News Items

  • news

    Visible to the public "A Cybersecurity Researcher Explains How To Trust Your Instincts To Foil Phishing Attacks"

    Phishing emails try to trick people into doing things they would not normally do, such as transferring money, running malicious programs, sharing their password, and more. Cybersecurity professionals often blame people for not noticing that phishing emails are fraudulent. However, Rick Walsh, a cybersecurity researcher at Michigan State University, suggests that most people nearly have the same skills as computer security experts in regard to recognizing fake emails, but they do not trust their own instincts enough. In an earlier study, Walsh found that cybersecurity experts, like most people, initially assumed a phishing email was real. As they read the phishing email message, they started to notice small irregularities such as typos or things like a bank providing account information in a message instead of alerting the recipient to access the information in the bank's secure messaging system. He discovered that these signs were not enough for the cybersecurity experts to figure out a phishing email was fake. They did not become suspicious until they found something in the message that reminded them of phishing, such as text aimed at getting them to click a link. When Walsh interviewed people without experience in computer science, he found that they had a similar process to that of the experts, which involved noticing things in the email that seemed weird and becoming uncomfortable. The challenge for most people was remembering that phishing exists and could impact them. Recognizing phishing attacks might explain the strange things contained by phishing messages, further emphasizing the importance of increasing phishing awareness among the public. This article continues to discuss the differences between cybersecurity experts and non-experts in recognizing phishing, and how to help people trust their instincts to avoid such attacks.

    The Conversation reports "A Cybersecurity Researcher Explains How To Trust Your Instincts To Foil Phishing Attacks"

  • news

    Visible to the public "FBI Publishes IOCs for Hello Kitty Ransomware"

    The Federal Bureau of Investigation (FBI) has published a flash alert to share details on the tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs) associated with the Hello Kitty ransomware, which is also known as FiveHands. Hello Kitty ransomware was first observed in January 2021. The ransomware is believed to be operated by a threat actor referred to as UNC2447, which has been engaged in various attacks on organizations in Europe and North America. Like other ransomware operators out there, the ransomware group is engaging in double extortion, seeking to pressure victims into paying the ransom by threatening to make public data stolen from their networks. On top of that, the Hello Kitty/FiveHands operators threaten victims with distributed denial-of-service (DDoS) attacks on their public-facing websites unless the ransom is paid. The FBI says the adversaries usually use compromised credentials and exploits for known vulnerabilities in SonicWall products (namely CVE-2021-20016, CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023). After gaining access to an environment, the threat actor maps the network and attempts privilege escalation with the help of publicly available pentest tools such as Cobalt Strike, Commando, and PowerShell Empire, preloaded with Bloodhound and Mimikatz. The FBI is advising victims to refrain from paying a ransom, as this would not guarantee that compromised data is successfully restored or that the attackers will delete all of the exfiltrated files in their possession. Furthermore, the FBI says, paying the ransom encourages other cybercriminals to engage in ransomware distribution.

    Security Week reports: "FBI Publishes IOCs for Hello Kitty Ransomware"

  • news

    Visible to the public "California Health Network Reports Data Breach"

    Cybercriminals may have accessed the protected health information (PHI) of hundreds of thousands of patients of a network of community health centers based in California. Nonprofit Community Medical Centers (CMC) primarily serve low-income patients, migrants, and homeless people in the Northern California counties of San Joaquin, Solano, and Yolo. CMC stated that some unusual network activity was detected on October 10th. During the investigation, they found that unauthorized individuals had gained access to parts of its network in which patients' protected health information was stored. Data that the hackers may have obtained includes medical information, first and last names, mailing addresses, dates of birth, demographic information, and Social Security numbers.

    Infosecurity reports: "California Health Network Reports Data Breach"

  • news

    Visible to the public "Utilities Face Growing Global Cyber Threat Landscape"

    The industrial cybersecurity firm released a new report, titled "Global Electrics Cyber Threat Perspective," which draws further attention to the increasingly dangerous cyber threat landscape that is being faced by the global electric utility sector. The report reveals that utilities worldwide are bolstering their security against threats to their IT networks but have not placed enough attention on their Industrial Control Systems (ICS) and Operational Technology (OT) systems. According to Pasquale Stirparo, principal adversary hunter at Dragos and author of the report, the firm is currently tracking 15 activity groups (AGs) made up of hostile or potentially hostile actors. Observable elements, including methods of operation, the infrastructure used to perform actions, and targets of focus, are used to identify AGs. Of the 15 AGs being tracked by Dragos, 11 of them are targeting utilities. Two of the 11 AGs are said to have enough ICS-specific capabilities and tools to cause disruptive incidents. This article continues to discuss key findings and recommendations shared in the Global Electric Cyber Threat Perspective report.

    NextGov reports "Utilities Face Growing Global Cyber Threat Landscape"

  • news

    Visible to the public  "Distributed Protocol Underpinning Cloud Computing Automatically Determined Safe and Secure"

    Researchers at the University of Michigan have automated a technique called formal verification, which is a step towards ensuring the safety, security, and proper functioning of protocols implemented to dictate how networked services operate. The system developed by the researchers proves, without human effort, that Paxos, one of the most foundational distributed computing protocols, does meet its specifications. This achievement disproves the notion that Paxos and other similar protocols are too complex to be proven secure without hours of human effort. The growth of cloud computing and the increased use of technologies such as blockchain applications have changed how organizations and individuals engage with computing, thus resulting in a world powered by networked machines that face a continuously growing load. This makes critical infrastructure more vulnerable to widespread, adverse effects from hackers, server outages, and more. Therefore, it is important to have airtight distributed protocols to ensure that software systems can run on machines spread globally. Paxos is one of the significantly complex algorithms defining how machines in a network can work together in a single system. It describes an approach known as consensus, which is used in almost all critical distributed systems, including applications supported by cloud computing. This article continues to discuss the Paxos consensus protocol, the concept of formal verification, and the study on the automatic verification of Paxos.

