Threat Summary - Week 44, 2019
Reports / Surveys
10% of breached SMBs go out of business, 25% file for bankruptcy
28% of small to mid-sized businesses (SMBs) suffered a data breach in the past year, often with major consequences, a recent survey by Zogby Analytics and NCSA found. 69% of breached firms experienced downtime and 37% financial loss, while 25% were even forced to file for bankruptcy and 10% actually went out of business. The vast majority (88%) of SMB decision makers realize that their organization is a target for threat actors, and 62% consider cybersecurity a key priority. Three in four SMBs (75%) have a cybersecurity plan, but only 55% update it at least once a year. Moreover, only about half of SMBs have implemented basic security practices:
- 54% run anti-malware on all their devices
- 54% require staff to report suspicious emails
- 47% keep their software updated
- 45% use long passwords for all accounts
Cyberattack volume has increased by 17%, severity by 27%
In the past year, the number of cyberattacks grew by 17.1%, while the severity of these attacks increased by 26.9%, according to a recent study by ServiceNow and Ponemon Institute. In the last two years, almost 1 in 2 (48%) companies suffered a data breach, mostly because of human error (50%), external threat actors (48%), malicious insiders (28%) and/or system malfunctions (27%). A whopping 60% of breaches could have been prevented if the targeted firm had installed a patch for a know vulnerability. In 39% of those cases, the organization knew about the issue prior to the attack. On average, organizations need 16 days to patch a critical flaw, and 36% say that patch delays are getting longer.
Emotet tops malware list, Ryuk crowned “nastiest ransomware”
For the second year in a row, Emotet is listed as the most prevalent malware in Webroot’s “Nastiest Malware” report. Botnets served most ransomware and cryptomining payloads in 2019, with Emotet leading the pack ahead of Trickbot and Dridex. The cryptomining malware landscape was dominated by Hidden Bee and the Retadup worm, while the biggest ransomware threats were:
- The Emotet, Trickbot, Ryuk “triple threat” attack chain, which caused most financial damage
- The Dridex, Bitpaymer attack chain
- GandCrab, a ransomware-as-a-service (RaaS) platform that retired over the summer
- Sodinokibi/REvil, a RaaS offering that emerged after GandCrab retired
- Crysis/Dharma
Cybersecurity threats recognized as the no. 1 business risk
Cyber threats top the list of most critical risks facing organizations in a recent ISACA report[pdf]. 29% of companies listed cybersecurity as the top risk category, ahead of reputation (15%) and financial (13%). The study identifies 5 main cybersecurity challenges for companies:
- Technological advancements
- Evolving threats
- Lack of cybersecurity personnel
- Lack of cybersecurity skills
- Growing number of threats
Cyberattacks / Data Breaches
Country of Georgia suffers massive cyberattack affecting 15,000 websites
On Monday, a massive cyberattack hit the country of Georgia. The attackers breached a local web hosting provider and subsequently defaced 15,000 websites, including Georgian government pages, to show an image of former Georgian President Mikheil Saakashvili with the caption "I'll be back." The websites were later taken offline altogether. The incident, which is likely the work of a state-sponsored actor, underscores the growing threat of supply-chain attacks in which threat actors indirectly target organizations via a service provider, vendor or other third party.
Freaky Infosec Fact of the Week
Earlier this year, a security researcher found a critical vulnerability in an in-room robot used by a Japanese hotel chain. The flaw could allow a malicious hotel guest to embed a backdoor in the robot, making it possible to remotely spy on future guests.
What You Can Do
The statistics revolving around the chances of SMBs going out of business and even having to file bankruptcy due to a cyber attack is stunning. One thing that Vonahi has done to help reduce this percentage, even if by a small number, is develop a Top 10 Cyber Security Best Practices for SMBs whitepaper. Considering we've performed hundreds of assessments, many of which were across SMB networks, we've put together some very straight forward and simple steps on what SMBs can do to help protect themselves, given their budget and the availability of open source and free tools.
With the recent release of vPenTest, organizations of all sizes, including SMBs, can now perform a penetration test whenever they want. This is especially critical for SMBs since traditional penetration tests can be extremely costly. vPenTest gives organizations the opportunity to perform a penetration test just as a traditional assessment would, except faster and with more value. Schedule a demo if you're interested and want to learn more about vPenTest.
About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA. To learn more, visit www.vonahi.io
Stay Informed