Cloud container vulnerabilities increase – report

BY Richard Summerfield

Adoption of cloud technology has increased considerably in recent years, however vulnerabilities in cloud containers have also increased, according to a new report from Skybox Security.

Skybox’s ‘2019 Vulnerability and Threat Trends Report: Mid-Year Update’ notes that vulnerabilities in cloud containers have increased by 46 percent compared to the same period in 2018, and by 240 percent compared to 2017,. However, less than 1 percent of newly published vulnerabilities were exploited in the wild, with 9 percent having any functioning exploit developed at all.

Over the last two years, the total number of new vulnerabilities has outpaced any other previous year. However, the number of vulnerability reports in the first half of 2019 declined by 13 percent compared to the same period last year. Still, the current figures are historically high, and it seems annual totals of around 15,000 new common vulnerabilities and exposures (CVEs) will be the new norm.

“More than 7000 new vulnerabilities were discovered in the first half of 2019 — that’s still significantly more than figures we’d see for an entire year pre-2017. So, organisations are likely still going to be drowning in the vulnerability flood for some time,” said Ron Davidson, chief technology officer and vice president of research and development at Skybox. “Roughly a tenth of these have an exploit available and just one percent are exploited in the wild. That’s why it’s so critical to weave in threat intelligence into prioritization methods, and of course consider which vulnerable assets are exposed and unprotected by security controls.”

To better protect themselves against attack, the report suggests that companies “assess occurrences against the latest threat intelligence, as well as the relationship of vulnerable assets to the security controls that could protect them. This way, action will be focused on the small subset of vulnerabilities posing a critical risk to your business.”

Organisations should ensure that they have reliable coverage to assess and prioritise vulnerabilities in public and private clouds and operational technology systems to truly understand the risks they face.

The report also noted that cryptocurrency ransomware, botnets, and backdoors appear to have substituted cryptocurrency mining malware as a tool of choice for cyber criminals. The use of these methods increased by 10 percent, 8 percent and 18 percent respectively.

Report: 2019 Vulnerability and Threat Trends Report: Mid-Year Update

British Airways faces record GDPR fine

BY Richard Summerfield

British Airways is to be fined £183.39m by the UK’s Information Commissioner’s Office (ICO) for data protection breaches.

The fine, as set forth by the ICO, will be the largest penalty handed down since the implementation of the European Union’s (EU’s) General Data Protection Regulation (GDPR). The regulator said the company will have a chance to contest the proposed fine, which is roughly 1.5 percent of airline’s annual revenue of £11.6bn worldwide in 2018, well below the maximum rate of 4 percent that can be applied under the GDPR.

According to the ICO, weak security on the airline’s website allowed users to be diverted away to a fraudulent page, starting in June 2018. The ICO’s investigation found that the incident involved customer details including login, payment card, name, address and travel booking information of around 500,000 users had been harvested.

“People’s personal data is just that – personal,” said Information Commissioner Elizabeth Denham. “When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

British Airways, which has subsequently improved its security protocols, has said it will fight the ruling. The airline can appeal against the findings and scale of the fine before a final decision by the ICO. “We are surprised and disappointed in this initial finding from the ICO,” said Alex Cruz, the chair and chief executive of British Airways. “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”

The ICO noted: “British Airways has cooperated with the ICO investigation and has made improvements to its security arrangements since these events came to light. The company will now have opportunity to make representations to the ICO as to the proposed findings and sanction.”

News: British Airways faces record 183.4 million pounds fine over data theft

Frequency of cyber attacks increases amid defence deficit

BY Richard Summerfield

The number of cyber attacks, and the cost of those attacks, increased markedly in 2018, according to a study commissioned by insurer Hiscox.

The Hiscox Cyber Readiness Report 2019 surveyed nearly 5400 professionals from the US, UK, Germany, Belgium, France, Spain and the Netherlands who are responsible for their company’s cyber security.

According to the report, 61 percent of the firms surveyed experienced one or more cyber attacks in the past year, compared to 45 percent in the previous year. However, the proportion of those firms achieving top scores for their cyber security readiness fell year-on-year. The median cost for losses associated with cyber incidents increased significantly, from $229,000 to $369,000.

The report, now in its third year of publication, noted that while hackers previously focused mainly on larger companies, small- and medium-sized firms are now equally vulnerable. Around 47 percent of small firms – companies with less than 50 employees – reported attacks, up from 33 percent last year. Sixty-three percent of medium-sized businesses, those with 50 to 249 employees, were targeted, up from 36 percent the previous year.

“The cyber threat has become the unavoidable cost of doing business today,” said Gareth Wharton, cyber chief executive at Hiscox. “The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.”