    University of Michigan reports "Distributed Protocol Underpinning Cloud Computing Automatically Determined Safe and Secure"

  • news

    Visible to the public "This Sneaky Trick Could Allow Attackers To Hide ‘Invisible’ Vulnerabilities in Code"

    Developers using the Rust programming language in a project are advised to check for differences between reviewed code and the compiled code that has been output. The Rust Security Response Working Group (WG) has brought attention to a security vulnerability, tracked as CVE-2021-42574, which is described as an Unicode bidirectional override issue that not only affects Rust, but also other top programming languages such as Java, JavaScript, Python, C-based languages, and more. Open-source projects often rely on humans to review new code in order to detect any potentially malicious contributions by volunteers. However, security researchers at Cambridge University discovered how the encoding of source code files could be manipulated so that human reviewers and compilers see different logic. One method uses Unicode directionality override to display code as an anagram of its true logic. The attack was proven to work against C, C++, C#, JavaScript, Java, Rust, Go, Python, and other modern languages. The researchers warn that the exploitation of the bug through this attack poses a significant threat to software supply chains. This article continues to discuss the Unicode security flaw affecting Rust, Java, Python, and other programming languages.

    ZDNet reports "This Sneaky Trick Could Allow Attackers To Hide 'Invisible' Vulnerabilities in Code"

  • news

    Visible to the public "BlackMatter Group Speeds Up Data Theft with New Tool"

    Security researchers at Symantec have discovered a new data exfiltration tool designed to accelerate information theft for ransomware groups using the BlackMatter variant. Dubbed "Exmatter," the tool is designed to steal specific file types from selected directories and then upload them to a server under the control of BlackMatter attackers. The researchers stated that this process of whittling down data sources to only those deemed most profitable or business-critical is designed to speed up the whole exfiltration process, presumably so the threat actors can complete their attack stages before being interrupted. After retrieving the drive names of all logical drives on a victim computer and collecting all file pathnames, Exmatter disregards anything under specific directories such as "C:\Documents and Settings." The tool only exfiltrates specific file types such as PDFs, Word docs, spreadsheets, and PowerPoints and aims to prioritize those for exfiltration using LastWriteTime. Once exfiltration has been completed, Exmatter looks to overwrite and delete any traces of itself from the victim's computer. The researchers noted that they found various versions of the tool, indicating that its developers have tried to refine its functionality to accelerate the process of data theft as far as possible.

    Infosecurity reports: "BlackMatter Group Speeds Up Data Theft with New Tool"

  • news

    Visible to the public "Small Businesses Pay Up to $1M to Recover from Breaches"

    Researchers from the Identity Theft Resource Center (ITRC) conducted a new study and found that over half (58%) of US small businesses have suffered a security or data breach. Of those hit by a breach, three-quarters experienced at least two, and a third said they had suffered at least three incidents. Over two-fifths (44%) spent $250,000-$500,000 to cover the costs of the breach, while 16% said they were forced to pay between $500,000-$1m. The researchers stated that unsurprisingly, over a third (36%) admitted that the breach caused their business to go into debt, while a similar number (34%) said they had to dip into cash reserves to bail themselves out. A further 15% were forced to reduce headcount as a result. The researchers also found that 42% of respondents claimed it took 1-2 years to get back to normal after a breach, while for over a quarter of participants(28%), the road to recovery lasted 3-5 years. The researchers stated that interestingly, while 40% of attacks were traced to external threat actors, over a third (35%) were caused by malicious employees and contractors.

    Infosecurity reports: "Small Businesses Pay Up to $1M to Recover from Breaches"

  • news

    Visible to the public "Police Arrest Hackers Behind Over 1,800 Ransomware Attacks"

    According to Europol, 12 individuals believed to be connected to ransomware attacks against over 1,800 victims in 71 countries have been arrested. The law enforcement report revealed that the actors launched ransomware strains, including LockerGoga, MegaCortex, and Dharma. They also deployed malware such as TrickBot and post-exploitation tools like Cobalt Strike. LockerGoga emerged in the wild in January 2019, when it was used to attack the French engineering and R&D consultant Altran Technologies. The number of LockerGoga and MegaCortex infections was the highest during that year. A report from the National Cyber Security Centre (NCSC) in the Netherlands linked 1,800 infections to Ryuk and those two strains. The most notable case attributed to the suspects is a 2019 attack against the Norwegian aluminum production giant Norsk Hydro, which disrupted the company's operations. An announcement posted by the Norwegian police said that they never stopped hunting for the threat actors as they worked with foreign counterparts to take them down. The arrests were made in Ukraine and Switzerland on October 26, 2021. The simultaneous raids also led to police seizing $52,000 in cash, electronic devices, and more. Europol described the arrested individuals as high-value targets because they are believed to have initiated multiple high-profile ransomware incidents. In addition, the cybercriminals had specialized roles in a highly organized criminal organization, with each of them being responsible for different operations. For example, some of them carried out activities in network penetration, while others executed brute force attacks, performed SQL injections, or handled credential phishing operations. This article continues to discuss the arrest of 12 hackers who were behind more than 1,800 ransomware attacks.

    Bleeping Computer reports "Police Arrest Hackers Behind Over 1,800 Ransomware Attacks"

  • news

    Visible to the public "North Korea's Lazarus Group Targets IT Supply Chains with MATA Malware"

    The North Korea-backed Advanced Persistent Threat (APT) group Lazarus is now using improved malware variants. Lazarus is known for conducting state-sponsored cyberespionage. The Lazarus group's latest supply chain attack campaigns have been found targeting multiple downstream companies. Cybersecurity experts have found that the attackers behind the Lazarus group used MATA malware, and backdoors called Blindingcan and Copperhedge to attack the defense sector, a software solutions vendor in Latvia, and a think tank in South Korea. Previously, the Lazarus group used MATA malware to attack commerce and IT firms in India, South Korea, Poland, Germany, Turkey, and Japan to deliver ransomware and steal information. However, in the latest campaign, the group used MATA malware for cyberespionage activities. A Trojanized version of the malware was used to carry out a multi-staged infection chain. The latest malware campaigns show that the group is growing increasingly interested in leveraging trusted IT supply chain vendors to infiltrate corporate networks. This article continues to discuss findings surrounding the Lazarus Group's recent targeting of IT supply chains.

    CISO MAG reports "North Korea's Lazarus Group Targets IT Supply Chains with MATA Malware"

  • news

    Visible to the public "FBI Publishes Indicators of Compromise for Ranzy Locker Ransomware"

    The FBI recently issued a report on the Indicators of Compromise (IOCs) for the Ranzy Locker ransomware, which has been targeting businesses in the US since late 2020. By July 2021, Ranzy Locker ransomware compromised over 30 victims in the information technology sector, transportation sector, construction subsector of critical manufacturing, and the academia subsector of government facilities. In addition to sharing the IOCs for the ransomware, the FBI lists a series of recommended mitigations for protecting systems from Ranzy Locker. These mitigations include periodically updating applications and operating systems, backing up all data offline, implementing network segmentation, reviewing logs, auditing user accounts, enabling multi-factor authentication, and disabling unused protocols. This article continues to discuss a typical Ranzy Locker ransomware attack and the report released by the FBI on the IOCs for this ransomware.

