Data/Cyber

Cyber attack methods continue to evolve – report

in

BY Richard Summerfield

Cyber criminals are deploying new and innovative lines of attack in addition to modified versions of existing methods, according to Verizon’s 2024 Data Breach Investigations Report.

According to the report, which analysed more than 30,000 real-world security incidents, including a record high of just over 10,000 confirmed data breaches, spanning 94 countries, the three most popular vectors for data breaches were unauthorised uses of web application credentials, email phishing and exploiting vulnerabilities in web applications, when excluding errors and misuse, typically honest mistakes by employees.

Attacks utilising the exploitation of vulnerabilities were up 180 percent, according to the report. This increase comes as no surprise given the mass exploitation of the MOVEit zero-day vulnerability and other similar vulnerabilities. Primarily, these attacks utilised ransomware and other extortion-related threat actors, and the main entry point was web applications. Attacks involving ransomware or extortion have seen considerable growth over the past year, accounting for 32 percent of all breaches.

“The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to safeguarding enterprises,” said Chris Novak, senior director of cybersecurity consulting at Verizon Business.

The human element also had a substantial hand in the number of recorded breaches. Sixty-eight percent of breaches involved a non-malicious human element. Accordingly, the onus remains on organisations to improve security awareness among their employees in order to reduce the impact of breaches. The report explains that the most common causes of breaches involving a non-malicious human element are someone falling victim to a social engineering attack or someone making a mistake.

“In either case, these could have been mitigated by basic security awareness and training. This is an updated metric in the report (we would previously include malicious insiders), and it is roughly the same as the previous period described in the 2023 DBIR,” Verizon added.

Report: 2024 Data Breach Investigations Report

Companies face AI, deepfakes and other threats as cyber security continues to evolve

in

BY Richard Summerfield

As artificial intelligence (AI), deepfakes and other threats continue to evolve it is imperative that companies upgrade their cyber security systems as soon as possible, according to OnePoll and Gemserve’s new report: ‘Through the Cyber Lens: The Evolving Future of Cyber Security’.

The study surveyed 200 chief information security officers (CISOs) across the UK and Europe, assessing the readiness of CISOs to confront the evolving challenges in the cyber security space, particularly those derived from the burgeoning influence of AI, while also exploring their expectations for the future.

According to the report, CISOs are increasingly concerned about the use of deepfake AI technologies in cyber attacks. Eighty-three percent of respondents noted that generative AI will play a more significant role in future cyber attacks, with 38 percent expecting a significant increase and 45 percent anticipating a moderate rise in attacks utilising these technologies over the next five years. However, despite the imminent nature of the threat, only 16 percent of respondents believe their organisation has an excellent understanding of these advanced AI tools, and thus are likely unprepared.

“As the AI revolution transforms the landscape of cybersecurity, CISOs stand at the forefront of this change,” said Mandeep Thandi, director of cyber and privacy at Gemserv. “AI is reshaping the contours of cyber defence by augmenting human capabilities, predicting threats, and fortifying organisations against the volatile cyber threat landscape.”

Many CISOs also noted that they do not have the resources to face up to the many challenges they encounter. Around a third of respondents believe they lack the budget required to do their jobs most effectively, while a similar proportion are finding it difficult to recruit and retain staff with the right skills and experience.

A much higher percentage of respondents (92 percent) believe they have robust and tested incident management policies and procedures in place, but there are significant technology and knowledge gaps that should give cause for concern. Only 31 percent of respondents believe they have both security information and event management (SIEM) tooling and cyber threat intelligence, even though the majority of respondents (78 percent) expect the cyber threat landscape to become more complex and challenging over the next 12 months.

Going forward, CISOs will be hoping they are provided with the resources they need to help them navigate the challenging and uncertain future and reduce the efficacy of cyber attacks.

Report: Through the Cyber Lens: The Evolving Future of Cyber Security

T-Mobile suffers another data breach

in

BY Richard Summerfield

US mobile phone operator T-Mobile has suffered a data breach affecting 37 million customers - the company’s fifth such incident since 2018.

In a Securities and Exchange Commission (SEC) filing, the company noted that it “promptly commenced an investigation with external cybersecurity experts and within a day of learning of the malicious activity, we were able to trace the source of the malicious activity and stop it”. The company has launched an investigation into the breach, but explained that “the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network”.

According to T-Moble, the breach saw a bad actor use a single application programming interface (or API) to obtain limited types of information on customer accounts. T-Mobile said the hack did not expose payment card information, social security, tax, driver’s licence or other government-issued ID numbers. Passwords, PINs and other financial information is also believed to be safe, however the hack did compromise other information, including name, billing address, email, phone number, date of birth, and T-Mobile account number and information, such as the number of lines on the account and plan features.

The breach appears to have occurred in late November 2022, but T-Mobile did not become aware of the attack until 5 January.

