You are here

Home » Cybersecurity

Cybersecurity

CISA Provides Recommendations for Protecting against Information from Ransomware-caused Data Breaches

The Cybersecurity and Infrastructure Security Agency (CISA) has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. As CISA notes, these data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust.

Conti Ransomware Steals Cyber Insurance Policy Data

While your cyber insurance policy may help alleviate some of the financial costs associated with a ransomware attack, researchers at Advanced Intelligence explain how details of the policy could also be used against you. Recently leaked training material reveals how Conti ransomware attackers exploit legitimate software to gain access to a network and search for cyber insurance policies.

New Ponemon Study Finds the Annual Cost of Phishing Scams Has More Than Tripled Since 2015

A new study from the Ponemon Institute finds that the financial costs incurred from phishing scams has significantly increased over the past six years. The report, titled The Ponemon 2021 Cost of Phishing Study, concludes the average annual cost of a phishing scam in 2021 is approximately $15 million for a 9,600-employee organization, or around $1,500 per employee. The study also highlights that the inability for organizations to contain malware is one factor behind the increasing cost of phishing attacks.

Phishing campaign leverages legit DocuSign email notifications

Cybercriminals are now leveraging legitimate document signature service platforms to conduct phishing scams according to recent reports. In this campaign, cybercriminals are utilizing free accounts from the cloud-based DocuSign service to trick email recipients into clicking on links that introduce malware into their systems and networks. Although researchers debate the novelty of this tactic, they all agree that these attacks are becoming more prevalent.

Ransomware Gang Uses PrintNightmare to Breach Windows Servers

Ransomware groups are reportedly utilizing the PrintNightmare vulnerabilities to gain access to Windows devices. Currently, the Magniber ransomware gang is the only known threat group exploiting the PrintNightmare vulnerability. Magniber has been active since October 2017, and while most of the current victims appear to be in South Korea, given the widespread use of Windows Print Spooler and challenges in mitigating, this is a threat to track.

Identifying and Reporting Data Breaches

In today’s digitally interconnected global community, almost every organization will experience a data breach at some point. Data breaches come in many forms and include: data accessed by an unauthorized third party, theft of login data, loss of an electronic device, and confidential data distributed to a mailing list. In 2020, more than 37 billion records were exposed at an average cost of $3.86 million per breach.

ICS/OT and CVEs with Publicly Available Exploits

With over ten years of experience and analysis tracking and responding to exploited vulnerabilities in OT networks, Dragos recently published a whitepaper with key findings to help all asset owners better remediate vulnerabilities. Out of more than 3000 ICS/OT impacting CVEs (Common Vulnerabilities and Exposures) that Dragos tracks, it has identified more than 400 that have at least one publicly available exploit enabling a low-skilled threat actor to knowingly and quickly bypass a security boundary.

Pages

Subscribe to Cybersecurity