Ransomware Continues to Break Records
An NCC group report reports that ransomware attacks reached new levels in June, with a 221 percent increase year over year. One of the most active ransomware actors is Clop, responsible for 21 percent of June attacks. Clop exploits an SQL injection vulnerability in MOVEit. LockBit 3.0, which was the most active cyberattack group in May, is also responsible for a large fraction of attacks.
Action Items:
- Stay up to date on threat intelligence so that you can address the most commonly exploited vulnerabilities.
- Educate your clients in targeted vertical markets, particularly industrial, the most targeted sector in 2023.
- Download the report from NCC Group for more information and insights.
OpenMeetings Security Vulnerabilities Discovered
SonarSource found vulnerabilities in the Apache OpenMeetings web conferencing application. It includes CVE-2023-28936, weak has comparison, CVE-2023-29032, unrestricted access via invitation hash, and CVE-2023-29246, null-byte injection. These vulnerabilities allow self-registered users to take over an admin account and enable remote code execution.
Action Items:
- Upgrade to Apache OpenMeetings 7.1.0, which fixes the vulnerabilities.
- Evaluate processes to ensure your development team uses clean code principles, which reduces the risk of introducing these code vulnerabilities.
New Vector Attack Against Azure Active Directory
Vectra AI’s threat research team discovered a new attack vector against Azure Active Directory that enables lateral movement to other Microsoft tenants. The new cross-tenant synchronization feature of Microsoft Cloud enables actors to grant access to users from other tenants. This capability can give attackers access to Microsoft and SaaS applications.
Action Items:
- Review the technique that attackers exploiting this feature use.
- Avoid implementing a default inbound cross-tenant access (CTA) configuration.
- Combine CTA policy with conditional access policies to prevent unauthorized access.
- Assure all groups are properly regulated and monitored.
- See the MAAD attack framework for Microsoft 265 and Azure AD security testing.
- Continue to implement and enforce security best practices to reduce risks.
Study Provides Insights into SOCs
The 2023 State of Threat Detection from Vectra explains the major disconnect between SOC analysts’ perception of tool effectiveness and how well those tools protect organizations. The report states that 71 percent of analysts admit the organizations where they work may have been compromised, but they don’t know about it yet. Additionally, 97 percent worry that they’ll miss a serious security event become it’s buried in a flood of alerts — the majority of SOC teams receive an average of 4,484 alerts per day but can’t address two-thirds of them.
Action Items:
- Reduce alert noise and IT complexity for SOC analysts; help them identify and prioritize real attacks.
- Consult with SOC teams prior to investing in tools to select technology that meets their needs.
Untrained Employees Equal Higher Cyber Risks
Research from CybeReady found that during the first six months of employment, workers receive basic security training, and from 6-12 months and beyond, they receive advanced training and decrease the risk they pose to their organizations. For example, new employees are more likely to click on phishing emails, up to 50 percent more often than employees who have been with an organization for 6-12 months.
Action Items:
- Ensure thorough training early in employees’ careers, focusing on their most critical behaviors.
- Continuously train employees on best practices, new regulations and requirements, and emerging threats.
- Create a security policy for remote workers.
- Build a cybersecurity culture where all employees are informed and dedicated to keeping data safe.
- Review CybeReady training resources.
Life Sciences Data Loss Increases
The Code42 2023 Data Exposure Report: Life Sciences Sector reports that 70 percent have experienced more data loss in the past year. Additionally, life sciences organizations report an average of 20 insider-driven incidents per month, which are related to corporate espionage, password-related risks, and lack of visibility into cloud apps.
Action Items:
The report states that CISOS should:
- Implement a program focusing on insider risk.
- Enhance security training that addresses the entire spectrum of risks and how to mitigate them.
- Improve incident response management processes.
The 5 BDR Challenges Threatening SaaS Applications
The increased adoption of Software as a Service (SaaS) applications has also increased the risk of data loss. Asigra has ranked the five most significant challenges:
- Incomplete backups
- Inadequate backup frequency
- Data restoration complexity
- Stricter regulatory compliance requirements
- Malware and ransomware targeting SaaS applications
Action Items:
- Conduct a risk assessment to identify the most significant threats to your organization.
- Educate yourself about those threats and attack vectors.
- Take protective measures, particularly for the most business-critical data.
Click Here For The Original Source.
