Round up of the most significant open source stories of the last week

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Top 10 Cyber Security Myths

SecurityBoulevard.com have a list of the top 10 cyber security myths that criminals love, including the Number 1 ‘This can’t happen to me’ and a few other prime examples that we do hear in conversation quite often.

Read the full list here: https://securityboulevard.com/2019/10/10-cybersecurity-myths-that-criminals-love/

A security breach is inevitable, IT leaders warned

No matter how much IT security tech and training is in place, sophisticated, targeted attacks are going to breach company defences, Carbon Black warns

A survey by security vendor Carbon Black, as part of their Global threat series study, reported that 84% of UK organisations participating in the study said they have suffered one or more breaches in the past 12 months due to external cyber attacks.

The survey reported that the average number of breaches in affected organisations was 2.89, a reduction from the 3.67 seen in the January 2019 report, with more than half (51.5%) of respondents saying they had been breached only once.

Carbon Black said the number of businesses identifying just a single breach has grown from the previous research, where only 15% had suffered only a single breach. This may indicate that businesses are responding more robustly to breach incidents to ensure that frequency is reduced.

At the other end of the scale, 5.5% of the businesses surveyed admitted they had been breached 10 or more times, and 3% said they didn’t know how many times they had been breached.

The study found that among the IT leaders who took part in the research, 84% reported an increase in cyber attacks in the past 12 months, with nine in 10 saying the attacks they face are becoming more sophisticated. This compares with 87% in the previous report and 82% in the summer of 2018.

https://www.computerweekly.com/news/252471594/A-security-breach-is-inevitable-IT-leaders-warned

Employee negligence can be a leading contributor to data breaches

Two thirds (68%) of businesses reported their organisation has experienced at least one data breach in the past 12 months, and nearly three in four (69%) of those data breaches involved the loss or theft of paper documents or electronic devices containing sensitive information, according to a report conducted by the Ponemon Institute.

https://www.helpnetsecurity.com/2019/10/01/workplace-data-breaches-risk/

UK local authorities hit with hundreds of cyberattacks every hour

Councils across the UK have suffered 263 million attacks in the first six months of the year - equivalent to 800 attacks an hour, or 13 attacks every minute. This is according to a new report by Gallagher, based on a Freedom of Information (FoI) request made towards the councils, with 203 of them answering, and another 204 councils who did not respond so the actual number of attacks could more than double the above, exceeding 500 million in the first half of the year. This gives an idea of the sheer scale and number of attacks going on all the time against all organisations.

https://www.itproportal.com/news/uk-local-authorities-hit-with-hundreds-of-cyberattacks-every-hour/

Microsoft: Any form of MFA takes users out of reach of most attacks

There have been several reports in the media regarding SIM hijacking attacks and the ease with which these types of attacks are being perpetrated, and these reports have raised some doubts or concerns about the security of multi-factor authentication.

This article does a good job of explaining how not all MFA solutions are created equally but the overarching message is that any MFA implementation, anything beyond just a username and password, significantly increases the amount of work for an attacker and as a result accounts with MFA represent less than 0.1% of all attacks.

FBI Stance on Whether Firms Should Pay Ransomware

The FBI in the US came out with hard hitting advice telling firms not to pay ransoms, but to inform the FBI in the event that a firm in the US did decide to pay a ransom.

https://www.zdnet.com/article/fbis-new-ransomware-warning-dont-pay-up-but-if-you-do-tell-us-about-it/

They then softened their stance with an updated version of their guidance including a section discussing the option of paying the hackers to get data decrypted.

https://www.theregister.co.uk/2019/10/03/fbi_softens_stance_on_ransomware/

Best practice around ransomware is always to ensure you have sufficient backups, both online and offline, such that you can restore your data in the event you get hit with ransomware. Firms need to ensure they have tested recovering their data to make sure they could recover if they needed to. It is too late when trying to recover for real to discover the backup doesn’t work or the wrong directory was being backed up.

Do not rely on cloud storage as being sufficient backup as often any ransomware attack will synchronise with files stored in the cloud before the infection is detected.

