We highlighted the release of The 2017 Cisco Annual Cybersecurity report in our blog post a few weeks back. Today, SPAM is on the menu and the same Cisco report serves up some very interesting insights into the growth of global spam.
According to the report:
Spam is problematic for every organization. In its most benign form the sheer volume of spam can overload inboxes and waste valuable employee time. In its most malignant form spam can trick employees into inviting malware into networks or even sending funds to cybercriminals masquerading as suppliers.
At Konsultek, spam is just one of things we take of the buffet of cyber threats so that your employees, your organization and your network are protected. If you are interested in learning more about how we can help your organization please give us a call.
We’ve reported on the rise in ransomware attacks previously. Ransomware is readily available for purchase on the Darknet and requires relatively little sophistication to use. This makes it very popular among cyber thieves looking to make a quick buck holding individuals and organizations hostage.
However, it appears that competition may be heating up in the ransomware space and some speculate that this infighting may be a boon to would be victims because it consumes resources that may otherwise be used for mayhem.
Petya, a particularly virulent strain of ransomware that was a pioneer in the malware-as a-service offering, has apparently had its code (or at least key portions of it) by a group that has used the stolen code to create and launch an even more nasty version they dub PetrWrap.
In use since February, PetrWrap uses its own cryptographic keys to lock down a user’s data rather than relying on the “stock” keys that come with a paid subscription to Petya.
“We are now seeing that threat actors are starting to devour each other. From our perspective, this is a sign of growing competition between ransomware gangs,” says Anton Ivanov, senior security researcher at Kaspersky Lab. He further postulates “Theoretically, this is good, because the more time criminal actors spend on fighting and fooling each other, the less organised they will be, and the less effective their malicious campaigns will be.”
Whether this increased competition is good or bad for individuals and organizations will only reveal itself in the months and years ahead. In the meantime we urge you take as many precautions as possible including:
1. Routinely backing up all critical data on drives that are secure.
2. Implementing a robust threat prevention, detection and mitigation strategy
3. Proactively performing penetration tests and other types of network security challenges to identify areas of weakness prior to them allowing ingress by outside threats.
If you would like to discuss best practices in any of these areas, please give us a call. We are here to help!
Monday morning, March 6, 2017 started off with a teaser announcement from data breach storm chaser Chris Vickery over at MacOS security software specialists MacKeeper. The announcement stated that later in the morning the identity of a breach victim with 1.37 BILLION records compromised would be identified.
Wow 1.37 Billion is a LOT of records! For perspective, there are only about 300 Million people in the whole United States. A breach of that size can only happen to an organization that either has a lot of individual users/customers, a large government agency or perhaps a large scale data aggregator.
The Internet was immediately on fire with speculation as to who might have been breached… Facebook? Salesforce? Apple? Alibaba?
Well, a few hours later the mystery was solved when Chris Vickery revealed on the MacOS blog that the “victim” was one of the largest email spammers in the world! Wow, no one had that on their radar.
The spammers, who position themselves as legitimate marketers under the name River City Media, use automation and hacking techniques to send out an estimated 1 Billion emails a day with a team that numbers around a dozen. While everyone despises spam email, at some level you have to admire the sheer spamming scale that Alvin Slocombe and Matt Ferris, the River City Media principles, were able to operate at.
In addition to emails, the database contains real names, IP addresses and frequently physical addresses. It would appear that these details may be headed over to law enforcement authorities so “big brother” just got a huge windfall.
You can bet that this is only the beginning of the story and that much more will come to light in the months ahead. Certainly all the investigators involved, MacKeeper Security Research Center, CSOOnline, and Spamhaus deserve a huge helping of kudos for clearing up, at least a little bit, the inboxes of over a billion spam victims in one fell swoop.
You would think that a group of professional spammers would have appreciated and deployed the best security measures possible. It just goes to show that any operation, illegal or otherwise can be brought to a screeching halt when a data breach occurs.
