Threat Summary - Week 43, 2019
Reports / Surveys
Ransomware is the no.1 malware threat to SMBs
In the last two years, 85% of managed service providers (MSPs) have registered ransomware attacks targeting small and mid-sized businesses (SMBs), and 56% reported such attacks in the first six months of this year alone, a recent Datto survey indicates. This makes ransomware the top malware threat to SMBs. And while 89% of MSPs say that ransomware should be a major concern for SMBs, just 28% of SMBs are in fact very worried about it. Ransomware attacks on SMBs result in average downtime-related losses of $141,000 per incident, which is 200% higher than last year. Downtime costs are at least 23 times greater than the ransom demanded by threat actors, which averages $5,900 per incident, up from $4,300 last year.
The cybersecurity strategy of 69% of organizations is reactive
69% of IT security practitioners in a recent survey by Ponemon Institute and AttackIQ described their organization’s cybersecurity strategy as reactive and incident-driven. The study also suggested that most companies lack cybersecurity governance by the board of directors and the CEO. In fact, the board and CEO rarely review compliance (45% of firms); determine the acceptable level of cyber risk (28%); or demand cybersecurity due diligence in the context of a merger/acquisition (21%). Moreover, in 47% of companies the board and CEO do not ask for outside cyber-risk assessments.
44% of security vulnerabilities in apps are never fixed
When applications are first released, 83% contain at least one flaw, and about two in three don’t meet the OWASP Top 10 and SANS 25 industry standards, recent research by Veracode found. Only 56% of all vulnerabilities and 75.7% of critical flaws are eventually resolved. Because developers tend to prioritize new flaws over older issues, apps often end up with ever-accruing “security debt” in the form of unfixed vulnerabilities. This trend explains why the median remediation time for flaws is 59 days while the average is a staggering 171 days.
Phishing emails warning users to check their password have the highest click-rate
The most successful phishing tactic is giving users the impression that their account has been hacked, a new infographic by KnowBe4 shows. A phishing simulation revealed that the email subject generating most user interaction was “Password Check Required Immediately.” Messages with this subject accounted for 43% of clicks. The complete top ten of most-clicked subjects is:
- Password Check Required Immediately (43%)
- A Delivery Attempt was made (9%)
- De-activation of [[email]] in Process (9%)
- New food trucks coming to [[company_name]] (8%)
- Updated Employee Benefits (7%)
- Revised Vacation & Sick Time Policy (6%)
- You Have A New Voicemail (6%)
- New Organizational Changes (4%)
- Change of Password Required Immediately (4%)
- Staff Review 2018 (4%)
The report also shows that LinkedIn was impersonated in almost half (48%) of all real world phishing campaigns related to social media, while 37% imitated Facebook and 8% imitated Twitter.
Most Americans worry about data compromise, yet don’t respect others’ data privacy
A new HP report[pdf] exposes the hypocritical views of many Americans when it comes to data privacy. Almost two-thirds (65%) of US respondents are very worried about their personal data getting compromised; 73% believe this will inevitably happen at some point; and 78% think third parties have already gotten hold of their data without their knowledge. Despite these concerns, 82% have violated the privacy of others by creeping, i.e. secretly looking at their screens. At work, 73% of US employees creep on the screens of colleagues and the same number inspects unclaimed documents found in or near shared office printers.
Freaky Infosec Fact of the Week
Researchers with Security Research Labs recently managed to upload malicious apps to the official Amazon and Google voice app stores. The apps could enable hackers to listen in on Alexa and Google Home users or trick them into revealing their password.
What You Can Do
One of the major challenges that SMBs face when it comes to cybersecurity is budget. Considering that ransomware attacks have a higher chance of success with SMBs (given the lack of budget to afford adequate security), this presents a significant threat to SMBs. Consequences could result in significant costs, which could lead to going out of business or recovery expenses that make the organization suffer tremendously.
However, while continuous services such as vPhish and vPenTest don't address all of the needs of a cybersecurity program, they are most certainly extremely valuable in helping minimizing the overall risk that SMBs face and can scale with your business. Knowing you have a significant security flaw that can be resolved with minimum effort from a configuration standpoint could make or break your SMB.
About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA. To learn more, visit www.vonahi.io
Stay Informed