Threat Summary - Week 42, 2019
Reports / Surveys
82% of companies suffered a DNS attack in the past year, costing them millions
A new EfficientIP study sheds light on the growing threat of DNS-based attacks. A whopping 82% of firms were at the receiving end of at least one attack of this kind, which is a 5% increase compared to last year’s report. The financial impact of these incidents is substantial, with the average attack costing $1.07 million. Since organizations suffer 9.45 DNS attacks on average, many companies are losing millions as a result. The most common attack type is DNS poisoning (47%), followed by DNS-based malware (39%), distributed denial-of-service (DDoS) attacks (30%) and DNS tunneling (24%).
Targeted ransomware attacks continue to rise
Ransomware attacks continued to get more targeted and disruptive in the second and third quarters of this year, a new Emisoft report shows. While 56% of attacks involved the STOP / DJVU ransomware that targets home users via malicious torrents, the most disruptive ransomware strains included the top ransomware-as-a-service offering REvil / Sodinokibi (4.5% of attacks) and Ryuk. The latter didn’t crack the top 10 of most common strains, but crippled dozens of government entities in highly targeted campaigns. Victims included Riviera Beach, Florida (paid $600,000 in ransom), and Lake City, Florida (paid $460,000).
The 10 most common ransomware strains in Q2 and Q3 were:
- STOP / DJVU: 56.00%
- Dharma: 12.00%
- Phobos: 8.90%
- GlobeImposter 2.0: 6.50%
- REvil / Sodinokibi: 4.50%
- GandCrab v4.0 / v5.0: 3.60%
- Magniber: 3.30%
- Scarab: 2.00%
- Rapid: 1.80%
- Troldesh / Shade: 1.40%
Privileged access management falls short in most firms
70% of employees believe that privileged users in their organization are accessing confidential data for reasons unrelated to their professional responsibilities, research by the Ponemon Institute and Sila Solutions Group found. And privileged user abuse will only get worse in the next 1 to 2 years, according to a majority (56%) of respondents. Almost one in five (19%) employees indicated that they have excessive privileged access rights and 62% said that this is probably true for at least some people in their company. This is especially worrisome given the fact that more than half (52%) of organizations lack the resources to keep track of how privileged users use their access rights.
Less than 1 in 3 Americans are familiar with 2FA and HTTPS
A recent poll by Pew Research Center shows that most US citizens cannot answer basic questions about various cybersecurity and privacy concepts. While 67% of respondents knew that phishing attacks can target people via social media, websites, email or text messages, just 30% knew what HTTPS is and a mere 28% was able to pick an example of two-factor authentication (2FA) out of a set of images. In the context of online privacy, less than half (48%) of Americans understood what privacy policies are and only 24% knew how private browsing works.
At least 21% of firms have suffered pass the hash attacks
Pass the hash attacks, in which threat actors obtain access to password-protected remote services using password hashes instead of plaintext passwords, affect at least 21% of organizations, a recent One Identity survey found. Moreover, just 26% of the questioned IT security professionals were able to say with certainty that they had not experienced an attack, and 4% didn’t even know what pass the hash is. Pass the hash attacks are more common for large businesses and 95% of these incidents have a significant impact, often in the form of operational costs (70%), lost staff hours (68%) and financial losses including fines (40%).
Freaky Infosec Fact of the Week
A recent Flashpoint investigation revealed that threat actors are selling “fullz” packages that include a victim's name, Social Security number, date of birth, bank account number and sometimes additional information for between $4 to $10 on dark web marketplaces.
What You Can Do
This week, organizations should perform a review of their users and users' access. As aforementioned, it is a huge concern for organizations that provide their users with excessive privileges and do not enforce the principle of least privilege. The principle of least privilege is where an employee only has access to exactly what is needed for their job role. Many successful attacks are possible due to the excessive privileges provided to end-users.
Additionally, with the significant increase of phishing attacks that target end-users directly lately, organizations should ensure that user awareness training educates employees on what two-factor authentication (2FA) is and how to apply it in both their personal and business accounts.
About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA. To learn more, visit www.vonahi.io
Stay Informed