Week in review 10 November 2019: less than half of firms ready to deal with cyber attacks, ransomware authors seeking to avoid detection, reluctance in adopting 2FA, Cloud backup options, Cisco vulns
Round up of the most significant open source stories of the last week
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Under half of organisations are fully prepared to deal with cyberattacks
Only 49% of CISOs and other senior executives are fully confident that their organisation could deal with the fallout of a hacking incident or data breach right now, and most think the threat from cyberattacks will get worse.
Under half of organisations believe they're fully ready to respond to a cyberattack or data breach -- despite most senior executives and chief information security officers (CISOs) believing that the threats posed by hacking and other malicious cyber incidents will escalate in 2020 and beyond.
The Cyber Trendscape 2020 report from cybersecurity company FireEye sheds light on how CISOs across the world are feeling about the current cyber threat landscape. The study found that just under half (49%) believe their organisation is fully ready to face a cyberattack or a data breach.
Read the full article from xdnet here: https://www.zdnet.com/article/cybersecurity-under-half-of-organisations-believe-theyre-fully-prepared-to-deal-with-cyber-attacks/
Ransomware authors seeking new ways to avoid being spotted
Sector analysis from Sophos has revealed some insight into how malware authors are adapting to thwart cyber security controls.
With ransomware now hitting huge numbers of targets every day, the potential for its authors to get rich quick has never been higher.
However ransomware has one Achilles heel – encrypting data is a time-consuming process limited by the processing power of the victim’s CPU, and this means ransomware authors must be awake to the importance of optimising their attacks and avoiding detection for as long as possible.
In recent months cyber criminals appear to be taking a keen interest in how network and endpoint security products detect and block malicious activity.
Many have also found it is much easier to change a ransomware strain’s appearance by obfuscating its code, than to change its overall behaviour, as they seek to find ways to elude defences.
Read the full article on ComputerWeekly here: https://www.computerweekly.com/news/252473457/Ransomware-authors-seeking-new-ways-to-avoid-being-spotted
Why The Reluctance In Adopting MFA?
Many organisations are sadly still not using multi-factor authentication (MFA) to protect against password based attacks.
An article on informationsecuritybuzz seeks to explain the reluctance in firms adopting this measure.
Read the full article here:
https://www.informationsecuritybuzz.com/articles/why-the-reluctance-in-adopting-mfa/
Morrisons will face 'big number' over data breach
The final stage of group action against Morrisons was being held in the UK Supreme Court on Thursday last week, on behalf of 9,000 claimants seeking compensation over a massive data breach.
Barristers acting on behalf of the claimants stated that Morrisons would face a ‘big number’ if it is found vicariously liable for the data breach, but damages would not be ‘disproportionate’.
More details on the case and the events leading up to the jail sentence for the internal auditor at Morrisons who leaked the data in the first place can be found here: https://www.lawgazette.co.uk/news/morrisons-will-face-big-number-over-data-breach/5102095.article
What are 3 cloud backup security guidelines against cyberattacks?
Cloud security is a top concern for IT. As a result, keeping cloud backups secure should be a priority. Here are three straightforward guidelines to help.
Cloud backup security best practices aren't too different from those of on-premises backups. Especially with cyber threats a constant presence in IT, it is important to practice defence in depth, just as you would for backups residing on premises.
For the full list of different cloud backup strategies read the original article here: https://searchdatabackup.techtarget.com/answer/What-are-3-cloud-backup-security-guidelines-against-cyberattacks
Ring Flaw Underscores Impact of IoT Vulnerabilities
A vulnerability in Amazon’s Ring Video Doorbell Pro IoT device could have allowed a nearby attacker to imitate a disconnected device and then sniff the credentials of the wireless networks when the owner reconfigured the device, according to a report issued by security firm Bitdefender.
The issue, which was fixed by Amazon in September, underscores the impact of a single insecure Internet-of-Things device on the organization in which it is deployed. While the vulnerability may only occur in a single network device, the result of the flaw could be leaked information — the wireless network password, for example — which would have far more serious repercussions.
"IoT is a security disaster, any way you look at it," according to Bitdefender's chief security researcher. "Security is not the strong suit of IoT vendors — only rarely, do we see vendors who take security seriously."
The discovery of a serious vulnerability in a popular IoT product comes as businesses and consumers increasingly worry about the impact that such devices may have on their own security. Only about half of security teams have a response plan in place to deal with attacks on connected devices. Even critical-infrastructure firms, such as utilities that have to deal with connected operational technology, a widespread class of Internet-of-Things devices, are ill-prepared to deal with vulnerabilities and attacks, the report says.
Vulnerabilities in IoT devices can have serious repercussions. In July, a team of researchers found widespread flaws in the networking software deployed in as many as 200 million embedded devices and found millions more that could be impacted by a variant of the issue in other real-time operating systems.
You can find the original article here: https://www.darkreading.com/iot/ring-flaw-underscores-impact-of-iot-vulnerabilities/d/d-id/1336304
Cisco fixes small business routers, kills eavesdropping vulnerability in conferencing devices
Cisco has released security updates for a variety of its products – owners of Small Business RV Series Routers, Web Security Appliances and TelePresence devices should pay extra attention.
