Security News

Ransomware attacks used to be limited to a single attack / single extortion attempt, where hackers would demand payment in exchange for decrypting the target organization's files they've encrypted. In addition to ransomware, supply chain attacks have been very effective lately and are also on the rise, with the current trend seeing most of them targeting software companies, with high profile examples including attacks against SolarWinds and Codecov.

While protecting digital resources may be easy for large companies that can afford to hire in-house cybersecurity staff and establish threat monitoring and endpoint detection infrastructure, this endeavor can often seem impossible for SMBs. All the while, the dangers for smaller businesses could not be more acute, especially since the businesses' operators and employees are often uninformed about common cybersecurity threats. Unique threats to SMBs. The scope of cybersecurity threats to small companies is no less varied than the threats large multinational corporations face, but SMBs' size and lack of infrastructure often leaves them more vulnerable to targeted hacking schemes and threats.

A grand total of 94% of organizations had an insider data breach in the past year, with 84% of the data breaches resulting from human error. Of course, not all insider threats come from actual insiders.

In prevention, you are attempting to ID employees who are high threat before they are able to act on an insider vulnerability. Not only will the training educate all of the employees as to the threat, but your most likely opportunity for someone to identify a potential insider threat is through another employee.

Venafi announced the findings of a global survey of more than 1,500 IT security decision makers that reveals that 60% of security professionals believe ransomware threats should be prioritized at the same level as terrorism. 37% of respondents would pay the ransom but 57% would reverse that decision if they had to publicly report the payment, as required by the Ransomware Disclosure Act, a U.S. Senate bill that would require companies to report ransomware payments within 48 hours.

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. Patterns observed include irregular domain names, domain resolving to an untrusted web app, SSL not enabled.

We have seen an increase in temerity of attacks by nation-states, such as the Russian attack on SolarWinds, and seen their attack tactics shift from targeted, stealthy operations into opportunistic hacks for potential future uses, such as the attacks attributed to Hafnium. Anytime complexity increases, it also increases the potential attack surface.

The Log4j saga: New vulnerabilities and attack vectors discoveredThe Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell was fixed by releasing Log4j v2.15.0. Cyber insurance trends: Insurers and insurees must adapt equally to growing threatsIn this interview with Help Net Security, Avi Bashan, CTO at Kovrr, talks about cyber insurance trends and how the growing threat landscape impacted both insurers and insurees.

Online retailers are dealing with more cybersecurity threats than ever before, and the holiday season is when they have to fend them off most aggressively. In this interview with Help Net Security, Dr. Taher Elgamal, cryptographer, infosec leader and currently the CTO at Salesforce, talks about the obstacles retailers' need to overcome to increase their cybersecurity posture and his expectations for the threat landscape in 2022.

Scammers are estimated to have made $80 million per month by impersonating popular brands asking people to participate in fake surveys or giveaways. The scam themes are the typical and "Trustworthy" fake surveys and giveaways from popular brands with the holiday season making targets more susceptible to fraudulent gift offerings.