Threat Summary - Week 49, 2019
Reports / Surveys
In the context of data protection, most organizations are overconfident
A recent study by eSentire indicates that most companies are overconfident when it comes to their cybersecurity posture. Despite the fact that 56% of organizations suffered a major security incident in the past year, the overwhelming majority of firms say their highly sensitive data is well-protected (97%) and consider their security budget to be adequate (92%). The most common attacks were:
- Malicious insider attacks (these were most common and most successful)
- Attacks on web and SQL apps
- Social engineering (including phishing)
- Crimeware
- Distributed denial-of-service (DDoS)
22% of SMBs say a cyberattack could put them out of business
A Zix/AppRiver survey[pdf] conducted this quarter shows that 79% of executives at US small to mid-sized businesses (SMBs) consider cybersecurity a top concern, with 72% indicating that a cyberattack on their firm would harm business and 22% saying it could even be fatal in a business sense. 93% of respondents acknowledge that businesses are targets for foreign adversaries looking to undermine US national security in cyberspace. Of those, 66% say that this threat will become even more apparent in 2020. The study also found that 82% of SMBs predict that many staff members will use business devices for online shopping during the holiday season. However, most of these firms consider this an inevitable security risk and won’t implement any measures to mitigate it.
Malware attacks target 37% of biometric data processing systems
A new report by Kaspersky shows how cyber threats against computers used for storing and processing biometric data could result in this highly sensitive information being compromised. In Q3 of this year, 37% of biometric data processing systems were targeted by malware. The top attack vectors for these systems were:
- The Internet (14.4%)
- Removable devices (8%)
- Email clients (6.1%)
- Network folders (1.6%)
Kaspersky identified the biggest threats to these systems as:
- Spyware (5.4%)
- Phishing-related malware (mostly spyware downloaders / droppers, 5.1%)
- Ransomware (1.9%)
- Banking Trojans (1.5%)
The report stresses that even though these threats are not specifically targeting biometric data processing systems, they could be used to steal or tamper with biometric records. In addition, Kaspersky believes “that mass-distributed malware designed to steal biometric data from banks and financial systems will appear in the near future.”
In 71% of phishing campaigns, at least one set of employee credentials is stolen
71% of social engineering attacks result in the compromise of at least one set of employee credentials, while in 20% of cases about half the staff hands over their credentials. These findings come from a Coalfire analysis covering hundreds of penetration test carried out by the company’s security consultants. Of all the vulnerabilities discovered during external engagements, 17% were critical issues, and this number was even higher for internal assessments (51%) and application tests (36%). The most common vulnerabilities found in enterprise environments were related to:
- Outdated software
- The use of insecure protocols like SMBs, LLMNR and NBT-NS
- Password flaws
- Shortcomings in patch management
- Injection
- Security misconfigurations
Alaska and Nevada riskiest states in terms of cyber fraud
Research by CardConnect based on figures released by FBI’s Internet Crime Complaint Center identifies Alaska and Nevada as the riskiest US states for cyber fraud. Last year, Alaska saw more phishing attacks per citizen than any other state. It ranked second in personal data breach risk and third in both credit card fraud and ID fraud risk. Nevada topped the list for both ID fraud and personal data breach risk, ranked second in credit card fraud, and 6th in phishing. Alabama topped the list for credit card fraud, but scored lower for the other categories, coming in 13th overall. The top 5 of most riskiest states was completed by Arizona, Colorado and Virginia. The 5 safest states in terms of cyber fraud were Iowa, Mississippi, South Dakota, Ohio and Maine.
Freaky Infosec Fact of the Week
Robotic vehicles like drones and rovers can be hacked in order to delay, deviate and crash them.
Earlier this year, a team of academic researchers discovered[pdf] that it is relatively easy to carry out stealthy cyberattacks targeting robotic vehicles. The attacks could allow hackers to disrupt important missions carried out by drones and rovers by deviating, delaying or crashing them.
What You Can Do
Organizations that are confident about their security posture should consider performing a red team security assessment. Many of these organizations are probably confident due to meeting compliance and/or performing yearly penetration tests. However, the number of them that have performed a red team assessment, which executes sophisticated attacks and "under the radar," is probably extremely small. This is typically what a mature organization would want to have performed to take their detection and monitoring controls to the next level. A red team assessment identifies more than just the security flaws but also tests to see how far a sophisticated attacker can get in the attack chain before getting caught.
About Vonahi Security
Vonahi Security is building the future of offensive cybersecurity consulting services through automation. We provide the world's first and only automated penetration test that replicates full attack simulations with zero configuration. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA. To learn more, visit www.vonahi.io
Stay Informed