Threat Summary - Week 32, 2019

Reports / Surveys

Destructive malware attacks surged by 200% in half year

In the first half of this year, cyberattacks involving destructive malware rose by a whopping 200% compared to the same period last year, a new IBM X-Force study found. Total damages from destructive malware attacks now average $239 million per incident, which is 61 times as high as data breach losses. On average, 12,000 machines are bricked per destructive malware incident, and incident response efforts take 512 hours, which is over 3 weeks.

3.5B credential stuffing attempts targeting finance in 18 months

Between December 2017 and April of this year, Akamai logged a staggering 58 billion malicious login attempts, a new report[pdf]shows. 3.5 billion (6.1%) of those attacks targeted the financial services sector. The figures underscore the massive popularity of credential stuffing attacks, in which cybercriminals try to gain access to user accounts for a certain service by using login credentials for another service that were compromised in a data breach. The success of these attacks depends on the common user habit to recycle passwords across multiple accounts. In the same 18-month period, nearly 4,5 billion web attacks were detected, the vast majority of which were SQL injection (3 billion) and Local File Inclusion (LFI, 1 billion) attacks. Over 400 million web attacks (9%) targeted financial services firms.

Most firms dangerously unprepared for CCPA

With less than five months to go before the California Consumer Privacy Act (CCPA) goes into effect, 44.2% of business owners/executives are completely unaware of the sweeping data protection regulation, according to a recent ESET survey[pdf]. Just 11.8% of respondents could say whether or not their organization is affected by the bill that was inspired by the EU’s GDPR. When asked if CCPA will impact data collection, storage and processing at their firm, the majority of respondents said they either didn’t know (34%) or didn’t care (22%), while 35.3% claimed that their organization won’t need to make any adjustments.

Unprotected mobile endpoints put enterprises at risk

On average, mobile endpoints make up 60% of endpoints in an organization, but most of these endpoints are not properly secured, a new report by Zimperium warns. In the first half of this year, 27% of mobile endpoints in enterprises were exposed to device threats, while network attacks impacted 7%. Man-in-the-middle (MITM) attacks (eavesdropping) constituted the vast majority of attacks (86%).

Vulnerabilities/Zero-days

Side-channel attack exploits Intel CPU flaws, Windows vulnerable

A newly discovered flaw in Intel processors can bypass protections against the notorious Spectre and Meltdown attacks that can make CPUs leak information, Bitdefender has discovered. The flaw, called SWAPGSAttack (CVE-2019-1125), affects Windows devices and was covered in Microsoft’s July patch Tuesday update, so users are urged to update ASAP.

Critical flaws in Qualcomm chips affect millions of Android devices

Security researchers at Tencent have found three critical vulnerabilities in Snapdragon 835 and 845 chips by Qualcomm that are used in popular Android devices. The flaws can enable attackers to compromise the WLAN, modem and sometimes even the Android kernel. Both Google and Qualcomm have released patches that should be installed ASAP.

What You Can Do

Password attacks are one of the most common ways of gaining unauthorized access to confidential/sensitive data and even escalating privileges. The importance of using strong, complex passwords should always be emphasized in user awareness training. Organizations can even provide their users with password strength testing websites and suggest using them prior to changing their passwords.

Also, when deploying new systems and devices on a production network environment, security best practices should always be followed to ensure these new devices do not compromise the security of the environment. One best practice could be the implementation of segmentation, isolating mobile devices into their own environment due to their increased risks.

Freaky Infosec Fact of the Week

Hacked IP cameras have been used to spy on breastfeeding mothers

Last year, a mother from South Carolina discovered that a hacker was spying on her family through their IP camera when she noticed it panning to the spot where she always breastfed her son.

About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA.

Stay Informed

  • Connect with us on Linkedin for Professional Security Tips
  • Like us on Facebook for Personal Security Tips
  • Follow us on Twitter for News & Threat Updates