Articles about Threats

A new report shows that 86 percent of organizations believe they follow best practices for security hygiene and posture management, though they may not actually be doing so.

The report, created for asset management and governance company JupiterOne by Enterprise Strategy Group (ESG), finds that 73 percent of security professionals admit that they still depend on spreadsheets to manage security hygiene and posture at their organizations.

Continue reading →

Energy organizations provide infrastructure that's essential for the safety and well being of society, but recent events like the Colonial Pipeline breach demonstrate that the industry is particularly vulnerable to cyberattacks.

A new report on energy industry threats finds that 20 percent of energy employees have been exposed to a mobile phishing attack in the first half of 2021, a 161 percent increase from the second half of 2020.

Continue reading →

Global losses from cybercrime now total more than $1 trillion, recent figures indicate, meaning that every business now must implement an effective threat hunting program has to protect its data security -- and long-term future. Establishing a threat hunting program from scratch may seem daunting, but it doesn’t have to be. Like so many things in life, the hardest part is taking the first step.

Even on a tight budget, numerous tools -- with SIEM, logs, and analytics -- can help security professionals start a robust threat hunting program. Below are the three main steps involved:

Continue reading →

High volumes of threats and shortages of skilled staff can lead to security teams becoming overwhelmed and this has led many companies to turn to professional and managed services.

Network detection and response (NDR) specialist ExtraHop is launching an expansion of its expanded Reveal(x) Advisor service that provides threat detection and hunting capabilities alongside network assurance analysis.

Continue reading →

Cybersecurity company ESET has released new research into FamousSparrow, a cyberespionage group attacking hotels worldwide, as well as governments, international organizations, engineering companies and law firms.

The Advanced Persistent Threat (APT) group FamousSparrow has been exploiting the Microsoft Exchange vulnerability known as ProxyLogon, which allows hackers to take control of Exchange servers.

Continue reading →

Despite a marked increase in concerns around malware attacks and third-party risk, only eight percent of organizations with web applications for file uploads have fully implemented the best practices for file upload security.

This is among the findings of the latest Web Application Security Report from critical infrastructure protection specialist OPSWAT.

Continue reading →

The latest analysis of phishing data from the Cyren Incident and Response team shows that 88 percent of evasive threats were detected using real-time techniques like machine learning.

Of the remainder six percent were found with proprietary threat intelligence or readily matched patterns from previous attacks, and the remaining six percent were suspicious messages that required human analysis to confirm the detection.

Continue reading →

Half of attacks on organizations that caused severe business disruption were by repeat offenders, according to a new study carried out by Ponemon for threat intelligence firm Team Cymru.

What's more, 61 percent of the victims of these attacks say they were unable to remediate these compromises, leaving critical systems and data at risk.

Continue reading →

Threat modeling is a top priority in 2021 according to 79 percent of respondents to a new survey, yet many organizations are still falling short in taking action or updating their approach.

The research from Balanced Development Automation (BDA) platform Security Compass shows that traditional threat modeling practices are historically slow, and hinder an organization’s goals of getting applications to market quickly.

Continue reading →

After scrutinizing numerous cybersecurity strategies in this book, Tim Rains, Microsoft’s former Global Chief Security Advisor, helps you understand the efficacy of popular cybersecurity strategies and more.

Cybersecurity Threats, Malware Trends, and Strategies offers an unprecedented long-term view of the global threat landscape by examining the twenty-year trend in vulnerability disclosures and exploitation, nearly a decade of regional differences in malware infections, the socio-economic factors that underpin them, and how global malware has evolved. This will give you further perspectives into malware protection for your organization. It also examines internet-based threats that CISOs should be aware of.

Continue reading →

Cyberattacks are happening more frequently and with greater sophistication. As a result, rapid threat detection and response is critical to finding threat actors and minimizing their impact on the enterprise. This task is easier said than done. Information security teams are understaffed and the digital infrastructures they must protect continue to increase in complexity. Time is also of the essence.

Every passing second dangerously prolongs a threat actor’s presence within the network, creating additional backdoors, pilfering critical data and assets, and increasing their chances of absconding with the crown jewels. In those especially urgent moments, when the security team is literally all hands-on deck, there isn’t time to run queries through a number of different tools and wait for results to come back. Security teams need real-time insights they can act upon quickly.

Continue reading →

The latest Quarterly Threat Insights Report from HP shows that 29 percent of malware captured between October and December 2020 was previously unknown, due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection.

In addition 88 percent of malware was delivered by email into users' inboxes, in many cases having bypassed gateway filters. It took 8.8 days, on average, for threats to become known by hash to antivirus engines, giving hackers over a week’s head-start on their campaigns.

Continue reading →

After a year full of unknowns and new normals, knowledge is power. The spike in cyber breaches in the past year, compounded by COVID-related attacks, has only increased the importance of cyber threat intelligence (CTI) in the past year. The 2021 SANS Cyber Threat Intelligence survey, sponsored by ThreatQuotient, explores the state of play in the global use of CTI and outlines why the difficulties of the past year have contributed to the continued growth and maturity of CTI. 

The 2021 survey saw the number of respondents reporting they produce or consume intelligence rise by 7 percent, more notably, this was the first time the number of respondents without plans to consume or produce intelligence was 0 percent, down from 5.5 percent in 2020. Analyzed CTI helps organizations understand the capabilities, opportunities, and intent of adversaries conducting malicious cyber activities. In turn, this paints a picture about how threat actors are targeting an organization’s systems, information, and people. It is this contextual information that helps organizations and individuals respond to threats, understand risks, design better cyber defenses, and protect their organization. 

Continue reading →

The latest quarterly threat intelligence report from Kaspersky shows that many actors behind advanced persistent threats (APTs) have continued to diversify their toolsets, at times resorting to extremely tailored and persistent tools.

At the same time though others have reached their goals by the employment of well-known, time-tested attack methods.

Continue reading →

According to a new report, 71 percent of healthcare organizations are now more concerened about insider threats than they were before the pandemic.

The study from Netwrix shows that pre-pandemic, these organizations were mostly concerned about employees accidentally sharing sensitive data (88 percent) and rogue admins (80 percent). Today they are worried about phishing (87 percent), admin mistakes (71 percent) and data theft by employees (71 percent).

Continue reading →