Security News > 2022 > February

CybelAngel published a research revealing that data leaks and shadow assets are the greatest source of exposure to cyberattacks faced by large organizations across the globe. Based on data from a sample group of customers, the research report reveals that data leak incidents increased, overall, by 63% and vulnerable shadow assets exposure grew by 40% in 2021.

Venafi announced the findings of a global survey of IT decision-makers looking into the use of double and triple extortion as part of ransomware attacks. The data reveals that 83% of successful ransomware attacks now include alternative extortion methods, such as using the stolen data to extort customers, exposing data on the dark web, and informing customers that their data has been stolen.

Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. "The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands, and in the subroutines used to decrypt encrypted text," cybersecurity firm Sophos said in a report shared with The Hacker News.

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. Attributed to a Russia-based criminal enterprise called Wizard Spider, TrickBot started out as a financial trojan in late 2016 and is a derivative of another banking malware called Dyre that was dismantled in November 2015.

The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country's full-blown invasion of Ukraine enters the second day. The agency didn't share more specifics on the nature of the attacks or their provenance.

The study explores the extent to which organizations plan to prioritize endpoint security and management practices in order to combat the growing cyber threats facing the modern hybrid workforce. The report reveals that, despite the flood of devastating breaches and software vulnerabilities in 2021, few organizations are focused on enhancing their security posture and operational resilience.

A CBI and Ponemon Institute research report, based on a survey of IT and security professionals, takes a comprehensive look at companies' ransomware strategies and mitigation tactics and the operational impact of incidents. Eighty percent of companies surveyed have experienced a ransomware attack, despite spending an average of $6 million annually on ransomware mitigation resources.

Nearly every software application and mobile application uses, or is, an API. Attackers are increasingly focused on APIs and this focus pays off in the form of seized data that can be parlayed into financial returns or used as malicious leverage-on brands or their customers. "APIs are a common part of enabling digital experiences in our daily lives, whether consumers realize it or not," said Gene Fay, CEO of ThreatX. "The data gathered by our survey sheds light on how API security can affect brands and reinforces how core APIs are to peoples' lives".

The global hardware security modules market size was valued at $3.1 billion in 2020 and is projected to reach $7.9 billion by 2028, growing at a CAGR of 12.4% from 2021 to 2028, according to Verified Market Research. With the rising frequency and complexity of data security threats, the need for implementing a data security threat is prevalent and one of the factors contributing to the market growth.

The White House has denied reports that President Biden has been presented with an arsenal of ways to launch massive cyberattacks against Russia - attacks designed to disrupt the country's ability to sustain its military operations in Ukraine. Russia's military forces have been deployed in a ?full-scale attack against Ukraine.