A survey of 1,600 chief information security officers found that more than two-thirds of them (68%) expect a “physical cyberattack” on their organizations in the next 12 months.

The survey, which forms the basis of the annual “Voice of the CISO report” by Proofpoint, an enterprise security company, showed a clear shift among security chiefs in attitudes toward future threats to their organizations. Just 12 months ago, less than half of CISOs (48%) saw a cyber attack on their horizon.

This apparent change suggests that security professionals see the threat landscape as heating up once again, the report noted, and they have readjusted their concern levels to match.

“As we emerged from the pandemic, security leaders realized they were able to implement more long-term controls to protect their work environment, so there was a sense of peace,” said Lucia Milica Stacey, Global Resident CISO at Proofpoint.

“However, as the volume of attacks continues to rise, along with geopolitical tensions and global economic uncertainty, a lot of the optimism is gone,” he told TechNewsWorld.

reasons for pessimism

According to security experts, several factors may be contributing to CISOs’ concerns about rising cyber attacks.

“New vectors of attack continue to emerge – software supply chain compromise, third party and SaaS systems involving APIs, AI-related security risks – each requiring new defensive strategies and skills,” said Carl Mattson, CISO of Nonum Security , a provider in Palo Alto, Calif., of a cloud-native API security platform.

“Meanwhile, traditional threats like ransomware or web application attacks are never going away,” he told TechNewsWorld. “With security budgets and staffing levels remaining largely flat, the stage is set for greater risk exposure this coming year.”

The proliferation of endpoints in the enterprise also gives CISOs increased cause for alarm.

Darren Guccione, CEO of Keeper Security, a password management and online storage company, said, “IT leaders are finding it increasingly difficult to gain comprehensive visibility, security, compliance and control to protect every employee, on every device, from every location. ” in Chicago.

“The expanding attack surface specifically related to cyberattacks is on the rise and IT security teams are competing for talent as macroeconomic conditions tighten budgets,” he told TechNewsWorld.

Adoption of the model as a service by threat actors increases the likelihood of an organization being attacked over the next 12 months. “Phishing as a service and ransomware as a service enable a significant increase in the number and scale of cyber attacks,” explained Avishai Avivi, CISO of SafeBreach in Tel Aviv. , Israel.

“At that point, it becomes a statistical reality,” he told TechNewsWorld. “The more attacks, the more likely an attack is to succeed.”

insider threat to data

Proofpoint also reported that CISOs believe employee turnover poses a risk to data security. More than eight out of 10 security chiefs (82%) told researchers that employees leaving their organization contributed to a data loss incident.

“Resource constraints and large staff turnover are likely underlying reasons for the high percentage of CISOs concerned about the loss of sensitive data due to employee turnover,” Stacey said.

The report said the two sectors most affected by turnover were retail (90 per cent) and IT, technology and telecommunications (88 per cent).

These trends leave security teams with a nearly impossible challenge, it continued. When people are gone, it’s hard to stop them from taking data.

Some organizations require written guarantees from former employees that they will delete all company data. Others threaten potential employers with potential liability if an employee shares any data from their old job. But none are even close to being a satisfactory solution.

“Many employees, upon their departure, try to take some aspect of their job with them,” said Daniel Kennedy, research director of information security and networking at 451 Research, which is part of S&P Global Market Intelligence, a global market research company. Is.

“For vendors, this could be contact or customer account information. For other employees, it could be a form of intellectual property, models they worked on or code, for example,” he told TechNewsWorld.

“When I was a CISO,” he recalled, “I was definitely concerned with the hits on our various data loss platforms and departing employees. I could usually predict when someone was going to resign based on their behavior. going to give

changing narratives

The growing concern of CISOs about insiders contributing to data loss represents a departure from previous thinking on the subject.

“The recent shift from ‘it is wrong to distrust employees’ or ‘we hire the best people’ to ‘we have to expose ourselves to all kinds of threats’,” said Saurya Biswas, technical director of risk management and governance. There is a change in the thinking of ‘to be protected from’.” At NCC Group, a global cyber security consultant.

“Recent US defense leaks by insiders Jack Teixeira, Chelsea Manning and Edward Snowden may have helped shape this narrative,” he told TechNewsWorld. “It’s not the prevalence of malicious insider trading that has changed, but the awareness around it.”

