Security News > 2022

The proven approach in the market today is with digital certificates, which leverage PKI. In fact, some of the best authentication mechanisms leverage digital certificates at their core. In this case, when leveraging digital certificates as a baseline for human and machine identities, digital certificates must be provisioned to users and devices, and ultimately, orchestrated and automated.

A widespread phishing operation targeting Southeast Asia's second-largest bank - Oversea-Chinese Banking Corporation - has prompted the Monetary Authority of Singapore to introduce regulations for internet banking that include use of an SMS Sender ID registry. Singapore banks have two weeks to remove clickable links in text messages or e-mails sent to retail customers.

"While the total volume of network attacks shrank slightly, malware per device was up for the first time since the pandemic began," said Corey Nachreiner, CSO at WatchGuard. Attackers disproportionately targeted the Americas - The overwhelming majority of network attacks targeted the Americas in Q3 compared to Europe and APAC. Overall network attack detections resumed a more normal trajectory but still pose significant risks - After consecutive quarters of more than 20% growth, roughly 4.1 million unique network exploits were detected in Q3. The drop of 21% brought volumes down to Q1 levels, which were still high compared to the previous year.

Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey's history, Business interruption drops to a close second and Natural catastrophes ranks third, up from sixth in 2021.

Software supply chain attacks grew by more than 300% in 2021 compared to 2020, according to a study by Argon Security. According to the study, researchers discovered attackers focused most heavily on open source vulnerabilities and poisoning, code integrity issues, and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.

The research reveals the challenges organizations face as they overwhelmingly turn to multicloud architectures to achieve the agility and scalability needed to keep up with the pace of digital transformation. Multicloud strategies have led to a surge in complexity, with infrastructure teams drowning in data as they try to monitor and manage their constantly changing environments.

The global cryptocurrency market is expected to grow from $1.44 billion in 2020 to $1.63 billion in 2021 at a compound annual growth rate of 12.9%. The market is expected to reach $2.73 billion in 2025 at a CAGR of 13.8%, according to ResearchAndMarkets. The cryptocurrency market consists of sales of digital or virtual currencies by entities that operate independently of a central bank and employ encryption techniques to regulate the formation of their units and verify the transfer of payments.

A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with participation from the Nigeria Police Force's Cybercrime Police Unit in December 2021.

This is a unique form of cybercrime in that we can observe and analyze some of the criminal action via 'victim shaming' leak sites. Since January 2020, we have applied ourselves to identifying as many of these sites as possible to record and document the victims who feature on them.

A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a hacking group known as Donot Team.