    Security Week reports "FBI Publishes Indicators of Compromise for Ranzy Locker Ransomware"

  • news

    Visible to the public Microsoft to provide cybersecurity training and scholarships to community colleges

    Microsoft is working with community colleges to provide free training and resources to help ease the cybersecurity professional shortage. This includes training for faculty at 150 community colleges and scholarships to 25,000 students. By targeting community colleges, Microsoft believes they will also be diversifying the industry which is currently overwhelmingly male and white. The students at community colleges are 57% women and 40% minorities.
  • news

    Visible to the public "Misconfigured Database Leaks 880 Million Medical Records"

    Security researchers at Website Planet have found an unsecured database leaking over 886 million sensitive patient records online. The non-password-protected data trove was traced to healthcare AI firm Deep 6 AI, which fixed the privacy snafu promptly after it was responsibly disclosed. Deep 6 AI applies intelligent algorithms to medical data to help find patients for clinical trials within minutes. The researchers stated that the exposed data included: date, document type, physician note, encounter IDs, patient ID, notes, UUID, patient type, note ID, date of service, note type, and detailed note text. The researchers noted that the notes and physician information were stored in plain text, meaning anyone who discovered the database could have accessed intimate details of patient illnesses. Patient IDs were encrypted, but it's unclear how strongly. This would make it harder for opportunistic cybercriminals to unmask the victims. However, if an adversary were able to do so, the 68.5GB database would seem to offer plenty of information to use in possible extortion attempts or to sell on the dark web. The researchers stated that hypothetically, this exposure could have provided scammers with a list of 89,143 medical professionals that they could target using insider information and their own notes to gain trust.

    Infosecurity reports: "Misconfigured Database Leaks 880 Million Medical Records"

  • news

    Visible to the public "Data Breach at University of Colorado"

    The University of Colorado Boulder (CU Boulder) is notifying thousands of former and current students that their personal information may have been compromised during a recent data breach. The breach was attributed to an unpatched vulnerability in software provided by a third-party vendor, Atlassian Corporation Plc. Atlassian is an Australian software company headquartered in Sydney that develops products for software developers, project managers, and other software development teams. CU Boulder stated that the flaw "impacted a program used mostly by the Office of Information Technology (OIT) to share resources, such as support and procedural documents, configuration files and collaborative documents." Some files stored in the impacted program contained personally identifiable information (PII) for current and former CU Boulder students. Included in that information were names, student ID numbers, addresses, dates of birth, phone numbers, and genders. CU Boulder noted that the incident did not expose Social Security numbers or financial information. Since the incident, OIT has upgraded the software to the latest version, which is not susceptible to the vulnerability that the attacker exploited. CU Boulder stated that the Office was testing the new version and preparing to implement it when the intrusion occurred. The university said that most of the roughly 30,000 individuals whose data may have been compromised in the incident are no longer affiliated with CU Boulder as a student or employee. The university is notifying victims via email.

    Infosecurity reports: "Data Breach at University of Colorado"

  • news

    Visible to the public SoS Musings #54 - The Role of Psychology in Cybersecurity

    SoS Musings #54 -

    The Role of Psychology in Cybersecurity

  • news

    Visible to the public Spotlight on Lablet Research #23 - Secure Native Binary Execution

    Spotlight on Lablet Research #23 -

    Secure Native Binary Execution

  • news

    Visible to the public Cybersecurity Snapshots #23 - Cybercriminals Are Decreasing Their Use of Bitcoin

    Cybersecurity Snapshots #23 -

    Cybercriminals Are Decreasing Their Use of Bitcoin

  • news

    Visible to the public Cyber Scene #61 - Ghosts of Cyber Past

    Cyber Scene #61 -

    Ghosts of Cyber Past

  • news

    Visible to the public "Phishing Attack Exploits Craigslist and Microsoft OneDrive"

    The email security provider Inky has released a report detailing a new phishing campaign in which both Craigslist and OneDrive are used to trick people into installing malware. The attackers behind the phishing campaign used different tactics to pull off their scam. They sent emails to active Craigslist users instead of random people. The phishing messages came from a Craigslist domain and a legitimate Craigslist IP address. Since the messages appeared legitimate, they were able to evade standard email security protocols. As Craigslist did not intend to send those emails, Inky believes the site could have been compromised by malicious actors, especially since users were specifically targeted. The actors also abused a Craigslist function known as "mail relay" to remain anonymous. In addition, the attackers used a legitimate Microsoft OneDrive site, impersonated DocuSign, and displayed Norton and Microsoft logos. Inky recommends that users be on the lookout for unusual requests and signs of indirect ways to resolve an issue. The provider also suggests that users be suspicious of the mixing of platforms, such as the use of a document uploaded to OneDrive to resolve a Craigslist problem. This article continues to discuss the recent phishing attacks that have exploited Craigslist and Microsoft OneDrive.

    TechRepublic reports "Phishing Attack Exploits Craigslist and Microsoft OneDrive"

  • news

    Visible to the public "Hackers Target SMEs Using Bug in Popular Billing Software"

    A threat actor, which has not yet been identified, has been seen exploiting a vulnerability contained by the time and billing system BillQuick to execute ransomware attacks. Cybersecurity researchers at Huntress were alerted of an incident faced by a U.S. engineering company managed by one of its partners. The investigation of the incident uncovered a SQL injection vulnerability in BillQuick Web Suite 2020. The team of researchers successfully recreated the SQL injection-based attack. They confirmed the possibility of hackers using the vulnerability to access customers' BillQuick data and run malicious commands on their on-premises Windows servers. According to the researchers, the SQL injection vulnerability, tracked as CVE-2021-42258, does not require much effort to be triggered as its exploitation only requires the submission of a login request with invalid characters in the username field. The researchers noted that the attackers were able to abuse this flaw to execute commands on the victim's machine remotely and launch an unidentified strain of ransomware. This article continues to discuss the discovery, exploitation, and disclosure of the SQL bug in BillQuick, as well as the importance of securing software used by small and medium-sized enterprises (SMEs).

