Threat Summary - Week 29, 2019

Reports / Surveys

Cybersecurity threats are costing companies millions

A new ESI ThoughtLab report[pdf] indicates that losses from cybersecurity incidents averaged $4.7 million per organization in 2018, and more than one in ten firms lost over $10 million.

The top cyber threats include:
* Cyber criminals (71%)
* Malicious insiders (57%)
* Hacktivists (43%)
* Contractors (39%)
* Privileged insiders (38%)
* Government-sponsored hackers (38%)

BEC scams are surging

Business Email Compromise (BEC) scams accounted for $301 million in suspicious transactions per month last year, new data[pdf] by the Financial Crimes Enforcement Network (FinCEN) shows. In 2016, the average monthly value of BEC-linked transactions was almost three time smaller ($110 million). These numbers are based on suspicious activity reports (SARs) handled by FinCEN. The number of SARs also rose, from an average of 500 per month in 2016 to more than 1,100 per month in 2018.

70% of healthcare organizations were breached, security falls short

Seven in ten US healthcare organizations (HCOs) have experienced a security breach, and 40% are “very” or “extremely” vulnerable to cyber threats, a new study by Thales found. At most 38% of HCOs properly encrypt their data, while 25% failed data security compliance audits last year.

According to US HCOs, the biggest threats to data security include:
* Cyberterrorists
* IT admins
* Partners with internal access

Ransomware amounts tripled last quarter

According to Coveware’s ransomware report for Q2 of this year, ransomware victims who paid to regain access to their data, transferred an average of $36,295 to attackers. This is almost three times the average ransom payment for Q1, which was $12,762. The surge in ransom amounts is linked to rising demands by the operators of Ryuk and Sodinokibi.

In Q2, the ransomware threat landscape was dominated by:
* Ryuk (23.9%) - the most common ransomware targeting enterprises
* Phobos (17%) - primarily targets smaller companies
* Dharma (13.6%) - primarily targets smaller companies
* Sodinokibi (12.5%) - became the dominant ransomware-as-a-service offering
* GandCrab (10.2%) - used to be the top ransomware-as-a-service offering, but the operators retired this quarter

Data breaches

Evite breach impacts 101 million customers

A May data breach at social-planning website Evite impacted 101 million users. Haveibeenpwned.com has received a database showing that attackers obtained access to the names, usernames, email addresses, passwords and other sensitive information of 10 million Evite users as well as the email addresses of 91 million users. To check if your information was compromised in this or another breach, you can visit Have I Been Pwned and enter your email address.

Sprint customers hacked via Samsung website

Hackers breached the accounts of an unknown number of Sprint customers via the Samsung.com "add a line" website in June. The US telecommunications company said that the compromised data includes full names, billing addresses, phone numbers, device types and more, but nevertheless claimed the incident did not pose "a substantial risk of fraud or identity theft" for those affected. This is highly misleading, since criminals could certainly use the exposed data for scam and fraud campaigns.

Vulnerabilities

Over 800,000 systems still vulnerable to wormable BlueKeep flaw

Two months after Microsoft patched BlueKeep (CVE-2019-0708), a critical RDP vulnerability affecting Windows 7 and older systems, an Internet scan by BitSight still identified over 800,000 vulnerable systems. BlueKeep is a highly dangerous flaw that should be patched immediately.

What You Can Do

  • Many organizations, especially healthcare based on the statistics, should take advantage of free sample security assessments. Although budgeting may be a concern, many cybersecurity firms, including Vonahi Security, actually offer a limited, free security assessment to help organizations identify weaknesses that organizations don't think exist in the first place.
  • Organizations should check their patch management program to ensure that all previously vulnerable Microsoft Windows systems with the BlueKeep vulnerability are patched.

Freaky Infosec Fact of the Week

‘Smart’ hair straighteners can enable hackers to burn your house down

Researchers with PenTestPartners discovered that it's relatively easy to hack into Glamoriser hair straighteners that support Bluetooth and turn them into a major fire hazards.

About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA. To learn more, visit www.vonahi.io

Stay Informed

  • Connect with us on Linkedin for Professional Security Tips
  • Like us on Facebook for Personal Security Tips
  • Follow us on Twitter for News & Threat Updates