Cybersecurity Digest #62: 31/10/2022 – 14/11/2022

Cybersecurity news

Cybersecurity Blog Posts

  • Help Net Security has published a video with Matthew Chiodi, Chief Trust Officer of Cerby. He told about the likely hole in your security strategy. This video zeroes in on one of the most important yet often missed areas of zero trust: unmanageable applications, which leading analysts say contribute to a third of all security breaches.
  • Joey Stanford, VP of Privacy and Security at Platform.sh told about how the recent critical vulnerability of log4j affected the reputation of open source software – 10% of companies said they refused to use Open-source solutions. Nevertheless, the author is convinced that the development of Open-source is extremely important for the future of IT and calls on organizations to support such projects.
  • Brett Raybould EMEA Solutions Architect at Menlo Security in his article explained the principle of using the introduction of malicious patterns in attacks with a high degree of evasion from adaptable threats (HEAT-attacks). He stressed that the use of the template format is especially attractive to attackers because they do not contain traces of malicious URLs or exploit markers and remain unnoticed, for example, during the initial verification of emails.
  • Author Dan Goodin spoke about the technology of access keys – keypass, which relate to various schemes for storing authentication information in hardware, and this concept has existed for more than ten years. Microsoft, Apple, Google and a consortium of other companies have united around a single access key standard supported by the FIDO Alliance.

Research and analytics

  • BigID company has published the Cloud Data Security Research Report 2022, which showed that 86% of organizations use multiple cloud platforms to store their data – within IaaS, PaaS and SaaS. Only 4% believe that all their cloud data is sufficiently protected: more than a quarter of organizations do not track regulated data, almost a third do not track confidential or internal data, and 45% do not track unclassified data.
  • Group-IB experts spoke about the French-speaking group Opera1er, which has existed since 2016. Between 2018 and 2022, these hackers stole at least $11 million from banks and telecommunications service providers in Africa, Asia and Latin America, and the actual damage from these attacks is estimated at $30 million.
  • According to a new report by KELA, in the third quarter of this year, hackers sold access to 576 corporate networks around the world. Although the number of offers remained approximately the same as in the previous two quarters, the total cost of access already reaches $ 4,000,000. For comparison: in the second quarter, this figure was $660,000.
  • Netwrix has announced the results of the 2022 Cloud Security Report Healthcare for the healthcare sector, which states that 61% of respondents in this industry have been subjected to a cyber attack on their cloud infrastructure over the past 12 months. Phishing was the most common type of attack.
  • In the report for the third quarter of 2022, the Coveware company found a turn towards ransomware programs targeting the healthcare sector – it was the second most affected sector after professional services. Coveware experts partially attributed this to the growing spread of Hive ransomware programs that attack healthcare organizations, regardless of their impact on patient care.
  • ENISA has published the annual Threat Landscape report for the period from July 2021 to July 2022. According to the report, more than 10 terabytes of data are stolen every month, and ransomware is still considered one of the main threats. Phishing is now defined as the most common initial vector of such attacks.
  • Kaspersky Lab researchers have discovered a new SandStrike spyware that is delivered via a malicious VPN application to Android users in the Middle East. Cybercriminals target people who speak Persian and are adherents of the Baha’i religion developed in Iran and parts of the Middle East.

Major Cyber Incidents