Technical controls update includes revisions surrounding the use of cloud services, multi-factor authentication, and password management. A new pricing structure better reflects organisational size and complexity.
UK NCSC Updates It’s Cyber Security Essentials Technical Controls Requirements And Pricing
Technical controls update reflects modern cybersecurity landscape
NCSC said that the refresh of the technical control reflects the impact of digital transformation, adoption of cloud services, and move to home/hybrid working on current working and cybersecurity norms. The update includes revisions surrounding the use of cloud services, multi-factor authentication (MFA), and password management. Changes have been implemented with input from NCSC technical experts and are based on feedback from assessors and applicants, along with consultation with the Cloud Industry Forum.
The new version of the Cyber Essentials technical requirements will officially release on January 24, 2022. All Cyber Essentials applications starting on or after this date will use the updated version, although the NCSC stated there will be a grace period of up to 12 months for some of the requirements. Any assessments already underway, or that begin before that date, will continue to use the current technical standard, meaning that in-progress certifications will not be affected.
Speaking to CSO, Cyber Essentials certification provider Richard Andreae says the new revisions are much needed and will help businesses better secure organisational data. “The biggest changes to the requirements are the inclusion of cloud services; this is well overdue as most businesses today use these services and now, they are required to make sure that these services are as secure as those of their in-house systems,” he says.
A lot of the questions have been tweaked to remove ambiguity, and with this, the marking will become tougher, Andreae adds. “Any organisation applying for certification after January 24 will be expected to have a better understanding of the security they have available in their cloud services, in particular the use of MFA. This could impact businesses in a big way, as having to implement MFA for all cloud services could be time consuming and disruptive. Another potentially costly and disruptive change is the inclusion of thin clients to the scope. If an organisation is using thin clients on unsupported operating systems, then these will need to be updated.”
NCSC
New pricing structure adopts internationally recognised definition for enterprise size
Along with the technical control’s update, the NCSC is implementing a new pricing structure, which also launches on January 24. This structure adopts the internationally recognised definition for micro, small, medium and large enterprises. Currently, all assessments are charged at £300. However, while the price will remain £300 plus VAT for micro organisations (up to nine employees), small (10 to 49 employees), medium (50 to 249 employees), and large organisations (more than 250 employees) will be required to pay more – £400, £450, and £500 (all plus VAT), respectively.
Commenting on the pricing restructure, NCSC’s head of commercial assurance services Anne W, said: “This price change reflects the increasing levels of rigour that go into every assessment. While Cyber Essentials is designed to help any organisation attain a minimum level of cybersecurity, the assessment process can be quite complex. We want to continue to ensure this important scheme remains accessible to every business, no matter their size.”
An unacknowledged shift that lets companies follow a much looser interpretation of its controversial privacy policy.
Apple has a complicated relationship with privacy. It loves to tout its efforts, especially as a differentiator with Google. But actually, delivering privacy? That’s a different story.
Apple has a rather complicated relationship with privacy, which it always points to as a differentiator with Google. But delivering on it is a different tale.
Much of this involves the definition of privacy. Fortunately for Apple’s marketing people, “privacy” is the ultimate undefinable term because every user views it differently. If you ask a 60-year-old man in Chicago what he considers to be private, you’ll get a very different answer than if you asked a 19-year-old woman in Los Angeles. Outside the US, privacy definitions vary even more. Germans and Canadians truly value privacy, but even they don’t agree on what they personally consider private.
What brings this up is a recent move by Apple to allow app developers to collect tons of data from Apple users, despite the company’s privacy policy that allows users to block tracking or data sharing.
Apple has allowed app developers to collect data from its 1bn iPhone users for targeted advertising, in an unacknowledged shift that lets companies follow a much looser interpretation of its controversial privacy policy.
Last May 2021, Apple communicated its privacy changes to the wider public, launching an advert that featured a harassed man whose daily activities were closely monitored by an ever-growing group of strangers. When his iPhone prompted him to ‘Ask App Not to Track,’ he clicked it and they vanished.
Apple’s message to potential customers was clear — if you choose an iPhone, you are choosing privacy
But seven months later, companies including Snap and Facebook have been allowed to keep sharing user-level signals from iPhones, as long as that data is anonymized and aggregated rather than tied to specific user profiles.
Ah, yes, the always-popular “it’s not really private if it’s anonymized/aggregated” line. Let’s explore that a bit.
First, let’s start by looking at anonymization/aggregation in theory. If it works perfectly (which it often doesn’t and that’s pretty much the point), no user will see any ad that reflects a specific purchase they made or piece of content they looked at/listened to/watched.
Or will it?
apple privacy
Privacy fears are overwhelmingly about perception. If users think their privacy has been violated, they act and feel angry. Even if the data was truly anonymized, the user will be just as furious. Example: A user buys something embarrassing and is immediately seeing ads for very related products. They feel violated. That might still be anonymized. An advertiser might ask to send ads to anyone who looks at that embarrassing product.
Done properly, an approach where data is anonymized/aggregated could still let a user feel that the advertiser knows what they did — when, in fact, the advertiser might never know the user’s name. And if a user winds up feeling violated, I’m not sure whether the anonymous approach will help the Apple brand — or the brands that use that anonymized data.
