Information Technology

Often lacking in resources, more small and midsize businesses (SMBs) in Singapore are seeing cyber insurance as a viable option. They view these offerings as a way to balance cost and the need to safeguard their assets, especially as data leaks remain their biggest concern. Smaller organisations often had to grapple with limited budgets and manpower, and would want certainty in how much they had to invest. This was pushing more to look at cyber insurance as a way to achieve this, said Ang Yuit, vice president of strategies development for the Association of Small & Medium Enterprises (ASME), an industry group which members comprise Singapore SMBs. Responding to ZDNet’s query about the adoption of cyber insurance amongst SMBs, Ang noted that such services provided a way for SMBs to boost their cybersecurity posture while managing their costs. Purchased at a monthly premium, cyber insurance helped these companies better determine how much they needed to put in and what they were getting back in return. 

It enabled SMBs to define the scope and investment of their cybersecurity protection, he said, in a virtual roundtable Thursday hosted by Lenovo. While it might not resolve every issue, Ang added that cyber insurance provided a viable alternative to simply purchasing security tools, which could be difficult to cost definitively. ZDNet understands that there are varying cyber insurance services encompassing packages that include some coverage of cost incurred during an attack and assistance in quantifying the attack’s impact on data and intellectual property. They also often are bundled with security assessment and incident response services, since it will be in the insurer’s interest to ensure the SMB has obtained a certain level of cybersecurity readiness and to mitigate the impact of an attack. In addition, insurers have been keen to provide more services targeted at SMBs, as these companies have much smaller infrastructure and, hence, carry less risks to assess and insure against, compared to large enterprises. 

Ease of adoption, in particular, is essential in driving greater security readiness in the SMB segment, according to Milad Aslaner, SentinelOne’s global director of cyber defence strategy and public affairs.Speaking in the roundtable, he said automation tools such as autonomous threat detection and response played a key role as they would help ease operations for smaller businesses. The ability to roll back from a security incident also was critical, Aslaner said. Getting SMBs to better safeguard their infrastructure was especially critical as many had rushed to go online amidst the global pandemic. This increased their attack surface and exposed more of their data, making them prime target for attacks, he cautioned, noting that cybercriminals would aim for companies with weaker security posture. Roy Ng, Lenovo’s central Asia-Pacific director of SMB, noted that many SMBs wrongly assumed they were too small to be targeted by hackers. Pointing to a study by Singapore’s Cyber Security Agency, Ng said the number of reported ransomware attacks last year mostly affected SMBs. While small, these companies held customer data that were of value to cybercriminals, he said. SMBs less proactive, driven by direct business impactAng noted, though, that most SMBs were not adequately prepared to address security threats and already lacked a strong foundation, even as they accelerated their digital adoption in the last 1.5 years during the pandemic. “SMBs will deal with a problem when it’s there. [They’re more] focused on operational needs,” he said. ZDNet asked if these businesses then found it challenging to fend off third-party attacks, which required regular assessment, he reiterated SMBs’ tendency not to proactively address issues unless there was an immediate threat or risk. Unless the requirement was stipulated in the service contract, they would prioritise other business operations. He noted, though, that they were particularly concerned about ensuring compliance with Singapore’s Personal Data Protection Act (PDPA).Pointing to personal data management as a good starting point to drive greater security awareness, he said SMBs were more worried about how they should secure their data, so they would not have to face ramifications of a breach under the PDPA. Aslaner said SMBs also would need to improve their security posture, as more enterprises were looking at architectural changes amidst the rise of third-party attacks, with focus mainly on zero trust frameworks.  He noted that organisations were adding cybersecurity requirements as part of their supplier and vendor agreements. SMBs then would have to ensure they met these baselines if they wanted to continue doing business with certain enterprise clients, he said.Chris Tan, client technologist for Lenovo’s central Asia-Pacific, suggested SMBs began by identifying their assets, including devices and data points. Ng also underscored the importance of user education, so employees could help their organisation avoid potential exposure and threat. According to IBM’s recent study, data breaches cost Asean companies on average $2.64 million per incident, compared to the global figure of $4.24 million. The cost of a breach, however, was $430,000 higher than the average for companies in Asean that had not undergone any digital transformation due to the COVID-19 pandemic.Organisations in the region took 307 days to detect and contain a data breach, including 223 days just to detect an incident, the IBM report revealed.RELATED COVERAGE More

