Cybersecurity Digest #47: 04/04/2022 – 15/04/2022

04/04/2022

Cybersecurity Digest #47: 04/04/2022 – 15/04/2022

Cybersecurity news

Cybersecurity Blog Posts

Research and analytics

  • According to the 2022 Cyber Threat Defense Report, 71% of organizations suffered from ransomware attacks last year, up from 55% in 2017. Of those, who were victimized, almost 63% paid the requested ransom, up from 39% in 2017.
  • A study by Javelin 2022 Identity Fraud Study showed, that traditional identity fraud losses, those involving any use of a consumer’s personal information to achieve illicit financial gain, amounted to $24 billion and ensnared 15 million U.S. consumers. Losses involving identity fraud scams, involving direct contact with victims by criminals, totaled $28 billion and affected 27 million consumers in the United States.
  • According to Software Device Research, 49% of small practices and 15% of large practices don’t have a codified plan of action in the event of a data breach or cyberattack.
  • According to Check Point Research, in the first weekend spots 37K attempts to allocate the Spring4Shell vulnerability. During the first 4 days 16% of the organizations worldwide were impacted by exploitation attempts.
  • According to the latest report by Dragos, hackers pose a serious threat to the European industrial infrastructure. Currently, industrial enterprises in Europe are being attacked by at least ten cybercrime groups – Xenotime, Magnallium, Electrum, Allanite, Chrysene, Kamacite, Covellite, Vanadinite, Parisite and Dymalloy.
  • Experts of Check Point Research found anti-virus apps on the Google Play store disguised as legitimate, which downloaded and installed android malware. At least six different apps with over 15,000 total downloads were spreading the malware: Atom Clean-Booster, Alpha Antivirus, Center Security etc. Moreover, dubbed “Sharkbot” the malware steals credentials and banking information.
  • Intel has published the results of a study on how organizations approach security innovations. The main findings show, that companies value innovative security products when purchasing technologies and services, especially at the equipment level.
  • Splunk and Enterprise Strategy Group has released the annual global report State of Security 2022, which examines the security challenges facing a modern enterprise. More than 1,200 security service managers took part in the survey. In their opinion, there is an increase in the number of cyber attacks and at the same time a shortage of personnel.
  • The team of Paloalto researchers has released the report The Latest Unit 42 Cloud Threat Research. As a result, the ongoing transition to cloud platforms has meant that more sensitive data is stored in the cloud, making it more tempting for adversaries to exploit. When it comes to securing the cloud, identity is the first line of defense. Without proper identity and access management (IAM) policies in place, an organization can pay for any number of security tools – but comprehensive security will never be possible.
  • Kaspersky Lab shared what it learned about Black Cat ransomware. According to the report, BlackCat uses a modified version of a closed tool called Fender, which was previously used only by BlackMatter.

Major Cyber Incidents