operations by law enforcement and international efforts in recent years. The decline could also be a result of improved resilience, which may also be linked to improving business continuity planning and maturing responses to ransomware." Despite the fall in ransom payments, Costis cautioned that the threat is far from abating, indicating that perpetrators are adapting their tactics and finding new targets. "Attacks are still continuing to evolve due to the rise in incidents. Attackers have adapted, and are targeting companies with limited security resources, which makes it imperative that SMB organisations receive the support that is required to fend off these attacks," he added. Nick Tuasek, Lead Security Automation Architect at Swimlane, also weighed in on the report's findings, noting the ongoing transformation of ransomware operations. "Ransomware's rise in impact will continue to increase in the coming years with the popularisation of Ransomware as a Service (RaaS) on the dark web, sophisticated insider threat recruitment efforts by ransomware operators, and the continued rise of the cryptocurrency economy." Tuasek echoed the sentiment that industry collaboration and consistent refusal to pay ransoms is vital to stemming the tide of attacks. "It's great news that fewer organisations are paying the ransoms. The only way to get ransomware to stop is to band together as an industry and make it no longer profitable by refusing to pay the ransoms," he said. The DBIR also points to a disproportionate impact on smaller businesses, underscoring the vulnerabilities faced by organisations with fewer resources. Tuasek highlighted several reasons behind this vulnerability: "There are a few reasons why these organisations are more vulnerable to ransomware attacks, the first being lower general cybersecurity maturity. A robust cybersecurity programme or hiring an MSSP can be priced outside the reach of small organisations. Additionally, a lack of mature disaster recovery procedures or processes in smaller organisations is common, meaning these organisations may be more tempted to pay the ransom to regain access to their data and network quickly." The report's findings add to ongoing discussions among policymakers, business leaders, and cybersecurity experts about the need for increased investment in security infrastructure, especially for smaller organisations. Many agree that further cooperation between private and public sectors, coupled with effective law enforcement action and technological innovation, will be critical in combating the continuing evolution of ransomware and broader cyberthreats facing enterprises worldwide.
