Threat Summary - Week 33, 2019

Reports / Surveys

365% rise in ransomware campaigns targeting businesses

Organizations are increasingly in the crosshairs of ransomware actors looking for big payouts via targeted attacks, a new report[pdf] by Malwarebytes shows. Detections of ransomware at businesses surged by a staggering 365% between the second quarter of 2018 and Q2 of this year, while consumer detections dropped by 12%. In Q2, the ransomware threat landscape for businesses was dominated by Ryuk and Phobos. Ryuk detections increased by 88% quarter over quarter, while Phobos detections rose by 940%. In the United States, ransomware did most damage in Texas, California, New York, North Carolina and Georgia.

Only half of small businesses properly address remote work risks

The vast majority (83%) of small businesses provide remote work options for employees, yet only half revised their remote work security policy last year, despite the fact that outdated policies are a major security liability. These findings come from a survey by Nationwide, which identified malware (33%) and phishing (29%) as the two biggest threats to small firms. It also found that nearly two-thirds (65%) of small companies have suffered a cyberattack, while 86% of small business owners acknowledge that cybersecurity risks are bound to keep increasing.

Companies test more apps, but fix fewer vulnerabilities

The number of apps that companies are subjecting to application security tests has increased by 20% compared to last year, a new WhiteHat Security report indicates. Even though companies perform more tests, they are doing less to address uncovered vulnerabilities. In the United States, organizations remediate only 50.7% of critical flaws (down from 57%), and just 36.8% of high risk vulnerabilities (down from 47%). It takes companies 149 days on average to fix critical vulnerabilities, while the average remediation time for high risk flaws is 235 days.

Phishing campaigns have been evolving for decades, yet awareness remains low

Every day, Gmail blocks over 100 million phishing emails, 68% of which are new messages that have never been detected before, a new study by Google found. It is the ever-evolving nature of phishing that makes it so difficult to fight these campaigns that have been tricking users into opening malicious links and attachments for decades. Phishing is getting increasingly targeted, with enterprise users receiving 4.8 times more phishing messages than consumers. While phishing is incredibly common, and has been for years, almost half (45%) of users still don’t know what it is, or how it puts them at risk.

Data Breaches:

BioStar 2 breach exposes millions of biometric records

Researchers with vpnMentor found an unsecured database by biometric smart lock platform BioStar 2 that exposed 27.8 million records containing highly sensitive data including:

• Access to admin infrastructure
• Fingerprint data
• Facial recognition information
• Unencrypted usernames, passwords, and user IDs
• Employee data (including security clearances, email and home addresses)
• Business information

Vulnerabilities/zero-days

‘Wormable’ RCE flaws put millions of Windows systems at risk

Microsoft is urging users to install newly released patches for two ‘wormable’ critical Remote Code Execution (RCE) flaws affecting Remote Desktop Services in Windows 7, 8.1, 10 and Windows Server 2008 and 2012. The flaws, CVE-2019-1181 and CVE-2019-1182 are deemed equally dangerous as the notorious BlueKeep vulnerability.

What You Can Do

Organizations need to ramp up on user awareness training as well as penetration testing engagements. The increase of ransomware attacks appear to be causing more and more damage over time, targeting more organizations. One of the common thoughts amongst organizations is "we're not a target – there are bigger fish to go after." However, this is definitely not true as many small businesses suffer ransomware attacks quite often.

Penetration testing also allows organizations to understand what their risks are to cyber attacks. Vulnerability scanning alone only allows organizations to identify the surface vulnerabilities; however, the method in which malware can spread within an organization can utilize methods that cannot be detected by vulnerability scanning, but only a penetration test or breach simulation assessment. For more information on why penetration testing could save your organization from becoming the next data breach or ransomware victim, and possibly hundreds of thousands of dollars in data breach response, refer to the following resources:

• Why Your Organization Needs a Penetration Test
• Getting the Most out of Your Network Penetration Test
• Penetration Testing vs Vulnerability Assessment: What's the difference?

Freaky Infosec Fact of the Week

Certain DSLR cameras can be infected with ransomware that encrypts all pictures

Earlier this year, Check Point researchers discovered vulnerabilities in the firmware of certain Canon cameras that made it possible to infect the cameras with ransomware over Wi-Fi or via USB.

About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA.

Stay Informed

• Connect with us on Linkedin for Professional Security Tips
• Like us on Facebook for Personal Security Tips
• Follow us on Twitter for News & Threat Updates