Several series of Cisco Small Business RV Series Routers are vulnerable to remote code execution and command injection.
Owners of Cisco Web Security Appliances (WSA) should also check whether they should implement an update. A vulnerability in the appliance’s web management interface could allow an authenticated, remote attacker to perform an unauthorised system reset.
Cisco TelePresence Collaboration Endpoint and RoomOS Audio have several flaws, including a medium-risk eavesdropping vulnerability that could allow an authenticated, local attacker to enable the microphone of an affected voice and video conferencing device to record audio without notifying users.
More here: https://www.helpnetsecurity.com/2019/11/08/cisco-fixes-small-business-routers/
Scammers favour malicious URLs over attachments in email phishing attacks
Emails containing malicious URLs made up 88 percent of all messages with malware-infested links and attachments, underscoring the dominance of URL-based email threats.
The findings — disclosed in cybersecurity firm Proofpoint’s quarterly threat report for the month ending September — reveal the evolving sophistication of social engineering attacks targeting users and organizations.
Email-based threats are among the oldest, most pervasive, and widespread cybersecurity threats hitting organizations worldwide. From massive malware campaigns targeting millions of recipients with banking Trojans to carefully crafted email fraud, the email threat landscape is extremely diverse, creating a wide range of opportunities for threat actors to attack organisations.
Some other key trends to note are the prevalence of sextortion campaigns, and the notable absence of Emotet botnet spam and ransomware attacks propagated via malicious emails.
Ransomware is still a threat but with rapidly dropping cryptocurrency valuations, threat actors are having a harder time monetizing their ransomware campaigns. Instead they are turning to ‘quieter’ infections with banking Trojans and downloaders that can potentially sit on infected machines for extended periods, collecting data, mining cryptocurrency, sending spam, and more.
Read the original article here: https://thenextweb.com/security/2019/11/08/scammers-favor-malicious-urls-over-attachments-in-email-phishing/
PayPal Surpasses Microsoft as Favourite Target of Phishing Attacks
PayPal has now overtaken Microsoft to become the favourite target of phishing campaigns, according to a recent report.
While phishers still target Microsoft and its Office 365, the number of campaigns against PayPal jumped almost 70% in the year up to the third quarter while campaigns against Microsoft increased at a slower pace.
The interest in PayPal, which has 286 million active user accounts, is easy to understand, as compromising credentials usually pays off quickly. Most people have attached credit cards or at least have cards linked to the PayPal account, so a thief can transfer funds quickly.
The full article can be found here: https://securityboulevard.com/2019/11/paypal-surpasses-microsoft-as-favorite-target-of-phishing-attacks/
This is the impact of a data breach on enterprise share prices
NB This article is US centric but includes some useful research and figures and fallout from breach in terms of stick prices will be very similar for listed firms in the UK.
When news of a data breach breaks at a major organization, the aftermath can be chaotic.
Executives will offer their apologies and the promise of free credit monitoring to those impacted; staff may be issued their marching orders; cybersecurity teams need to be pulled in and systems repaired, law enforcement must be notified, and questions posed potentially by both regulators and consumers must be answered.
It is often the case that lawsuits will also be filed. These may come from regulators such as the US Federal Trade Commission (FTC) or they may be class-action complaints brought forward on behalf of impacted consumers.
Marriot was sued hours after disclosing a data breach in a class-action lawsuit seeking $12.5 billion. A seven-year class-action complaint was recently settled concerning Zappos, in which lawyers claimed $1.6 million -- and impacted customers were promised 10 percent discounts.
Individuals who had their data stolen due to Yahoo's data breach can claim $358 or more, and in the case of Equifax, a fund has been set up to compensate consumers.
IBM research suggests that the average cost of a data breach to the enterprise is up to $3.29 million, which has risen by 12 percent over the past five years.
Penalties, compensation claims, the cost of cyberforensics and system overhauls all contribute. However, businesses can also experience a swift and brutal shock caused by the impact of a data breach on their share price.
A drop in stock value can indicate broken investor trust and be caused by cybersecurity incidents, especially when they reveal a lack of adequate care or security practices.
On Wednesday, Comparitech published the results of an updated study into how Wall Street can react to an enterprise company that suffers a data breach.
The organization compared the closing prices of 28 companies listed on the New York Stock Exchange (NYSE) starting the day prior to disclosing a data breach, and what happened afterward.
Many of the enterprise players included in the study involved breaches of at least one million records, and some were breached more than once. In total, 33 separate security incidents were analyzed.
According to the team, the average share price of a company disclosing a data breach falls by 7.27 percent, but the full impact may not be felt until 14 market days or more have passed. The NASDAQ underperforms by roughly -4.18 percent.
Breached companies continue to underperform 12 months after disclosure. While share prices grew by 8.38 percent on average, they would underperform on the NASDAQ by -6.49 percent. Two years later, stock price rises by approximately 12.78 percent, but underperforming continues by -13.27 percent.
Read the full article on zdnet here: https://www.zdnet.com/article/this-is-how-a-data-breach-at-your-company-can-hit-share-prices/