Reports / Surveys
Majority of organizations not fully ready to respond to cyber threats
Only 49% of companies believe they are fully ready to handle a cyberattack or security breach, a new FireEye report [pdf] shows. 47% think parts of their organization are prepared, “but overall they would struggle to respond well,” and 4% are not ready at all. This is very worrisome, especially since a majority of firms believe cyber threats will only increase next year. In the last year, a staggering 93% of organizations suffered some kind of cyberattack. The most common attack types were:
- Malware 21%
- Targeted phishing 19%
- Exploited vulnerability 16%
- Ransomware 14%
- Social engineering 13%
- Cryptomining malware 11%
Threat actors are distributing 21M Fortune 500 credentials on the dark web
Researchers with ImmuniWeb recently discovered that over 21 million leaked and stolen login credentials of Fortune 500 companies are available for download or sale on underground marketplaces and forums. 95% of all credentials included plaintext passwords, while 16 million credentials were obtained in the past year alone. The technology (5,071,144 credentials) and finance (4,915,553 credentials) sectors together accounted for just under half of all records. The research also highlights how common it is for employees to use similar or identical passwords, since only about 5 million of the 21 million discovered passwords were truly unique.
36% of firms are more vulnerable to cyberattacks than 5 years ago
More than one in three (36%) organizations have become increasingly vulnerable to cyber threats in the past 5 years, according to a new Alsid survey conducted among IT professionals. Almost 3 out of 10 (29%) respondents said their firm is not prepared to deal with insider threats, while 18% said this about targeted data theft and 14% about distributed denial-of-service (DDoS) attacks. The study also looked at how organizations handle the security of their Active Directory (AD) environment. While this is a common attack vector, almost one in four (24%) respondents from firms with AD could not say who is in charge of securing it. Moreover, only 35% of companies have one or more IT security professionals (19%) or Active Directory security specialists (16%) in charge of AD security.
Fixing vulnerabilities takes one month or more in 22% of companies
Monitoring endpoints for security flaws is the most difficult security best practice to implement, a recent survey by Adaptiva indicates. Endpoint scanning was mentioned by 47% of respondents, just ahead of patching applications (44%) and patching Windows systems (44%). Shockingly, more than one in five (22%) organizations need a month or longer to mitigate security vulnerabilities across their infrastructure, while only 26% are able to remediate flaws on the day of discovery. A majority (52%) of firms require between one day to a week.
Cybersecurity incidents at US schools more than doubled this year
301 US schools experienced a major cybersecurity incident so far this year, up from 124 in 2018 and 218 in 2017, according to a Barracuda analysis. The most common incidents were:
- Data breach (31%)
- Ransomware (17%)
- Accidental disclosure (16%)
- Phishing (13%)
- Network and infrastructure attacks (10%)
- Malware (6%)
- Denial-of-service (4%)
Cyberattacks / Data Breaches
For the last two weeks, threat actors have been targeting systems vulnerable to BlueKeep with cryptomining malware. Bluekeep (CVE-2019-0708) is a critical RDP vulnerability affecting Windows 7 and older systems. The attacks mark the first large-scale campaign exploiting the flaw. Previous attacks have been more targeted. While Microsoft issued patches for BlueKeep months ago, Internet scans indicate that around 750,000 devices may still be vulnerable.
Freaky Infosec Fact of the Week
Hackers can use lasers to remote control Google Assistant, Amazon Alexa and Apple Siri devices.
A team of academic researchers recently developed a way to send voice commands to virtual assistants via laser beams. This is possible because some microphones convert light to sound. The attacks worked against various devices running Google Assistant, Amazon Alexa or Siri (Apple).
What You Can Do
Considering the trend of cyber attacks are constantly growing and organizations are falling behind, organizations should consider implementing automated tools to assist with detecting security threats within their environment. Although Vonahi Security recently released vPenTest, which helps automate network penetration tests on an on-going basis, there are numerous other AI tools on the market that can assist organizations with detecting active threats. Since the trend of these cyber attacks seem to outpace the progress which organizations are making to detect them, automation can provide a tremendous amount of value in this area. Despite the market moving towards this, most organizations simply won't care or fully take advantage of it until it's too late – the honest truth.
Furthermore, organizations should conduct a risk assessment within their organization to help establish a framework within their information security program. Considering many organizations are not sure as to who is responsible for managing security of certain aspects within their organization, a risk assessment could help organizations identify these flaws and establish policies and procedures to establish and define these roles and responsibilities.
Vonahi Security can help organizations establish a foundation by performing a cybersecurity risk assessment and helping identify areas of improvement within your organization's information security program. Alternatively, your organization should consider adopting one of the industry-known cybersecurity frameworks as a starting point, such as the Cyber Security Framework (CSF) provided by the National Institute of Standards and Technology.
About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA. To learn more, visit www.vonahi.io