Tag Archive for: annually

Ads for Zero-Day Exploit Sales Surge 70% Annually


Security researchers have warned that threat actors are increasingly turning to zero-day exploits to increase the success rate of advanced targeted attacks.

Group-IB noted in its Hi-Tech Crime Trends Report 2023/2024 that it observed a 70% increase in public ads selling zero-day exploits between 2022 and 2023.

In some cases, such as the CVE-2023-38831 zero-day vulnerability in the ZIP file format, the threat actors that discover a bug provide access to clients for a subscription fee – in this case, $1000 per month.

Such threats are popular with advanced cybercrime groups and nation states, especially for cyber-espionage activities where threat actors need to establish persistence and spy on their victims for prolonged periods without discovery, the report claimed.

Read more on zero-day threats: Critical Zero-Day Flaw Exploited in MOVEit Transfer

Elsewhere, Group-IB warned of a growing interest in ChatGPT credentials on the cybercrime underground, as a way to reach sensitive corporate date.

That’s because public LLM models automatically save chat logs with the AI model, but accounts are often not protected by multi-factor authentication (MFA).

“When using AI systems, users often enter all sorts of data, including confidential information such as internal source code, financial information, and trade secrets. Users sometimes even enter data intended for authentication in internal systems,” Group-IB explained.

That means any threat actor with access to a corporate user’s account could gain a direct pathway to a huge volume of sensitive information.

“This gives them access to logs with the communication history between employees and systems, which they can use to search for confidential information (for espionage purposes), details about internal infrastructure, authentication data (for conducting even more damaging attacks), and information about application source code (to analyze it and identify potential vulnerabilities that could be exploited),” the report noted.

Group-IB said it detected more than 225,000 infostealer logs up for sale on the dark web containing compromised ChatGPT credentials between January and October 2023.

As corporates invest…

Source…

Insider threats cost organisations $15.4 million annually — Proofpoint


Insider threats cost organisations $15.4 million annually — Proofpoint image

Frequency increased by almost half over the past two years, according to the study.

Research released today by Proofpoint has revealed that organisations impacted by insider threats spent an average of $15.4 million annually, up 34% from 2020

According to the 2022 Cost of Insider Threats Global Report from enterprise security provider Proofpoint, alongside Ponemon Institute, it took organisations an average of 85 days to contain each incident.

Over the last two years, frequency of insider threats has increased by 44%, according to Proofpoint, with three identified categories consisting of:

  • careless or negligent employees/contractors (56% of incidents);
  • criminal or malicious insiders (26%);
  • cyber criminal credential theft (18%).

67% of surveyed companies experienced between 21 and more than 40 incidents per year, up from 60% in 2020.

Incidents caused by malicious or criminal insiders cost organisations an average of $648,062, while negligent insiders cost companies $484,931 per incident.

Negligence, according to the study, could include not ensuring devices are secured, not following the company’s security policy, or forgetting to patch and upgrade, among other factors.

Meanwhile, criminal insiders use data access, which has increased for the purpose of enhanced productivity, for harmful, unethical, or illegal activities.

Credential theft incidents have almost doubled since the last study, and prove the costliest to remediate with an average of $804,997 per incident.

Addressing insider threats: how board members can maintain cyber security

Paul Stark, general manager, UK at OnBoard, discusses how board members can address insider threats by maintaining cyber security. Read here

“Months of sustained remote and hybrid working leading up to “The Great Resignation” has resulted in an increased risk around insider threat incidents, as people leave organisations and take data with them,” said Ryan Kalember, executive vice-president of cyber security strategy at Proofpoint.

“In addition, organisational insiders, including employees, contractors, and third-party vendors, are an…

Source…

Cybercrime To Cost The World $10.5 Trillion Annually By 2025


SAUSALITO, Calif., Nov. 13, 2020 /PRNewswire/ — Cybersecurity Ventures predicts global cybercrime costs will grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.

This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.

“Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm,” says Steve Morgan, founder of Cybersecurity Ventures and editor-in-chief at Cybercrime Magazine.

“Cybercriminals know they can hold businesses — and our economy — hostage through breaches, ransomware, denial of service attacks and more. This is cyberwarfare, and we need to shift our mindset around cybersecurity in order to protect against it,” says Jack B. Blount, President and CEO at INTRUSION, Inc.

Organized cybercrime entities are joining forces, and their likelihood of detection and prosecution is estimated to be as low as 0.05 percent in the U.S., according to the World Economic Forum’s 2020 Global Risk Report.

“Every American organization — in the public and private sector — has been or will be hacked, is infected with malware, and is a target of hostile nation-state cyber intruders,” adds Blount, who is also the former CIO at the United States Department of Agriculture (USDA).

Blount’s assertion is backed up by some of the nation’s top cyberwarfare and cybersecurity experts, and Fortune 500 chief information security officers, in a roundtable discussion which recently aired on the Cybercrime Radio podcast channel.

Cybersecurity Ventures and INTRUSION, Inc. have partnered on a series of initiatives aimed at providing thought leadership and guidance to CISOs and cybersecurity teams in the U.S. and…

Source…

Explosives Trade Detection market to grow at 10 percent annually, says HSRC

Jacob Goodwin

Top Priority Sector: 
cbrne_detection

The global market for Explosives Trace Detection devices is expected to expand between 2011 and 2016 at a combined annual rate of more than 10 percent, according to the Washington, DC-based Homeland Security Research Corp. (HSRC).

Homepage position: 
10

read more

Read more