Cryptominers, exploit kits, ransomware, and banking trojans took center stage in Q3 2018, according to Malwarebytes’ Cybercrime Tactics and Techniques report. Overall, the report found an increase of 1.7 million more detections in Q3 than in Q2.
Malwarebytes gathered statistics and intel on cybersecurity threats between July and September 2018. The research tracked both consumer and business products on millions of machines. Detections shot up by 55% for businesses, while it only increased by 4% for consumers, revealing that cybercriminals are looking to get “more bang for their buck” with businesses, said the report.
Read more about the findings of the Malwarebytes report on TechRepublic.
A new report by Wipro states that 41% of total breaches in 2017 targeted the healthcare industry, making it the most popular target for breach attempts. The researchers also found that Personally Identifiable Information (PII) combined with user credentials tops the percentage of breaches with 29% and that 88 records were lost or stolen every second in 2017.
The study is based on four primary sources of data including primary research of Wipro customers, Cyber Defense Center (CDC) primary research, secondary research sources and Wipro partner content. 42% of respondents are from North America, 10% from Europe, 18% from the Middle East, 21% from Asia and 8% from Australia.
Read more about the fascinating findings of the new report on Forbes.
Enterprise risk management (ERM) is the process of assessing risks to identify both threats to a company’s financial well-being and opportunities in the market. The goal of an ERM program is to understand an organization’s tolerance for risk, categorize it, and quantify it.
Risks posed by the cybersecurity threat landscape are increasingly part of the ERM equation, and that poses a challenge for CISOs and other senior security professionals. Quantifying the business impact of a cybersecurity event is a very difficult, if not impossible task, and quantifying the likelihood of such an event is even harder.
Learn more about cybersecurity risk management and its challenges on CSO.
Looking for hard numbers to back up your sense of what’s happening in the cybersecurity world? CSO’s Josh Fruhlinger has been digging into studies and surveys of the industry’s landscape to get a sense of the lay of the land—both in terms of what’s happening and how your fellow IT pros are reacting to it.
Read the full overview of hard numbers from studies and surveys that provide a sense of the troubling state of cybersecurity on CSO.
Top figures in the infosec industry fear that the recent arrest of a top Chinese intelligence officer will spark an increase in cyber-attacks from Chinese hacking groups in the coming months.
These fears were expressed after the US Department of Justice announced the arrest and extradition of Yanjun Xu, a high-ranking director in China’s Ministry of State Security (MSS), the country’s counter-intelligence and foreign intelligence agency. Reports from US cyber-security firm Recorded Future, and from shadowy group Intrusion Truth identify the MSS as the Chinese agency in control of China’s cyber-espionage operations.
The intelligence community and cybersecurity experts are in lockstep agreement that elections in the U.S. remain vulnerable to hacking and influence campaigns, like efforts deployed by Russia in 2016. But they warn that the threat from a broader range of diverse actors is also growing, posing a unique challenge for governments and corporations around the world.
These cyber-attackers are driven by a variety of motivations, says Andrea Little Limbago, the chief social scientist at data security firm Endgame. “As long as attackers find it in their best interests or find the motivation to want to have some sort of effect … they’re going to think about what they could do with that access,” she says. “Especially China, Russia, and Iran.”
Read more about the hackers targeting the US midterm election on CBS.
Based on trends in the first half of 2018, Webroot found that cybercriminals are shifting to increasingly sophisticated and targeted means of attack while also expanding their money making endeavors, as shown by the uptick in cryptojacking and cryptomining.
Malware in general, including ransomware and cryptomining, accounted for 52 percent of threats in the first half of 2018. Phishing attempts increased by more than 60 percent from January to June 2018. Dropbox overtook Google in the first half of 2018 as the most impersonated company for phishing attacks, accounting for 17 percent of phishing emails.
Despite increased security spending, cyber incidents continue to plague organizations, as 70% of companies report being a victim of a successful attack or breach in the past year, according to a report from Cyren and Osterman Research provided exclusively to TechRepublic.
The report surveyed IT and security managers across more than 200 US and Canadian companies in different industries. Of those, 49% said they had seen their security-related costs increase by an average of 18% over the past year. No respondents reported a decrease in cybersecurity costs, the report found.
Read more about the findings of the new report on TechRepublic.
Small and mid-sized companies (SMBs) are increasingly at risk of cyber attacks, and often serve as a launch pad for larger threat campaigns, according to Cisco’s 2018 SMB Cybersecurity Report.
SMBs act as soft targets for cybercriminals because they tend to have less-sophisticated security infrastructure and fewer trained cybersecurity workers on staff to manage and respond to threats, the report noted. More than half (53%) of the 1,816 SMB respondents said their business has experienced a breach. These breaches can be costly: 20% of SMBs said these breaches cost $1 million to $2.5 million.
Read more about the findings of the new SMB report on TechRepublic.
McAfee released its McAfee Labs Threats Report September 2018, examining the growth and trends of new cyber threats in Q2 2018. In the second quarter, they saw the surge in cryptomining malware growth that began in Q4 2017 continue through the first half of 2018. McAfee also saw the continued adaptation of the type of malware vulnerability exploits used in the WannaCry and NotPetya outbreaks of 2017.
Although less common than ransomware, cryptomining malware has quickly emerged as a factor on the threat landscape and this threat continues to rise. McAfee Labs has even identified what appear to be older malware such as ransomware newly retooled with mining capabilities.