Tag Archive for: Breaches

Human error tops causes of data breaches, says Verizon report

/in


Human error continues to be a leading factor in data breaches, according to Verizon’s annual analysis of cyberattacks around the world.

That was one of the conclusions of the 2022 Verizon Data Breach Investigations Report, which looked at 23,896 incidents last year, 5,212 of which were confirmed breaches. The data came from 87 cybersecurity vendors, researchers and consultants.

Eighty-two per cent of breaches in 2021 involved the human element, the authors found. “Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike,” the report says.

Mistakes alone were responsible for 14 per cent of breaches. “This finding is heavily influenced by misconfigured cloud storage,” the report adds. It doesn’t say explicitly, but this category would include misconfigured Amazon storage buckets.

Among the highlights (or lowlights, depending on your point of view):

  • ransomware has continued its upward trend, making up 25 per cent of breaches, an almost 13 per cent rise over 2022. That’s a rise as big as the past five years combined, the report says.”It’s important to remember that, while ubiquitous and devastating, ransomware by itself is, at its core, a model of monetizing an organization’s access,” the report adds. Blocking the abuse of credentials (stolen or brute-forced), keeping employees from falling for phishing, keeping attackers from exploiting vulnerabilities and blocking botnets are the best ways to thwart ransomware;
  • roughly 4 in 5 breaches can be attributed to organized crime, with external actors approximately four times more likely to cause breaches in an organization than insiders;
  • supply chain attacks were involved in 61 per cent of incidents last year. “Compromising the right partner is a force multiplier for threat actors,” the report noted. One of the best-known supply chain attack in 2021 was the compromise of Kaseya’s VSA platform;
  • system intrusion was the leading cause of 1,638 breaches with confirmed data disclosure in Canada and the U.S.. That was followed by social engineering, and basic web application attacks. And globally, 62 percent of system…

Source…

Two Law Firm Data Breaches And New Breach Stats

/in


Ed. note: This is the latest in a new article series, Cybersecurity: Tips From the Trenches, by our friends at Sensei Enterprises, a boutique provider of IT, cybersecurity, and digital forensics services.

Two New Law Firm Breaches in the News

On April 22, it was reported that midsized law firms McCarter & English and Stevens & Lee had suffered data breaches.

McCarter & English said it is actively investigating a network security incident that “impacted the availability of [its] computer systems.”

Leaders at the New Jersey-based firm said they restored key systems in the week after the incident occurred the weekend of April 9, including access to email. Their lawyers’ ability to perform services for clients was “not significantly impacted,” according to the firm.

“Upon discovering the incident, we took proactive measures to contain the incident and initiated an investigation. Law enforcement was also notified,” the firm said. “The investigation into the incident remains ongoing.”

According to the American Bar Association’s 2021 technology survey, solo and small firms continue to lag behind larger firms when it comes to their tech budgets, with only 43% of solo and 50% of small firms responding that they budget for technology, compared to the 65% of all firms indicating they budget in technology.

Our own experience is that even those who budget for technology don’t separately budget for cybersecurity defenses. While small and midsize firms consistently believe that they are not at great risk, they do not understand the mindset of cybercriminals. Law firm size doesn’t matter as much as the clients they serve and the extreme likelihood of weak security in smaller firms.

We know we harp on two-factor authentication, but it appears that McCarter & English’s data breach highlights the critical role that two-factor authentication can play in a firm’s cybersecurity. McCarter & English already had a multifactor system for authentication. However, after the incident, the firm migrated to data security company Duo for onsite as well as remote access to the firm’s systems.

A report released by Duo states that multifactor authentication has grown significantly…

Source…

Top data breaches and cyber attacks of 2022

/in


Regrettably, cyberattacks and breaches are big business – bad actors with an endless stream of nefarious motives populate the internet, ready to pounce on insecure data and immature security practices.

There’s no shortage of attacks and breaches, and that can make it hard to manage if you like to keep up with the latest security news.

Happily, we’ve done the hard work to round up ten of 2022’s top breaches and cyberattacks so far. They’re not in any particular order, but you should read on if you want to find out how significant an attack can be – and if you want to learn how to avoid the same issues.

There’s plenty of business security advice elsewhere on the site, including our explainer on the differences between endpoint protection and antivirus software and a guide on picking the best antivirus product for your business.





© Provided by TechRadar


A Techradar Choice for Best Antivirus Get online protection you can trust from one of the leaders in cybersecurity. Defend against viruses, phishing, ransomware, spyware, zero-second threats, Wi-Fi vulnerabilities, and more. Visit Avast.com today to see Special Pricing for Small Business Solutions.

Crypto.com

Cryptocurrency is big business, so it’s no wonder that Crypto.com was subjected to a serious breach at the start of 2022. The attack took place on January 17th, and targeted nearly 500 people’s cryptocurrency wallets.

Despite the blockchain being a relatively secure transaction method, the thieves used a pretty simple method to get the job done: they circumvented the site’s two-factor authentication (2FA). They stole $18 million of Bitcoin and $15 million of Ethereum.

Initially, Crypto.com described the hack as a mere “incident” and denied any theft, but clarified the situation a few days later and reimbursed the affected users.  

Microsoft

Computing giant Microsoft is no stranger to cyberattacks, and on March 20th 2022 the firm was targeted by a hacking collective called Lapsus$. The group posted a screenshot on Telegram to indicate that they’d managed to hack Microsoft and, in the process, they’d compromised Cortana, Bing, and several other products.

The hackers made off with some material…

Source…

Hacker Breaches Russian Ministry Computer through Unsecured VNC Ports

/in


Spielerkid89, a hacker who wanted to stay anonymous, managed to breach the computer of a regional Russian Ministry of Health by exploiting sloppy cybersecurity practices.

Although the hacker didn’t intend to harm the system, the breach serves as a perfect example of how poor cybersecurity can compromise vulnerable organizations and devices.

The attacker reportedly decided to probe Russian IP addresses with poor or no authentication and used the Shodan search engine to carry out research, leading to an unsecured open virtual network computing (VNC) port.

After the discovery, the attacker managed to breach the computer of the Ministry of Health in the Omsk region of Russia with no need for authentication such as a username or password.

“I was able to access people’s names, other IP addresses pointing to other computers on the network, and financial documents, too,” the hacker said, according to Cybernews. “It was so easy to gain access to these systems. They shouldn’t be there unauthenticated. That’s a serious security breach of assets right there. I didn’t need anything to get it, really.”

VNC is a type of remote-control software that lets users control computers over a network connection from a distance. Users generally rely on VNC to access their work computer from home or allow support agents to help them with technical issues.

Although VNC offers plenty of security settings, sometimes system administrators overlook them and leave open ports with disabled authentication. This invites a broad range of potentially disastrous attacks, such as theft of sensitive files, setting up backdoors, deploying malicious payloads, installing remote access Trojans, spying on other devices on the network, or wiping the targeted devices clean.

In this case, the hacker didn’t mean to harm the organization and allegedly only took a few screenshots of the compromised system as proof. Users should practice good cyber hygiene, especially while using remote-desktop connection services such as VNC.

  • Use multi-factor authentication (MFA) for VNC servers
  • Review connection logs on a regular basis
  • Enable screen blanking on Windows computers
  • Only allow trusted people to connect to your VNC server
  • Set a complex,…

Source…