“The message that cyber risk is a real threat to businesses of all sizes is sinking in,” said Meghan Hannes, cyber product head for Hiscox in the US. “Companies are increasingly aware of the risks and pouring more resources into cyber protection, and yet, there is still a tremendous gap between awareness of the issue and actually having an effective defence. Many believe that increasing cyber-related spending fully protects a business, but it isn’t enough. Businesses must take a holistic approach, ensuring they can properly maximise their investment with appropriate internal protocols, staffing, and employee training, ultimately creating a human firewall as the first line of defence.”

The average spend on cyber security is now $1.45m, up 24 percent on the previous year, and the pace of spending is accelerating. The total spend by the firms in the survey comes to $7.9bn. Two-thirds of respondents (67 percent of firms) plan to increase their cyber security budgets by 5 percent or more in the year ahead.

Report: The Hiscox Cyber Readiness Report 2019

FireEye report – Aggressive new attackers emerge

BY Richard Summerfield

The cyber security industry evolved significantly in 2018, with aggressive new attackers emerging, according to the FireEye Mandiant ‘M-Trends 2019 Report’.

Encouragingly, however, organisations are getting better at responding to breaches quickly. Over the past eight years, dwell times have decreased significantly – from a median dwell time of 416 days in 2011 to 78 days in 2018.

Thirty-one percent of the breaches investigated by Mandiant last year had dwell times of 30 days or less, up from 28 percent of compromises in 2017. Twelve percent had dwell times greater than 700 days, down from 21 percent in 2017.

The report suggests that the increase in compromises detected in less than 30 days is due to greater use of ransomware and cryptominers over the last 12 months, which are detected faster. FireEye also believes that companies are improving their data visibility through better tooling, which allows for faster response times. In the Americas, the median dwell time fell from 75.5 days in 2017 to 71 days in 2018.

Nation states continue to pose an increasingly dangerous and evolving threat. The report identifies North Korea, Russia, China and Iran, among others, as the most threatening actors which are continually enhancing their capabilities and changing their targets in alignment with their political and economic agendas. The report suggests that significant investments have provided these actors with more sophisticated tactics, tools, and procedures, with some becoming more aggressive, and others better at hiding and staying persistent for longer periods of time.

There are a number of important steps companies must take if they are to resist attacks which are coming in increasingly diverse forms. Attackers are targeting data in the cloud, including cloud providers, telecoms and other service providers; they are re-targeting past victim organisations and are even launching phishing attacks during mergers & acquisitions (M&A) activity.

“By regularly reviewing and updating their incident Response Plans and associated use cases and playbooks, organisations can mitigate the risk of destruction of important evidence, failure to identify major breaches, and extending the duration of breaches,” notes the report. “Organisations should incorporate important concepts such as evidence preservation during remediation activities, context of alerts instead of simple volume metrics, and eradication timing into these documents. This will empower front line analysts to effectively escalate relevant information to decision makers and avoid costly mistakes.”

Report: M-Trends 2019

The evolving cyber threat

BY Richard Summerfield

2018 was a challenging year for the cyber security industry as threat actors’ tactics, traits and techniques continued to evolve. As a result, the number of large corporations which fell victim to cyber attack continued to grow last year, according to AppRiver’s ‘2018 Global Security Report’.

AppRiver’s Email Security and Web Protection filters quarantined more than 10 billion global threats including: (i) 8.3 billion messages containing URL-based malware, phishing attacks and text-based attacks; (ii) 300 million emails that included malware in a message attachment; (iii) the majority of malicious attachments with Word files with embedded macros; and (iv) 4.5 billion quarantined messages that originated in the US.

Trojan attacks surpassed the number of ransomware attacks, becoming the most commonly distributed threat type – Trojans were dispersed more than 20 million times. The ‘Trickbot Trojan’ and ‘Emotet’, were particularly prominent threats. Emotet, which functions as a downloader of other banking Trojans, cost state, local, tribal and territorial (SLTT) governments up to $1m per incident to remediate. In order to defeat such attacks, companies must deploy a robust ‘defence-in-depth’ approach, the report notes. Distributed Spam Distraction (DSD) and Business Email Compromise (BEC) attacks also became more prominent in 2018.

“The lines between hacking, cybercrime, and cyberwarfare are increasingly blurred now,” said Troy Gill, AppRiver’s senior cybersecurity analyst. “As a result, protecting small- and mid-sized businesses must be considered an integral part of our larger national cybersecurity posture. To be most effective, our strategy must be comprehensive, addressing vulnerabilities at all levels.”

Looking ahead, the report notes that internal ecosystem attacks will increase and attackers will employ more ‘bleeding-edge’ attack methods. The report notes that more advanced attack techniques will likely trickle down from the nation-state level to threaten more for-profit attacks against the public.

The rapid growth of the number of Internet of Things (IoT) devices will also create challenges, particularly as the lack of security being built into such devices will leave parties exposed.

Report: 2018 Global Security Report

©2001-2019 Financier Worldwide Ltd. All rights reserved.