The old, not the new: Basic security issues still biggest threat to enterprises

Attacks on critical infrastructure reveal industry faux pas.
Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure.
X-Force analysis projects that when a single generative AI technology approaches 50% market share or when the market consolidates to three or less technologies, it could trigger at-scale attacks against these platforms.
Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the dark web today.
In 2023, X-Force saw attackers increasingly invest in operations to obtain users' identities - with a 266% uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.
According to X-Force, major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident - with defenders needing to distinguish between legitimate and malicious user activity on the network.
IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months to detect and recover from - the longest response lifecycle than any other infection vector.
Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimize their attacks.
Already in 2023, X-Force observed over 800,000 posts on AI and GPT across dark web forums, reaffirming these innovations have caught cybercriminals attention and interest.
Worldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organizations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
Nearly 85% of attacks that X-Force responded to on this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts.
The latter poses an increased risk to the sector, with DHS CISA stating that the majority of successful attacks on government agencies, critical infrastructure organizations and state-level government bodies in 2022 involved the use of valid accounts.
For cybercriminals to see ROI from their campaigns, the technologies they target must be ubiquitous across most organizations worldwide.
Just as past technological enablers fostered cybercriminal activities - as observed with ransomware and Windows Server's market dominance, BEC scams and Microsoft 365 dominance or cryptojacking and the Infrastructure-as-a-Service market consolidation - this pattern will most likely extend across AI. X-Force assesses that once generative AI market dominance is established - where a single technology approaches 50% market share or when the market consolidates to three or less technologies - it could trigger the maturity of AI as an attack surface, mobilizing further investment in new tools from cybercriminals.
Although generative AI is currently in its pre-mass market stage, it's paramount that enterprises secure their AI models before cybercriminals scale their activity.
Nearly one in three attacks observed worldwide targeted Europe, with the region also experiencing the most ransomware attacks globally.
Despite remaining a top infection vector, phishing attacks saw a 44% decrease in volume from 2022.
With AI poised to optimize this attack and X-Force research indicating that AI can speed up attacks by nearly two days, the infection vector will remain a preferred choice for cybercriminals.
Red Hat Insights found that 92% of customers have at least one CVE with known exploits unaddressed in their environment at the time of scanning, while 80% of the top ten vulnerabilities detected across systems in 2023 were given a 'high' or 'critical' CVSS base severity score.
X-Force Red penetration testing engagements indicate that security misconfigurations accounted for 30% of total exposures identified, observing more than 140 ways that attackers can exploit misconfigurations.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Fri, 23 Feb 2024 06:13:06 +0000


Cyber News related to The old, not the new: Basic security issues still biggest threat to enterprises

What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
10 months ago Techrepublic.com
Omdia: Standalone Security Products Outsell Cybersecurity Platforms - In its many briefings with cybersecurity vendors, one of the most consistent themes Omdia hears is why enterprises need cybersecurity platforms. Instead, vendors claim, enterprises could get better outcomes if they give up their multitude of ...
1 year ago Darkreading.com
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
11 months ago Cyberdefensemagazine.com
What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
11 months ago Feeds.dzone.com
IaaS Security: Top 8 Issues & Prevention Best Practices - Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. By exploring the top eight issues and preventative measures, as well as ...
1 year ago Esecurityplanet.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
10 months ago Techrepublic.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
10 months ago Microsoft.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
2 months ago Esecurityplanet.com
Report: Organisations Have Endpoint Security Tools But Are Still Falling Short on the Basics - Most IT and security teams would agree that ensuring endpoint security and network access security applications are running in compliance with security policies on managed PCs should be a basic task. A new report from Absolute Security, based on ...
7 months ago Techrepublic.com
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
7 months ago Cybersecuritynews.com
Protecting branch office environments from ransomware The Register - Sponsored Feature Ransomware gangs that steal and encrypt vital business data before extorting payment for its decryption and restoration are ramping up global attacks at an ever-increasing rate. Cyber security experts agree that ransomware now ...
9 months ago Go.theregister.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
It's Time to Tear Down the Barriers Preventing Effective Threat Intelligence - Today, organizations are confronted with a deluge of cyber threats, ranging from sophisticated AI-powered ransomware to tried and true brute force attacks. At this point, IT security teams know it's essential to stay one step ahead of cybercriminals, ...
10 months ago Cyberdefensemagazine.com
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
1 year ago Darkreading.com
CVE-2024-44102 - A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 ...
1 month ago Tenable.com
Windows Incident Response: Human Behavior In Digital Forensics, pt III - Digital forensics can provide us insight into a threat actor's sophistication and situational awareness, which can, in turn, help us understand their intent. Observing the threat actor's actions helps us understand not just their intent, but what ...
11 months ago Windowsir.blogspot.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies - Critical for organizations to understand attackers' tactics, techniques, and procedures. The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were ...
1 year ago Cyberdefensemagazine.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
10 months ago Esecurityplanet.com
Guardians of Tomorrow: Arkose Labs Shares the Top 3 Cyber Threats for 2024 - Hosted by top executives at Arkose Labs, including CCO Patrice Boffa, CFO Frank Teruel, and CPO Ashish Jain, this crystal ball session explores forecasted cyber threats for enterprises in 2024, backed by real-world examples and threat analysis. With ...
11 months ago Securityboulevard.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
11 months ago Feeds.dzone.com
New Tool Set Found Used Against Organizations in the Middle East, Africa and the US - Unit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. We will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors' activity. We ...
1 year ago Unit42.paloaltonetworks.com
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
10 months ago Thedfirreport.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)