Tag Archive for: organization

Threat actors don’t have to compromise assets to attack an organization or its customers

/in


Digital supply chains, M&A, and shadow IT create a hidden attack surface

Most cyberattacks originate miles away from the network; web applications comprised the vector category most commonly exploited in hacking-related breaches. Unfortunately, most organizations lack a complete view of their internet assets and how those assets connect to the global attack surface. Three significant contributors to this lack of visibility are shadow IT, mergers and acquisitions (M&A), and digital supply chains.

Shadow IT

Where IT can’t keep pace with business requirements, the business looks elsewhere for support in developing and deploying new web assets. The security team is frequently in the dark regarding these shadow IT activities and, as a result, cannot bring the created assets within the scope of their security program. Unmanaged and orphaned assets can become a liability in an organization’s attack surface over time.

This rapid proliferation of digital assets outside the firewall is now the norm. New RiskIQ customers typically find approximately 30 percent more assets than they thought they had, and RiskIQ detects 15 expired services (susceptible to subdomain takeover) and 143 open ports every minute.2

Mergers and acquisitions

Everyday operations and critical business initiatives such as M&A, strategic partnerships, and outsourcing create and expand external attack surfaces. Today, less than 10 percent of deals globally contain cybersecurity due diligence.

There are several common reasons why organizations are not getting a complete view of potential cyber risks during the due diligence process. The first is the sheer scale of the company’s digital presence they’re acquiring. It’s not uncommon for a large organization to have thousands—or even tens of thousands—of active websites and other publicly exposed assets. While IT and security teams in the to-be-acquired company will have an asset register of websites, it’s almost always only a partial view of what exists. The more decentralized an organization’s IT activities are, the more significant the gap.

Supply chains

The enterprise is increasingly dependent upon the digital alliances that form the modern supply…

Source…

Number of DDoS attacks per one organization tripled

/in


The nature of DDoS attacks is constantly changing. StormWall experts are following new trends in DDoS attack organizations and have noticed a number of new trends recently.  Analyzing StormWall customer data the experts found that from January to September 2021, the average number of DDoS attacks per organization worldwide increased threefold. In addition, the number of TCP attacks has increased. This is due to the fact that botnets, which enable attacks with a capacity of several hundred gigabits, have recently become much cheaper.

In the period from January to September 2021, DDoS attacks on TCP protocols accounted for 45% of the total number of all DDoS attacks. In the same period last year, the share of DDoS attacks on TCP protocols was only 14%. The percentage of UDP attacks was 22% from January to September 2021, while this number was 34% last year. The comparison of statistics shows that the percentage of UDP flood type attacks is decreasing, while TCP flood type attacks are in the phase of rapid growth and are becoming more popular among hackers. This trend can be observed everywhere in the world.

The changes also affected other types of attacks. From January to September this year, DDoS attacks over the HTTP protocol accounted for 30% of the total number of attacks, although last year the share of this type of attack was 51%. Analysis of the statistics shows that hackers’ interest in attacking websites at the application level (HTTP) has waned. This is because packet floods (TCP/UDP) are now often more efficient and cheaper than HTTP floods, even if the target of the attack is a website since there are many offers on the Internet to acquire access to powerful botnets for organizing attacks (over 200 Gbit/s) that work at the packet level, at a low price (from $100 per day).

According to experts, due to the difficult economic situation in the world, hackers will continue to experiment with different types of DDoS attacks and also try to reduce the costs of organizing them. It is possible that cybercriminals will start experimenting more actively with rarely used types of DDoS attacks that exploit vulnerabilities of certain applications and require less energy to disable…

Source…

Is Your Healthcare Organization Following These Four Ransomware Best Practices?

/in


Healthcare is the most targeted sector for data breaches and ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020, according to the US Department of Health and Human Services Cyber Security Program 2021 Forecast.

While ransomware has been a favorite among attackers for years now, the rate continues to rise each year. The ransomware industry has displayed resilience and determination. Hacktivists and nation state actors are drawn to the disruption it can cause. Cybercriminals are drawn to the profits it can bring in, especially for public health records which can sell for up to $1,000 each on the dark web. In a survey of healthcare IT workers by SOPHOS earlier this year, a third reported they had been hit by ransomware attacks. The bill paid by healthcare providers for a ransomware attack is staggering. The average cost – including the ransom, people time, downtime, equipment, and other impacts on business operations – is $1.27 million.

We can make some assumptions about factors that are causing the steady increase in ransomware attacks: the emergence of “ransomware-as-a-service” platforms; the rapid inflation of cryptocurrency prices is a boon to attackers as bitcoin is used for most ransom payments; healthcare facilities have been overburdened and distracted by the COVID-19 pandemic; tensions between countries has spurred a rise in cyber warfare and criminals internationally.

We have seen ransomware strains come and go just for new and improved versions to take their place. A major evolution in tactics observed over the past year is ransomware being used not only to encrypt the data but also to exfiltrate and hold it for ransom under the threat of leaking the information to the public. An example of this is the breach at Vastaamo, a major Finnish psychotherapy clinic reported in October 2020. Patient files and therapy session notes were compromised, encrypted, and exfiltrated. Even after Vastaamo paid the ransom, the attackers shifted to contacting the patients directly and threatened to release their sensitive therapy data if they did not pay an additional ransom. Therapy session notes and personal data of many patients were leaked…

Source…

SentinelOne Bolsters Global Engineering Organization with Veteran Leadership | Business

/in


MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–Jun 18, 2021–

SentinelOne, an autonomous cybersecurity platform company, today announced the appointment of Siggi Petursson as Vice President, Customer-Centric Engineering and Martin Matula as Vice President, Engineering, Czech Republic Site Lead. SentinelOne’s engineering organization operates on a global scale in multiple regional sites, enabling rapid innovation and scaled product delivery.

Petursson brings more than 20 years of cybersecurity and software engineering leadership experience to SentinelOne, most recently holding the position of Sr. Director of Software Engineering at Oracle (NYSE: ORCL). At Oracle, Petursson played a critical role in enabling the company’s software migration from on-premises to the cloud, designing machine learning systems to ensure quality control of cloud-based products. Petursson also spearheaded the company’s Security-as-a-Service solution, an automated solution that scanned products for security vulnerabilities and provided auto-triaging capabilities. At SentinelOne, Petursson will drive product quality assurance and lead the company’s sustaining engineering team.

Matula comes to SentinelOne from Avast, where he was VP of Engineering at the company’s Czech Republic headquarters, responsible for leading an engineering organization spanning multiple locations in EMEA and the US, delivering endpoint, IoT, and mobile security solutions. Prior to Avast, Matula held regional engineering leadership positions at companies including Cisco and GoodData. At SentinelOne, Matula will lead engineering team growth in the Czech Republic, expanding throughout central and eastern Europe.

“Siggi and Martin have distinguished themselves as leaders in security software engineering and bring tremendous value to SentinelOne,” said Ric Smith, Chief Technology Officer, SentinelOne. “Their experience leading teams and product engineering for public and private cloud-based solutions supports the company’s global engineering efforts and the Singularity XDR platform’s flexible deployment…

Source…