More and more companies are considering cloud storage because of its lower implementation costs and easier data sharing as compared to maintaining and managing their own servers. However, security is still the biggest worry. If this concern is not addressed, companies are unlikely to take the plunge with confidence.
In this article, we will examine how data security works and then take a deep dive into cloud storage safety.
Cloud (online) storage security
While the term "cloud" has become common in business, many people may still only have a vague idea of what it means. First, let's take a look at what cloud storage means, and then explore the characteristics and risks of cyber attacks.
What is Cloud Storage?
In the context of computers, smartphones, and tablet devices, storage is the built-in system and hardware for storing and managing data. External storage can be connected if the internal storage is insufficient, and it can also be used for backup and storage of previous data.
Cloud storage allows users to remotely access and use stored data and applications via the Internet. One feature is that users can purchase only as much as they need. Another is that because the cloud service provider maintains and manages the storage, users do not need extra professional staff.
Characteristics of cloud cyber attacks
Cloud storage can be low cost to install and easy to use, but are there any security concerns? Next, we will cover some of the typical cyber attacks to which the cloud is susceptible.
Man-In-The-Middle attack
A Man-in-the-middle (MITM) attack, also known as a "bucket brigade attack," involves a cyber attacker intervening between a user and a service to steal or alter the data being exchanged. Even though it is a relatively old cyber attack method, recently, there has been a surge in its use.
How can a cyber attacker steal encrypted communication content? For example, suppose that two parties are using public key cryptography for communication. A cyber attacker intercepts one party’s message with a public key and sends a message with his own public key to the other party. The recipient, thinking the message is from the first party, sends data encrypted with the attacker's public key. The attacker receives the message in the middle and decrypts the data with his own private key. The attacker can then send a message to the first party that appears to be from the second party, with both parties being unaware that their encrypted communication has been compromised.
.jpg)
Unauthorized file access and hacking
Cloud service providers store a huge amount of data, including personal details, intellectual property, and confidential business and financial information. Such data is a treasure trove for hackers, making it a tempting target for unauthorized file access and hacking.
In fact, according to the "Status of Notifications of Computer Viruses and Unauthorized Access" report released by the Information-technology Promotion Agency, Japan (IPA) in February 2021, the largest percentage of damage from unauthorized access reported in 2020 was to web servers (26.7%), followed by client PCs (13.1%). For many of us, the memories are still fresh of companies using cloud services, such as Rakuten, PayPay, Aeon, ANA, etc., that have fallen victim to unauthorized access since December 2020.
Tsukaeru FileBako data security
Let's take a look at the security measures implemented by Tsukaeru FileBako to protect cloud data from MITM attacks and unauthorized access by hackers as described above.
Completely secure communications with SSL/TLS
First of all, to protect your data from MITM attacks, all communications through Tsukaeru FileBako are based on SSL/TLS.
Technology that encrypts communications over the Internet, SSL/TLS prevents third parties from stealing or altering data. Websites protected by SSL/TLS have URLs that begin with "https" and are characterized by a key mark in the browser's address bar.
In SSL/TLS communication, an "SSL server certificate" is issued to guarantee that all communication between the server and the client is encrypted. By guaranteeing the website authenticity with a server certificate, MITM attacks mentioned above can be prevented.
.jpg)
Data encryption
According to a February 2020 McAfee survey of 1,000 companies in 11 countries, 91% of the cloud services used by companies did not encrypt the data they held. As the use of cloud services expands, so does the risk of unauthorized access, and FileBako is fully capable of encrypting data.
Data encryption on client terminals
Tsukaeru FileBako runs on client terminals, but all communication is AES encrypted to ensure security. The PC platform also uses Microsoft's encryption engine to protect files.
Data encryption on customer servers
All files are obfuscated in a renamed and expanded format so that hackers and attackers cannot find the files even if they try to break in. AES encryption is also used to encrypt data on customers’ servers, but only 256-bit keys, the highest level of encryption technology, are used to encrypt files.
Password protection
The password used to log in to Tsukaeru FileBako is hashed using a salt (a random string of characters added before the password is hashed) and saved to the system.
After login, client/server communication is conducted through APIs using tokens generated by the domain administrator, and no user names or passwords are used in API communication.
.jpg)
Tsukaeru FileBako: Easy and efficient to use
As explained above, Tsukaeru FileBako has all the security measures to counter your cloud service concerns.
Files stored in the cloud can be edited and organized in a familiar way, and unlimited files and folders can be shared with other users using web links. Also, there are flexible storage options depending on the amount of data needed.
Unlimited users are available from 9,800 JPY/month (10,780 JPY/month including tax), and a 14-day free trial is available to experience how easy it is to use.
Click here for more information on Tsukaeru FileBako.