More Attacks Seen Using ‘Island Hopping’ (using targets with less security to leverage attacks against targets with more security)

Recent attacks, especially recent attacks against the aerospace and defence industries, have seen an increase in ‘island hopping’, where a bigger group or better defended target is attacked indirectly, through its network of weaker, less defended partner companies. These attacks are carried out in a more ‘horizontal' way rather than the more traditional 'vertical' methods.

https://www.zdnet.com/article/this-new-hacking-group-is-using-island-hopping-to-target-victims/

In addition to the recent aerospace attacks island hopping is also becoming more frequently used to attack financial services.

https://www.itpro.co.uk/security/33946/50-of-cyber-attacks-now-use-island-hopping

Half a million British Airways customers have been given the go-ahead to sue the airline over its cybersecurity breach last summer

On Friday a High Court judge granted a group litigation order, paving the way for a mass legal action enabling some 500,000 people affected by a series of breaches between April and September last year.

https://www.thetimes.co.uk/article/half-a-million-customers-can-sue-ba-over-huge-data-breach-n8z0rxpsk 

Cybersecurity breaches to increase nearly 70% in next 5 years

New analysis from Juniper Research has found that the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024, an average annual growth of 11%.

 This will primarily be driven by increasing fines for data breaches as regulation tightens, as well as a greater proportion of business lost as enterprises become more dependent on the digital realm.

The new research in The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024 whitepaper noted that while the cost per breach will steadily rise in the future, the levels of data disclosed will make headlines but not impact breach costs directly, as most fines and lost business are not directly related to breach sizes.

https://www.uktech.news/news/cybersecurity-breaches-to-increase-nearly-70%25-in-next-5-years-20191002

Sophisticated tools provide false sense of cyber-security: Survey

Are you confident that your firm is cyber-threat-proof? A Forrester survey among over 250 senior security decision-makers in North America and Europe found that most of them are confident in their firms’ security measures. However, threats to cyber-security remain strong, said the research.

"The abundance of technology investments gives firms a false sense of confidence in their security posture. Their challenges reveal a different story," said the report.

Security executives currently employ a variety of tools and technologies to identify risks and test the effectiveness of their security controls. As a result, they are left with point-in-time assessments that require them to cobble together data from disparate systems to truly understand the organisation’s security posture. This approach is reactive, labour-intensive, and insufficient in scale, explained the report.

https://www.scmagazineuk.com/sophisticated-tools-provide-false-sense-cyber-security-survey/article/1660872 

Fileless Malware on the Rise

According to reports analysing the state of the threat landscape, fileless malware incidents are up to some 265% in the first half of 2019 when compared to the same period in 2018. Fileless malware sometimes has been referred to as a zero-footprint attack or non-malware attack. However, fileless malware may be the best name for the attack method, as the attack is not dependent on end users downloading and running malware via compromised files. Rather, fileless malware executes malicious scripts by piggybacking on legitimate software packages. More often than not, the malware resides in the computer’s random access memory (RAM), not installed on the hard drive.

https://securityboulevard.com/2019/10/fileless-malware-on-the-rise/

Round up of the most significant open source stories of the last week

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Airbus hit by series of cyber attacks on suppliers

European aerospace giant Airbus has been hit by a series of attacks by hackers who targeted its suppliers in their search for commercial secrets, security sources told AFP, adding they suspected a China link.

There have been four major attacks on Airbus in the last 12 months, according to two security sources involved in investigating the hacking.

The group has long been considered a tempting target because of the cutting-edge technologies that have made it one of the world's biggest commercial plane manufacturers, as well as a strategic military supplier.

In January, it admitted to a security incident that "resulted in unauthorised access to data", but people with knowledge of the attacks outlined a concerted and far bigger operation over the last year.

Hackers targeted British engine-maker Rolls-Royce and the French technology consultancy and supplier Expleo, as well as two other French contractors working for Airbus that AFP was unable to identify.

Airbus and Rolls-Royce did not immediately reply to AFP's request for comment. Expleo said it would neither "confirm nor deny" that it had been targeted.

https://www.france24.com/en/20190926-airbus-hit-by-series-of-cyber-attacks-on-suppliers

Attacks have also targeted other defence contractors in Europe and North America this month:

https://www.bleepingcomputer.com/news/security/cyber-attacks-hit-defense-contractors-in-europe-and-north-america/

Most malspam contains a malicious URL these days, not file attachments

Most malicious email spam (malspam) sent in the first half of the year has contained links to malicious files, rather than file attachments, according to telemetry gathered by cyber-security firm Proofpoint.

More precisely, 85% of all malspam sent in Q2 2019 (April, May, and June) contained a link to a malicious file download, rather than the actual malicious file attached to the email.

