Cybersecurity Digest #83: 31/10/2023 – 14/11/2023

Cybersecurity News

Cybersecurity Blog Posts

  • Nilesh Dherange has outlined the 3 primary ransomware attack stages and useful indicators of compromise.
  • The Help Net Security blog provides 7 free cyber threat maps showing the intensity and frequency of attacks. From the collaborative efforts of Google Ideas and Arbor Networks in the Arbor Networks Digital Attack Map to the extensive global threat intelligence network of Fortinet Threat Map, we cover a range of tools designed to enhance your situational awareness.
  • Wallarm highlighted the promise of Zero Trust Network Access (ZTNA). With progressive tech strides and a growing emphasis on cybersecurity, ZTNA is expected to be a crucial determinant of the evolution of network security. Nevertheless, a successful ZTNA deployment calls for an in-depth comprehension of its principles and a strategic blueprint for its roll-out.
  • Cybersecurity researcher Gergely Kalman has published a technical article about BatSignal (CVE-2022-26704), a vulnerability that allows the root user to gain privilege escalation in macOS.

Research and Analytics

  • A new research conducted by Venafi finds that nearly 50% of its users report Kubernetes and container security incidents. The study revealed that cloud development practices create serious cybersecurity blind spots. This becomes especially relevant for businesses from the US, the UK, France and Germany.
  • A new report by Duke University reveals details about the sale of sensitive data of the US military personnel by data brokers. The study, focusing on national security, has unveiled that highly detailed personal information about military personnel, veterans and their families sells for between $0.12 and $0.32 per record.
  • China’s presence is growing in cybersecurity technology, with 6 of its companies being in the ranking of the 10 largest global patent holdings. At the same time, the American corporation IBM continues to hold the first place, according to a joint study by the Japanese news agency in cooperation with U.S. information services provider LexisNexis
  • Germany is currently experiencing a significant increase in cyber threats, with the risk of ransomware attacks considered exceptionally high, according to the latest report from the German Federal Office for Information Security. The highest average increase in malware types with 332,000 new variants per day during the period from June 2022 to June 2023.
  • Experts are theorizing about the mysterious shutdown of the Mozi botnet, which was recently eliminated using a special “switch” designed to deactivate all bots. First observed in India on August 8th, this mysterious disappearance stripped Mozi bots of most of their functionality.
  • Password health and hygiene improved globally over the past year, reducing the rise of account takeover for consumers and businesses, according to Dashlane. Password reuse remains prevalent, however, leaving user accounts particularly vulnerable to password-spraying attacks if they’re not protected by strong multi-factor authentication (MFA).
  • The VMware Threat Analysis Unit (TAU) has discovered 34 unique vulnerable drivers accepting firmware access, which can be used to erase/alter firmware, and/or elevate privileges. Additionally, previous research focused primarily on Windows Driver Model (WDM)and Windows Driver Framework (WDF) drivers and the company has published a list of file names associated with problematic drivers.
  • SlashNext Threat Labs’ annual report provides analysis of threats seen in email channels, mobile devices and browsers over a 12-month period from Q4 2022 to Q3 2023. The report highlights an impressive 967% increase in credential theft attacks. It also reveals a 1,265% increase in phishing emails since the launch of ChatGPT, signaling a new era of cybercrime fueled by generative AI.
  • According to a study conducted by Amazon Web Services (AWS), 35% of small and medium-sized businesses do not consider security to be strategic priority, 41% of those surveyed haven’t provided any security training to their organizations, 43% have plans to provide training within the next 12 months, 50% of respondents indicated some degree of concern about security in the cloud and view migration as a risk
  • With Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY), according to Corvus Insurance. If the trajectory continues, 2023 will be the first year with more than 4,000 ransomware victims posted on leak sites (2,670 in 2022).
  • The Identity Theft Resource Center® (ITRC) has stated in its annual report that small businesses are experiencing a record number of cyberattacks in 2023. According to the responses, cybersecurity incidents targeting small businesses reported were a record-high (73 %) Employee and consumer data continue to be the most impacted categories of information affected by a data breach.
  • Paloalto has published a study on Cobalt Strike traffic detection. Report demonstrates how the Malleable C2 profile lends versatility to Cobalt Strike, and why this versatility makes Cobalt Strike an effective emulator for which it is difficult to design traditional firewall defenses.
  • According to Sophos report, the rate of data encryption following a ransomware attack in healthcare was the highest in the last three years: 73% of healthcare organizations reported that their data was encrypted in the 2023 report, up from 61% in the 2022 report.

Major Cyber Incidents