Tag Archive for: report

Ransomware remains biggest threat to SMBs, says Sophos Threat Report

/in


Sophos has found that ransomware remains the principal threat to small and medium-sized businesses (SMBs), despite a stabilisation in the number of attacks.

The 2024 Threat Report identified that data and credential theft malware, including keyloggers, spyware, and stealers, also constituted nearly 50% of all malware detections targeting SMBs.

Attackers use this stolen information to gain unauthorised remote access, extort victims, deploy ransomware, and more.

Data and Credential Theft: A Rising Concern for SMBs

Christopher Budd, Director of Sophos X-Ops Research, stressed the growing allure of data as a currency among cybercriminals, especially towards SMBs that often rely on singular service or software applications for entire operations.

“There’s a reason that more than 90% of all cyberattacks reported to Sophos in 2023 involved data or credential theft,” Budd explained, highlighting the criticality of securing access to essential business applications to prevent financial theft and unauthorised access.

“Let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software.

“Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts,” said Budd.

Ransomware Dominates Cyberthreat Landscape

Despite a stabilisation in the number of attacks, ransomware remains the principal threat to SMBs.

Sophos Incident Response (IR) identified LockBit, Akira, and BlackCat as the top ransomware gangs targeting SMBs, alongside attacks by older and lesser-known ransomware variants.

The report notes a 62% increase in ransomware attacks involving remote encryption between 2022 and 2023, and highlights instances of small businesses attacked through vulnerabilities in their managed service providers’ (MSPs) software.

Evolving Tactics in Social Engineering

The Sophos report also sheds light on the sophistication of business email compromise (BEC) and social engineering attacks, now the second highest type of attacks after ransomware.

Attackers are engaging in more elaborate tactics, including extended email conversations and phone…

Source…

Black Majority Schools Face Alarming Internet Security Risks, Report Finds

/in


There is a large digital divide affecting low-income and Black or Indigenous majority schools, a recent report by Internet Safety Labs (ISL) has found.

Ads and trackers

The report “Demographic Analysis of App Safety, Website Safety, and School Technology Behaviors in US K-12 Schools” explores technological disparities in American schools, focusing mainly on marginalized demographics.

This research expands on ISL’s previous work on the safety of educational technology across the country and is supported by the Internet Society Foundation. It reveals how schools of different backgrounds use technology and the risks involved.

One concerning finding is that websites for schools with mostly Black students were the least safe.

One-third of these schools had advertisements on their websites—a rate much higher than the national average—and 100% of the websites had trackers monitoring visitor behavior.

Privacy or digital divide?

The study also highlights a broader problem: a digital divide in how technology is used in education.

Schools in the lowest income bracket, making between $20,000 and $39,000, were among the least likely to provide their students with computing devices. This limits these students’ experience with technology.

Furthermore, the technology that is recommended or required often poses privacy risks, including apps filled with digital and behavioral ads.

Similar trends were seen for schools with the most American Indian/Native Alaskan students, leading to concerns about how this digital divide impacts students’ learning and their understanding of technology.

What Is The Solution?

The report suggests several actions for schools, school districts, and policymakers.

It recommends eliminating digital ads and tracking devices on school websites.

It also emphasizes the importance of schools being transparent about the technology they use, suggesting they publish a comprehensive list of required technology so students and parents know what’s expected.

Finally, it suggests schools should thoroughly vet all technology they recommend or require for educational use, to ensure it’s safe and appropriate…

Source…

Report Says Iranian Hackers Targeting Israeli Defense Sector

/in


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Next-Generation Technologies & Secure Development

Hackers Are Leveraging Israel-Hamas War to Carry Out Attacks, Researcher Tells ISMG

Chris Riotta (@chrisriotta) •
February 27, 2024    

Report Says Iranian Hackers Targeting Israeli Defense Sector
Mandiant found suspected Iranian hackers targeting Middle Eastern defense workers. (Image: Shutterstock)

Cybersecurity researchers identified a suspected Iranian espionage campaign targeting aerospace, aviation and defense industries across the Middle East, including in Israel and the United Arab Emirates.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors


Threat intelligence firm Mandiant published a report Tuesday night that links a threat actor tracked as UNC1549, allegedly associated with the Iranian Revolutionary Guard Corps, to a series of coordinated attacks targeting Middle East entities affiliated with the aerospace and defense sectors.


Ofir Rozmann, a senior researcher for Mandiant and a coauthor of the report, told Information Security Media Group that hackers “used decoys and lures” to gain initial access into targeted systems. They primarily used Microsoft Azure cloud infrastructure to communicate with their deployed back doors – a technique used to evade detection.


Tehran-affiliated hackers “are growing overtime in sophistication and conducting tailored cyberespionage and destructive campaigns,” Rozmann said. This campaign’s primary purpose appears to be espionage but may also support other…

Source…

Android 15 Could Offer a Boost to Two-Factor Authentication Security to Keep User Data Safe: Report

/in


Android 15 is still under development, but on Friday, February 16, Google released the first Developer Preview of the upcoming operating system. The tech giant said that the new Android software will largely focus on security, and a new report claims to have found three new ways it will make your smartphone and your sensitive data more secure. According to it, Android 15 will be able to better protect the notifications that arise from two-factor authentications (2FA) so that a malicious app or malware cannot access it to steal user data.

According to a report by Android Authority’s Mishaal Rahman, Android 15 will be implementing new ways to cover the gaps left behind by its predecessors. Currently, most two-factor authentication methods for social media profiles, emails, and banking apps use SMS to send a one-time password (OTP). However, there is a risk if a malicious third-party app can read this notification and use it to hack into sensitive data or get into your banking apps and steal money.

To reduce the risk, Google has already begun placing strings of codes in the current edition of the OS. The report found a line of code in the Android 14 QPR3 Beta 1 update that mentions a new permission named RECEIVE_SENSITIVE_NOTIFICATIONS. This permission comes with a higher protection level and can only be given to apps that Google personally verifies. The exact role of this permission is not known but given its naming, it appears to deal with a special category of notifications that will not be accessible for third-party apps to read.

The report highlights that it is likely aimed at 2FA-related notifications. The belief comes from a separate string of code found by Rahman, which points to an under-development platform feature, to which the permission is tied. The feature is named NotificationListenerService and it is an API that lets apps read or take action on notifications. A general use case would be how many apps ask for access to notifications to auto-fill OTP when creating a new account. However, once this API becomes active (it isn’t in the Android 14 build), this will get more difficult.

This API will require the user to enter Settings and then manually grant permission to apps…

Source…