Tag Archive for: human

Human error tops causes of data breaches, says Verizon report

/in


Human error continues to be a leading factor in data breaches, according to Verizon’s annual analysis of cyberattacks around the world.

That was one of the conclusions of the 2022 Verizon Data Breach Investigations Report, which looked at 23,896 incidents last year, 5,212 of which were confirmed breaches. The data came from 87 cybersecurity vendors, researchers and consultants.

Eighty-two per cent of breaches in 2021 involved the human element, the authors found. “Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike,” the report says.

Mistakes alone were responsible for 14 per cent of breaches. “This finding is heavily influenced by misconfigured cloud storage,” the report adds. It doesn’t say explicitly, but this category would include misconfigured Amazon storage buckets.

Among the highlights (or lowlights, depending on your point of view):

  • ransomware has continued its upward trend, making up 25 per cent of breaches, an almost 13 per cent rise over 2022. That’s a rise as big as the past five years combined, the report says.”It’s important to remember that, while ubiquitous and devastating, ransomware by itself is, at its core, a model of monetizing an organization’s access,” the report adds. Blocking the abuse of credentials (stolen or brute-forced), keeping employees from falling for phishing, keeping attackers from exploiting vulnerabilities and blocking botnets are the best ways to thwart ransomware;
  • roughly 4 in 5 breaches can be attributed to organized crime, with external actors approximately four times more likely to cause breaches in an organization than insiders;
  • supply chain attacks were involved in 61 per cent of incidents last year. “Compromising the right partner is a force multiplier for threat actors,” the report noted. One of the best-known supply chain attack in 2021 was the compromise of Kaseya’s VSA platform;
  • system intrusion was the leading cause of 1,638 breaches with confirmed data disclosure in Canada and the U.S.. That was followed by social engineering, and basic web application attacks. And globally, 62 percent of system…

Source…

Aniview Renews Partnership with HUMAN to Continue Safeguarding Its Video Ad Platform From Sophisticated Bot Attacks

/in


NEW YORK–()–Aniview (https://www.aniview.com/), a global video technology company playing a central role in delivering digital advertising for publishers, and HUMAN (https://www.humansecurity.com/) Security Inc., a global leader in collective protection against sophisticated bot attacks and fraud, renew their partnership to help Aniview protect its customers’ inventory from sophisticated automated cybersecurity risks. This further strengthens the two companies’ partnership, empowering publishers and advertising networks on the Aniview platform continued access to HUMAN’s MediaGuard advertising fraud product.

Twenty-twenty-one was a tumultuous year (https://www.securitymagazine.com/articles/96496-ddos-attacks-and-botnets-in-2021-mozi-takedowns-and-high-frequency-attacks-reshape-the-threat-landscape) for botnet attacks, with PARETO (https://www.humansecurity.com/newsroom/human-formerly-white-ops-together-with-newly-formed-human-collective-and-industry-leaders-google-roku-announces-discovery-and-disruption-of-pareto-ctv-botnet), a highly sophisticated fraud operation, amassing an army of nearly one million bots to target CTV ad-ecosystems via mobile apps. The botnet used dozens of mobile apps to impersonate or spoof more than 6,000 CTV apps, accounting for an average of 650 million ad requests every day. PARETO used sophisticated techniques to hide its identity across the ecosystem, but was ultimately discovered and disrupted by HUMAN and the Human Collective in April 2021.

By renewing its partnership with HUMAN, Aniview is able to successfully identify and further eliminate threats of this nature from within its platform. The successful exposure of PARETO was enabled by Aniview’s dedicated approach to implementing HUMAN’s guidance, including adopting all industry anti-fraud standards across their platform and installing a dedicated quality leader. It has also better prepared Aniview and its customers for further cybersecurity challenges for the road ahead, placing it on stronger footing for the next generation of ad fraud attacks from bad actors.

“We’re incredibly pleased to continue our successful relationship with HUMAN,” says Alon…

Source…

Calling a Hack an Exploit Minimizes Human Error

/in


Yesterday, beginning at 18:24 UTC, someone or something exploited a security vulnerability on Wormhole, a tool that allows users to swap assets between Ethereum and a number of blockchains, resulting in the loss of 120,000 wrapped ether (or wETH, worth about $321 million) on the platform.

This is the second largest decentralized finance (DeFi) attack to date, according to rekt’s leaderboard, in an industry where security exploits are fairly common and part of users’ risk curve. There’s a whole business made out of code reviews, a lexicon of industry-specific jargon to explain what’s going on and something of a playbook to follow if and when “hacks” inevitably occur.

This article is excerpted from The Node, CoinDesk’s daily roundup of the most pivotal stories in blockchain and crypto news. You can subscribe to get the full newsletter here.

Wormhole, apart from catching and patching this bug earlier, has seemingly tried to do the right thing: They shut down the platform to prevent further losses, notified the public of what they know and announced Jump Trading is on the line to replenish the stolen coins.

Read more: Blockchain Bridge Wormhole Suffers Possible Exploit Worth Over $326M

Furthermore, in a move that’s becoming increasingly common, the Wormhole Deployer has posted an open message to the exploiter on Ethereum offering them a “white hat agreement” and $10 million for an explanation of the attack in exchange for the stolen funds.

Excuse the simile, but this is like waiting for a magician to pull a rabbit from a top hat. The world is waiting to see whether they’re dealing with a “white” or “black” hat hacker, terms meant to explain a hacker’s motivations. The reality is likely to be a little more gray.

Hacks vs. exploits

“Black hat hackers are criminals who break into computer networks with malicious intent,” according to Kaspersky security experts. They may use malware, steal passwords or exploit code as it’s written for “self-serving” or maybe “ideological” reasons. White hats, aka “ethical hackers” or “good hackers,” are the “antithesis.”“They exploit computer systems or networks to identify their security flaws so they…

Source…

Pegasus hack reported on iPhones of Human Rights Watch official

/in



Human Rights Watch official Lama Fakih was at a meeting in Beirut, where she lives and works, when a strange message appeared on her iPhone on Nov. 24: “ALERT,” it said. “State-sponsored attackers may …

Source…