Common cyber threats to businesses
Links related to "common cyber threats to businesses"
Top Cybersecurity Threats for November 2023 Business
We've got some great deals going on right now exclusively for our online customers... chat now to hear more! Author: Phil Muncaster,On the third Wednesday of every month, the VTRAC holds a Monthly Intelligence Briefing (MIB) to discuss the current security threat landscape, latest cybersecurity trends, news and threat intelligence. Below is the summary of their most recent briefing and here is the . 1. Crypto trading platform Poloniex loses $114M to suspected North Korean attackers,2. LockBit affiliate exploits Citrix flaw to devastating effect,3. Software vendor Atlassian forced to upgrade the severity of Common Vulnerabilities and Exposures (CVE) after widespread exploitation,If you'd like to receive new articles, solutions briefs, whitepapers and more—just let us know. Threat actors have stolen over $114m in digital currency from cryptocurrency trading company . Although precise details are still unknown at the time of writing, the attackers are believed to have targeted the firm's hot wallets. That fits with to disable the wallet system for maintenance following the incident. A leaked private key Poloniex and Tron founder, Justin Sun, has claimed that a portion of the stolen assets have been frozen and that losses are within manageable limits—in other words, no customers should lose funds. The firm is offering a 5% white hat bounty to its attackers in exchange for the return of the funds to the affected wallets. However, that offer has so far been ignored by the threat actors. That could be because sources suspect that the . to have observed similar behavior to the heist at Stake.com earlier this year, with attackers saving different stolen tokens at different addresses. If true, this would be the latest in a long line of North Korean cryptocurrency thefts this year, including ($41m), ($70m), ($35m), . An affiliate of the prolific ransomware-as-a-service (RaaS) outfit LockBit a series of breaches at several major global organizations—all within the space of a few days. These include London-headquartered law firm Allen & Overy, Boeing, the U.S. arm of Chinese banking giant ICBC, and Australian port operator DP World. It's unclear what impact the compromises may have on victim organizations, it could be weeks before affected ports in Australia will be able to accept export cargo, as a result of the DP World breach. The common thread appears to be the exploitation of a critical Citrix vulnerability named Bleed () for which fixes were made available more than a month ago. As the MOVEit campaign highlighted, a single flaw in a widely used product can have a devastating downstream impact on corporate customers. Researchers claimed that, as of November 14, over 10,000 Citrix servers were still vulnerable to the flaw. Software vendor Atlassian upgraded the severity of a critical vulnerability in its Confluence product after widespread attacks exploited the bug. The firm originally posted a cybersecurity advisory about the improper authorization vulnerability on October 31. The bug () affects all versions of its Confluence Data Center and Server product (although not Atlassian Cloud sites accessed via atlassian.net). It was originally given a CVSS score of 9.1. Atlassian urged sysadmins to patch, warning that organizations are vulnerable to significant data loss if exploited by an unauthenticated attacker.,However, the firm updated its guidance on November 2, claiming that it had found publicly posted critical information about the vulnerability which increases risk of exploitation. Just a day later, it revealed active exploitation. Three days after that, on November 6, to the maximum, 10.0, due to the change in the scope of the attack. Widespread exploitation was , including attempts to deploy the Cerber ransomware. The incident highlights the speed with which threat actors can pounce on newly published vulnerabilities/exploits, and the need for rapid incident response and risk-based patch management. Learn more about the ever-evolving nature of security threats and complex risk environments. Verizon Business Internet Security,Qualified Verizon Business Internet customers have access to powerful internet security solutions designed to help protect your business from cyber threats. Verizon Mobile Device Management (MDM),MDM provides powerful resources to mitigate mobile risk and help protect against cyberattacks that target corporate, education and business data and personal information. Mobile Threat Defense (MTD),Safeguard the data used by your remote workforce with advanced mobile security from Verizon and our partners. Managed Detection and Response,Take your security program to the next level by quickly identifying and responding to security incidents. Managed Security Information and Event Management,Get a tailored operational model that integrates Verizon security and intelligence capabilities with your own SIEM solution. Advanced Security Operations Center (SOC),To help detect and contain sophisticated threats and help prevent them from spreading. Rapid Response Retainer,To help accelerate response to serious attacks. Cyber Risk Programs,Identify security risks and threats before they can seriously harm your organization,Social Engineering Defense,Fortify your organization's cybersecurity, end to end, with the help of Verizon's customizable and comprehensive 5-point plan. Verizon Data Breach Investigations Report,Keep your security plan up to date and help protect your organization—with access to in-depth analysis on recent cyber threats and data breaches. To find out more, listen to the full threat intelligence briefing from the . If you are already a Verizon customer, we have several options to help you get the support you need. Choose your country to view contact details. Existing customers, to your business account or . . * Indicates a required field. We will follow up from your contact request using the information provided. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. We use both third party and first party cookies for this purpose. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. These cookies may be set through our site by Verizon and third parties. They are used to present Verizon advertising on third party sites that you may visit. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising from Verizon. BackClear Filters,All Consent Allowed
Learn moreTop Cybersecurity Threats for July 2023 Business
We've got some great deals going on right now exclusively for our online customers... chat now to hear more! Author: Phil Muncaster,On the third Wednesday of every month, the Verizon Threat Research Advisory Center (VTRAC) holds a Monthly Intelligence Briefing (MIB) to discuss the current cybersecurity threat landscape. Below is the summary of their most recent briefing and here is the . 1. Clop became the most prolific ransomware actor in June thanks to the MOVEit campaign,2. Microsoft published details on six zero-day vulnerabilities in the July Patch Tuesday,3. Chinese threat actor compromised government emails via forged tokens,If you'd like to receive new articles, solutions briefs, whitepapers and more—just let us know. Clop became the number one ransomware group by victim count in June, thanks to the , which exploited a zero-day bug in the popular file transfer software. Verizon recorded 91 victims for the group during the month, versus 62 for LockBit in second place. The MOVEit campaign now has 492 known victims and has impacted around 23 million individuals. Overall, Verizon recorded 434 ransomware victims in June, pushing the total year-to-date count to 2,304. Clop has also been observed evolving its tactics to improve return on investment. The group launched to publish data stolen from MOVEit victim PwC, in an attempt to force payment. The technique, pioneered by the ALPHV/BlackCat group, is marketed to customers of compromised companies as a way to check if they are impacted by a breach and pressure these companies into paying. Microsoft announced 132 fixes for vulnerabilities in July's Patch Tuesday, including four for zero-day vulnerabilities being actively exploited in the wild. However, there were no updates for a further two zero-days also being exploited. is new guidance on Microsoft Signed Drivers being used maliciously, while is actively being exploited by an actor known as Storm-0978 (aka RomCom). Based in Russia, the actor is thought to be driven by both financial and cyberespionage motives. CVE-2023-36884 is a remote code execution vulnerability affecting Office and Windows HTML. it was used to target organizations attending a NATO summit with ransomware and espionage attacks using the . Microsoft released mitigations for the flaw and promised a fix soon. A sophisticated attack on Microsoft email accounts the accounts of the Commerce Department Secretary and the U.S. ambassador to China. Microsoft linked the campaign to Chinese state-backed threat actor Storm-0558. It said the actor consumer signing key to forge Azure AD tokens, which it did by exploiting a validation error in Microsoft code. This allowed it to access victims' emails via Outlook Web Access (OWA) and Outlook.com. Following negotiations with the , Microsoft has agreed to provide access to expanded cloud logging capabilities to Azure customers at no extra charge. This will give administrators greater visibility into their cloud environments and hopefully enable them to react quicker to similar events in the future. Learn more about the ever-evolving nature of security threats and complex risk environments. Cyber Risk Management,To help build an evidence-based cyber risk management program and improve your threat defense. Rapid Response Retainer,To help accelerate response to serious attacks. Web Application Firewall,To help mitigate the risks associated with the exploitation of public-facing applications. Advanced Security Operations Center (SOC) Services,To help detect and contain sophisticated threats and help prevent them from spreading. To find out more, listen to the full threat intelligence briefing from the . If you are already a Verizon customer, we have several options to help you get the support you need. Choose your country to view contact details. Existing customers, to your business account or . . * Indicates a required field. We will follow up from your contact request using the information provided. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. We use both third party and first party cookies for this purpose. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. These cookies may be set through our site by Verizon and third parties. They are used to present Verizon advertising on third party sites that you may visit. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising from Verizon. BackClear Filters,All Consent AllowedWe use technologies to collect and share information about your use of our site. By continuing, you agree to the use of these capabilities for a better experience and other purposes. Learn more in our .