.jpg)
Call toll-free: 0120-961-166
Office hours: 10:00-17:00
Small and medium-sized businesses around the world are suffering from a chronic shortage of workers, and in reaction, many businesses are implementing IT solutions to make up the difference. However, while this can improve productivity, it also increases cyber security risks. The more that a company relies on IT, the greater the possibility of damage or stoppage from cyber attacks. As a result, appropriate security measures are becoming even more important for small and medium-sized businesses.
Cyber security threats are on the rise
In March 2019, the Information-technology Promotion Agency, Japan (IPA), an independent administrative agency, revised its information security measures guidelines for small and medium-sized enterprises (SMEs) for the first time in more than two years. Referencing the increase of cyber security threats. IPA states that, "there are concerns that SMEs in the supply chain may be used as a foothold for targeted attacks on the companies they serve, and it is essential to take measures as soon as possible.” IPA also points out that SMEs often have less security awareness and inadequate measures compared to large companies and are therefore easier targets for attacks.
Cyber attacks: an ongoing problem
As an example of the threats that industries are facing, in 2017, the Osaka Chamber of Commerce and Industry (OCCI) surveyed SMEs with 50 or fewer employees, mainly in the construction, manufacturing, wholesale, and service industries. Out of 315 companies, 97, or nearly 30%, had been affected by cyber attacks, and among them, 22 companies, or 7% of all companies, had been infected by ransomware. In addition, a 2019 OCCI supply chain survey revealed that while the supply chain partners of one in four companies had experienced cyber-attacks, approximately 70% were unaware of their supply chain partners' cyber-attack preparedness or damage.
.jpg)
What is ransomware?
Recently, ransomware is becoming a growing problem for businesses, including SMEs. The word is created from the combination of the words “ransom” and “software,” and can also be described as “ransom malware.”
When a computer is infected with ransomware, the stored data will be encrypted or the computer itself will be disabled. It is basically impossible to access the data or computer unless cash or virtual currency is transferred to the attackers’ designated account to obtain the encryption key. When a ransomware infection occurs, not only the computer but also all data in other externally connected storage devices can be encrypted, potentially causing tremendous problems and loss for SMEs.
Cyber security vulnerabilities
Cyber attacks are usually conducted by exploiting security vulnerabilities, but what are these vulnerabilities exactly? Simply put, they are weaknesses in a program. Computer operating systems and software often contain programming and design errors and defects. Obviously, during the development process, programmers constantly check for these problems. However, some vulnerabilities do not become apparent until the software is actually released to the market.
Therefore, IT companies that provide operating systems and software will release information about the potential problems or software updates as soon as the vulnerability is identified. However, if a malicious third party creates an attack method that targets the vulnerability before the update, a company's data may be exposed to cyber attacks.
Common tactics and countermeasures
As the three main routes of ransomware infection are websites, links and attachments in emails, and USB flash drives, the following measures are recommended to protect your company’s data:
・Infection prevention measures
The first step is to be aware of the above three infection routes and implement basic precautions to protect your company's computers. Email attachments or links should not be opened carelessly, and if there is a security concern, ask the sender for confirmation or check the extension of the attached file. Extra caution should be taken with compressed file extensions (.zip, .rar, etc.). Also, USB drives should not be used casually, even in the office.
However, no matter the vigilance of each employee, it is impossible to protect your computers and systems from cyber attacks. Therefore, it is extremely important to always update your computer's OS to the latest version to reduce vulnerability. It also goes without saying that you should install virus software and keep it updated, as well.
・Damage mitigation measures in the case of infection
Even with the above precautions, a ransomware infection is still possible, and you should plan accordingly. With a good backup system, you can restore your data even if you experience an attack. If backing up to an external storage device, make sure that it is not connected to the system to avoid the spread of infection.
Security: What is the perfect backup?
A backup is the process of duplicating the data on your computer and storing it separately in case of data loss or other unexpected situations. So, what is the best way to actually backup your important data?
.jpg)
The "3-2-1" backup rule
In the backup world, it is said that in order to perfectly protect your data, you need to follow the "3-2-1 Rule.” Originally proposed in 2012 by US-CERT, a security organization run by the Cybersecurity & Infrastructure Security Agency, an operational component of the U.S. Department of Homeland Security, it was initially thought to be too time-consuming and impractical. However, as mentioned above, it is now being reevaluated as a rule to protect data from the growing frequency and sophistication of ransomware attacks in recent years.
The 3-2-1 rule refers to the following three rules:
・Create three backups
・Save backups in two different media
・Backup one copy to a remote location
Let's take a closer look at each of these rules.
Creating the backups
With only one or two backups, there is always a possibility that one or both may be lost or destroyed, as well as the original data. A third backup creates an extra layer of security.