The Q2 number continues a Q1 trend, where malicious URLs also dominated as the favourite way of distributing malware via email spam.

https://www.zdnet.com/article/most-malspam-contains-a-malicious-url-these-days-not-file-attachments/

Microsoft bans 38 file extensions from Outlook to stop you downloading viruses

Microsoft has banned 38 new file extensions from Outlook online, bringing the total number of forbidden file types to 104.

The company hasn't said exactly when the change will roll out, but it's expected to come into force very soon. When it does, you will no longer be able to download files with the blacklisted extensions unless your system admin has made a specific exception.

https://www.techradar.com/uk/news/microsoft-bans-38-file-extensions-from-outlook-to-stop-you-downloading-viruses

Employees are mistakenly confident that they can spot phishing emails

While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work, according to a Webroot survey.

Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message. However, of that group more than a third (35%) didn’t take the basic step of changing their passwords following a breach.

Not only is this false confidence potentially harmful to an employee’s personal and financial data, but it also creates risks for companies and their data.

The report surveyed 4,000 office professionals from the U.S., U.K., Japan and Australia (1,000 per region) to determine what people know about phishing attacks, what makes them click on a potentially malicious link and other security habits.

There is no foolproof way to prevent being phished but taking a layered approach to cybersecurity including ongoing user training will significantly reduce risk exposure.

https://www.helpnetsecurity.com/2019/09/26/spot-phishing-emails/

Copycat Chrome extensions are filled with malware.

Earlier this month, Google removed a pair of plugins from Chrome with over 1.5 million installs between them. Their names – AdBlock and ublock – might sound familiar, but they definitely weren't the real thing.

First spotted by the AdGuard adblocker team, the plugins were cunningly replicating the well-known and entirely reputable AdBlock by getadblock and uBlock Origin by Raymond Hill.

The fraudulent ad blockers even behaved realistically, simply blocking as normal for a couple of days, after which their behaviour changed to carry out 'cookie stuffing' fraud. At this point, the extension loads tracking cookies onto its users' systems, so its creators can pretend they've referred the user to various sites they might visit, and be rewarded for doing so.

More info and approaches on staying safe here:

https://www.wired.co.uk/article/fake-chrome-extensions-malware

 Windows malware turns PCs into zombies

A new malware campaign responsible for infecting thousands of Windows PCs worldwide has been discovered by Microsoft.

The Microsoft Defender Research Team found the malware, dubbed Nodersok, and explained in a blog post that it is distributed through malicious adverts which force a Windows system to download files that are used in HTML apps.

After a system has been fully infected, Nodersok can then turn it into a zombie-like proxy machine used to launch other cyberattacks and even create a relay server that can give hackers access to command and control servers as well as other compromised devices. This helps hackers hide their activity from security researchers looking for suspicious behaviour.

https://www.techradar.com/uk/news/windows-malware-turns-pcs-into-zombies

GDPR: Only one in three businesses are compliant – here's what is holding them back

DPR came into force over a year ago but many organisations are still struggling to comply with data privacy legislation.

Consultancy firm Capgemini surveyed over 1,000 compliance, privacy and data protection personnel and found that despite three quarters of them having previously been confident about being compliant by the time GDPR came into force in May 2018, that isn't the case in reality and many are still struggling to adhere to the legislation.

Now just 28% of those surveyed believe they're fully GDPR compliant – despite regulators being willing to issue heavy fines.

https://www.zdnet.com/article/gdpr-only-one-in-three-businesses-are-compliant-heres-what-is-holding-them-back/

 99 percent of all misconfigurations in the public cloud go unreported

Today's data breaches often seem to be caused not just by malware infections or external threat actors, but human error, insiders with an ax to grind, and simple security failures.

The surge in adoption of cloud-based technologies and Infrastructure-as-a-Service (IaaS) has added a new facet to cyberthreats -- the loss of information caused by misconfigurations and weak credentials in the public cloud space.

According to new research released Tuesday and conducted by cybersecurity firm McAfee, titled, "Cloud-Native: The Infrastructure-as-a-Service Adoption and Risk," the majority of IaaS misconfigurations are going unnoticed.

Indeed, only one percent of IaaS issues are reported, which may suggest there are countless companies across the globe that are unwittingly leaking data.