“We understand that an incident like this has an impact on our customers and regret that this occurred,” the company said in a statement. “While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program.”

T-Mobile has suffered a number of damaging cyber attacks in recent years. Before the most recent breach came to light, in August 2021 the company noted that a hacker had accessed information pertaining to 7.8 million existing customers, and more than 40 million former and prospective customers, including social security numbers and driving licence details. That figure was subsequently revised upwards to around 76.6 million. T-Mobile is reported to have paid the hacker $200,000 via a third party to stop the data being sold on the dark web, but it was reportedly sold anyway.

The company also disclosed hacks in 2018 and 2019 and two other separate incidents in 2020.

Furthermore, in July 2022, the company agreed to pay $500m to settle class action lawsuits brought by those affected by the 2021 breach. The plaintiffs accused T-Mobile of failing to adequately protect customers’ data. As part of a settlement related to the breach, T-Mobile agreed to contribute $350m to cover legal fees and compensation, and to spend a further $150m on making improvements to data security and related technology.

News: T-Mobile’s $150 Million Security Plan Isn’t Cutting It

Cyber security: recession proof?

in , , ,

BY Richard Summerfield

Amid ongoing economic and geopolitical challenges, the cyber security sector remains strong, according to a new report from ICON Corporate Finance.

Thus far, the sector is proving recession-proof and remains a growth area, defying current troubling macroeconomic headwinds. As such, the cyber security sector is leading the way for M&A and fundraising activity in 2022, with deal activity for Q1-Q3 up 60 percent compared to 2020 for M&A and up 22 percent for fundraising.

The report notes that going forward, enterprises must recognise that they must continue investing in cyber defences regardless to protect against an increasingly sophisticated threat landscape, and because of significant geopolitical and economic uncertainty. This, in turn, is acting as a catalyst for M&A and fundraising deal activity.

According to ICON, the first three quarters of 2022 saw 353 cyber security M&A deals, with a total value of $125bn. As a result, the sector is on track to surpass pre-coronavirus (COVID-19) levels. With vendor platform consolidation, largely backed by private equity, being a chief driver behind the sustained deal activity.

Fundraising activity also remained in line with long-term trends, with $15.4bn of venture capital money invested in the sector globally across 572 deals in the first three quarters of the year.

“Enterprises recognise that they must continue hardening their security defences to keep above water in the arms race between good and bad,” said Florian Depner, director of ICON Corporate Finance. “Cybersecurity is mission-critical and companies have no choice but to keep investing given the uplift in malicious activity, and state-backed attacks.

“We also anticipate that Private Equity will continue injecting much-needed growth fuel into later-stage scale-up companies; a trend demonstrated by the BlackRock-backed $250m (£221.7m) investment in Swiss-based storage management and personal backup services provider Acronis.

“These factors, combined with Private Equity backing buy-and-build strategies and vendor platform consolidation, and the fact that the three-year cyber security index for public sector stocks rose 61.5%, while NASDAQ rose just 35.5%, makes cybersecurity players undeniably desirable.”

Going forward, ICON predicts that consolidation will continue at pace as trade and PE acquirers are ready to capitalise on market opportunities.

Report: Cybersecurity Sector Update – Q3 2022

‘Smishing’ and other forms of cyber attack on the rise

in

BY Richard Summerfield

‘Smishing’, a cyber attack strategy which combines SMS and phishing, is an increasingly prevalent form of cyber attack, according to a new report from Infoblox.

In its ‘Cyber Threat Report Q2 2022’ report, Infoblox notes that smishing is a new and sophisticated mechanism to obtain personal and financial information from victims, through false forms on fraudulent sites.

Smishing messages are sent to potential victims by malicious actors in order to get them to reveal private information, including passwords, identities and financial data. Typically, smishing messages include some incentive for the recipient to click a link, which may be for a site that hosts malware or a page that attempts to convince the user to submit data through a form.

To avoid falling victim to a smishing attack, Infloblox notes that parties should: “Always be suspicious of unexpected text messages, especially those that appear to contain financial or delivery correspondences, documents or links. Never click URLs in text messages from unknown sources. In the campaign under discussion, the source was the recipient, who did not send the message, and that is a red flag.”

“Our report shares research on many dangerous malware threats,” said Mohammed Al-Moneer, regional director, META at Infoblox. “Security effectiveness depends on timely, up-to-date threat intelligence.”

The Q2 2022 report includes information on industry alerts, advisories, reports and original research published from 1 April to 30 June 2022, by the Infoblox Threat Intelligence Group (TIG), Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency Central Security Service (NSA-CSS). Infoblox releases a Quarterly Cyber Threat Intelligence Report, which compiles the main threats and security breaches detected during recent months worldwide.

Report: Q2 2022 Cyberthreat Intelligence Report

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.