Image: Asha Barbaschow/ZDNet
The Australian government reckons the internet is full of bad things and bad people, so it must therefore surveil everyone all the time in case anyone sees the badness — but someone else can figure out the details and make it work. This brain package always includes two naive and demonstrably false beliefs. One is that safe backdoors exist so that all the good guys can come and go as they please without any of the bad guys being able to do the same. The other is that everyone will be nice to each other if we know their names. This big bad box of baloney blipped up again this week as part of the government’s consultation for the Online Safety (Basic Online Safety Expectations) Determination 2021 (BOSE) — the more detailed rules for how the somewhat rushed new Online Safety Act 2021 will work. Section 8 of the draft BOSE [PDF] is based on that first belief. “If the service uses encryption, the provider of the service will take reasonable steps to develop and implement processes to detect and address material or activity on the service that is or may be unlawful or harmful,” it says.

It should go without saying that if the service provider can see whether something might be unlawful then it’s not actually encrypted, but the government seems to have trouble understanding this point. Wishing harder won’t bring you that magical decryption pony The simple fact is that if good guys can decrypt the data when they’re given some sort of authority, then so can the bad guys that use some sort of forged authority. And they will. Anyone who’s studied the theoretical innards of computing science knows that this falls into a class of unsolvable problems. It just can’t be done. It’s the mathematics, stupid. For those who don’t understand that maths is real, reality can also be understood through thoughtful observation. If there was a way to determine who is and isn’t legitimately allowed to decrypt a message, or be given any kind of access to private data, then we’d already be using it, and hacking wouldn’t exist. This does not seem to have happened. Simply wishing harder won’t get you that particular pony for Christmas. Section 9 of the draft BOSE is based on the second belief, anonymity. “If the service permits the use of anonymous accounts, the provider of the service will take reasonable steps to prevent those accounts being used to deal with material, or for activity, that is or may be unlawful or harmful,” it says. Those “reasonable steps” could include “processes that prevent the same person from repeatedly using anonymous accounts to post material, or to engage in activity, that is unlawful or harmful,” or “having processes that require verification of identity or ownership of accounts”. More than two decades of experience has shown that having people’s names doesn’t stop the abuse. Just one recent example is the online racist abuse of English football players via Twitter, where 99% of accounts suspended for sending racist abuse were not anonymous. Indeed, having people’s identities or other personal information available is itself a risk. It takes but moments to find many, many examples of police misusing their data for personal purposes. Even if we could limit access to legitimate authorities — which we can’t — we can never know if their reason for access is legitimate. Why is the online world becoming more restricted than offline? According to the government’s consultation paper [PDF]: “A key principle underlying the Act is that the rules and protections we enjoy offline should also apply online”. But that’s simply not the case. As digital rights advocate Justin Warren explained in a Twitter thread, the Online Safety Act actually requires a much greater level of safety than exists in the offline world. “The doors in my house aren’t safe because I can jam my fingers in them. Same with all the cupboards. So could any 12-year-old,” he wrote. Section 12 of the draft BOSE discusses the protection of children from harm. It proposes “reasonable steps” such as age verification systems, something the UK abandoned as impractical, and “conducting child safety risk assessments”. “I note that we don’t make newspapers or broadcast television conduct child safety risk assessments before letting overpaid columnists talk at length about ‘cultural Marxism’,” Warren wrote. “We also let [ABC TV program] Play School teach kids how to make a drum from household items while their parents are trying to work at home during lockdown and I want to see that child safety risk assessment.” Conversely, the government doesn’t make Westfield monitor the conversations of people in the shopping mall food court in case they’re planning a bank robbery, yet that’s precisely what it now expects online platforms to do. It even expects them to figure out what is and isn’t harmful, both now and into the future. “Service providers are best placed to identify these emerging forms of harmful end-user conduct or material,” says the discussion paper. Warren is unimpressed, and your correspondent agrees. “This is the government explicitly abdicating its responsibility to consult with the public on what community standards are and wrestle with the difficult question of what ‘harmful end-user conduct or material’ actually is,” he wrote. “Instead of doing its job, the government wants Facebook and Google and other private companies to define what constitutes acceptable content. And tries to claim this is treating online the same as offline.” To see how well this might work in practice, one only has to see how YouTube recently blocked video of a drinking bird toy for being 18+ content. You may click through safely, though, because it’s not. ‘What about my rights?’ While the discussion paper wants us to “enjoy” rules online — an interesting concept — it isn’t so hot on letting us enjoy our right to privacy and our right to freedom of speech and other communication. The only mention of rights in the consultation paper is when the government “reserves the right not to publish a submission”. The only mention of privacy is to tell submitters that their personal information will be handled in accordance with the Privacy Act 1988. The only mention of freedom is to say that submissions might be released under the Freedom of Information Act 1982. It’s the government’s job to protect our rights and freedoms, but in the online world they just can’t be bothered. By delegating these matters to the online platforms, with penalties if they fail to block ill-defined “harmful” conduct or material, they will of course do what is safest for them and err on the side of over-blocking. They will also err towards blocking material which causes them a publicity problem, such as public complaints from small but noisy communities. Restrictions in more authoritarian countries will continue to be propagated globally. “Online services [will] pre-emptively take down LGBT content when gronks brigade the reporting mechanism. An obvious outcome that has already happened in lots of places but that AusGov will ignore. Again,” Warren wrote. Of course this is only a consultation paper. The government has called for public submissions, and we have until October 15 to change its mind. Nine whole weeks. But given how the government has persisted with its demonstrably false beliefs no matter how many times the experts tell them otherwise, will that happen? Related Coverage More