1,000 IT professionals were surveyed across 11 countries, and cloud usage data from over 30 million McAfee Mvision cloud users was aggregated to compile the report, which also says companies believe they average 37 IaaS misconfiguration issues per month when in reality this number can reach 3,500.

In total, 90 percent of respondents said they had come across security issues with IaaS, but only 26 percent said they were equipped to deal with misconfiguration audits -- and this lack of visibility into their cloud usage may be contributing to an increased data breach risk.

According to McAfee, IaaS-based data loss incidents triggered by data loss prevention (DLP) rules have increased by 248 percent year-over-year. As an example, the report says 42 percent of storage objects measured with recorded DLP incidents were misconfigured.

Round up of the most significant open source stories of the last week

This week includes tools, tips and resources from around the web.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Traditional user awareness model is doomed to fail

CISOmag have some hard truths around the ways traditional user awareness is training is failing. If current user awareness is still relevant today, why is every security event full of CISOs complaining about users or passwords? After 20 years of user awareness, discussing passwords, and not clicking on links in emails the security industry is still talking about these as if they are new requirements. Where are the results which prove that the current model has worked, and will continue to work?

The full article can be read here: https://www.cisomag.com/traditional-user-awareness-model-is-doomed-to-fail/

 World’s most destructive botnet returns with stolen passwords and email in tow

If you've noticed an uptick of spam that addresses you by name or quotes real emails you've sent or received in the past, you can probably blame Emotet. It's one of the world's most costly and destructive botnets—and it just returned from a four-month hiatus.

Emotet started out as a means for spreading a bank-fraud trojan, but over the years it morphed into a platform-for-hire that also spreads the increasingly powerful TrickBot trojan and Ryuk ransomware, both of which burrow deep into infected networks to maximize the damage they do. A post published on Tuesday by researchers from Cisco's Talos security team helps explain how Emotet continues to threaten so many of its targets.

https://arstechnica.com/information-technology/2019/09/worlds-most-destructive-botnet-returns-with-stolen-passwords-and-email-in-tow/

Microsoft Patches Severe Windows Defender Bug

Microsoft patched a serious flaw in the Windows Defender security utility today that resulted in certain malware scans failing after just a few minutes.

https://www.tomshardware.co.uk/microsoft-patches-windows-defender-bug,news-61709.html

The Top 'Human Hacks' to Watch For Now

Social engineering is as old as mankind. But its techniques have evolved with time. DarkReading.com has info on the latest tricks criminals are using to dupe end users, including Social Media ‘Pretexting’, Vishing and SMiShing.

https://www.darkreading.com/edge/theedge/the-top-human-hacks-to-watch-for-now/b/d-id/1335845

 Akamai speaks out on uptick of Distributed Denial of Service (DDoS) attacks

Akamai released some findings on Wednesday following checks they had conducted on new Distributed Denial of Service vector leverages a UDP Amplification technique known as WS-Discovery (WSD). Without getting too technical UDP (User Datagram Protocol) is an alternative communications protocol to TCP (Transmission Control Protocol), used for establishing low-latency and loss-tolerating connections between applications on the internet). Since UDP is a stateless protocol, requests to the WSD service can be spoofed.

According to the report from Akamai the situation now is such that "multiple threat actors" are leveraging this DDoS method to ramp up attacks.

More: https://techxplore.com/news/2019-09-akamai-uptick-ddos.html

Global cryptomining attacks use NSA exploits to earn Monero

Security researchers tracked a very active threat group launching cryptomining attacks around the world against organizations in banking, IT services, healthcare and more, using exploits from the National Security Agency to spread its malware.

The new threat group, dubbed 'Panda,' was revealed this week in a new report from Cisco Talos. The report’s authors wrote that although the group is "far from the most sophisticated" it has been very active and willing to "update their infrastructure and exploits on the fly as security researchers publicize indicators of compromises and proof of concepts."

The NSA exploits include EternalBlue, which attacks a vulnerability in Microsoft's Server Message Block (SMB) protocol. The researchers first became aware of Panda's cryptomining attacks in the summer of 2018 and have reported that over the past year they've seen daily activity in the organisation's honeypots.

https://searchsecurity.techtarget.com/news/252470925/Global-cryptomining-attacks-use-NSA-exploits-to-earn-Monero

If You Have a Smart TV or IoT Devices, Your Home is Leaking Data.