Get proactive on challenging your own network security before it is too late. From executive assessments to vulnerability discovery and breach simulation Konsultek can help. Give us a call to find out how we can help you identify and quantify your network security risks in a proactive manner.
The 2017 Cisco Annual Cybersecurity report was just published. Weighing in at 110 pages and filled with detailed analysis, this is a report that should be downloaded and reviewed by anyone with an interest in the ever changing cybersecurity landscape.
● The top constraints to adopting advanced security products and solutions, according to the benchmark study, are budget (cited by 35 percent of the respondents), product compatibility (28 percent), certification (25 percent), and talent (25 percent).
● The Cisco 2017 Security Capabilities Benchmark Study found that, due to various constraints, organizations can investigate only 56 percent of the security alerts they receive on a given day. Half of the investigated alerts (28 percent) are deemed legitimate; less than half (46 percent) of legitimate alerts are remediated. In addition, 44 percent of security operations managers see more than 5000 security alerts per day.
● Twenty-seven percent of connected third-party cloud applications introduced by employees into enterprise environments in 2016 posed a high security risk. Open authentication (OAuth) connections touch the corporate infrastructure and can communicate freely with corporate cloud and software-as-a-service (SaaS) platforms after users grant access. See our previous post on private vs. public cloud
● According to the Security Capabilities Benchmark Study, organizations that have not yet suffered a security breach may believe their networks are safe. This confidence is probably misplaced, considering that 49 percent of the security professionals surveyed said their organizations have had to manage public scrutiny following a security breach. 6 Executive Summary and Major Findings Cisco 2017 Annual Cybersecurity Report
● The Cisco 2017 Security Capabilities Benchmark Study also found that nearly a quarter of the organizations that have suffered an attack lost business opportunities. Four in 10 said those losses are substantial. One in five organizations lost customers due to an attack, and nearly 30 percent lost revenue.
● When breaches occur, operations and finance were the functions most likely to be affected (36 percent and 30 percent, respectively), followed by brand reputation and customer retention (both at 26 percent), according to respondents to the benchmark study.
● Network outages that are caused by security breaches can often have a long-lasting impact. According to the benchmark study, 45 percent of the outages lasted from 1 to 8 hours; 15 percent lasted 9 to 16 hours, and 11 percent lasted 17 to 24 hours. Fortyone percent (see page 55) of these outages affected between 11 percent and 30 percent of systems. See our recent post on Business Continuity
● The 2017 Security Capabilities Benchmark Study found that most organizations rely on third-party vendors for at least 20 percent of their security, and those who rely most heavily on these resources are most likely to expand their use in the future. Review Konsultek’s Managed Security Services
When it comes to protecting organizational assets within your network, Konsultek shines. Our engineers’ consultative approach to security means that every organization gets the custom security solution that is right for them, not some off the shelf bundle of products. If you are ready to learn how you can take your organization’s network security to the next level, give us a call.
The 2017 Horizon Scan from the Business Continuity Institute has been released.
The survey results have been compiled from the responses of 726 organizations across 79 countries. The survey represents a wide range of market segments including financial and insurance services, retail and defense. The companies surveyed were diverse in size ranging from small businesses, with fewer than 250 employees, to corporations with more than 100,000 employees and annual sales of more than 50 billion USD.
Source: Business Continuity Institute
Later in the Horizon Scan report the folks at BCI introduce a new metric called the “Disruption Level”. Interestingly, when you reclassify the top 3 threats, in terms of disruption “Unplanned IT and Telecom Outages” rise to the top in terms of disruption with a score of 72. In contrast, “Cyber Attack” and “Data Breach” score just 35 and 15 respectively. This shows that there is a huge disparity between what is perceived as a risk to BC as opposed to what is actually a risk to BC.
Whether it is security to harden your defenses, data center colocation, strategic use of cloud services or a suite of managed services, a comprehensive network security and infrastructure package from Konsultek can help your business weather the unexpected. To learn more about how one of our customized solutions can benefit your organization just pick up the phone and give us a call.