Cybersecurity Digest #39: 29/11/2021 – 10/12/2021

Cybersecurity news

Cybersecurity Blog Posts

Research and analytics

  • According to PwC 2022 Global Digital Trust Insights, 69% of organisations predict a rise in cyber spending in 2022 compared to 55% last year. More than a quarter (26%) predict cyber spending hikes of 10% or more; only 8% percent said that last year. More than 50% organisations expect a surge in reportable incidents next year above 2021 levels.
  • APWG Phishing Trends Report 3rd Quarter 2021 revealed 260,642 phishing attacks in July 2021, which was the highest monthly in APWG’s reporting history. The number of phishing attacks has doubled from early 2020. The software-as-a-service and webmail sector was the most frequently victimized by phishing in the third quarter, with 29.1% of all attacks.
  • A new Juniper Research study has found that total SMS firewall revenue will increase from $911 million in 2021 to $4.1 billion in 2026; representing an absolute growth of 346%. SMS firewalls are third-party solutions that sit within operator networks; enabling the real-time monitoring of network traffic, enhancing operator capabilities to block fraudulent traffic and minimise revenue loss.
  • Based upon research conducted by Picus Labs, The Picus Red Report 2021 highlights the ten most common MITRE ATT&CK tactics and techniques used by adversaries over the last 12 months. Between October 2020 – October 2021, Picus Labs analyzed 231,507 unique files. 204,954 of these files (89%) were categorized as malicious. 2,197,025 actions were extracted from these files and mapped to 1,871,682 MITRE ATT&CK techniques.
  • Darktrace reported that its security researchers discovered a 30% increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020 compared to the monthly average. The researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February.
  • A new parasitic malware targets the popular Nginx web server, Sansec Threat Research discovered. This novel code injects itself into a host Nginx application and is nearly invisible. The parasite is used to steal data from eCommerce servers, also known as “server-side Magecart”.  The malware was found on servers in the US, Germany and France. In this post, we show you how to find and remove it.
  • According to Data Privacy Priorities Report 2021 performed by BigID and ServiceNow, the majority of respondents (61%) are taking a proactive approach to overcoming privacy shortcomings by identifying and preventing the problems. However, a third of the respondents (33%) are simply being reactive to privacy threats by responding to incidents after they occur.
  • To help CEOs around the globe better understand cyber risks and how to make their businesses more secure, (ISC)² conducted an online poll of 200 cybersecurity practitioners, whose roles range from cybersecurity leadership to cybersecurity team member, and asked them a simple question: What do you feel every CEO needs to know to make their business more secure heading into next year? After analyzing the responses, below are five recommendations every CEO should know going into 2022.

Major Cyber Incidents