    TechRadar reports "Hackers Target SMEs Using Bug in Popular Billing Software"

  • news

    Visible to the public "Wardrivers Can Still Easily Crack 70% of Wi-Fi Passwords"

    Ido Hoorvitch, a security researcher at the identity and access management provider CyberArk discovered that he could recover network passwords for over 70 percent of the networks he scanned just by using information gathered as he biked, walked, or drove along the streets of Tel Aviv, Israel. He used a wireless scanner made up of a $50 network card connected to a laptop running Ubuntu, in addition to the Hcxdumptool tool available on GitHub, to collect Wi-Fi Protected Access (WPA) packets from nearby networks. Of the 5,000 networks from which the researcher collected information, 44 percent had a cellphone number as a password. Another 18 percent were discovered to be on the common password list called "RockYou.txt." The rest of the passwords were other simple combinations of numbers and letters. In total, the study found passwords for 3,633 of the 5,000 targeted networks. Using a strong, complex password for a wireless network is said to protect against the attack. Although 18 percent of the passwords were found through the use of the popular password list RockYou.txt, nearly 50 percent of the passwords used only numbers, most of which are users' cellphone numbers, thus providing little security. While multi-factor authentication (MFA) is often cited as a solution to password security issues and would bolster wireless network security, it is difficult to implement on consumer Wi-Fi networks. This article continues to discuss the cracking of 70 percent of neighborhood Wi-Fi passwords in a study conducted by CyberArk and why wireless networks continue to be a weak point for many consumers and enterprises.

    Dark Reading reports "Wardrivers Can Still Easily Crack 70% of Wi-Fi Passwords"

  • news

    Visible to the public CfP: The AAAI-22 Workshop on Artificial Intelligence for Cyber Security (AICS)

    CALL FOR PAPERS

    Association for the Advancement of Artificial Intelligence (AAAI)
    Artificial Intelligence for Cybersecurity (AICS)

    Feb 22 - March 1, 2022  |  Vancouver, BC, Canada  |  http://aics.site/AICS2022

  • news

    Visible to the public "Almost All US Organizations Experienced a Cyber Event in the Past Year"

    Security researchers at Deloitte did a new study where they surveyed 577 C-suite executives worldwide on their organization's cybersecurity programs. The researchers found that almost all (98%) US-based organizations and 86% of non-US organizations experienced at least one cyber event in the past year. A considerable proportion (86%) of US companies faced increased cyber threats due to COVID-19. Interestingly, a significantly lower proportion (63%) of non-US executives reported experiencing an increased rate of attacks during the pandemic. The researchers found that breaches caused organizations operational disruption (28%), share price drop (24%), leadership change (23%), intellectual property theft (22%), and loss of consumer trust (22%). Despite this, 14% of US executives admitted their organization has no cyber threat defense plans, which compares to just 6% of non-US executives. According to the survey, the three most significant barriers to US organizations' cybersecurity management programs were increases in data management, perimeter and complexities (38%), inability to match rapid technological changes (35%) and a need for better prioritization of cyber-risk across the enterprise (31%). Another major security challenge for US companies is recruitment, with 31% of US executives stating they cannot attract or retain cyber talent. This compares to just 16% of non-US companies.

    Infosecurity reports: "Almost All US Organizations Experienced a Cyber Event in the Past Year"

  • news

    Visible to the public Challenge Problem - CAGE Reinforcement Learning for Cyberdefense

    Recent advances in artificial intelligence (AI) technologies show promise for autonomous cyber operations (ACO), offering the potential for distributed, adaptive defensive measures at machine speed and scale. The cyber domain is a particularly challenging domain for autonomous AI. We nominate a challenge in this space which we believe requires further research in order to enable ACO to become an operational capability.

  • news

    Visible to the public "Global Security Skills Shortage Falls to 2.7 Million Workers"

    According to researchers at (ISC)2, the global cybersecurity skills shortage has fallen for the second consecutive year, but the size of the workforce is still 65% below what it needs to be. The researchers interviewed 4,753 cybersecurity professionals and IT workers who dedicate at least 25% of their time to security tasks. The researchers found that the shortfall of skilled workers in the industry had sunk from 3.12 million last year to 2.72 million. According to respondents, staff shortages can mean more chance of misconfigured systems, patching delays, process oversights, rushed deployments, sub-par threat detection and response, and less time for proper risk assessments. Fortunately, organizations are taking some steps to alleviate the impact of shortages. These include training (36%), provision of more flexible working (33%), investing in diversity, equity, and inclusion (DEI) initiatives (29%). Other respondents cited the use of cloud service providers (38%), automation of manual tasks (37%), and getting staff involved earlier in third-party relationships (32%).

    Infosecurity reports: "Global Security Skills Shortage Falls to 2.7 Million Workers"

  • news

    Visible to the public "Protecting Hardware from Software Attacks"

    The Defense Advanced Research Projects Agency's (DARPA) System Security Integration Through Hardware and Firmware (SSITH) program aims to develop Application-Specific Integrated Circuit (ASIC) hardware with new protections that can mitigate software attacks on hardware. DARPA's SSITH program delves into hardware security architectures and tools capable of protecting electronic systems against common types of hardware vulnerabilities exploited through software in order to break the endless cycle of software patch-and-pray. Until now, research on the program has focused on developing approaches and proving a concept that system-on-chip designers can use to limit computer hardware to secure states while preserving performance and power. Following thorough testing and evaluation, researchers have demonstrated that SSITH concepts provide strong hardware protections against Common Weakness Enumeration (CWE) classes of hardware vulnerabilities. The SSITH program is now in the final stage, focusing on transitioning the proven concepts from lab discoveries to practical applications. The team from Lockheed Martin Corporation is moving beyond virtual processors. They want to develop ASIC hardware that combines a dual-core Arm processor and multiple peripheral interfaces with embedded security capabilities provided by their SSITH approach called Hardware Architecture Resilience by Design (HARD). This article continues to discuss the SSITH program and the proven SSITH approach known as HARD.

