Week in review 15 September 2019: cyber threats growing for SMBs, credential stuffing attacks, Business Email Compromise attacks increasing, IoT attacks up 300%, Ransomware attacks on Ireland
Round up of the most significant open source stories of the last week
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Cyber threats are growing for SMBs but there are some simple solutions
A report by cyber security provider Kaseya shows that the number of small and medium-sized businesses (SMBs) facing cyber attacks is growing every year. Globally, one third of SMBs has experienced at least one attack in the last five years.
There are two very simple things that all organisations should do to help prevent, and recover from, an attack: ensure all software is patched as soon as possible and make regular back-up copies of your computers and servers.
https://www.itproportal.com/news/smbs-are-facing-bigger-security-threats-than-ever-before/
61 billion credential stuffing attacks in 18 months
A report by cyber security software provider Akamai shows 61 billion credential stuffing attacks in 18 months. These attacks are automated using software that is free of charge or low cost.
This is why passwords should never be reused across different sites. Current guidance on passwords from the UK National Cyber Security Centre can be found here https://www.ncsc.gov.uk/collection/passwords.
https://www.cbronline.com/news/credential-stuffing-attempts-akamai
Business email compromise attacks are increasing
The United States’FBI has reported a 100% increase in global losses from Business Email Compromise (BEC) attacks over the past year, with $26B lost over the last 3 years. One US insurance giant reported that BEC attacks are the leading cause of cyber insurance claims.
Business can take relatively simple steps to greatly reduce their risk of falling for a BEC attack. These include using 2-factor authentication (2FA) to prevent an attacker taking control of your email account, and educating employees.
https://threatpost.com/cybercriminals-adding-sophistication-to-bec-threats/148305/
Cyber attacks on IoT devices up 300% in 2019
Security researchers have identified a 300% increase in attack traffic on IoT devices over the past year. Vendors risk rushing products to market without adequately securing them, leaving them open to being leveraged in attacks. Often these devices do not have updated software to protect against known vulnerabilities that can be exploited by criminals, or the IT department is not aware of them being connected and therefore cannot manage the risk. Make sure your IoT devices have appropriate security features, and that the software is kept up to date. Do not use default passwords, as these passwords are known by criminals who will use them in an attack.
Ransomware attacks on Ireland central and local government
This week (15 September 2019) The Times reports that the Irish government’s Department of Communications, Climate Action and the Environment, which is itself responsible for cybersecurity in the country, was the victim of ransomware last year.
All organisations are being attacked by ransomware. Importantly, many organisations that suffer are not the intended victim. Although there are no guarantees that you can prevent an attack, you can easily prepare to quickly recover and resume your business operations by regularly testing your system backup and recovery controls.
https://www.thetimes.co.uk/article/irish-government-admits-ransomware-breach-s8n6nxpgj