Researchers at Northeastern University and the Imperial College London have recently conducted a thorough analysis of 81 different IoT products to characterize what services they attempt to connect with, what communications can be inferred from these connections, and the degree of encryption used to protect customers. 72/81 devices have at least one destination that is not a first party (i.e., belonging to the device manufacturer), 56% of the US devices and 83.8% of the UK devices contact destinations outside their region, all devices expose information to eavesdroppers via at least one plaintext flow, and a passive eavesdropper can reliably infer user and device behavior from the traffic (encrypted or otherwise) of 30/81 devices.

More here: https://www.extremetech.com/electronics/298621-if-you-have-a-smart-tv-or-iot-devices-your-home-is-leaking-data?source=opera

Vulnerabilities in IoT Devices Have Doubled Since 2013

Sticking with IoT devices for a minute, a follow-up study into the security of IoT devices has revealed more than twice the number of vulnerabilities as were detected six years ago.

In the 2013 study, researchers at Independent Security Evaluators (ISE) highlighted 52 vulnerabilities across 13 SOHO wireless routers and network-attached storage (NAS) devices made by vendors including Asus and Belkin.

An examination of routers and NAS products by ISE published yesterday has flagged 125 common vulnerabilities or exposures (CVEs). The vulnerabilities captured by the new research could affect millions of IoT devices.

For their latest study, the researchers tested 13 contemporary IoT devices created by a range of manufacturers. Modern versions of several devices tested in the original 2013 study were also studied to determine whether manufacturers had upped their security game.

The reported results were fairly disappointing, with researchers able to obtain remote root-level access to 12 of the 13 devices tested. Among the weaknesses identified were buffer overflow issues, command injection security flaws, and cross-site scripting (XSS) errors.

Read the original article here: https://www.infosecurity-magazine.com/news/vulnerabilities-in-iot-devices/

Some IT teams move to the cloud without business oversight or direction

27% of IT teams in the financial industry migrated data to the cloud for no specific reason, and none of them received financial support from management for their cloud initiatives, according to Netwrix.

Moreover, every third organization that received no additional cloud security budget in 2019 experienced a data breach.

Other findings revealed by the research include:

·         56% of financial organizations that had at least one security incident in the cloud last year couldn’t determine who was at fault.

·         31% of organizations would consider moving data back on premises due to concerns about security, reliability and performance, and high costs.

·         Interest in broader cloud adoption has faded in the financial sector since last year. The number of organizations ready to adopt a cloud-first approach dropped by 16% and the number eager to move their entire infrastructure to the cloud fell by 12%.

https://www.helpnetsecurity.com/2019/09/20/financial-industry-cloud/

Most Small to Medium Sized Business Cyber Attacks Focus on Just Three TCP Ports

Small to mid-sized businesses can keep safe from most cyber attacks by protecting the ports that threat actors target the most. Three of them stand out in a crowd of more than 130,000 targeted in cyber incidents.

A report from threat intelligence and defence company Alert Logic enumerates the top weaknesses observed in attacks against over 4,000 of its customers.

According to the report, the ports most frequently used to carry out an attack are 22, 80, and 443, which correspond to SSH (Secure Shell), the HTTP (Hypertext Transfer Protocol), and the HTTPS (Hypertext Transfer Protocol Secure).

Alert Logic says that these appear in 65% of the incidents, and it makes sense since they need to be open for communication, be it secured or plain text.

As basic guidance, security across all network ports should include defence-in-depth. Ports that are not in use should be closed and organisations should install a firewall on every host as well as monitor and filter port traffic. Regular port scans and penetration testing are also best practices to help ensure there are no unchecked vulnerabilities.

Standard recommendations to reduce potential risk from these ports is to maintain up-to-date and hardened devices, software or services that rely on these ports in order to close attack avenues.

https://www.bleepingcomputer.com/news/security/most-cyber-attacks-focus-on-just-three-tcp-ports/

Facebook announced on Friday that it suspended tens of thousands of apps amid privacy investigation in the wake of the Cambridge Analytica scandal.