    Homeland Security News Wire reports "Protecting Hardware from Software Attacks"

  • news

    Visible to the public "Critical Vulnerabilities Found in AUVESY Product Used by Major Industrial Firms"

    Researchers at the industrial cybersecurity firm Claroty discovered 17 types of vulnerabilities in the Versiondog data management product made by Germany-based AUVESY. The flaws, which have now been patched by the vendor, affected Versiondog, a product that provides automatic backup and version control capabilities, and can be integrated into various industrial systems. The vendor's site revealed that this product has been used by companies such as Nestle, Coca-Cola, Kraft Foods, and many automotive giants. Some of the largest industrial enterprises run Versiondog to store and document software versions automatically, and back up data that can be compared to current error-free versions to ensure plants run efficiently. The disruption or manipulation of information handled by the product poses significant risks to the safety and integrity of an industrial process. Versiondog was found to contain vulnerabilities that can allow remote attackers to evade detection, elevate privileges, access hardcoded cryptographic keys, manipulate files, cause denial-of-service (DoS), and more. These security holes were found in Versiondog's OS Server API, Scheduler, and WebInstaller components. This article continues to discuss the severity, potential exploitation, and disclosure of the critical vulnerabilities in Versiondog.

    Security Week reports "Critical Vulnerabilities Found in AUVESY Product Used by Major Industrial Firms"

  • news

    Visible to the public "REvil Hacking Gang Forced Offline In Multi-Country Operation"

    The Russia-based hacking gang REvil has been hacked and forced offline by law enforcement and intelligence agencies in the U.S. and partner countries. REvil was behind the ransomware attack against Colonial Pipeline in May, which led to a rise in gas prices, panic buying, and fuel shortages on the U.S. East Coast. The same group was also responsible for the compromise of the Florida-based software management company Kaseya, the disruption of systems belonging to the meatpacker JBS, and more. According to Tom Kellerman, the VMware head of cybersecurity, disruptive actions were taken against REvil and other similar gangs by the FBI, together with Cyber Command, the Secret Service, and like-minded countries. This article continues to discuss the multi-country operation that took down the REvil hacking group.

    Silicon UK reports "REvil Hacking Gang Forced Offline In Multi-Country Operation"

  • news

    Visible to the public "The Russian Hacker Group Behind The SolarWinds Attack Is At It Again, Microsoft Says"

    According to Microsoft, the group behind the SolarWinds attack, Nobelium, is now targeting technology companies that resell and provide cloud services for customers. The researchers stated that Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. The researchers noted that they believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers' IT systems and more easily impersonate an organization's trusted technology partner to gain access to their downstream customers. The researchers found that the group has not tried to find vulnerabilities in software but is using techniques like phishing and password spray to gain entry to the targeted networks.

    NPR reports: "The Russian Hacker Group Behind The SolarWinds Attack Is At It Again, Microsoft Says"

  • news

    Visible to the public "BlackMatter Bug Saved Victims Millions in Ransom Payments"

    Security researchers at Emisoft claim to have saved BlackMatter ransomware victims millions over the past few months after exploiting a bug they found in the malware to recover files for free. The researchers stated that they have been building decryption tools and services to help ransomware victims for a long time. However, the researchers found that the most effective method to help ransomware victims is to search for vulnerabilities in the code of ransomware variants and exploit them to benefit the victims. The researchers at Emisoft did not publicly disclose the flaws they found, but instead, they communicated what they found to law enforcement agencies and trusted parties. Unfortunately, the group eventually realized what had happened and remediated the bug several weeks ago. The researchers at Emsisoft have also identified flaws in around a dozen other ransomware variants, saving victim organizations significant time and money.

    Infosecurity reports: "BlackMatter Bug Saved Victims Millions in Ransom Payments"

  • news

    Visible to the public "Bugs in Malware Creating Backdoors for Security Researchers"

    Malware authors often leverage vulnerabilities contained by software. However, malware could also have bugs and coding errors that cause it to crash or serve as backdoors for white hat hackers. Zscaler researchers studied the types of vulnerabilities that exist in some of the most prevalent malware families. They explored the use of these bugs or vulnerabilities to prevent malware infection, and to find out whether they are real vulnerabilities and coding errors or escape mechanisms. The researchers analyzed a dataset of malicious samples collected from 2019 to March 2021. Using behavioral similarities, they clustered the samples. They also used MITRE's Common Weakness Enumeration (CWE) system to classify malware. By looking at multiple examples of malware consisting of different types of vulnerabilities, the researchers were able to observe that malware sometimes does not validate the output of a queried Application Programming Interface (API) or cannot handle different types of command-and-control (C&C) responses. Malware is often developed based on the author's local environment. Oftentimes, malware authors also do not consider other techniques such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) that are needed to load modules in malware, which causes them to crash. Sean Nikkel, Senior Cyber Threat Intel Analyst at Digital Shadows, points out that these bugs may be the result of rushing, inexperience in using development best practices, or other resource constraints. Security vendors could use these bugs to write different types of signatures for the identification and blocking of such malware attacks. This article continues to discuss key findings from Zscaler's study on the types of vulnerabilities in malware and how security researchers can use these bugs.

    Security Magazine reports "Bugs in Malware Creating Backdoors for Security Researchers"

  • news

    Visible to the public "XSLeak Flaw in Slack Could Allow a Malicious Workspace Member to Launch De-anonymisation Attacks"

    A cross-site leak (XSLeak) flaw has been discovered in the file-sharing feature of Slack's web application by a security researcher named Julien Cretel. According to Cretel, the exploitation of the vulnerability could allow threat actors to identify users outside of the workforce instant messaging platform when victims go to an attacker-created website in Chromium-based browsers. XSLeaks are a class of security vulnerabilities stemming from side-channels built into the web platform. These flaws abuse the web's core principle of composability that allows interactions between websites. They also exploit legitimate mechanisms to reveal sensitive information about users. Researchers from TU Darmstadt released a paper in 2019 detailing an XSLeak channel in the image-sharing features provided by Facebook, Twitter, Google, and other popular messaging platforms. According to the study, when users upload an image in their private chat threads, a unique URL is generated by the host service for the resource that can only be accessed by parties within the thread. The researchers discovered that this mechanism could be abused by malicious actors to create a unique URL for a target user and force visitors' browsers to go to another website to request the same URL. The browser's response could help the attacker determine if the visitor is the same user. They warned that this technique could be applied in fingerprinting or spear phishing attacks. When Cretel examined the file-sharing functionality of Slack's web client, he found it to be vulnerable to Leaky Image attacks. However, the exploitation of the security flaw requires the attacker to have a user account in the same Slack workspace as their targets and have the ability to send them direct messages. This article continues to discuss the XSLeak flaw found in Slack, the platform's response to the discovery of this vulnerability, and other previously uncovered security weaknesses in Slack.