The level of employee mistrust displayed in the survey probably says something more about a company’s overall culture, maintained Daniel Schwalbe, CISO of DomainTools, an Internet intelligence company in Seattle.

“But it can also be attributed to the rise in remote working, which makes some CISOs feel like they are losing visibility into where their data ends up,” he told TechNewsWorld. “The current realities of a remote workforce have thrown pre-pandemic corporate networks out the window.”

Call for Cyber ​​Resilience

Proofpoint’s report also found that most organizations are likely to pay the ransom when affected by ransomware. Three out of five CISOs (62%) surveyed believed their organization would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months.

CISOs’ organizations were increasingly relying on insurance to shift the cost of their cyber risks, the report said, with 61% saying they would claim cyber insurance to recover losses incurred in various types of attacks .

“Over the past five years, there has been a general incentive for cyber insurers to pay the ransom and have the cost covered by their premiums,” said Chris Cooper, CISO and a member at Six Degrees, a cyber security consultancy in London. ISACA Emerging Trends Working Group.

“Fortunately, this is changing, as paying the ransom only instigates incidents,” he told TechNewsWorld.

“There is also growing evidence that some groups are coming back for a second bite at the cherry,” he added.

Ryan Kalumber, executive vice president of cyber security strategy at Proofpoint, urged security chiefs to remain steadfast in protecting their people and data despite the challenges they face.

“If the recent devastating attacks are any indication, CISOs have an even more difficult road ahead, especially given uncertain security budgets and new job pressures,” he said in a news release. “Now that they have returned to a higher level of concern, CISOs must ensure they focus on the right priorities to lead their organizations toward cyber resilience.”

The cyber security research company reported on Tuesday that there has been a significant increase in ransomware and distributed denial-of-service attacks from October to November this year.

NCC Group reported a 41% jump in ransomware attacks in November, from 188 in October to 265, making November the most active month for the malware since April.

During the same period in 2021, the report continued, the increase was lower (4%), but the totals were higher – 314 for October and 328 for November.

The report states that the Conti and Payasa gangs probably contributed heavily to the ransomware threat landscape at that time. Both the gangs have either disbanded or are now separate.

Seasonal changes in ransomware attacks are common, noted Marcus Smiley, CEO of Epoch Concepts, an IT solutions provider based in Littleton, Colo.

“Ransomware attacks have increased during the holiday season since at least 2018,” Smiley told TechNewsWorld.

“The simplest explanation is that companies cease operations at the end of the year, making them less vulnerable to cyberattacks than usual,” he said. “This is a logical time to launch new ransomware campaigns.”

“There’s definitely an increased risk of attacks during the holiday season,” said Morgan Demboski, a threat intelligence analyst with IronNet, a network security company in McLean, VA.

“Threat actors attempt to take advantage of a potentially low cyber security posture and response as employees are out for the holidays,” Demboski told TechNewsWorld.

In 2021, there was a decline in ransomware attacks in the fourth quarter as threat actors focused on quality, not quantity, James McQuigan said. A security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla.

“However, this year, there has been an increase in attacks targeting the health care, education and retail sectors,” McQuigan told TechNewsWorld.

A malware for all seasons

In general, attacks can often be tracked back to specific time periods, which makes it difficult to mix them with expected, legitimate communications or maximize the chances of a large payout, explained Mark Guntrip, Senior Director of Cyber ​​Security Strategy at Menlo Security. make capable. , a cyber security company in Mountain View, California.

“Attacks against agricultural companies at harvest time have drawn warnings from the FBI,” Guntrip told TechNewsworld. “There have also been attacks against game makers close to a big launch and candy makers before Halloween and the holidays.”

While there can be seasonal spikes in ransomware attacks, experts say the practice will continue to increase no matter the time of year.

Ransomware Regional Analysis – November 2022

Chart of ransomware attacks by region in November 2022

As seen throughout the year, the top two regions globally targeted by ransomware in November were North America, followed by Europe. (Source: NCC Group Monthly Threat Pulse)

“Ransomware attacks have increased and will continue to increase in 2023,” Guntrip said.

“From attacks on critical infrastructure to individual businesses, it is clear that in today’s threat landscape, no one’s system is secure, and cybercriminals show no signs of slowing their efforts,” he said.

