Avast launched its annual Threat Landscape Report, detailing the biggest security trends facing consumers in 2019 as collected by the Avast Threat Labs team.
“This year, we celebrated the 30th anniversary of the World Wide Web. Fast forward thirty years and the threat landscape is exponentially more complex, and the available attack surface is growing faster than it has at any other point in the history of technology,” commented Ondrej Vlcek, President of Consumer at Avast.
Nearly three-quarters of all organizations have implemented security projects that have some level of intelligence built in. And the more security alerts a company sees in a day, the more likely it is to look to machine intelligence in order to deal with the flood.
The potential impact of cyber attacks on the economy of the world’s largest cities has risen by nearly nine per cent in the last year, according to the 2019 update of the Global Risk Index from the Centre for Risk Studies at Cambridge Judge Business School. Cyber risk has now risen from seventh to sixth place among global threats in the index.
The research is unique in making an annual quantification of the potential GDP impact of unpredictable shocks on the world’s most prominent cities. The 2019 update to the Global Risk Index sees a uniform rise in GDP@Risk across all the 279 world cities that make up the index and more significant increases in risk for some urban centres.
Read more about the findings of the Global Risk Index on BusinessWeekly.
One might expect people on different teams of a company’s IT department to be on the same page and have a certain amount of work-related trust for each other. However, a BlueCat Networks sponsored International Data Group (IDG) survey found that this isn’t always the case.
Over 65% of respondents indicated their company has experienced two or more cybersecurity events, while only 38% of the survey participants believe their organization is capable of defending against a cybersecurity event. The report does not mince words as to why: “Business investments in network operations and cybersecurity may be shortchanged if the teams responsible for those areas aren’t collaborating.”
Read more about the report’s findings and implications on TechRepublic.
If you quit Facebook or never joined because of its data collecting practices the odds are good the social network is still tracking you – despite your protest.
Facebook collects data of non-users of its social network via dozens of mainstream Android apps that send tracking and personal information back to the social network. Some of the dozens of apps sharing data with Facebook include Kayak, Yelp and Shazam, according a report presented by Privacy International at 35C3. “Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook Business Tools,” according to the report.
Read more about the findings of the report on Threatpost.
A completely fileless ransomware, dubbed Sorebrect, is “one of the first of its kind” to combine traditional ransom functionality with fileless tactics, according to a new Malwarebytes report.
In “Under the Radar: The Future of Undetected Malware,” Malwarebytes detailed four fileless attacks observed throughout 2018, including Emotet, TrickBot, SamSam and Sorebrect. The report referenced a study from the Ponemon Institute, which stated that “fileless malware attacks are estimated to account for 35% of all attacks in 2018, and they’re almost 10 times more likely to succeed than file-based attacks.”
Read more about the findings of the Malwarebytes report on TechTarget.
As democracies around the world struggle to hold back the rising tide of authoritarianism, a similar crisis is unfolding online. Three factors converged this year to make 2018 the eighth straight year that global internet freedom declined, according to an annual report from the nonprofit Freedom House: increasing censorship in response to disinformation, the widespread collection of personal data, and a growing group of countries emulating China’s model of digital authoritarianism.
Not only does China once again rank as the worst abuser of internet freedom, it is actively exporting its techno-dystopian model to other countries according to the report.
Read more about the findings of the Freedom House report on Wired.
Even with a stronger focus on security this year, most software is still riddled with security vulnerabilities. According to Veracode’s State of Software Security (SOSS) report, 87.5 percent of Java applications, 92 percent of C++ applications, and 85.7 percent of .NET application contain at least one vulnerability. In addition, over 13 percent of applications contain at least one critical vulnerability.
“Our annual SOSS data puts hard evidence on the table to explain why so many security professionals experience anxiety when they think about application security (AppSec),” the report stated.
Read more about the findings of the Veracode report on SD Times.
Next year could see cybercrime’s total cost to the world economy rise to more than $2 trillion. We’ll inevitably see new threats emerge and existing threats grow more sophisticated too.
A new infographic by solicitors Cartrwight King sets out some facts and stats about this burgeoning problem, including the states cybercriminals typically hail from and how government’s around the world have punished those caught (though of course few are caught).
Phishing attacks have become more targeted and sophisticated and also show a focus on enterprises, cloud-based Internet security services provider Cyren says. After analyzing 2,025 phishing kits during the second half of the year, Cyren’s security researchers were able to identify not only the most used phishing kits, but also key trends in the phishing industry.
In recent years, the malware industry as a whole has welcomed less skilled actors through the emergence of various malware-as-a-service business models. The proliferation of such services has driven the number of malicious attacks upwards, and the trend is expected to continue.