    Computing reports "XSLeak Flaw in Slack Could Allow a Malicious Workspace Member to Launch De-anonymisation Attacks"

  • news

    Visible to the public "Hacking Gang Creates Fake Firm to Hire Pentesters for Ransomware Attacks"

    The FIN7 hacking group, also known as Carbanak, is now creating fake cybersecurity companies that perform network attacks under the guise of penetration testing. FIN7 has been involved in cyberattacks and campaigns aimed at stealing money since 2015, when the group first emerged, infecting ATMs with man-in-the-middle (MITM) attack-enabling malware. Researchers at Gemini Advisory uncovered the fake cybersecurity firm called Bastion Secure, set up by FIN7. According to the researchers, the website created for the fake corporate entity contained stolen and recompiled content from other websites. Bastian Secure's website claims that the company is based out of England, but the researchers observed the site serving 404 error pages in the Russian language. The website's 'About' page also states that the company is a spin-off of the legitimate cybersecurity firm Convergent Network Solutions Ltd. FIN7 was found offering between $800 and $1,200 per month to recruit C++, PHP, and Python programmers as well as Windows system administrators and reverse engineering specialists. The researchers believe the hacking group also wanted to hire system administrators because they would be able to map compromised corporate systems, conduct network reconnaissance, and locate backup servers and files, all of which are skills required for the pre-encryption stages of ransomware attacks. This article continues to discuss the evidence that suggests FIN7 was behind the creation of the fake Bastion Secure cybersecurity firm.

    Bleeping Computer reports "Hacking Gang Creates Fake Firm to Hire Pentesters for Ransomware Attacks"

  • news

    Visible to the public "Russian Cybercriminals Switch to Cloud"

    Cybersecurity researchers at Kaspersky released research on Russian-speaking cybercriminal activity and how it has changed over the past six years. The researchers found that historically favored attacks targeting banks and other financial organizations with money-stealing malware have largely been replaced. The researchers stated that nowadays, adversaries prefer to hit their targets with ransomware and data-stealing attacks delivered via spear-phishing emails with malicious attachments. Another critical change recorded by the researchers was a move away from developing malware in-house and toward public cloud infrastructure. Researchers found that cybercriminals now prefer to use publicly available penetration testing and remote access software to bypass security defenses by appearing legitimate. Russian adversaries were found to be working together in much smaller groups than before, and instead of hitting Russia, they are striking targets overseas.

    Infosecurity reports: "Russian Cybercriminals Switch to Cloud"

  • news

    Visible to the public CISS awards 2M in new cybersecurity training programs to underserved communities

    CISA, the US Cybersecurity and Infrastructure Security Agency has awarded NPower and CyberWarrior contracts worth $2m to bring cybersecurity training to underserved communities such as the unemployed and underemployed. One of the goals of these programs is to develop cybersecurity talent from non-traditional sources to address the shortage of workers in this area. They will be looking to increase underrepresented groups in the industry such as people of color, women, military spouses and veterans from both urban and rural communities.
  • news

    Visible to the public "US to Ban Export of Hacking Tools to Authoritarian States"

    The US government has issued new rules designed to prevent the export of hacking and surveillance tools to regimes guilty of human rights abuses. The new rules were released by the Commerce Department's Bureau of Industry and Security (BIS) and will go into force in 90 days. Governments singled out by the proposals are "of concern for national security reasons" or subject to an arms embargo. The rules will also apply if the exporter knows that the product will be used to impact the confidentiality, integrity, or availability of IT systems without the knowledge of their owner/administrator. The cybersecurity community has 45 days to comment on the rules. The latest rules created by BIS are a result of BIS's negotiations in the multilateral Wassenaar Arrangement, which governs export controls. The long-running treaty has been criticized in the past for adding unnecessary red tape for cybersecurity vendors wanting to export their products abroad.

    Infosecurity reports: "US to Ban Export of Hacking Tools to Authoritarian States"

  • news

    Visible to the public "CISA Awards $2 Million to Bring Cybersecurity Training to Rural Communities and Diverse Populations"

    The U.S. Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) awarded $2 million to NPower and CyberWarrior in support of the development of cyber workforce training programs. The two organizations will focus on unemployed, underemployed, and underserved communities in urban and rural areas. They will also focus on commonly underserved populations, including veterans, military spouses, women, and people of color. The awards are part of CISA's mission to recruit diverse cybersecurity talent and build a skilled workforce. They are also the first of their kind to be given by CISA. The CISA Director Jen Easterly pointed out that addressing the cyber workforce shortage requires proactively searching and fostering prospective talent from nontraditional places. NPower and CyberWarrior will work with CISA to develop a scalable and replicable proof-of-concept program that identifies and trains talented individuals in cybersecurity. The three-year pilot program will develop and implement a comprehensive cybersecurity pathways retention strategy, deliver entry-level cybersecurity training via innovative training hubs, place talented individuals into entry-level cybersecurity jobs to decrease the cyber workforce shortage, and more. This article continues to discuss CISA's latest workforce development effort that aims to benefit communities and populations that may not currently have access to cybersecurity training programs.

    HSToday reports "CISA Awards $2 Million to Bring Cybersecurity Training to Rural Communities and Diverse Populations"

  • news

    Visible to the public "30+ Nations Pledge to Combat Ransomware, Promote Cyber Resilience"

    The White House had a series of virtual meetings with representatives from more than 30 countries to discuss the growing security threat posed by ransomware. The United States, together with other participating nations, pledged to tackle ransomware threats and promote cyber resilience. Those countries that have made this commitment, include Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States. it was emphasized that ransomware poses a significant risk to critical infrastructure, essential services, public safety, consumer protection, privacy, and the economy. The nations pledged to strengthen network resilience by implementing policy frameworks, governance structures, and incident response procedures. This article continues to discuss the Counter Ransomware Initiative.

    HealthITSecurity reports "30+ Nations Pledge to Combat Ransomware, Promote Cyber Resilience"

  • news

    Visible to the public "Space ISAC and NY InfraGard Collaborate To Advance Cybersecurity in Space"

    The Space Information Sharing and Analysis Center (Space ISAC) and the NY Metro InfraGard Members Alliance (NYM-IMA) will work together to strengthen cybersecurity in space. The organizations signed a Memorandum of Understanding, thus allowing them to collaborate in different ways. This collaboration will focus on raising further awareness about the various activities in the space domain among space users and operators. The Space ISAC's mission is to improve the ability to prepare for and respond to vulnerabilities, incidents, and threats. The organization also wants to spread timely and actionable information to member entities, and serve as the main communications channel for the space sector regarding such information. Through this collaboration, the Space ISAC will develop a platform that enables collaboration and communication among organizations involved in the space industry. This article continues to discuss the partnership formed between the Space ISAC and the NYM-IMA to bolster space cybersecurity.

