Cybersecurity Digest #78: 27/06/2023 – 11/07/2023

Cybersecurity news

Cybersecurity Blog Posts

Research and analytics

  • ILTA and Conversant Group announce the release of a joint cybersecurity research report titled Security at Issue: State of Cybersecurity in Law Firms. The survey was targeted specifically at understanding law firms’ cybersecurity controls, tools, practices, and assumptions to determine how their cyber defenses could be improved. Almost a third of the law firms surveyed reported cybersecurity breaches in 2021, and 36% reported malware infections.
  • Even in the context of a cooling hiring market, the role of CISO is maturing as organizations’ technological needs and risks become greater and multiply, according to the 2023 Global Chief Information Security Officer (CISO) Survey, released by Heidrick & Struggles. 76% of CISOs said they were very or entirely open to changing companies in the next three years, underscoring the importance of succession planning and an increased focus on retention strategies.
  • In 2022, the total number of DDoS attacks worldwide increased by 115.1% over the amount observed in 2021, according  Nexusguard DDoS Statistical Report for 2022. The data also showed that cyber attackers continued to alter their threat vectors by targeting the application platforms, online databases, and cloud-based storage systems within Internet Service Providers (ISPs). This resulted in a significantly greater impact globally as organizations continue to move more of their workloads to the cloud.
  • The survey of over 1,000 Managed Service Providers and Managed Security Service Providers reveals as more businesses experience resource and cost constraints, a majority (86%) of MSPs and MSSPs customers are outsourcing their security needs to consolidate security tools.
  • The Virus Bulletin spam report for Q2 2023 is out.  Experts continues to see the majority of spam successfully being blocked by email security solutions, and with higher scores this time against malware and phishing samples.
  • Akamai delves into all the protocols and techniques that can be abused for lateral movement on Linux.
  • Zimperium  released its  Global Mobile Threat Report 2023. This year’s report reveals a continued growth toward mobile-powered business along with the increasingly sophisticated security risks facing it, including spyware, phishing, and ransomware. Research finds 187% year-over-year increase in the number of compromised devices that were fully exploited, highlighting growing risks posed to mobile-powered businesses.
  • CardinalOps’ annual report analyzes real-world data from production SIEMs covering nearly 4,000 detection rules across diverse industry verticals. Enterprise SIEMs Miss 76% of all MITRE ATT&CK Techniques Used by Adversaries.
  • The PSA Certified 2023 Security Report highlights significance of upcoming security regulation as 64% of businesses say it will have bigger ramifications than GDPR. Connected device security spend accelerates as three quarters (75%) of businesses report that security has become a bigger business priority in the last 12 months.
  • A recent survey conducted by Gigamon has revealed that despite high levels of confidence in hybrid cloud security, nearly one third of security breaches go unnoticed by IT and security professionals. The survey found that 94% of global respondents believe their security tools and processes provide complete visibility and insights into their IT infrastructure. However, the reality is that a significant number of breaches are not being detected in a timely manner.
  • Aggregated honeypot data, over a six-month period, showed that more than 50% of the attacks focused on defense evasion, according to Aqua Security. These attacks included masquerading techniques, such as files executed from /tmp, and obfuscated files or information, such as dynamic loading of code. In addition, in 5% of the attacks, threat actors used a memory resident malware. Compared with 2022, there was a 1,400% increase in fileless attacks.

Major Cyber Incidents