Cybersecurity

Help Net Security has written an article covering a recently released study by SecurityScorecard and the Cyentia Institute on supply chain/third and fourth party risk. The report found that 98 percent of organizations have hired a vendor that has experienced a data breach in the last two years and that 50 percent of organizations have hired a third party that depends on a vendor that has experienced a data breach in the last two years. Compared to the primary organizations surveyed, third parties were found to be five times more likely to demonstrate poor security.

With ransomware running rampant, pardon the cliché, it’s only a matter of time before many more organizations fall victim to this money-grubbing menace. Recently, Microsoft tweeted about the more than 100 threat actors using ransomware that its tracking in attacks across over 50 unique active ransomware families, including LockBit, BlackCat (ALPHV), and Play, to name a few. While phishing is still a threat actor fan favorite, it’s not the only technique in town.

Despite repeated warnings to patch on-premises and hybrid Microsoft Exchange servers during the past couple of years, the number of vulnerable servers remains concerning. We know that as long as devices remain unpatched, threat actors will keep exploiting them. This fact can be evidenced by a cursory review of CISA’s Known Exploited Vulnerabilities Catalog, which lists vulnerabilities known to currently be exploited dating back over 20 years.

Dark Reading posted an article providing insights from GuidePoint Security’s recently released GRIT 2022 Ransomware Report. GuidePoint offers multiple perspectives based on its ransomware negotiations. The report highlights four general categories that ransomware groups fall into and which are the most active threat. Additionally, the report offers additional considerations, most notably how improved backup strategies have been making a positive difference in being able to successfully recover after an attack.