The federal opposition has reintroduced its ransomware payments Bill, this time to the Senate after the Bill failed to get off the ground in the House of Representatives. The Ransomware Payments Bill 2021, if passed, would require organisations to inform the Australian Cyber Security Centre (ACSC) before a payment was made to a criminal organisation in response to a ransomware attack. The Bill was originally introduced into the lower house in June by Shadow Assistant Minister for Cyber Security Tim Watts, but in a joint statement with Shadow Minister for Home Affairs Kristina Keneally, the pair said the government failed to bring it on for debate.”Minister Andrews says cybersecurity and ransomware are one of her highest priorities, but we’ve seen little in the way of action to reduce the onslaught of attacks against Australian organisations by foreign cyber criminals,” the statement said. “That’s why Labor has been once again forced to show the leadership on cybersecurity that’s been missing since the election of this Prime Minister by introducing this Bill in the Senate.”According to Watts, such a scheme would be a policy foundation for a “coordinated government response to the threat of ransomware, providing actionable threat intelligence to inform law enforcement, diplomacy, and offensive cyber operations”.The ransom payment notification scheme created by the Bill, Watts said previously, would be the starting point for a comprehensive plan to tackle ransomware. It follows his party in February calling for a national ransomware strategy focused on reducing the number of such attacks on Australian targets.The Bill would require large businesses and government entities that choose to make ransomware payments to notify the ACSC before they make the payment. Watts said such a move would allow Australia’s signals intelligence and law enforcement agencies to collect actionable intelligence on where this money goes so they could track and target the responsible criminal groups.

“And it will help others in the private sector by providing de-identified actionable threat intelligence that they can use to defend their networks,” he added.When asked about the Bill shortly after it was introduced, the Home Affairs Minister said she was open to exploring it.”From the government’s perspective, we actually would like businesses to reach out, particularly to ACSC, in the event that they have a ransomware attack or they have other threats,” Andrews said.”[ACSC] is very well placed to be able to support them, but they rely on, in many instances, on businesses reporting or contacting them directly.”I’ve already had some discussions about mandatory reporting of ransomware attacks and my view at this stage is that there are a range of views about that — it’s very mixed in the response — what I want to do over the coming weeks is explore that much more fully.”Backing Labor’s approach before the Parliamentary Joint Committee on Intelligence and Security in July, cybersecurity expert and former United States CISA chief Chris Krebs said it would be useful to compel providers to disclose cybersecurity incidents, including ransomware.”Mandatory reporting for any ransomware victim before they make a payment,” he told the committee. “For ransomware, in particular, we do not know how big this problem is, in fact, probably the only people that know how big it is, are the criminals themselves. And they’re not apparently sharing that with us.”We have to get to the denominator of ransomware attacks and the easiest way to do that is require ransomware victims to make a notification to the government. This is not yet in determination on whether paying ransom itself is illegal, I think that’s a separate conversation, but just at a minimum, if you’re going to be engaging with the transaction, with the ransomware group, that that needs to be notified.”RELATED COVERAGE More

