Cyber Risk Update 3 FEB 2023
Data Breaches
According to the 2022 Data Breach Report from the Identity Theft Resource Center (ITRC), there were 1,802 data compromises in 2022 compared with 1,862 in 2021. The number of impacted victims grew by 40 percent to 422 million. https://www.idtheftcenter.org/publication/2022-data-breach-report/
The Los Angeles Unified School District (LAUSD) sent out breach notification letters to contractors notifying them that their Social Security numbers and other sensitive information were leaked during the July 31, 2022, to September 3, 2022 cyberattack. https://therecord.media/los-angeles-unified-school-district-confirms-ssns-leaked-in-september-ransomware-attack/
Cost, Frequency of Global Cyberattacks is Rising. Cost for Cyberattacks Rose 29% in 2022. https://www.fitchratings.com/research/insurance/new-eu-cyber-rules-directionally-positive-neutral-to-credit-ratings-31-01-2023
98 percent of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years https://www.helpnetsecurity.com/2023/02/02/relationships-breached-fourth-party-vendors/
Threat Actor Activities
CISA has identified a widespread campaign where threat actors send phishing emails that lead to the download of legitimate RMM software—such as ScreenConnect (now ConnectWise Control) and AnyDesk—which the actors used in a refund scam tosteal money from victim bank accounts. CISA discovered malicious activity within the networks of multiple federal civilian executive branch (FCEB) agencies. https://www.cisa.gov/uscert/sites/default/files/publications/aa23-025a-protecting-against-malicious-use-of-rmm-software.pdf
Over half of organizations experienced an insider threat in 2022 https://www.securitymagazine.com/articles/98879-over-half-of-organizations-experienced-an-insider-threat-in-2022
Research shows that there has been an increase in insider threat attacks over the past two years, as the risk has been exacerbated by remote work during the pandemic. https://www.darkreading.com/threat-intelligence/hunting-insider-threats-on-the-dark-web
Ransomware Awareness – Insights on Ransomware Activity, Recent Trends, and the Importance of Threat Intelligence https://www.darkreading.com/attacks-breaches/7-insights-from-a-ransomware-negotiator
Cybercrime groups offer six-figure salaries, bonuses, paid time off to attract talent on dark web https://cyberscoop.com/cybercrime-groups-jobs-talent-dark-web/
Microsoft revealed that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families that were actively used until the end of last year. https://www.bleepingcomputer.com/news/security/microsoft-over-100-threat-actors-deploy-ransomware-in-attacks/
Threat Surface
Nearly 60 percent of the cybersecurity recommendations made by the US Government Accountability Office (GAO) since 2010 have not been implemented by federal agencies. https://www.infosecurity-magazine.com/news/federal-agencies-ignore-gaos/
Recommendations
Secure your business like you secure your home: 5 steps to protect against cybercrime https://www.microsoft.com/en-us/security/blog/2023/01/17/secure-your-business-like-you-secure-your-home-5-steps-to-protect-against-cybercrime/
The National Institute of Standards and Technology’s newly released framework provides organizations a pathway to use artificial intelligence technology in a way that reduces risk. https://www.govtech.com/products/nist-releases-voluntary-ai-risk-management-framework
Notable Vulnerabilities
Microsoft identified unpatched, high-severity vulnerabilities in 75% of the most common industrial controllers in customer OT networks. The pervasiveness, vulnerability, and cloud connectivity of Internet-of-Things (IoT) and Operational Technology (OT) devices represent a rapidly expanding, often unchecked risk surface affecting a wider array of industries and organizations. Rapidly increasing IoT creates an expanded entry point and attack surface for attackers. With OT becoming more cloud-connected and the IT-OT gap closing, access to less secure OT is opening the door for damaging infrastructure attacks. https://www.microsoft.com/en-us/security/business/security-insider/cyber-signals-1/the-convergence-of-it-and-ot/
Comments