Top Cybersecurity Threats for May 2023 Business

On the third Wednesday of every month, the Verizon Threat Research Advisory Center (VTRAC) holds a Monthly Intelligence Briefing (MIB) to discuss the current cybersecurity threat landscape. Below is the summary of their most recent briefing. 1. Ransomware actors expand their attack vectors,2. Phishing concerns emerge over Google's new Top-Level Domains,3. Fears of new supply chain threat as hackers leak code-signing keys. Verizon's analysis of some of the most prominent ransomware leak sites revealed 365 new victims in April. To increase their profits and victim count, some of the biggest groups continue to innovate. And both LockBit and Clop were in servers for printing management software, PaperCut. The U.S. remained the most targeted country worldwide in April, according to Verizon. The latest attacks highlight the need to deploy robust, proactive defensive measures. Cybersecurity vendor Dragos, which withstood a ransomware attack in early May, multi-layered protection, detection and response tooling helped to limit the impact of its breach. Google recently introduced two new TLDs, ZIP and MOV, which may unwittingly provide an advantage to phishing actors. That's because the domains in question are also file extensions. Some messaging apps and social sites will now automatically convert them into links. The concern is that bad actors will create lookalike phishing domains with ZIP or MOV extensions, which victims may be more prone to clicking on. Experts claim this adds unnecessary extra risk and confusion for users and opportunities for threat actors. They are the extensions to create new phishing campaigns, including one phishing page at microsoft-office[.]zip designed to steal Microsoft credentials. The news highlights the continued need for updated and effective web security. A Taiwanese hardware manufacturer was breached by ransomware attackers back in April. Although the vendor , the Money Message group subsequently posted a trove of information stolen from the firm on its leak site. Analysis by security experts revealed two private encryption keys amongst the data. The first signs MSI firmware updates to prove they're legitimate, and the second is used in an MSI-specific version of Intel Boot Guard also designed to prevent the loading of malicious firmware. that threat actors could theoretically use these keys to self-sign malicious firmware and have it run on victim machines. Given the large number of B2B customers MSI has in the PC space, it could represent a significant threat. Learn more about the ever-evolving nature of security threats and complex risk environments. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. We use both third party and first party cookies for this purpose. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. These cookies may be set through our site by Verizon and third parties. They are used to present Verizon advertising on third party sites that you may visit. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising from Verizon. BackClear Filters,All Consent Allowed
Connected Cars: Protecting Vehicle and Customer Data

The more connections you have, the more protections you need. Hackers are becoming more sophisticated and are constantly on the lookout for where they might exploit vulnerabilities. We can help you understand the internal and external threats to your critical company data and vehicles, and help you build security into your innovation efforts. We can also help you secure critical infrastructure, assets and data in your manufacturing process, no matter where they are located, from the cloud to mobile to the factory. The full DBIR contains details on the actors, actions and patterns that can help you prepare your defenses and educate your organization. Get the intelligence you need to protect your organization. Get the latest mobile security insights from industry experts to better understand your risks and attack surface. Learn why chief executives need visibility into the cybersecurity risks the company faces—and how they can get it. Quickly identify and respond to security incidents in your automotive ecosystem with this end-to-end security-as-a-service offering. From design and implementation to analytics and maintenance, our consultants have the deep industry expertise needed to help you develop strategies that will drive results. Build the framework needed to support connected and autonomous vehicles of the future and other automotive innovations. Leverage a fully integrated ecosystem and a global connectivity platform to deploy connected and autonomous vehicles, in-vehicle systems, connected fleets, and the automotive factory of the future. Power immersive in-vehicle experiences with fast and reliable connectivity, responsive networking, digital entertainment partners, and tech platforms for more robust customer experiences. Based on the analysis of surveys, plus our experience with many digital transformations—including our own—we've identified eight recommendations to improve your future readiness. If we're going to have autonomous vehicles, 5G and connected cars will need to share the road. The world is accelerating at an exponential pace. Pandemics, cybersecurity threats and new ways of working require network evolution and innovation for businesses to meet the needs of today?s always-on users and dynamic applications. Businesses looking to take advantage of edge computing in autonomous vehicles must first understand how multi-access edge computing (MEC) can lead to the future of automotive edge computing. Businesses looking to take advantage of edge computing in autonomous vehicles must first understand how multi-access edge computing (MEC) can lead to the future of automotive edge computing. This Frost & Sullivan report helps demonstrate how to bring a competitive edge to your contact center with the advanced data, tools and systems that your employees need to best perform their roles - regardless of location. Call sales,Chat with us,Have us contact you,Already have an account?,These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. We use both third party and first party cookies for this purpose. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. These cookies may be set through our site by Verizon and third parties. They are used to present Verizon advertising on third party sites that you may visit. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising from Verizon. BackClear Filters,All Consent AllowedWe use technologies to collect and share information about your use of our site. By continuing, you agree to the use of these capabilities for a better experience and other purposes. Learn more in our .
PCI DSS Requirements for Banks: Preparing for PCI DSS version 4.0