Image: Getty Images/iStockphoto
The New South Wales Police task force for investigating the recent anti-lockdown protests in Sydney, Strike Force Seasoned, have arrested an internet commenter. Police said they have pressed four charges of using a carriage service to menace, harass, offend after arresting a 65-year-old Paddington man on Wednesday who allegedly threatened to harm police horses. “Investigators were alerted to comments posted on the website of a media outlet, which referenced the protest and outlined threats to harm police horses,” Police said. “A short time later, a search warrant was executed at a nearby home, where police seized electronic devices, a computer and mobile phones, which will undergo forensic examination.” The man was refused bail to appear in court on Thursday. Police said they have conducted extensive inquiries into the matter. At the recent protests, a man was arrested after allegedly punching a police horse, and after three weeks in custody, he was granted bail yesterday, ABC reported. Related Coverage More

A variety of COVID-19 vaccine verifications are being sold at increasingly low prices on the dark web, according to a new report from Check Point Research. Researchers found that prices for EU Digital COVID certificates as well as CDC and NHS Covid vaccine cards had fallen as low as $100. Fake PCR COVID-19 tests are also sold widely, and Check Point Research’s study found groups advertising the fake vaccine verifications in groups with more than 450,000 people.  The report attributes the “majority” of these fake vaccine verifications to groups across Europe. A previous report from the company in March found that the price for fake vaccine passports was around $250 on the dark web and that advertisements for the scams were reaching new levels. The researchers now can find fake certificates being sold from groups and people in the US, UK, Germany, Greece, Netherlands, Italy, France, Switzerland, Pakistan and Indonesia. There were many samples of the UK’s NHS certificate as well as the EU Digital COVID Certificate used in multiple countries. A sample of the fake COVID-19 vaccine cards available. 
Check Point Research
Check Point Research reported an “exponential growth in volumes of followers and subscribers to groups and channels offering and advertising COVID-19 certifications and other means to bypass the need to physically get the vaccine.”

“The advertisements specifically state that the seller ‘provide registered vaccine certificates…for all those who don’t want to take the vaccine,'” the report said. “The channels we spotted offer the ‘service’ and even detail it’s actual impact. ‘With our cards you can travel and work.’ The sellers often state that the certificates are ‘verified’ and invite the buyers to take simple steps in order to place an order — all you need to do is ‘let us know what country are you from and what you want.'” The groups offer contact through email, WhatsApp, and Telegram while generally asking for payment through some form of cryptocurrency — mostly Bitcoin, Monero, doge coin and others, according to the report. The groups also accept payment through PayPal. In their advertisements, the groups explicitly include anti-COVID-19 vaccine statements dissuading people from taking it and painting themselves as protecting the world. The report includes statements like “You don’t need to take the jab(vaccine) to have the certificate,” and ‘We are here to save the world from this poisonous vaccine,” as well as “Stay away from the vaccine and be save while we continue this fight.”Check Point Research suggests countries create a secured, internally managed repository that can hold official COVID-19 testing and vaccination data or use things like QR codes to certify vaccine verifications. The spike in demand for fake vaccine passports and cards comes as hundreds of companies are forcing employees and customers to show evidence of COVID-19 vaccination before coming into offices or businesses. Even the US Army announced this week that COVID-19 vaccines will be required.The regulations have set off significant backlash in dozens of countries as anti-COVID-19 vaccine movements gain steam. The Check Point Research cites surveys from France, Germany and the US showing that about 30%-40% of respondents do not plan to take the COVID-19 vaccine despite the recent surge due to the more infectious Delta variant of COVID-19. COVID-19 vaccinations drives have stalled in many Western countries in recent weeks. About 1.3 billion people have been vaccinated against COVID-19, representing more than 15% of the world. Jürgen Stock, INTERPOL Secretary General, said in December that law enforcement needed to be ready to deal with the wave of face vaccines and fake vaccine verifications.  “Criminal networks will also be targeting unsuspecting members of the public via fake websites and false cures, which could pose a significant risk to their health, even their lives,” Stock said. “It is essential that law enforcement is as prepared as possible for what will be an onslaught of all types of criminal activity linked to the COVID-19 vaccine, which is why Interpol has issued this global warning. More

StackCommerce
Cyber threats come from all directions these days. Even if you are using an excellent VPN (and you should!), your online passwords still must have additional protection. Now you can take absolute control of your most sensitive data and provide it with the strongest safeguards. The JEM Biometric Authenticator Device + JEMPass Password Manager Plan will not allow any of it to be decrypted without your JEM device and fingerprint.

