Top Cybersecurity Threats for May 2023 Business

On the third Wednesday of every month, the Verizon Threat Research Advisory Center (VTRAC) holds a Monthly Intelligence Briefing (MIB) to discuss the current cybersecurity threat landscape. Below is the summary of their most recent briefing and here is the . 1. Ransomware actors expand their attack vectors,2. Phishing concerns emerge over Google's new Top-Level Domains,3. Fears of new supply chain threat as hackers leak code-signing keys,Verizon's analysis of some of the most prominent ransomware leak sites revealed 365 new victims in April. To increase their profits and victim count, some of the biggest groups continue to innovate. in what is believed to be an industry first. And both LockBit and Clop were in servers for printing management software, PaperCut. The U.S. remained the most targeted country worldwide in April, according to Verizon. The latest attacks highlight the need to deploy robust, proactive defensive measures. Cybersecurity vendor Dragos, which withstood a ransomware attack in early May, multi-layered protection, detection and response tooling helped to limit the impact of its breach. Google recently introduced two new TLDs, ZIP and MOV, which may unwittingly provide an advantage to phishing actors. That's because the domains in question are also file extensions. Some messaging apps and social sites will now automatically convert them into links. The concern is that bad actors will create lookalike phishing domains with ZIP or MOV extensions, which victims may be more prone to clicking on. Experts claim this adds unnecessary extra risk and confusion for users and opportunities for threat actors. They are the extensions to create new phishing campaigns, including one phishing page at microsoft-office[.]zip designed to steal Microsoft credentials. The news highlights the continued need for updated and effective web security. A Taiwanese hardware manufacturer was breached by ransomware attackers back in April. Although the vendor , the Money Message group subsequently posted a trove of information stolen from the firm on its leak site. Analysis by security experts revealed two private encryption keys amongst the data. The first signs MSI firmware updates to prove they're legitimate, and the second is used in an MSI-specific version of Intel Boot Guard also designed to prevent the loading of malicious firmware. that threat actors could theoretically use these keys to self-sign malicious firmware and have it run on victim machines. Given the large number of B2B customers MSI has in the PC space, it could represent a significant threat. Top Cybersecurity Threats for June 2023 Business

Author: Phil Muncaster,On the third Wednesday of every month, the Verizon Threat Research Advisory Center (VTRAC) holds its Monthly Intelligence Briefing (MIB) to discuss the current cybersecurity landscape and provide the latest threat intelligence. Below is the summary of their most recent briefing and here is the . 1. Verizon 2023 Data Breach Investigation Report (DBIR) reveals developments in the current threat landscape,2. MOVEit flaw exploited by Clop ransomware group in large supply chain attack,3. Barracuda zero-day bug exploited by Chinese state-linked threat actor,The has been released. This year's report provides detailed insight into the threat landscape, gleaned from 16,312 incidents, of which 5,199 (32%) were confirmed data breaches. It found that external (83%) and financially motivated (95%) breaches were most common, thanks to the dominant role of organized crime. Insiders accounted for a fifth (19%), although this includes negligence as well as malicious activity. The human factor accounted for 74% of breaches. That's not surprising considering (49%) and (12%) were the top two techniques for gaining entry into networks, followed by vulnerability exploitation (5%). Among social engineering, business email compromise (BEC), or , is now present in more incidents than phishing. As stated on page 31 of the 2023 DBIR, cases doubled over the past year, with the . (24%) recorded its highest-ever share of breaches, and continues to impact organizations of all sizes and in all industries. Infamous ransomware group Clop exploited in popular managed file transfer software MOVEit to steal data from countless MOVEit customers. The group is currently adding victim names to its leak site as the data for ransom payment expired. It has claimed hundreds of victims, while VTRAC has counted at least 96 so far. Among these are the BBC, British Airways and the U.S. Department of Energy. It was a sophisticated, multi-stage attack, which calls to mind the of 2021, also linked to Clop. As well as the original zero-day (), two more critical vulnerabilities have since been found and patched by MOVEit developer Progress Software: another SQLi flaw () and (). Financial services and insurance companies appear hardest hit, with the financial and reputational impact likely to be high. The U.S. government a $10 million dollar reward for information linking the attack to a nation-state. In early June, Barracuda Networks took the of urging all customers of its Barracuda Email Security Gateway appliance impacted by a recent to replace the devices immediately, regardless of patch version. That followed efforts by the cybersecurity vendor to update the appliances on May 21. The reason became clear after new intelligence on the case, which it was brought in to help with. An aggressive and persistent state-linked Chinese actor had been exploiting the zero-day in an espionage campaign dating back to October 2022. The Mandiant report named the unknown group UNC4841. It said that Barracuda decided to issue the call for customers to replace their appliances after the group switched malware and deployed new persistence mechanisms, following the issuing of the Barracuda update. UNC4841 stepped up its campaign from May 22-24, with high frequency operations targeting victims in 16 countries. A third were government agencies, but individual victims included well-known academics in Taiwan and Hong Kong and Asian and European government officials in Southeast Asia. Mandiant warned network defenders to continue monitoring for UNC4841 activity. Evaluating the Latest Cyber Security Threats Business

