Threats

The latest Quarterly Threat Insights Report from HP shows that 29 percent of malware captured between October and December 2020 was previously unknown, due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection.

In addition 88 percent of malware was delivered by email into users' inboxes, in many cases having bypassed gateway filters. It took 8.8 days, on average, for threats to become known by hash to antivirus engines, giving hackers over a week’s head-start on their campaigns.

After a year full of unknowns and new normals, knowledge is power. The spike in cyber breaches in the past year, compounded by COVID-related attacks, has only increased the importance of cyber threat intelligence (CTI) in the past year. The 2021 SANS Cyber Threat Intelligence survey, sponsored by ThreatQuotient, explores the state of play in the global use of CTI and outlines why the difficulties of the past year have contributed to the continued growth and maturity of CTI. 

The 2021 survey saw the number of respondents reporting they produce or consume intelligence rise by 7 percent, more notably, this was the first time the number of respondents without plans to consume or produce intelligence was 0 percent, down from 5.5 percent in 2020. Analyzed CTI helps organizations understand the capabilities, opportunities, and intent of adversaries conducting malicious cyber activities. In turn, this paints a picture about how threat actors are targeting an organization’s systems, information, and people. It is this contextual information that helps organizations and individuals respond to threats, understand risks, design better cyber defenses, and protect their organization. 

The latest quarterly threat intelligence report from Kaspersky shows that many actors behind advanced persistent threats (APTs) have continued to diversify their toolsets, at times resorting to extremely tailored and persistent tools.

At the same time though others have reached their goals by the employment of well-known, time-tested attack methods.

According to a new report, 71 percent of healthcare organizations are now more concerened about insider threats than they were before the pandemic.

The study from Netwrix shows that pre-pandemic, these organizations were mostly concerned about employees accidentally sharing sensitive data (88 percent) and rogue admins (80 percent). Today they are worried about phishing (87 percent), admin mistakes (71 percent) and data theft by employees (71 percent).

A new study finds that 56 percent of IT and operational technology security professionals at industrial enterprises have seen an increase in cybersecurity threats since the start of the COVID-19 pandemic in March.

In addition, the research from Claroty, based on a global, independent survey of 1,100 full-time IT and OT security professionals, shows that 70 percent have seen cyber criminals using new tactics to target their organizations in this time frame.

Moving systems to the cloud offers many benefits for organizations, but it also opens up a new range of threats.

The Cloud Security Alliance has released a new report looking at case study analyses of recent attacks and data breaches to promote understanding of how attacks work and how they can be successfully mitigated.

Concern about deepfakes is on the rise and earlier this week Microsoft announced its own video authentication tool ahead of the US elections.

To help counter the threat from increasingly sophisticated cyber attacks, including the use of deepfakes, biometric authentication company iProov is also launching its own Security Operations Centre (iSOC).

It's important for security teams to be able to respond quickly and effectively to threats and part of being able to do that is having good intelligence.

With this in mind, Netenrich is launching two new tools, Knowledge Now (KNOW), a free global threat intelligence tool, and Attack Surface Intelligence (ASI) combine to deliver rich, actionable context for faster, more proactive response to known and emerging cyber threats.

A new survey of over 300 security professionals reveals that 93 percent feel they lack the tools to detect known security threats, and 92 percent say they are still in need of appropriate preventative solutions to close current security gaps.

The study from security operations center specialist LogRhythm also finds that 75 percent of security professionals now experience more work stress than they did just two years ago.

According to a new report, 89 percent of security professionals are most concerned about phishing, web and ransomware attacks, but only 48 percent confirm that they have continuous visibility into these risk areas.

The 2020 Cybersecurity 360 Report from Balbix also shows 64 percent of organizations are only, at best, somewhat confident in their security posture, and that the lack of visibility into security is the primary concern for organizations.

A new report shows that 82 percent of security operations centers are confident in their ability to detect cyberthreats.

This is despite just 22 percent of front line workers tracking mean time to detection (MTTD), which helps determine hacker dwell time, and 40 percent of organizations still struggling with SOC staff shortages and finding qualified people.

While organizations continue to invest significant amounts in security controls and assume that this means assets are fully protected, the reality is that a majority of attacks successfully infiltrate production environments without their knowledge.

This is among the findings of a new report from Mandiant Solutions -- the threat intelligence arm of FireEye -- based on real attacks, specific malicious behaviors, and actor-attributed techniques and tactics.

Just in case you didn't have enough to worry about at the moment, the Information Security Forum has published its Threat Horizon 2022 report, looking ahead to the cyber challenges of the next two years.

Balancing today's realities with forecasts that push the limits of thinking, the report highlights nine major threats, broken down into three themes, that organizations can expect to face as a result of developments in technology.

Automation is having an impact on almost every industry, but it's not just in the world of legitimate commerce that its presence is being felt. A new report from Recorded Future shows criminal enterprises are turning to automation tools too.

Indeed the criminal underground has created an ecosystem of tools and resources allowing threat actors to both operationalize and monetize their campaigns increasingly quickly.

Businesses increasingly struggle with the sheer volume of cyber threats that they face. One way of tackling that is a risk-based system that allows analysts to focus on the most pressing issues.

SIRP a Security Orchestration, Automation and Response (SOAR) platform is launching a new security scoring module to provide vital context for security teams and allow them to prioritize risks.