Security News

Cybersecurity company Cynet puts this in perspective in a new eBook, The Guide for Threat Visibility for Lean IT Security Teams - link to this. Improving threat visibility is the first step to improving all aspects of cybersecurity.

For threat actors, there is a simple calculus at play - namely, what method of attack is a) easiest and b) most likely to yield the biggest return? And the answer, at this moment, is Linux-based cloud infrastructure, which makes up 80%+ of the total cloud infrastructure. These attacks will undoubtedly continue into 2022 and potential targets parties must remain vigilant.

"These results demonstrate that while IT security threats have increased-primarily from the general hacking community and foreign governments-the ability to detect and remediate such threats has not increased at the same rate, leaving public sector organizations vulnerable," said Brandon Shopp, Group VP, Product Strategy, SolarWinds. State and local governments are significantly more likely than other public sector groups to be concerned about the threat of the general hacking community.

Organizations need to be vigilant for such attacks and make sure they have the means to prevent or combat them. "The advisory doesn't mention the current Russian-Ukraine tensions, but if the conflict escalates, you can expect Russian cyber threats to increase their operations," said Rick Holland, chief information security officer at Digital Shadows.

TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target more operating systems, macOS and Linux, in particular. The return of this malware strain was noticed last month, when threat actors used it in conjunction with the Log4Shell exploit to target vulnerable machines.

A novel multi-platform backdoor dubbed SysJoker has been successfully evading security solutions since mid-2021. "In the Linux and macOS versions, it masquerades as a system update. In the Windows version, it masquerades as Intel drivers. The update names are somewhat generic: In the macOS version, the file is relocated and named 'updateMacOs' and in the Linux version it is named 'updateSystem'," Avigayil Mechtinger, security researcher at Intezer, has shared with Help Net Security.

Ransomware attacks used to be limited to a single attack / single extortion attempt, where hackers would demand payment in exchange for decrypting the target organization's files they've encrypted. In addition to ransomware, supply chain attacks have been very effective lately and are also on the rise, with the current trend seeing most of them targeting software companies, with high profile examples including attacks against SolarWinds and Codecov.

While protecting digital resources may be easy for large companies that can afford to hire in-house cybersecurity staff and establish threat monitoring and endpoint detection infrastructure, this endeavor can often seem impossible for SMBs. All the while, the dangers for smaller businesses could not be more acute, especially since the businesses' operators and employees are often uninformed about common cybersecurity threats. Unique threats to SMBs. The scope of cybersecurity threats to small companies is no less varied than the threats large multinational corporations face, but SMBs' size and lack of infrastructure often leaves them more vulnerable to targeted hacking schemes and threats.

A grand total of 94% of organizations had an insider data breach in the past year, with 84% of the data breaches resulting from human error. Of course, not all insider threats come from actual insiders.

In prevention, you are attempting to ID employees who are high threat before they are able to act on an insider vulnerability. Not only will the training educate all of the employees as to the threat, but your most likely opportunity for someone to identify a potential insider threat is through another employee.