Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Phishing: You're not as good at spotting scams as you think you are

Most people say they know about phishing and what it involves yet just 5% were able to correctly identify all types of scams according to a survey of nearly 1,000 people from Security.org.

Nearly everyone (96%) knew about phishing and 88% said they could accurately define it. Yet nearly half (47%) didn't know that phishing can happen through software, 43% thought that advertisements are safe; and nearly one-third (30%) didn't know that social media platforms can be sources of phishing.

Phishing has grown in terms of the number of people affected, expanding by 59% over a four-year period. The FBI counted more than 26,300 victims in 2018. It is in the FBI's top four cybercrimes, which includes extortion, non-delivery and identity theft.

More here: https://www.zdnet.com/article/phishing-is-becoming-more-sophisticated-only-5-can-spot-all-scams/

68% of organizations were victims of endpoint attacks in 2019, 80% as a result of zero-days

Organisations are not making progress in reducing their endpoint security risk, especially against new and unknown threats, a Ponemon Institute study reveals.

68% IT security professionals say their company experienced one or more endpoint attacks that compromised data assets or IT infrastructure in 2019, an increase from 54% of respondents in 2017.

Of those incidents that were successful, researchers say that 80% were new or unknown, they define them as “zero-day attacks.” These attacks either involved the exploitation of undisclosed vulnerabilities or the use of new malware variants that signature-based, detection solutions do not recognise.

Read the full article here: https://www.helpnetsecurity.com/2020/01/31/endpoint-security-risk/

Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

Cisco Systems has fixed a high-severity vulnerability in its popular Webex video conferencing platform, which could let strangers barge in on password-protected meetings – no authentication necessary.

A remote attacker would not need to be authenticated to exploit the flaw, according to Cisco. All an attacker would need is the meeting ID and a Webex mobile application for either iOS or Android.

Read the full article here: https://threatpost.com/cisco-webex-flaw-lets-unauthenticated-users-join-private-online-meetings/152191/

Average cost to Recover from Ransomware Skyrockets to over £64,000

It’s getting more and more expensive for victims of ransomware attacks to recover. The average cost more than doubled in the final quarter of 2019.

According to a new report, a typical total now stands at £63,757. That’s a little over double the previous figure of £31,227.

It’s not just the result of cybercriminals demanding steeper ransoms, though that’s certainly one factor. Others include hardware replacement and repair costs, lost revenues, and, in some incidents, damage to the victim’s brand.

Generally speaking, these costs all increase sharply in relation to the sophistication and duration of the attack.

Read the full article here: https://www.forbes.com/sites/leemathews/2020/01/26/average-cost-to-recover-from-ransomware-skyrockets-to-over-84000/#3c54c7c713a2

CEOs are deleting their social media accounts to protect against hackers

Cyberattacks are the biggest risk to businesses, with the prospect of falling victim to hacking and other cybercrime the threats that the majority of CEOs are most worried about, according to a new report on the views from the boardroom.

A professional services firm surveyed over 1,600 CEOs from around the world and found that cyberattacks have become the most feared threat for large organisations – and that many have taken actions around their personal use of technology to help protect against hackers.

A total of 80% of those surveyed listed cyber threats as the biggest risk to their business, making it the thing that most CEOs are worried about, ranking ahead of skills (79%) and the speed of technological change (75%).

Read more here: https://www.zdnet.com/article/ceos-are-deleting-their-social-media-accounts-to-protect-against-hackers/

UN hacked via unpatched SharePoint server

The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report.

The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which is a UN-founded publication that became independent in 2015 to report on the global aid community. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the “entire domain” was probably compromised by an attacker who was lurking on the UN’s networks.

Read more here: https://nakedsecurity.sophos.com/2020/01/31/un-hacked-via-unpatched-sharepoint-server/

UK proposes tougher security for smart home devices

The UK government plans to introduce a new law designed to improve the security standards of household products connected to the Internet of Things (IoT). The legislation stipulates that all consumer smart devices sold in the UK -- such as smart cameras and TVs, wearable health trackers and connected appliances -- adhere to three specific requirements.

Firstly, all IoT device passwords must be unique and unable to be reset to universal factory settings. Secondly, manufacturers must clearly provide a point of contact so anyone can get in touch to report a vulnerability, and finally, manufacturers must make it crystal clear how long their devices will receive security updates for, at the point of sale.

The proposed rules -- which are relatively straightforward from a manufacturers' point of view -- come after a long consultation period, whereby officials explored the potential impact of the growing popularity of connected devices: government research indicates there will be some 75 billion internet connected devices in homes around the world by the end of 2025. It's hoped such legislation will help prevent attacks that have, in the past, had widespread consequences. In 2016, for example, a Mirai botnet hacked into connected home devices and took down large chunks of the internet.

More here: https://www.engadget.com/2020/01/28/uk-proposes-tougher-security-for-smart-home-devices/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.