Storing in two different media
If all of your data backups are in the same media, you could lose it all if the problem is related to the type of media. Storing it in a variety of media, such as DVD and hard disk, or tape and online, reduces the chance that one problem could wipe all your backups.
Backing up one copy to a remote location
What if your home or office catches fire? In Japan, earthquakes are relatively common, so it is possible that you could be affected by such a disaster. If all of your backups are in one place, they could be easily damaged or compromised. By keeping at least one backup in a remote location, you can be better prepared for different types of man-made and natural disasters.
Data protection with Tsukaeru Cloudbackup +
Cloud-based backup services are an excellent option that works perfectly with the 3-2-1 rule mentioned above. By storing your data in the cloud, your data will be backed up to a location separate from your physical office. It also stores your data virtually, providing a backup in a different media as compared to physical DVDs and hard drives.
We would like to introduce Tsukaeru Cloudbackup+, a cloud-based backup service from Tsukaeru.net. This innovative and reliable service is easy to set up, requires no capital investment, and backs up not only your files, but all your accounts, settings, and OS as well.
If you are considering a cloud-based backup service as part of your security measures, or if you are considering switching from your existing service, please contact us below.
Click here for more information on Tsukaeru Cloudbackup +.
.jpg)
Call toll-free: 0120-961-166
Office hours: 10:00-17:00
With the increasing spread of digital transformation and remote work, cybersecurity is becoming even more important. One particularly alarming and growing risk is the threat of ransomware.
Ransomware damage has increased 15-fold in just two years
Ransomware is a powerful malware that can infect PCs and spread to a company network, making all data unreadable. The normal tactic of attackers is to threaten the complete and irreparable destruction of data if a specified ransom is not paid by the deadline.
According to a report by Cybersecurity Ventures, global ransomware damage was around $325 million in 2015. However, by 2017, it had grown 15 times that amount to approximately $5 billion. At this rate, it is predicted to reach $20 billion by 2021. This is one of the highest rates of expansion among all cybercrimes, and various media, industry leaders, security companies, and cyber-attack experts confirm that the above prediction is likely to be correct.
With an attack every 11 seconds, ransomware is becoming a mainstream cyber-attack
Because it is relatively easy to implement and the returns are great, ransomware is quickly developing into a common problem around the world, including Japan.
In 2016, the attack rate was once every 40 seconds, and the number of companies affected by ransomware has only continued to grow. It is estimated that in 2021, the pace will accelerate to the point where every 11 seconds a company will experience a ransomware incident.
Once infected, data recovery is difficult
The trouble with ransomware is that once infected, complete data recovery is often impossible. There is no guarantee that data will be returned even if the ransom is paid.
In fact, it is reported that in most cases, the ransom was paid, but the data was already destroyed and could not be recovered. Moreover, the ransom demanded by the attackers is increasing more and more every year.
Education x Cloud: Two Approaches to Ransomware Protection
Let’s look at some possible losses from a ransomware attack:
・Loss of important business data and customer documents
・Loss of public trust
・Suspension of normal business operations (for several days to several weeks)
For small and medium-sized enterprises and businesses, pre-emptive ransomware protection is very important.
Effective ransomware countermeasures should take a two-pronged approach: the human side and the software side.
The term “human side” refers to the education and training of employees. The vector of ransomware infection is usually email. Regular and ongoing employee education about tips and tricks for identifying malicious emails and the risks of ransomware is simple, yet extremely effective.
On the “software side,” in addition to installing ransomware-compatible security software, it is important to incorporate a solution that can safely back up data in case of an emergency. With cloud backup, all data is stored on a secure cloud server that is separate from the company's network, providing assurance even if a ransomware infection occurs.
The best in ransomware protection from Tsukaeru Cloud Backup + (Plus)!
Tsukaeru Cloud Backup+ is a popular service that is ideal for ransomware protection. Easy to implement, it provides a simple and powerful all-in-one solution.
Tsukaeru Cloud Backup+ features are as follows:
・Centralized security measure and backup management in a single service
・Latest AI-incorporated ransomware countermeasures
・Comprehensive cybersecurity measures with an easy-to-understand management screen
・Secure cloud backup file and data protection
It’s never too late to start playing it safe.
By the time a ransomware infection is identified and panic sets in, it's too late. As remote work continues to be a major issue in 2021, the possibility of more attacks and even more dangerous variations will not disappear anytime soon.
If you have any questions, please feel free to contact us by phone or email. A free trial service is also available!
Click here for more information about Tsukaeru Cloud Backup+.
Contact us at Tsukaeru.
Toll-free number: 0120-961-166 (Office hours: 10:00 – 17:00)
Reference: https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/
In the wake of the COVID-19 global pandemic, online and digital are becoming increasingly important to business. While these trends have many advantages in terms of new ways of working and other aspects, it is also true that cyber attacks (i.e., ransomware and malware) are rapidly increasing to exploit the gaps.
