A collage of cyber fright that businesses better fight – AMEinfo

According to Cybersecurity Ventures, cybercrime costs are projected to reach $10.5 trillion by 2025 as levels of account takeover, new account fraud, and other types of fraud continue to rise
According to Cybersecurity Ventures, cybercrime costs are projected to reach $10.5 trillion by 2025 as levels of account takeover, new account fraud, and other types of fraud continue to rise.
The following content should be cause for great concern. If it brings a fight or flight reaction. It had better be the former.
Trickbot banking
Discovered in 2016, Trickbot’s main functionality was online banking data theft. Kaspersky said that over its five years of activity, the malware has evolved and become multi-modular ranging its activity from data theft to other malware distribution (such as Ryuk ransomware).
The malware spreads over local networks using stolen credentials and vulnerabilities, provides remote access, proxy network traffic, performs brute-force attacks, and downloads other malware.
Backup for huge savings
Acronis, a global leader in cyber protection, announced new research by VansonBourne titled “MSPs Speak: Cybersecurity and the future role of the MSP,” showing that consolidating cybersecurity, backup, and disaster recovery services produces over $229k in savings and reduces breach recovery by 5 hours, on average.
Many MSPs (Managed Service Providers) have added additional tools to their technology stack, using an average number of 4 vendors to provide cybersecurity, backup and/or disaster recovery (DR) services.
The Grief Ransomware gang, which recently made recent headlines for allegedly targeting the National Rifle Association (NRA), is now trying to amplify that news by creating dozens of fake Twitter accounts as a means of ‘promoting’ the attack to journalists and others on the platform.
Grief Ransomware Group promoting attacks 
The Grief Ransomware gang, which recently made recent headlines for allegedly targeting the National Rifle Association (NRA), is now trying to amplify that news by creating dozens of fake Twitter accounts as a means of ‘promoting’ the attack to journalists and others on the platform.
According to Sam Riddell, associate analyst, Mandiant, “We’re now seeing, for the first time, financially-motivated actors using tactics traditionally employed by information operations actors used alongside a ransomware attack.”
While this tactic is new, Mandiant’s experts believe it’s par for the course and it was only a matter of time before this happened. 
According to Jeremy Kennelly, senior manager, financial crime analysis, Mandiant Threat Intelligence, “This is likely a new way for this group to exert additional pressure on its victims. We’ve seen constant shifts in the tactics used by financially-motivated threat actors to get their victims to pay, so from an evolutionary perspective, using this tactic makes perfect sense.”
Remote work: Supply chain attacks
In its annual Cyber Readiness Report, Acronis said that 53% of global companies have a false sense of security when it comes to supply chain attacks.

Important statistics to highlight from the report:
Threat predictions
McAfee Enterprise and FireEye released 2022 Threat Predictions,  looking at what enterprises face in 2022.  
McAfee Enterprise & FireEye 2022 Predictions:
Solarwinds warnings
Microsoft says the Russian-backed Nobelium threat group behind last year’s SolarWinds hack is still targeting the global IT supply chain, with 140 managed service providers (MSPs) and cloud service providers attacked and at least 14 breached since May 2021.

Saket Modi, Co-founder & CEO, Safe Security said: 
“Nobelium’s ongoing supply chain attacks show the importance of closing loopholes to trusted relationships that cause downstream impacts. Social engineering, cloud misconfigurations relating to unverified delegated administrative privileges, password sprays, API theft, and supply chain attacks are all threat actor techniques that businesses are actively monitoring, but in a siloed and disjointed fashion.”
He added: “NOBELIUM has been successful because organizations lack a single, enterprise-wide, and real-time cybersecurity view of what and where their vulnerabilities lie across people, technology, and third-party (supply chain). Organizations need to go beyond a questionnaire and outside-in approach only and have a cohesive inside-out, real-time risk analysis of third parties to get a better understanding of their risk posture and critical vulnerabilities.” 
Multifactor authentication
Kaspersky experts noticed increased activity from fraudsters stealing passwords by using special malware called Trojan-PSW, capable of gathering login and other account information to anything from gaming websites and streaming accounts, to online banking.
It found the dynamics for the UAE worrisome: During January – September 2021 there were 46% more users attacked than in the same period of 2020.

The global total amount of detections also increased compared to the previous year: from 24.8 million to 25.5 million.
“As statistics show, logins, passwords, payment details, and other personal data continue to be an attractive target for cybercriminals and they remain a popular commodity on the dark market. For this reason, we encourage internet users to take extra steps to protect their accounts, for example by using multifactor authentication methods,” commented Denis Parinov, a security expert at Kaspersky.
Cloud security
The 2021 Thales Global Cloud Security Study, commissioned by Thales and conducted by 451 Research, part of S&P Global Market Intelligence, reports that 40% of organizations have experienced a cloud-based data breach in the past 12 months.
Despite increasing cyber-attacks targeting data in the cloud, the vast majority (83%) of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cybercriminals can have.
According to the study, one-fifth (21%) of businesses host the majority of their sensitive data in the cloud, while 40% reported a breach in the last year.
Businesses share common concerns about the increasing complexity of cloud services. Almost half (46%) of global respondents claimed managing privacy and data protection in the cloud is more complex than on-premises solutions.
Attivo infographics
Attivo Networks, an innovative defense for protection against identity compromise, privilege escalation, and lateral movement attacks, looks back at 2021’s scary characters in the following infographics.



 
Hadi Khatib is a business editor with more than 15 years’ experience delivering news and copy of relevance to a wide range of audiences. If newsworthy and actionable, you will find this editor interested in hearing about your sector developments and writing about it. [email protected]
© 2021, ADigitalcom. All rights reserved
Sitemap

source