Threat Summary - Week 39, 2019
Reports / Surveys
79% of companies recognize cyber threats as a top 5 business risk
While the gravity of cyber threats is being recognized by a growing number of organizations, confidence in cybersecurity capabilities is on the decline, a joint report[pdf] by Microsoft and Marsh indicates. Currently, 22% of firms say that cyber threats are their top risk priority and an additional 57% puts cyberattacks in their risk top 5. Two years ago, those numbers were 6% and 56%, respectively. However, more and more companies lack confidence when it comes to cyber risk assessment (18%, up from 9%); cyber threat prevention (19%, up from 12%); and incident response and recovery (22%, up from 15%).
Enterprise ransomware exploits flaws in critical assets, CVSS scores are misleading
Ransomware campaigns focusing on enterprises usually aim to maximize business disruption by targeting critical assets, a RiskSense analysis of the most popular enterprise ransomware strains found. Nearly two-thirds (63%) of the 57 CVEs exploited by these ransomware families were linked to (application) servers and other high-value assets, providing companies with a strong incentive to give in to rising ransom demands. About one third (31.5%) of the analyzed CVEs have been around since at least 2015, with the oldest dating back to 2010. Strikingly, more than half (52.6%) of the exploited flaws had a CVSS risk score of less than 8 (out of 10), the lowest score being 2.6. Since many companies use CVSS to guide their patch management priorities, flaws with lower risk scores often persist in enterprise networks for extended periods of time.
Healthcare breaches affected 169M patients since 2009, but hackers rarely targeted medical data
A total of 1,461 breaches took place at 1388 healthcare facilities between October 2009 and July of this year, impacting 169 million patients, according to a new academic study. However, cybercriminals are rarely out to steal medical data. Lead author Xuefeng Jiang told Forbes that hackers “can't make money directly on patients’ medical results,” which explains why attackers went after demographic and/or financial data in 70% of healthcare breaches accounting for 95% of all affected patients. In just 16% of breaches covering 3.5% of patients, the attackers only stole medical records, while sensitive medical data was obtained in a mere 2% of breaches affecting just over 1% of patients.
Half of employees click on links from unknown senders
If an employee receives a message from an unknown sender that contains a URL, cybersecurity best practices (and common sense) dictate that the user should avoid interacting with the link at all cost. Despite this, 49% of respondents in a recent Webroot survey said they have clicked on such links at work. The study also shows that 62% of US workers have had private or financial data compromised once (26%) or multiple times (36%) in a breach or cyberattack. Shockingly, close to one third (32%) of these victims didn’t bother to change their passwords after the incident(s).
Ransomware has already hit 49 educational institutions this year
So far this year, at least 182 US entities have been at the receiving end of a ransomware attack, a new Armor report shows. The victims include 70 municipalities, 49 educational intuitions and 27 healthcare organizations. The campaigns targeting the education sector may have impacted up to 500 K-12 schools.
Freaky Infosec Fact of the Week
Some IoT devices can be hacked using blank credentials
A recent experiment by Avira found that the most common set of credentials used to attack Internet-of-things (IoT) devices consists of an empty username and password. Blank credentials were used in 25.6% of attacks on an IoT honeypot. Other common credentials were admin | admin, support | support, and root | root.
What You Can Do
As aforementioned, 79% of companies recognize cyber threats as a top 5 business risk and half of employees click on links from unknown senders. Organizations should consider evaluating their risks to cyber attacks on a more frequent basis so that improvements can be made more often.
For example, performing a penetration test more frequently allows organizations to understand how newly released security vulnerabilities and exploits can affect their environment. Additionally, quarterly or even monthly phishing assessments could help organizations evaluate their employees' susceptibility to phishing attacks, allowing them the opportunity to improve security awareness training content.
About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA. To learn more, visit www.vonahi.io
Stay Informed