Italian authorities are investigating the theft of data suffered by the tax agency l’agenzia delle enterprise, during which about 78 GB of data were leaked, ansa news agency reported on Monday.
Earlier on Monday, lockbit 3.0, a frequently active and notorious extortion software Gang, announced on its website that it had stolen “100 GB of data, including enterprise documents, scanned copies, financial reports and contracts” from the Italian tax authority, with six screenshots of alleged document samples attached.
The tax bureau responded immediately. According to Google translate, the main idea of its news release is “sogei spa has been immediately asked to provide feedback and clarification”. Sogei spa here is an it listed enterprise, “responsible for managing the financial technology infrastructure and conducting all necessary inspections.” Lockbit 3.0 first appeared as a unique ransomware as a service variant in September 2019, and has undergone many iterations in the name of ABCD ransomware.
Today, it has become one of the most active gangs in the area of extortion attacks. In June this year, unit 42 of Palo Alto networks, a security company, released a report saying that as of May, lockbit 3.0 had “contributed” 46% of all blackmail related violations in 2022, causing more than 850 organizations around the world to become victims.
Experts have previously warned that lockbit has a history of “issuing false statements”, such as claiming to steal information from entity a, but the actual data comes from entity B (B may have some data from entity a).
I believe that many businesses are dealing with a similar issue. As more data is collected, the system becomes more complex. Simply identifying sensitive data (such as business interviews and business reports) by hand, and then confirming the data protection strategy, will become complicated and time-consuming. Data is changing dramatically every second, especially in the Internet industry. This method cannot ensure the objective identification and distribution of sensitive data. So, how can effective safety work be ensured?
In the face of such issues, a sensitive data scanning service can save a significant amount of labor costs. It can automatically identify sensitive data types and distribution in key locations, as well as automatically associate business lines, using the rule engine, to more efficiently help determine differentiated and effective security protection strategies, such as determining which data is not encrypted or desensitized? Security operators can confirm the key points of protection based on the identification results for those business lines whose sensitive data has not been filed, and they can also reasonably promote the rectification of security risks.
It is believed that many enterprises’ data security construction work is in the initial and fire-fighting stage, and data security construction will face a lot of risk problems and difficulties. How to carry out data security work normally is also crucial. You can also easily build an offsite disaster recovery (DR) center with Vinchin Backup & Recovery by duplicating XenServer backups at the primary site to a remote site or external storage.