“The level of success and subsequent money paid out following an attack is a clear attraction for threat actors to increase their focus on ransomware,” he added.

extortion is gaining popularity

The increased opportunities are contributing to the rise in ransomware attacks, maintained Smiley. “Today’s organizations have more connected surfaces than ever before, thanks to IoT and remote employment,” he added.

Another factor is motive. “With increasing geopolitical conflict around the world, there is more activity on the part of nation-states and politically driven actors,” he observed.

“Yet another factor,” he said, “is the growing number of ransomware-as-a-service groups that offer their services to less sophisticated cybercriminals for a fee.”

Demboski explained that the “as a service” offering makes ransomware a low-effort, low-risk alternative to generating criminal profit.

“The availability of various ransomware families through Ransomware-as-a-Service, combined with other readily available services such as Phishing-as-a-Service and Initial Access Brokers, has created a great opportunity for cyber criminals to acquire credentials and ready-made Buying access has become much easier for organizations, in essence giving them all the necessary ingredients to launch an effective and damaging ransomware attack,” he said.

A troubling trend that will further fuel ransomware attacks is the use of ransomware for extortion.

“With the opening of ransomware in recent months, there have been several cases of ransoms not being collected after payment and data being held hostage for future extortion,” said Timothy Morris, chief security advisor at Tanium. An endpoint management and security platform in Kirkland, Wash.

“It takes into account the extortion trend,” Morris told TechNewsWorld. “This is easier to deal with than the logistics of ransomware keys and the management of encryption/decryption, which can create technical support issues that damage the criminal syndicate’s ‘reputation’ if they go down.”

DDoS attacks are on the rise

As noted in the NCC report, in October, distributed denial-of-service attacks continued to rise, with November seeing 3,648. A major target among them was the United States with 1,543 attacks.

The reasons for the US being the most targeted include the large attack surface and the current geopolitical tensions in the country, which show no signs of easing, the report pointed out.

It added that given the timing, the US strikes could be aimed at disrupting the midterm elections.

NCC’s Global Head of Threat Intelligence, Matt Hull, predicted that DDoS attacks would continue to increase.

“However, as more organizations become aware of the growing threat, it will be interesting to see how malicious actors who execute DDoS attacks are combated,” he said in a statement. “DDoS is not a new attack type, and preventive and defensive measures are more widely available and affordable than ever.”

DDoS Ransomware Isn’t for the Crowd

While denial-of-service attacks were common with some cybercriminal groups, DDoS attacks related to ransomware have decreased, McQuigan said.

“This action may result in the victim organization being blocked from using the Internet to access the Tor network, making it very difficult to make payments,” he explained.

“If they start denying service,” he continued, “that’s to tell the organization that they are still susceptible to other attacks to continue to pose a threat.”

Data breaches seem to be less of a concern than DDoS attacks compared to malware and phishing because DDoS attacks typically do not result in the theft or loss of sensitive data, observed Casey Ellis, CTO and founder of Bugcrowd, an operator of the Internet. Crowdsourced bug bounty platform.

“While DDoS attacks can cause significant disruption to company operations, they do not pose the same risk to the privacy, integrity, or availability of critical data as other types of cyber attacks,” Ellis told TechNewsworld. “DDoS attacks are less sophisticated and easier to defend against than data breaches, malware and phishing attacks.”

Digital devices and home networks of corporate executives, board members and high-value employees with access to financial, confidential and proprietary information are ripe targets for malicious actors, according to a study released Tuesday by a cybersecurity services firm.

Connected homes are a prime target for cybercriminals, but few officials or security teams realize the prominence of this emerging threat, analyzing data from more than 1,000 C-suite, board members and more than 55 high-profile US officials. Based on that mentioned in the study. -based Fortune 1000 companies that are using BlackClock’s executive security platform.

“BlackClock’s study is exceptional,” said Darren Guccione, CEO of Keeper Security, a password management and online storage company.

“It helps to uncover the broader issues and vulnerabilities that cause millions of businesses to transact with distributed, remote work as well as corporate websites, applications and systems from unsecured home networks,” he told TechNewsWorld. are.”

Blackcloak researchers found that nearly a quarter of executives (23%) have open ports on their home networks, which is highly unusual.

BlackCloak CISO Daniel Floyd attributed some of those open ports to third-party installers. “They don’t want to send a truck out because they’re an audio-visual or IT company, when things break down, they’ll install port-forwarding on the firewall,” he told TechNewsWorld.

