Tag Archive for: Orgs

North American Orgs Hit With an Average of 497 Cyberattacks per Week

/in


New data released this week confirms what numerous others have reported as a massive surge in attacks against organizations worldwide since the COVID-19 pandemic forced dramatic changes to workplace and operational environments.

A recent analysis of threat activity by Check Point Software Technologies shows that the average number of weekly attacks on organizations globally so far this year is 40% higher than the average before March 2020, when the first pandemic-related changes went into effect. In the US, the average increase is even higher, at 53%.

Check Point’s data shows there were more average weekly attacks in September 2021 than any time since January 2020. In fact, the 870 attacks per organization globally per week that Check Point counted in September this year was double the average in March 2020.

In terms of of raw attack volume, companies and other organizations in Africa experienced more weekly attacks this year — 1,615 — than any other region. Though North American companies experienced the highest growth in attack volumes, the actual number of attacks per week was lower, at 497 per organization.

As has been the case for some time now, some industry sectors were more heavily targeted than others. Education and research organizations, for instance, witnessed a 60% increase in attacks from 2020 and currently average 1,468 attacks per week. 

Government and military entities, with an average of 1,082 weekly attacks, were the next most highly attacked, while healthcare organizations are currently dealing with some 752 attacks per week on average — or a 55% increase from last year.

Check Point’s data is similar to data from other vendors that have noted a sharp increase in attacks targeting these sectors. For instance, the need for school districts to support new distance learning models in the wake of the pandemic has made them even bigger targets for ransomware operators than they were already. Over the past year, there have been numerous reports of ransomware attacks disrupting
attempts to deliver classes online and often forcing school districts to deal with huge ransom demands.

Similarly, hospitals and healthcare networks that are central to fighting the…

Source…

Opswat: Only 8% of orgs with web apps for file uploads have adequate cybersecurity

/in


The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!

Only 8% of organizations with web applications for uploading files implement adequate cybersecurity protocols against malicious attacks, according to a new report by Opswat. Yet almost all of them (99%) are concerned (to a varying degree) about cyber threats.

Organizations have raced to digitally transform their businesses in response to market pressures and customer demands leading to widespread adoption of cloud services and collaboration and sharing platforms. However, security for their web applications supporting file uploads and transfers has lagged behind, further exacerbated by the pandemic.

In their 2021 Web Application Security Report, Opswat found that 87% of organizations are “extremely” or “very” concerned about file uploads as an attack vector for malware and cyberattacks, with 82% reporting increased concern since last year.

While there is awareness of the need to secure file uploads, only 8% implement cybersecurity best practices. A concerning 32% of organizations do not scan all file uploads to detect malicious files, and an overwhelming majority do not sanitize file uploads with Content Disarm and Reconstruction (CDR) to prevent unknown malware and zero-day attacks.

Opswat conducted web application security research that analyzed trends and gaps in cybersecurity measures on file uploads. While web applications enhance productivity and user experience, file upload portals expand and introduce new attack surfaces. And, many organizations are not effectively protected, despite increased concern of malware attacks and third-party risk.

The 302 global survey participants were independent IT security professionals directly responsible for web applications accepting at least 500 file uploads per day for companies with at least 250 employees. Survey topics included overall IT security, current file upload environments, and security of external file uploads.

Read the full report by Opswat.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and…

Source…

Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase

/in


Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant. 

Vice Society, one of the newer ransomware groups, debuted in June and made a name for themselves by attacking multiple hospitals and leaking patient info. Cybersecurity researchers at Cisco Talos said Vice Society is known to be “quick to exploit new security vulnerabilities to help ransomware attacks” and frequently exploits Windows PrintNightmare vulnerabilities during attacks. 

“As with other threat actors operating in the big-game hunting space, Vice Society operates a data leak site, which they use to publish data exfiltrated from victims who do not choose to pay their extortion demands,” Cisco Talos explained last month. 

Cybersecurity firm Dark Owl added that Vice Society is “assessed to be a possible spin-off of the Hello Kitty ransomware variant based on similarities in the techniques used for Linux system encryption.” They were implicated in a ransomware attack on the Swiss city of Rolle in August, according to Black Fog. 

image4.png

The Vice Society leak site. 


Cisco Talos

Multiple hospitals — Eskenazi Health, Waikato DHB and Centre Hospitalier D’Arles — have been featured on the criminal group’s leak site and the group made waves this week by posting the data of Barlow Respiratory Hospital in California.

The hospital was attacked on August 27 but managed to avoid the worst, noting in a statement that “no patients were at risk of harm” and “hospital operations continued without interruption.”

Barlow Respiratory Hospital told ZDNet that law enforcement was immediately notified once the hospital noticed the ransomware impacting some of its IT systems. 

“Though we have taken extensive efforts to protect the privacy of our information, we learned that some data was removed from certain backup systems without…

Source…

Ransomware attacks cost healthcare orgs $20.8B in 2020

/in


Ransomware attacks skyrocketed amid the pandemic when hospitals increased their use of remote work and moved more hospital data online, according to a July 21 report by cybersecurity consulting firm CynergisTek.

Five things to know:

  1. In 2020, 560 healthcare organizations were victims of ransomware attacks, the report said. 

  2. Ransomware attacks cost healthcare organizations $20.8 billion in downtime in 2020, double the amount it cost in 2019, according to a Comparitech report cited by CynergisTek.

  3. A separate IBM report found data breaches in the healthcare industry cost an average of $9.23 million.

  4. The cost of ransomware payments has put a strain on hospital budgets. Nonprofit hospitals and health systems have been especially affected by the costs of relentless cyberattacks.

  5. “Ransomware pay-outs and efforts to protect or ‘harden’ healthcare systems and cyber defenses are affecting hospital financial flexibility by increasing on-going operating expenses,” Fitch Ratings said July 22. “Attacks may also hinder revenue generation and the ability to recover costs in a timely manner, particularly if they affect a hospital’s ability to bill patients when financial records are compromised or systems become locked.”

Source…