Latest cyber security threats: What you need to know to protect your business,Author: Phil Muncaster,It's vital to understand the latest cyber security threats. Data-driven decision-making can be crucial to improving your cyber security risk posture. The problem for chief information security officers (CISOs) is getting hold of the right data; it must be actionable and framed in a business context that makes it relevant to critical stakeholders. In its absence, of dogmatically enforcing security best practices, whether they're appropriate for the organization or not. Verizon's annual , conducted since 2008, offers strategically impactful information and data points on the recent cyber security threats, so CISOs and their colleagues can make better decisions. To keep up with Verizon's latest findings and up-to-date on security industry trends, . What are the latest cyber security threats?,The reality is the cyber threat landscape is a continuum because as technologies advance and evolve, so does the ability of the stealthy, sophisticated cybercriminal to reach bigger and more diverse audiences. That makes it difficult to discern which trends can accurately be described as new threats in cyber security. Today's latest cyber security threats include ransomware, and business email compromise (BEC). These have been around for several years but are still evolving to cause significant risk to global organizations. In a similar way, user configuration error, supply chain risk and vulnerability exploitation have been threats for some time. But now, they're increasingly coming into focus for CISOs for several reasons. These include:,The impact of these recent cyber security threats can be linked to possible data loss, operational outages and malware infection. These could result in significant . Let's take a look at three of the latest cyber security threats to re-emerge as serious risks to your business. User configuration error,According to the most recent DBIR, misconfiguration was by far the most common sub-category within miscellaneous errors, accounting for over half (52%) of incidents. It particularly affects data stores, including cloud-based file storage and relational or document databases placed online with zero protection. This is not the only kind of configuration issue that could create major cyber risk exposure. Remote Desktop Protocol (RDP) endpoints with poorly configured passwords are one of the top initial access vectors for ransomware actors. However, it is that looms particularly large over organizations today. now have a multi-cloud strategy, making it even more challenging to understand how each environment works and what the most secure configuration is. includes only those enterprise IT categories that can transition to cloud, within the application software, infrastructure software, business process services and system infrastructure markets. By 2025, 51% of IT spending in these four categories will have shifted from traditional solutions to the , compared to 41% in 2022. Almost two-thirds (65.9%) of spending on application software will be directed toward cloud technologies in 2025, up from 57.7% in 2022. Threat actors are increasingly looking to scan for and steal, ransom or of unprotected online data stores, contributing to the rise of recent cyber security threats. According to Verizon, verticals most exposed to misconfiguration risk include:,They should look to continuous compliance monitoring solutions like Cloud Security Posture Management (CSPM) to mitigate these risks, and apply the known as Secure Configuration of Enterprise Assets and Software to build security into systems from the start. Supply chain risk,Supply chain attacks are another example of recent cyber security threats that aren't actually new but have recently been used in high-profile campaigns by threat actors. No industry is safe. The complexity of modern supply chains, including the delivery of digital products and services, provides a huge opportunity for attackers. And complexity is the enemy of security. According to Verizon, incidents with secondary motives—that is, where the goal was to leverage victim access to carry out follow-on attacks—was the second most popular after financial last year, accounting for over a fifth of incidents. The report claims that most of these breaches are simple in nature, which suggests that catastrophic events like the or campaigns are still the exception. But even a simple supply chain breach could have a serious impact on your organization. According to research from , over 90% of global organizations suffered such a breach in 2021. The challenge is not only the size of supply chains but also current point-in-time auditing, which is often heavily reliant on manual processes. CISOs must switch from static questionnaires to continuous monitoring of suppliers—and rapid remediation if risks emerge. Unpatched vulnerabilities,ProxyLogon, SpringShell, Log4Shell—these are just a handful of the latest cyber security threats that have emerged over the past year. But it's not just these boardroom attention-grabbing vulnerabilities that you need to patch. Threat actors may also exploit bugs from years ago that have since fallen under the radar. As , it's not necessarily the amount of time since discovery that determines why actors target specific vulnerabilities; it's what capabilities exploitation provides to the attacker, alongside the robustness of current working exploits and payloads.,No sector has a handle on this yet. The key is to prioritize according to risk to your specific organization, using automated tools to . As Verizon says, the ideal is to patch smarter, not harder. This will not only make your organization more secure but also enhance IT productivity and minimize burnout by ensuring time is not wasted on patches that won't do much for the organization. Improving cyber risk readiness,What do these new threats in cyber security have in common? They all require organizations to enhance their readiness to mitigate serious cyber risk. The right provider could help your enterprise go beyond preparedness and resilience to improve IT ROI, transform critical business processes and enhance competitive advantage. 