“It allows them to connect remotely to the network to solve problems,” he continued. “Unfortunately, they are being installed improperly with default credentials or vulnerabilities that haven’t been patched for four or five years.”

exposed security cameras

An open port resembles an open door, Taylor Ellis, a customer threat analyst with Horizon 3 AI, told an automated penetration test as a service company in San Francisco. “You wouldn’t leave your door open 24/7 in this day and age, and it’s like on a home network with an open port,” he told TechNewsWorld.

“For a business leader,” he continued, “when you have an open port that provides access to sensitive data, the risk of breaches and penetration increases.”

“A port acts like a communication gateway for a specific service hosted on a network,” he said. “An attacker can easily open backdoors into one of these services and manipulate them to do their bidding.”

The report noted that of the open ports on Corporate Brass’ home network, 20% were linked to open security cameras, which could pose a risk to an executive or even a board member.

Bud Broomhead said, “Security cameras are often used by threat actors to spot and distribute malware, but perhaps more important is to provide surveillance on patterns and habits – and if resolution is sufficient, passwords and Other credentials are being entered.” , CEO of Viaku, a developer of cyber and physical security software solutions in Mountain View, Calif.

He told TechNewsWorld, “Many IP cameras have default passwords and outdated firmware, making them ideal targets for breaches and once breached, for threat actors to later migrate to home networks.” It gets easier.”

data leak

Blackcloak researchers also discovered that corporate brass’s personal devices were equally, if not more, vulnerable than their home networks. More than a quarter of execs (27%) had malware on their devices, and more than three-quarters of their devices (76%) were leaking data.

One way data leaks from smartphones is through applications. “A lot of apps will ask for sensitive permissions they don’t need,” Floyd explained. “People will open the app for the first time and click through settings, not realizing they are giving the app access to their location data. The app will then sell that location data to a third party.”

“It’s not just officers and their personal tools, it’s everyone’s personal tools,” said Chris Hills, chief security strategist at BeyondTrust, a maker of privileged account management and vulnerability management solutions in Carlsbad, Calif.

“The amount of data, PII, even PHI, in a common smartphone these days is astonishing,” he told TechNewsWorld. “We don’t know how vulnerable we can be when we don’t think about security as it pertains to our smartphones.”

Personal device security doesn’t seem to be top of mind for many executives. The study found that nine out of 10 of them (87%) have no protection installed on their devices.

lack of mobile OS security

“Many devices ship without security software, and even if they do, it may not be enough,” Broomhead said. “For example, Samsung Android devices ship with Knox security, which has previously been found to have security holes.”

“The device manufacturer may try to make a tradeoff between security and usability which may favor usability,” he said.

Hills said most people are comfortable and satisfied with the idea that their smartphone’s built-in operating system has the necessary security measures in place to keep the bad guys out.

“For the layman, that’s probably enough,” he said. “For the business executive who is more than likely to lose his or her role in a business or company, the security blanket of the underlying operating system simply isn’t enough.”

“Unfortunately, in most cases,” he continued, “we focus so much on trying to protect as individuals, sometimes some of the most common are overlooked, such as our smartphones.”

lack of privacy protection

Another finding by Blackcloak researchers was that most personal accounts of executives, such as email, e-commerce, and applications, lack basic privacy protections.

In addition, they discovered the authorities’ security credentials – such as bank and social media passwords – are readily available on the dark web, making them susceptible to social engineering attacks, identity theft and fraud.

The researchers noted that the passwords of nine out of 10 executives (87%) are currently leaked on the dark web, and more than half (53%) are not using a secure password manager. Meanwhile, only 8% have enabled active multifactor authentication across most applications and devices.

Melissa Bishopping, endpoint security research specialist, said, “While measures such as multifactor authentication are not perfect, these basic best practices are essential, especially for boards/c-suites, which are often left out of necessity in terms of convenience. ” Tanium, creator of the endpoint management and security platform in Kirkland, Wash., told TechNewsWorld.

“Invading personal digital lives may be a new risk for enterprises to consider,” wrote the researchers, “but it is a risk that needs immediate attention. Opponents have determined that officials at home are the path of least resistance, and they will compromise this attack vector as long as it is safe, seamless and attractive to them.