    Cyber Intel reports "Space ISAC and NY InfraGard Collaborate To Advance Cybersecurity in Space"

  • news

    Visible to the public "72% of Organizations Experienced a DNS Attack in the Last Year"

    Researchers at Neustar International Security Council (NISC) found that nearly three-quarters (72%) of organizations have suffered a domain name system (DNS) attack in the last 12 months. Of those organizations affected, 61% were targeted on multiple occasions, while 11% have been victimized regularly. The researchers noted that DNS attacks are generally a lower concern for security pros than vectors like ransomware, distributed denial-of-service (DDoS), and targeted account hacking. The researchers stated that DNS attacks are becoming increasingly menacing to organizations. According to the researchers, 55% of security professionals consider DNS compromise an increasing threat compared to 47% in October 2020. The most common types of DNS attacks experienced in the last 12 months were DNS hijacking (47%), DNS flood, reflection or amplification attacks that segued into DDoS (46%), DNS tunneling (35%), and cache poisoning (33%).

    Infosecurity reports: "72% of Organizations Experienced a DNS Attack in the Last Year"

  • news

    Visible to the public "Threat Actors Abusing Discord to Spread Malware"

    Researchers at Check Point have discovered new multi-function malware abusing the core functions of popular group app platform Discord. The researchers found several malicious GitHub repositories featuring malware based on the Discord API and malicious bots. It included various features, including keylogging, taking screenshots, and executing files. Discord bots help users automate tasks on the Discord server. However, they can also be used for malicious ends, the researchers warned. For example, the Discord Bot API can easily be manipulated to turn a bot into a simple Remote Access Trojan (RAT). This doesn't even require the Discord app to be downloaded to a target's machine. The researchers noted that communications between attacker, Discord server, and victim's machine are encrypted by Discord, making it much harder to detect any malware. The researchers said that this could provide attackers with an "effortless" way to infect machines and turn them into malicious bots. The researchers noted that the Discord API does not require any type of confirmation or approval and is open for everyone to use. Due to these Discord API freedoms, the only way to prevent Discord malware is by disabling all Discord bots. The researchers noted that preventing Discord malware can't be done without harming the Discord community, and as a result, it is up to the users' actions to keep their devices safe. The researchers also found dozens of instances where threat actors used Discord as a malicious file hosting service, with their privacy protected by the app.

    Infosecurity reports: "Threat Actors Abusing Discord to Spread Malware"

  • news

    Visible to the public "New Gummy Browsers Attack Lets Hackers Spoof Tracking Profiles"

    Academic researchers have developed a new fingerprint-capturing and browser-spoofing attack dubbed Gummy Browsers. According to the researchers, this attack is easy to perform and can have severe consequences. A digital fingerprint serves as a unique online identifier linked to a specific user based on a combination of a device's characteristics, including the user's IP address, browser and OS version, installed applications, active add-ons, and cookies. These characteristics also include the manner in which the users move their mouse or type on the keyboard. Digital fingerprints can be used by websites and advertisers to confirm that a visitor is human, track a user between sites, or improve targeted advertising. As these fingerprints are valuable, they are often found being sold on dark web marketplaces to threat actors and scammers, who can then use them to spoof users' online identities. Spoofing users' online identities makes it easy for the threat actors to take over accounts or conduct advertisement fraud. The Gummy Browsers attack involves making a person visit an attacker-controlled website to capture their fingerprint and then using that fingerprint on a target platform to spoof that person's identity. Following the generation of a user's fingerprint using existing or custom scripts, the researchers developed methods to spoof the user on other sites. The researchers explained that the Gummy Browsers attack could impersonate a victim's browser transparently nearly 100 percent of the time without affecting the tracking of legitimate users. This attack can easily be executed while remaining difficult to detect because acquiring and spoofing the browser characteristics is oblivious to the user and the remote web server. The researchers warned that the Gummy Browsers attack could have a lasting impact on users' online privacy and security as browser fingerprinting continues to grow in adoption in the real world. This article continues to discuss digital fingerprints as well as the process and potential impact of the Gummy Browsers attack.

    Bleeping Computer reports "New Gummy Browsers Attack Lets Hackers Spoof Tracking Profiles"

  • news

    Visible to the public "A Quarter of All Malicious JavaScript Is Obfuscated"

    Security researchers at Akamai analyzed 10,000 malicious JavaScript samples that represent threats such as malware droppers, phishing pages, scammers, cryptomining malware, and more. The analysis revealed that at least 25 percent of the samples used JavaScript obfuscation methods to evade detection. According to the researchers, this finding suggests the continued adoption of obfuscation techniques by cybercriminals to remain undetected. They call on the use of more advanced Machine Learning (ML) techniques to detect malicious obfuscation. These ML techniques should enable the differentiation between malicious and benign obfuscated JavaScript. The researchers also say an approach to detection should use additional indicators and automatically consider obfuscated code as suspicious until proven otherwise. This article continues to discuss key findings from Akamai's analysis of malicious JavaScript samples.

    ITPro reports "A Quarter of All Malicious JavaScript Is Obfuscated"

  • news

    Visible to the public "CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems"

    CISA warning for water and wastewater facilities On October 14, 2021, the U.S. Cybersecurity Infrastructure and Security Agency (CISA) issues a warning for possible ransomware attacks trying to compromise water and wastewater facilities. When successful, clean water, potable water, and wastewater management all all at risk. These systems are often vulnerable because of outdated operating systems and software and not implementing security updates. The alert requires multi-factor authentication for all remote access and limited onsite users to essential personnel help prevent attacks.