ZDNet Recommends

The best password manager

Everyone needs a password manager. It’s the only way to maintain unique, hard-to-guess credentials for every secure site you and your team access daily.

Read More

The JEM Biometric Authenticator is an external fingerprint scanner that ensures you are the only one who can access your accounts. It unlocks the encrypted vault of your online passwords that the JEMPass Password Manager protects with cryptographic keys that are generated on your device using up-to-date encryption libraries.The free 1-year JEMPass that comes with the JEM Biometric Authenticator Device stores and secures all of your passwords and seamlessly syncs your accounts across all devices so you can access them with just a single touch. That allows you to effortlessly use the saved password even on devices that are associated with different Google or iCloud accounts.The fingerprint scanner and password manager are compatible with Android and iOS mobile devices, as well as Windows 10 PCs that are equipped with Bluetooth Low Energy (BLE) support. They can be used with Chrome, Firefox, Edge, macOS Safari, and Chromium browsers such as Vivaldi and Brave.There’s no question that the combination of JEM’s Biometric Authenticator Device and JEMPass Password Manager Plan is effective. You will find it placed on the list of Best Security & Surveillance Biometrics that Gist Gear compiled just last month.Protect your passwords with the added security of end-to-end encryption and an external fingerprint scanner. Get JEM Biometric Authenticator Device + JEMPass Password Manager Plan today while it’s on sale for only $109.99, a 14% discount off the $129 MSRP.

ZDNet Recommends More

The hacker behind the largest decentralized finance platform hack in history returned much of what they stole on Wednesday, sending back approximately $260 million of the more than $600 million in cryptocurrency that was taken. In a statement, Poly Network — a “DeFi” platform that works across blockchains — said the unknown culprit behind the attack has so far returned $256 million in BSC, $1 million from Polygon and $3.3 million in Ethereum. Poly Network noted that there is still $269 million in Ethereum as well as $84 million in Polygon that needs to be returned. The company attributed the attack to a vulnerability that was exploited concerning contract calls. The exploit “was not caused by the single keeper as rumored,” Poly Network added. Researchers online tied the attack to a Poly Network privileged contract called the “EthCrossChainManager.”

In addition to returning the money, the hacker included a three part Q&A where they explained some of their reasoning. The attacker — in a post shared by Elliptic co-founder Tom Robinson — said they found a bug in Poly Network’s system and contemplated what to do from there, eventually deciding to steal the money available and transfer it to another account. They tried to paint their actions as altruistic and said they were trying to expose the vulnerability before it was exploited by “an insider.” They claim to be completely protected because they used anonymous email addresses and IPs.”The Poly Network is a decent system. It’s one of the most challenging attacks that a hacker can enjoy. I had to be quick to beat any insiders or hackers,” the attacker said. 

“I didn’t want to cause real panic of the crypto world. So I chose to ignore shit coins, so people didn’t have to worry about them going to zero. I took important tokens (except for Shib) and didn’t sell any of them.”They eventually began to sell or swap stablecoins because they were unhappy with how Poly Network responded to the attack. “They urged others to blame and hate me before I had a chance to reply!” the attacker explained, adding that they turned to the stablecoins because they wanted to earn interest on the stolen money while they negotiated with Poly Network. “I am not very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?” they said. The culprit noted that they were moving slowly in returning the money because they needed rest, needed more time to negotiate with Poly Network and needed to “prove” their dignity while hiding their identity. The statement goes on to say that the attacker wants to help Poly Network with its security because of its importance to the cryptocurrency industry. “The Poly Network is a well designed system and it will handle more assets. They have got a lot of new followers on Twitter right?” the statement said. “The pain they have suffered is temporary but memorable.”The audacious attack sent shockwaves through the blockchain and cryptocurrency communities as Poly Network sought to respond. The company works across blockchains for Bitcoin, Ethereum, Neo, Ontology, Elrond, Ziliqa, Binance Smart Chain, Switcheo, and Huobi ECO Chain.The hacker has been slowly returning the money since Poly Network released a statement threatening the culprit on Tuesday. The company begged the hacker to return the money.”The amount of money you hacked is the biggest one in defi history. Law enforcement in any country will regard this as a major economic crime and you will be pursed,” the Poly Network team said. “It is very unwise for you to do any further transactions. The money stole are from tens of thousands of crypto community members, hence the people. You should talk to us to work out a solution. We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses.”The company appealed to miners across affected blockchain and crypto exchanges like Binance, Tether, Uniswap, HuobiGlobal, OKEx, Circle Pay and BitGo to blacklist any tokens coming from these addresses.Tether CTO Paolo Ardoino said the platform froze about $33 million in connection to the hack. Hank Schless, senior manager at Lookout, told ZDNet that DeFi has “become a primary target for cybercriminals” and a recent report from CipherTrace found that attacks on DeFi caused an all-time high number of losses for the first half of 2021. The DeFi community saw a record loss of $474 million between January and July this year thanks to cybercriminals. The attack on Poly Network is bigger than other headlining cryptocurrency attacks like the $550 million hack of Coincheck in 2018 and the $400 million Mt. Gox hack in 2014.  More