Ransomware attacks are on the rise
A type of cyber attack called "ransomware" is particularly risky at the moment. This attack is a virus that encrypts files on an infected PC and makes them unreadable to the owner(s).
Ransomware attackers demand a "ransom" from their victims. If the ransom is paid, they will unencrypt the files and restore them to their original state.
There are currently many different types of ransomware, such as WannaCry, which came on the scene around 2017. This year, a new ransomware called MAZE has become a global epidemic, and the damage is slowly becoming more noticeable in Japan, as well.
Problems with ransomware countermeasures
The difficulty with ransomware countermeasures can be summed up in two points: the modus operandi has become so sophisticated that it is difficult to prevent infection, and once infected, the probability of regaining access to data is low.
Ransomware is currently the most popular method "chosen" by attackers, and the techniques and methods are evolving every day. Although the main route of infection is through links and attachments in spam e-mails, it is often difficult to guard against the attack because the e-mails look completely normal, for example, identical to ones from trusted business partners.
Also, once infected with ransomware, it is very difficult to recover the encrypted files. Even if you pay the "ransom" demanded by the attackers, there is no guarantee that your data will be restored. Unfortunately, there have been many cases where the ransom was paid in full, but the encryption was not lifted. In the end, the victims had no choice but to give up on the lost data and move on.
Tsukaeru Cloud Backup+ Ransomware Protection: a breakthrough service!
Tsukaeru Cloud Backup + (Plus), recently released by Tsukaeru, is a groundbreaking service developed specifically to address the growing risk of ransomware and malware.
▼Cloud backup means you don't have to worry if you get infected
Tsukaeru Cloud Backup+ is a comprehensive solution that integrates a backup function and security measures, regularly backing up all of your PC data to a secure cloud server. In this way, even if your company's local PC is infected with ransomware, all you have to do is restore from the pre-infection files from the cloud.
▼Next-generation AI-based ransomware detection
Tsukaeru Cloud Backup+ includes the latest next-generation ransomware and malware detection, which uses AI technology to detect and block unknown threats to prevent ransomware infections with overwhelmingly high probability and accuracy.
▼All-in-one security measures necessary for today's world
Tsukaeru Cloud Backup+ includes a whole host of security features that are crucial in this day and age, including automatic virus scanning, vulnerability testing, patch management, malware quarantine, and more. There’s no longer any need to juggle multiple tools for backups and security measures.
To learn more about Tsukaeru Cloud Backup+, please feel free to contact us at your convenience.
Click here for more information about Tsukaeru Cloud Backup+.
Contact us at Tsukaeru.
In recent news, Malwarebytes, a leading cybersecurity company based in California, has reported a shocking new finding. Ransomware attacks against companies have risen by over 500% in just one year. This revelation has shaken the IT industry, and many have been left wondering: what could have possibly triggered such a shocking spike in cyber attacks? Who among us is most likely to be the next target?
For a period that was as fleeting as it was hopeful, it appeared as if ransomware would become an epidemic of the past. After its peak in 2016, ransomware cases gradually began to decline, replaced by less severe attacks from cryptocurrency mining viruses.
The Attackers Shift their Target
While at the surface it seemed like ransomware was defeated once and for all, many changes were occurring behind closed doors. Namely, a shift of target by ransomware attackers.
A report published every year by the US Internet Crime Complaint Center (IC3) has shown that ransomware cases in the United States have decreased from 2,673 in 2016 to 1,394. And yet, the loss from ransomware has jumped from $2.4 million to over $3.6 million.
While ransomware cases have decreased, the cost of damage has risen significantly. What does this mean? Instead of attacking individuals, ransomware attackers have shifted their focus onto companies that are capable of paying more hefty ransoms.
Corporate Damage Skyrockets
In early 2019, the number of corporate ransomware cases was reported to have increased by a whopping 521%. The report by Malwarebytes indicates that this surge was caused by ‘Troldesh,' a ransomware virus that is thought to be of Russian origin. This year, it has wreaked havoc across the United States.
Is Backing Up Data the Solution?
Many people believe ransomware is no issue, as long as backups are made every day. Is that really so? Yes, and no. Backing up data can be an important safety precaution in the face of ransomware attacks, but it doesn’t always succeed in preventing them. If your data is backed up to an internal server that is always connected to your regular server, then guess what? Ransomware will likely also infect your backup server. Be mindful about your backup location and who or what has potential access to it. For a higher chance of security, we recommend using the cloud for your backups.
If you’re a business owner or involved in IT security, make sure your defenses against ransomware are formidable. Take all safety measures possible, before it’s too late.
Tsukaeru Cloud Backup
Contact us
