Reports / Surveys
$2.9M is lost to cybercrime every minute
Cybercrime revenues totaled $1.5 trillion last year, which comes down to $2.9M lost to crooks every minute, according to a new infographic by RiskIQ. Leading firms suffer 0.4 security breaches per day, costing them $25 per minute. Threat actors generate 2.4 phishing sites per minute, while RiskIQ detects 7 malicious redirectors every minute and one malware sample every 25 minutes.
Malware campaigns decline as ransomware, encrypted attacks rise
During the first six months of this year, intrusion attempts increased by 4% compared to the fist half of 2018, a new SonicWall report shows. While malware campaigns dropped by 20%, ransomware attacks did increase, by 15%, in part because the popularity of ransomware-as-a-service (RaaS) keeps on growing. Other threat categories that saw increased activity were web app attacks (11% increase), Internet-of-things (IoT) malware (55% increase) and encrypted attacks (76% increase).
Most SMBs suffer from a false sense of security
A Keeper Security survey reveals that two in three (66%) small to mid-sized businesses (SMBs) consider a cyberattack on their organization unlikely, despite the fact that about the same amount of small firms (67%) were attacked in the past year. The lack of awareness about cyber threats often coincides with a lack of preparedness, since 60% of SMBs have no cyberattack prevention plan. Moreover, one-fourth (25%) of respondents acknowledged that they have no clue how to even begin dealing with cybersecurity.
Majority of IT leaders unsure if their cybersecurity solutions work
Even though 58% of organizations plan to increase their cybersecurity budgets by 14% on average, only 39% of IT leaders believe their firm is getting full value from the money it spends on security, a recent study by AttackIQ indicates. A majority of respondents (53%) don’t even know if the cybersecurity tools they use are actually strengthening cyber defenses as advertised. The vast majority of IT leaders believe that data breaches aren't decreasing because of how skilled threat actors are (70%) and due to the complexity of cybersecurity (66%). An example of this complexity is the fact that companies use 47 different security products on average.
Capital One breach exposes data of 106 million people
Capital One suffered a massive data breach in March. The exposed data impacts 100 million American and 6 million Canadian customers and consists mostly of names, contact information and certain financial information such as credit scores and credit card balances. In addition, the social security numbers of 140,000 US and 1 million Canadian customers were obtained by a hacker, who was recently arrested. This individual was later found to be a former Amazon employee.
Critical zero-day vulnerabilities put 200M IoT devices at risk
Researchers at Armis recently discovered that over 200 million Internet-of-things (IoT) devices are vulnerable to attacks as the result of 11 zero-day flaws (6 of which are critical) in VxWorks, a real-time operating system (RTOS) used in 2 billion IoT devices. Security patches are available and should be installed as soon as possible.
What You Can Do
Given the alarming increase of ransomware attacks in the recent past, organizations should assess their environment to ensure it adheres to security best practices. Since many organizations have a false sense of security, a comprehensive penetration test can help ensure that security weaknesses have been identified and remediated. This should actually occur more than once a year, especially considering the fact that new and major security threats are appearing more often, all of which could result in a significant impact to your organization.
In addition to more frequent penetration tests, the Capital One data breach proves that companies should also be performing architecture configuration reviews to ensure that there are no gaps within their configurations. Organizations should perform periodic reviews of their configurations to ensure that configurations align to best practices, at least bi-annually.
Freaky Infosec Fact of the Week
More than once, hackers found ways to remotely kill the engines of moving cars
Earlier this year, a hacker compromised thousands of user accounts for GPS tracker apps, allowing them to shut off the engines of some cars if they were driving no more than 12 mph. Issues like this have been discovered before, like in 2015 when security researchers remotely killed the engine of a Jeep going 70 mph.
About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA. To learn more, visit www.vonahi.io