Billion-dollar tech services firm Accenture is downplaying an alleged ransomware attack that the Lockbit ransomware group announced on Tuesday night. 

ZDNet Recommends

Accenture was listed on the group’s leak site next to a timer set to go off on Wednesday. The ransomware group added a note that said, “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.” Also: Hackers take $600m in ‘biggest’ cryptocurrency theftIn a statement to ZDNet, an Accenture spokesperson downplayed the incident, saying it had little impact on the company’s operations. Accenture brought in more than $40 billion in revenue last year and has over 550 000 employees across multiple countries. “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back up,” the company said.  “There was no impact on Accenture’s operations or on our clients’ systems.” A screenshot of the Lockbit ransom page. 
CyberKnow
Many online similarly questioned the amount of data taken during the ransomware attack and noted how unlikely it would be for it to come from an Accenture insider, considering how easy it would be to trace the attack. 

Accenture did not respond to questions about whether it was an insider attack and when the attack may have occurred.  A cybercrime intelligence firm called Hudson Rock reported on Twitter that about 2,500 computers of employees and partners were compromised in the attack while another research firm, Cyble, claimed to have seen a ransom demand of $50 million for about 6 TB of stolen data. BleepingComputer later reported that Accenture had already communicated with one CTI vendor about the ransomware attack and will notify others. In a report from Accenture itself last week, the company said it found that 54% of all ransomware or extortion victims were companies with annual revenues between $1 billion and $9.9 billion. Accenture provides a range of services to 91 of the Fortune Global 100 and hundreds of other companies. IT services, operations technology, cloud services, technology implementation and consulting are just a few of the things the Ireland-based company offers customers. In June, the company purchased German engineering consulting firm Umlaut to expand its footprint into the cloud, AI and 5G while also acquiring three other tech companies in February.  The Australian Cyber Security Centre released an advisory on Friday noting that after a small dip in operations, the Lockbit ransomware group had relaunched and has ramped up attacks.  Members of the group are actively exploiting existing vulnerabilities in the Fortinet FortiOS and FortiProxy products identified as CVE-2018-13379 in order to gain initial access to specific victim networks, the advisory said.  “The ACSC is aware of numerous incidents involving LockBit and its successor ‘LockBit 2.0’ in Australia since 2020. The majority of victims known to the ACSC have been reported after July 2021, indicating a sharp and significant increase in domestic victims in comparison to other tracked ransomware variants,” the release added.  “The ACSC has observed LockBit affiliates successfully deploying ransomware on corporate systems in a variety of sectors including professional services, construction, manufacturing, retail and food.” In June, the Prodaft Threat Intelligence team published a report examining LockBit’s RaaS structure and its affiliate’s proclivity toward buying Remote Desktop Protocol access to servers as an initial attack vector.  The group generally demands an average of $85 000 from victims, and about one third goes to the RaaS operators. More than 20% of victims on a dashboard seen by Prodaft researchers were in the software and services sector.  “Commercial and professional services as well as the transportation sector also highly targeted by the LockBit group,” Prodaft said. UPDATE: After the timer went off on Wednesday afternoon, the group released the files it stole. There was no sensitive information in the leak and it was mostly made up of Accenture marketing material. The group has since reset the timer for Aug 12, 20:43 UTC, implying they may have more documents to leak.  More