Learn moreTop Cybersecurity Threats for August 2023 Business
We've got some great deals going on right now exclusively for our online customers... chat now to hear more! Author: Phil Muncaster,On the third Wednesday of every month, the Verizon Threat Research Advisory Center (VTRAC) holds a Monthly Intelligence Briefing (MIB) to discuss the current cybersecurity threat landscape. Below is the summary of their most recent briefing and here is the . 1. Ivanti released patches for a zero-day vulnerability and other bugs used in an attack on the Norwegian government,2. Researchers warned of a malicious campaign exploiting Citrix NetScaler zero-day,3. MOVEit organization victim count rose to over 1,100 with 56 million individuals impacted as Deloitte joined the list of affected firms,If you'd like to receive new articles, solutions briefs, whitepapers and more—just let us know. According to SecurityWeek.com, the Norwegian government that a zero-day vulnerability in cybersecurity vendor Ivanti's Endpoint Manager (EPMM) product (also known as MobileIron Core) enabled threat actors to compromise 12 government departments. The said the campaign, revealed in late July, dated as far back as April at least, with possible chaining observed between the zero-day (CVE-2023-35078) and another Ivanti vulnerability (CVE-2023-35081). The former allowed remote attackers to obtain Personally Identifiable Information (PII), add an administrative account, and change the configuration because of an authentication bypass. The latter enabled actors with EPMM administrator privileges to write arbitrary files with the operating system privileges of the EPMM web application server. Both have been patched. Ivanti and Rapid7 labeled the chained vulnerability and —described it as a remote unauthenticated API access vulnerability in MobileIron Core 11.1 and older. Researchers warned that it could allow an attacker to write malicious webshell files to the appliance, which could then be executed by an attacker. Some affected products are now out of support so no new patches will be released. The VTRAC has not identified additional victims of the original zero-day attack. Security researchers at NCC Group that over 1,900 Citrix appliances were compromised in a new campaign exploiting the former zero-day vulnerability CVE-2023-3519. an advisory about the critical bug—which enables unauthenticated remote code execution—and two others on July 18. It impacts NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). NCC Group said that 31,000 devices were vulnerable to the zero-day at the time of the campaign. An automated process placed webshells on vulnerable NetScalers to gain persistent access and allow for execution of arbitrary commands. It's unclear what the end goal of the attackers is, but 1,828 appliances remained backdoored as of August 14. Of those, 1,248 are actually patched for CVE-2023-3519. NCC Group warned a patched appliance can still contain a backdoor. The estimates that over 56 million individuals around the world have been impacted by the MOVEit data theft campaign. That means their Protected Health Information (PHI) or PII could have been taken in the large-scale attack, which targeted the popular MOVEit managed file transfer software with a zero-day exploit. VTRAC assesses the number of organizations caught in the campaign at 1,100, as of the end of July. This includes Deloitte, the third of the Big Four accounting firms to be impacted, to have seen no evidence of an impact on client data. According to Verizon's experts, these figures brought the total number of organizations known to have been victimized by ransomware this year to 2,776, including 472 in July. That makes July the worst month this year. This count is based on victims that appear on leak sites and/or publicly disclose themselves, so the real figure is likely to be even higher. Learn more about the ever-evolving nature of security threats and complex risk environments. Verizon Business Internet Security,Qualified Verizon Business Internet customers have access to powerful internet security solutions designed to help protect your business from cyber threats. Verizon Mobile Device Management (MDM),MDM provides powerful resources to mitigate mobile risk and help protect against cyberattacks that target corporate, education and business data and personal information. Mobile Threat Defense (MTD),Safeguard the data used by your remote workforce with advanced mobile security from Verizon and our partners. Managed Detection and Response,Take your security program to the next level by quickly identifying and responding to security incidents. Managed Security Information and Event Management,Get a tailored operational model that integrates Verizon security and intelligence capabilities with your own SIEM solution. Advanced Security Operations Center (SOC),To help detect and contain sophisticated threats and help prevent them from spreading. Rapid Response Retainer,To help accelerate response to serious attacks. Cyber Risk Programs,Identify security risks and threats before they can seriously harm your organization,To find out more, listen to the full threat intelligence briefing from the . If you are already a Verizon customer, we have several options to help you get the support you need. Choose your country to view contact details. Existing customers, to your business account or . . * Indicates a required field. We will follow up from your contact request using the information provided. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. We use both third party and first party cookies for this purpose. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. These cookies may be set through our site by Verizon and third parties. They are used to present Verizon advertising on third party sites that you may visit. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising from Verizon. BackClear Filters,All Consent AllowedWe use technologies to collect and share information about your use of our site. By continuing, you agree to the use of these capabilities for a better experience and other purposes. Learn more in our .
Learn more