    The Hacker News reports "CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems"

  • news

    Visible to the public "Data Breach Hits US Dental Patients"

    A cyberattack on the vendor of a network of dental practices may have exposed the data of tens of thousands of patients. An adversary used a phishing attack to gain access to the computer systems of North American Dental Management between March 31 and April 1, 2021. Pittsburgh-based North American Dental Management provides administrative and technical support services for Professional Dental Alliance (PDA) offices. PDA notified patients that an unauthorized individual may have accessed some of their protected health information (PHI) after the security breach. The information that may have been exposed was stored in email accounts that the attacker could breach. At this time, the identity of some individuals is known, but the vendor's investigation is ongoing. After discovering the breach, North American Dental Management took steps to secure the compromised email accounts and launched an investigation. PDA noted that it had not found any evidence of any actual misuse of personal information and that its investigation of the matter indicates that the attack was limited to email credential harvesting. The threat actor did not access PDA's patient electronic dental record or dental images; however, the Alliance found that some sensitive personal information may have been present in the compromised email accounts. The full extent of the potentially affected personal information is not yet known and will vary between persons, but it may include the following: name, address, email address, phone number, dental information, insurance information, Social Security Number, and/or financial account numbers. The breach was reported to the DHS's Office for Civil Rights, impacting 125,760 patients in Connecticut, Florida, Georgia, Illinois, Indiana, Massachusetts, Michigan, New York, Texas, and Tennessee.

    Infosecurity reports: "Data Breach Hits US Dental Patients"

  • news

    Visible to the public "Microsoft, Intel and Goldman Sachs Team Up For New Supply Chain Security Initiative"

    Microsoft has teamed up with Intel and Goldman Sachs to push for hardware security improvements that could help to mitigate supply chain risks. Working under the auspices of the non-profit Trusted Computing Group (TCG), the companies have created a new Supply Chain Security workgroup that will aim to bring in experts from across the tech sphere. The TCG stated that malicious and counterfeit hardware is particularly difficult to detect as most organizations don't have the tools or in-house knowledge to do so. The newly formed group will focus on two key areas. First, the group will focus on provisioning to ensure devices can be trusted at every step of the supply chain. Secondly, the group will be helping companies to recover in the event of an attack. A researcher at Microsoft stated that for nearly 20 years, TCG has guided the industry in adopting technologies that enable secure computing, with specifications for IoT and embedded systems, PCs and servers, mobile, and storage. The researcher also noted that the supply chain is the one thing that spans all of these verticals, and experts from TCG workgroups are now coming together to create industry-wide guidance that seeks to make the supply chain more secure.

    Infosecurity reports: "Microsoft, Intel and Goldman Sachs Team Up For New Supply Chain Security Initiative"

  • news

    Visible to the public "CISA, FBI, and NSA Release BlackMatter Ransomware Advisory To Help Organizations Reduce Risk of Attack"

    The U.S. Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) published a joint cybersecurity advisory regarding BlackMatter ransomware cyber intrusions that have targeted two U.S. food and agriculture sector organizations and other U.S. critical infrastructure entities. The advisory provides technical details and an assessment of BlackMatter ransomware. It also includes mitigation actions to consider taking, to reduce the risk of a BlackMatter ransomware attack. Eric Goldstein, CISA's Executive Assistant Director for Cybersecurity, says the advisory emphasizes the need for a collective public and private approach to reduce the impact and frequency of ransomware attacks. This article continues to discuss the advisory released by CISA, the FBI, and the NSA about the BlackMatter ransomware gang and recommended best practices for organizations to protect their networks, systems, and data.

    CISA reports "CISA, FBI, and NSA Release BlackMatter Ransomware Advisory To Help Organizations Reduce Risk of Attack"

  • news

    Visible to the public "Sinclair Confirms Ransomware Attack That Disrupted TV Stations"

    Sinclair Broadcast Group, which owns hundreds of local television stations across the U.S., confirmed Monday that it had suffered a ransomware attack. The incident is disrupting its advertising operations, among other things, and spread to many of its owned TV affiliates over the weekend, knocking local broadcast feeds off the air. In a statement, the company noted that the cyberattack disrupted the company's general and office operations and resulted in data exfiltration. On October 16, 2021, the company identified and began to investigate and take steps to contain the potential security incident. On October 17, 2021, the company determined that specific servers and workstations in its environment were encrypted with ransomware and that particular office and operational networks were disrupted. According to reports, many stations had resumed operations as of Monday, but some are still dealing with some lingering issues such as trouble using weather graphics. Sinclair confirmed that data was taken, but it's not yet sure which information the attackers have.

    Threatpost reports: "Sinclair Confirms Ransomware Attack That Disrupted TV Stations"

  • news

    Visible to the public "Damages Escalate Rapidly in Multi-Party Data Breaches"

    New research from the Cyentia Institute explored the top 50 multi-party breaches, finding that the average large-sized breach involved 31 organizations and cost an average of $90 million, compared to the average loss of $200,000 due to a typical cybersecurity incident. Although system intrusions impacted the most organizations, ransomware and wiper incidents resulted in the greatest loss. Cyentia also found that attacks involving valid accounts and those that nation-state actors carried out, caused significantly greater damages per incident. These findings further emphasize the importance of companies increasing their efforts to ensure that their vendors and contractors are not opening their networks to attacks. The lesson learned from the largest multi-party breaches is that companies' cybersecurity and risk mitigation efforts must focus on attackers targeting businesses as well as those targeting third parties, which ripples down to vendors' clients. Wade Baker, the co-founder of Cyentia calls on organizations to approach risk management with more supply chain or third-party-centric thinking to help deal with nation-state actors or cybercriminal gangs. This article continues to discuss key findings from Cyentia's Information Risk Insights Study (IRIS).

    Dark Reading reports "Damages Escalate Rapidly in Multi-Party Data Breaches"

  • news

    Visible to the public "83% of Ransomware Victims Pay the Demand"

    Security researchers at ThycoticCentrify have found that more than four in five (83%) ransomware victims in the last 12 months felt they had no option but to pay the extortion demand to restore their data. The study, which was based on a survey of 300 US IT business decision-makers, also found that close to two-thirds (64%) of companies were victims of ransomware attacks in the last 12 months. The research further highlighted the substantial damage caused to organizations by ransomware attacks. Half (50%) of respondents said their company had experienced a loss of revenue and reputational damage from an attack, and 42% admitted they lost customers due to an attack. Additionally, around one-third attributed the ransomware attack as the cause for employee layoffs. The most vulnerable vectors for ransomware attacks are email (53%), applications (41%), and the cloud (38%), according to the IT business decision-makers surveyed. The researchers stated that encouragingly, there appears to be growing recognition of the need to improve cyber-defenses amid surging ransomware incidents. Nearly three-quarters of respondents have seen their cybersecurity budgets increase due to ransomware threats, while 93% of businesses are allocating a special budget to fight ransomware threats.

    Infosecurity reports: "83% of Ransomware Victims Pay the Demand"