The tens of thousands of apps Facebook has removed come from just 400 developers, Facebook said in its blogpost, and millions more have been investigated. The review is ongoing and comes from hundreds of contributors, including attorneys, external investigators, data scientists, engineers, policy specialists, and teams within Facebook, the company said.

https://www.theguardian.com/technology/2019/sep/20/facebook-app-suspension-privacy-cambridge-analytica

Why charities can’t afford to ignore the risk from malware

The world of cyber crime can seem murky and mysterious – cyber criminals are, after all, a faceless threat and charities are focused on the here and now, running their day to day operations and making a difference. But weapons such as malware are indiscriminate, and anyone can be stung. A new article from charitydigitalnews.co.uk aims to shed some light on the world of malware, with help from cyber security experts Avast in the form of a useful Q&A. The site has some other useful resources for charities and non-profits.

https://www.charitydigitalnews.co.uk/2019/09/16/cyber-security-faq-why-charities-cant-afford-to-ignore-the-risk-from-malware/

Black Arrow Cyber Consulting have a number of hours of free consulting time that charities and non-profits can apply to use.

Tools, tips and resources from around the web

How to encrypt and secure a website using HTTPS

The web is moving to HTTPS. SearchSecurity have released a guide to help firms find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data.

More info can be found here: https://searchsecurity.techtarget.com/tip/How-to-encrypt-and-secure-a-website-using-HTTPS

Ransomware: 11 steps you should take to protect against disaster

Falling victim to ransomware could put your vital business or personal data at risk of being lost forever. ZDNet have put together a list of steps that can help bolster your defences.

Read the article for the full list but the usual rules apply; user education and awareness, good patch management and ensuring you have good online and offline backups such that you can recover your data if the worst was to happen.

https://www.zdnet.com/article/ransomware-11-steps-you-should-take-to-protect-against-disaster/

Round up of the most significant open source stories of the last week

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Cyber threats are growing for SMBs but there are some simple solutions

A report by cyber security provider Kaseya shows that the number of small and medium-sized businesses (SMBs) facing cyber attacks is growing every year. Globally, one third of SMBs has experienced at least one attack in the last five years.

There are two very simple things that all organisations should do to help prevent, and recover from, an attack: ensure all software is patched as soon as possible and make regular back-up copies of your computers and servers.

https://www.itproportal.com/news/smbs-are-facing-bigger-security-threats-than-ever-before/

61 billion credential stuffing attacks in 18 months

A report by cyber security software provider Akamai shows 61 billion credential stuffing attacks in 18 months. These attacks are automated using software that is free of charge or low cost.

This is why passwords should never be reused across different sites. Current guidance on passwords from the UK National Cyber Security Centre can be found here https://www.ncsc.gov.uk/collection/passwords.

https://www.cbronline.com/news/credential-stuffing-attempts-akamai

Business email compromise attacks are increasing

The United States’FBI has reported a 100% increase in global losses from Business Email Compromise (BEC) attacks over the past year, with $26B lost over the last 3 years. One US insurance giant reported that BEC attacks are the leading cause of cyber insurance claims.

Business can take relatively simple steps to greatly reduce their risk of falling for a BEC attack. These include using 2-factor authentication (2FA) to prevent an attacker taking control of your email account, and educating employees.

https://searchsecurity.techtarget.com/news/252470554/FBI-says-26B-lost-to-business-email-compromise-over-last-3-years

https://threatpost.com/cybercriminals-adding-sophistication-to-bec-threats/148305/

Cyber attacks on IoT devices up 300% in 2019

Security researchers have identified a 300% increase in attack traffic on IoT devices over the past year. Vendors risk rushing products to market without adequately securing them, leaving them open to being leveraged in attacks. Often these devices do not have updated software to protect against known vulnerabilities that can be exploited by criminals, or the IT department is not aware of them being connected and therefore cannot manage the risk. Make sure your IoT devices have appropriate security features, and that the software is kept up to date. Do not use default passwords, as these passwords are known by criminals who will use them in an attack.

https://www.forbes.com/sites/zakdoffman/2019/09/14/dangerous-cyberattacks-on-iot-devices-up-300-in-2019-now-rampant-report-claims/#48d3a01a5892

Ransomware attacks on Ireland central and local government

This week (15 September 2019) The Times reports that the Irish government’s Department of Communications, Climate Action and the Environment, which is itself responsible for cybersecurity in the country, was the victim of ransomware last year.

All organisations are being attacked by ransomware. Importantly, many organisations that suffer are not the intended victim. Although there are no guarantees that you can prevent an attack, you can easily prepare to quickly recover and resume your business operations by regularly testing your system backup and recovery controls.

https://www.thetimes.co.uk/article/irish-government-admits-ransomware-breach-s8n6nxpgj