We've got some great deals going on right now exclusively for our online customers... chat now to hear more! Author: Verizon Payment Security Practice,Date published: March 26, 2025,(the "Standard") is one of the most significant updates since the Payment Card Industry Data Security Standard (PCI DSS) was introduced in 2004. For two decades the (PCI SSC), a global payment security forum of major card brands, has maintained a collection of industry security standards as part of a global regulation to protect customer account data. The flagship standard in the collection, the PCI DSS, establishes the requirements designed to promote a secure environment with an expansive set of technical and operational security requirements. PCI DSS applies to all organizations involved in storing, transmitting, and/or processing payment card account data. The accurate interpretation, implementation and maintenance of PCI DSS requirements is an important task for financial services chief information security officers (CISOs). Organizations across the globe are looking closely at the latest major update of the Standard, which was designed to address emerging threats and enable innovative methods to combat new threats to customer payment data. PCI DSS v4.0 is aimed at improving security requirements and how compliance is measured to determine whether the intent of the Standard is being met. Since its release in March 2022, organizations began focusing on the 13 new requirements that became effective immediately in March 2024 as well as the future-dated 51 requirements that needed to be in place by March 31, 2025. In December 2024, the Standard underwent a minor update to become version 4.0.1. The PCI DSS mandates a rigorous set of requirements for any organization that accepts, stores, processes, or transmits payment card data. Organizations that implement and maintain these security standards, especially those that exceed the baseline security requirements, are likely to be more resilient to cardholder data breaches (CHD). Verizon's Payment Security Report has documented compliance trends in the payment security industry for more than a decade; the found that only 14.3% of global organizations maintained full compliance with the PCI DSS at interim validation, and the report also found that there is a clear downward trend in full PCI DSS compliance since its 2016 peak. This highlights the continued challenges many organizations face with respect to PCI security compliance. And at the same time, compliance has never been more important, in light of fast-moving technology and threat landscapes. Financial institutions continue to . These investments often increased the size of the corporate cyber-attack surface. This created new risks, including:,Misconfigured assets, such as cloud databasesThreat actors are quick to take advantage of such changes. According to the 2024 (DBIR), Verizon's annual publication that provides a deep analysis on global cybersecurity breaches, most threat actors targeting the industry during 2023 were external, financially motivated, and primarily focused on stealing personal and bank data as well as credentials. Alongside miscellaneous errors, system intrusion and social engineering represented the majority (78%) of breaches in this sector, according to the 2024 DBIR. Sign up to be notified about cybersecurity tips for businesses,After consulting representatives from various industries for three years, the PCI SSC created version 4.0 of PCI DSS to ensure the Standard stays relevant as defensive measures and attack techniques evolve. The PCI SSC that the update focuses on:A summary of the key changes from v3.2.1 to v4.0 and v4.0.1 can . Some key changes highlighted by the PCI SSC include:,The sheer volume of information required to understand the impact of PCI DSS v4.0x can seem overwhelming. What is the right approach to identify the kinds of risks that PCI DSS was designed to mitigate? That's why Verizon publishes the to track annual compliance, make recommendations to help ease the complexity of PCI security compliance and explain the PCI DSS requirements. The PSR guidance focuses on how to prioritize, helping you to establish your goals and requirements, and helping you to remove constraints for continuous, sustainable compliance. Here are a few important points outlined in the 2024 PSR:,One of PCI DSS v4.0's major areas of focus is on moving businesses from checkbox compliance with annual assessments to running continuous security processes, driven by sustainable goals and improved validation procedures. The goal of implementing PCI DSS as a business-as-usual activity is to map and integrate PCI data security requirements to pre-existing processes and distribute responsibilities and accountability across the business. This approach helps organizations with the proper implementation and embedding of PCI DSS security controls into their overall security strategy, thereby incorporating PCI DSS controls into their normal operations. This approach not only helps to develop and maintain compliance but also fosters a culture of security awareness and continuous improvement into your security program. The new Standard also can help organizations improve cyber resilience while helping them enable the collection of industry data, such as PCI DSS compliance among financial services organizations. Financial services organization security leaders need to carefully examine each updated requirement in PCI DSS v4.0 and what it means for their specific organization. Before assigning compliance tasks, understand the scope of the project in terms of goals, requirements and constraints. An important goal of PCI security compliance is to establish and maintain effective security controls. You need to frequently evaluate whether the implemented security controls are functioning as intended and continue to protect sensitive data. Confirm that sufficient resources are allocated to your PCI security program to maintain critical processes and compliance efforts. All compliance-related documentation should be kept up to date and accurately reflect the current state of your organization's security strategy. PCI DSS v4.0 introduced enhanced security requirements including stricter encryption rules, expanded multi-factor authentication requirements and stronger network security measures with the goal of improving payment data protection. A customized approach should be based on understanding the goals, requirements and constraints needed to maintain a robust vulnerability management program aimed to encourage a sustainable payment security strategy. Organizations should work with their Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) to agree on and develop tailored third party testing procedures. An organization's existing QSA is not allowed to participate in such testing sessions because that assessor developed the procedures. Independent third-party reviewers should look for deficiencies including blind spots and unintended consequences stemming from customized controls. Find out more about strategies that may help you protect your payment security information in the . You can also learn more about Verizon's PCI security assessments . Verizon, , page 44. Ibid, page 33. Ibid, page 24. By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our . California residents can view our California Privacy Notice . These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. We use both third party and first party cookies for this purpose. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. These cookies may be set through our site by Verizon and third parties. They are used to present Verizon advertising on third party sites that you may visit. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising from Verizon. BackClear Filters,All Consent AllowedWe use technologies to collect and share information about your use of our site. By continuing, you agree to the use of these capabilities for a better experience and other purposes. Learn more in our .
2022 Verizon Business Payment Security Report: Preparing to navigate PCI DSS v4.0

The 2022 PSR includes a step-by-step, logical systems approach to managing complex security problems in advance of the PCI DSS v4.0 2024 deadline.