More importantly, it’s not what users bought into. It undermines the intent and feel of what Apple promised. If Apple wants to attract users interested in privacy, it shouldn’t share data in any way. It can, of course, but it may get punished by users.
Let’s get back to that FT piece. “Apple declined to answer specific questions for this article but described privacy as its North Star, implying it was setting a general destination rather than defining a narrow pathway for developers. Cory Munchbach, chief operating officer at customer data platform BlueConic, said Apple had to stand back from a strict reading of its rules because the disruption to the mobile ads ecosystem would be too great. ‘Apple can’t put themselves in a situation where they are basically gutting their top-performing apps from a user-consumption perspective,’ she said. ‘That would ultimately hurt iOS.’ For anyone interpreting Apple’s rules strictly, these solutions break the privacy rules set out to iOS users.”
In other words, the industry has moved to a place where sharing data — albeit anonymized and aggregated — is the norm. I agree that it is now indeed become the norm, but Apple is going to regret going along with the crowd. Its privacy argument has been that Google sells ads, so it will leverage your data, whereas Apple sells hardware and software and doesn’t need to leverage user data.
It’s a powerful argument. Many users have bought Apple devices explicitly because of the company’s privacy approaches, including pushing back on law enforcement requests to access user data. Going this aggregated/anonymized route will kill that argument for Apple.
Ransomware is a form of malicious software that infiltrates a computer or network and limits or restricts access to critical data by encrypting files until a ransom is paid.
Ransomware attacks are on the rise and continue to be a disruptive force in the cybersecurity industry, affecting everything from financial institutions to higher education. Due to the rise in remote work prompted by the pandemic, attacks are up 148%.
Exploitation of IT Outsourcing Services
Ransomware gangs have been shifting their focus to managed service providers (MSPs), a platform that serves many clients at once. This means that if a hacker gains access to one MSP, it could also reach the clients it’s serving as well. Most of the time, MSPs are hacked due to remote access tools that are poorly secured.
Attention Shifting to Vulnerable Industries
Due to the pandemic, cyberattackers have been taking advantage of industries that have been hit the hardest, such as healthcare industries, municipalities, and educational facilities. These hackers also see the pandemic as an opportunity to take advantage of employees that are now working remotely on their personal devices.
Ransomware Is Evolving (and so Are Defenses)
In 2021, ransomware and the tactics that hackers use to carry out attacks is evolving — but luckily, so are the defenses. In recent years, new ransomware have been discovered, including:
Netwalker: Created by the cybercrime group known as Circus Spider in 2019, this ransomware allows hackers to rent access to the malware code in exchange for a percentage of the funds that are received.
DarkSide: DarkSide is a recent group that ultimately targets theft and encryption of sensitive data, including backups through RaaS.
Conti: Conti ransomware uses a double-extortion technique to encrypt data on an infected machine. Attackers from this group usually send a phishing email originating from an address that the victim trusts.
REvil: Also known as Sodin and Sodinokibi, REvil is a ransomware group that has gained a reputation for extorting larger ransom payments than their competitors, as well as promoting underground cybercrime forums.
Since these newer strains of ransomware behave differently today, there is now a need for alternate methods of detection. Recently defenses have begun to harden, including improved heuristics or behavioral analysis, and the use of canary or bait files for earlier detection.
Additionally, increased effort needs to be put into predicting and anticipating risks rather than the old “detect and respond” approach.
The Spread to Mobile Devices
Hackers have been taking advantage of mobile device features such as emergency alerts and relaxed permissions to spread malware. The majority of mobile ransomware variants have the ability to cover every browser window or app with a ransom note, rendering the mobile device unusable.
Ransomware-as-a-Service Is Increasing
Ransomware-as-a-service, or RaaS, is a subscription that allows affiliates to use ransomware tools that are already developed to carry out ransomware attacks. It also allows them to extend their reach and the decentralized nature of the attacks makes it difficult for the authorities to shut down the attack.
Additionally, the creators of these tools take a percentage of each successful ransom payment. As the average ransom demanded by hackers has increased by 33% since Q3 2019 ($11,605), affiliates are making up to 80% from each payment.
Top Ransomware Statistics
Figure 1 Ransomware statistics
Ransomware is an ever-growing threat to thousands of organizations and businesses worldwide. Since 2016, over 4,000 ransomware attacks have happened daily in the U.S. Here are the top ransomware statistics you need to be aware of today:
Ransomware remains the most prominent malware threat. (Datto, 2019)
Malicious emails are up 600% due to COVID-19. (ABC News, 2021)
37% of respondents’ organizations were affected by ransomware attacks in the last year. (Sophos, 2021)
In 2021, the largest ransomware payout was made by an insurance company at $40 million, setting a world record. (Business Insider, 2021)
The average ransom fee requested has increased from $5,000 in 2018 to around $200,000 in 2020. (National Security Institute, 2021)
Experts estimate that a ransomware attack will occur every 11 seconds in 2021. (Cybercrime Magazine, 2019)
Out of 1,086 organizations whose data had been encrypted, 96% got their data back. (Sophos, 2021)
About 1 in 6,000 emails contain suspicious URLs, including ransomware. (Fortinet, 2020)
The average downtime a company experiences after a ransomware attack is 21 days. (Coveware, 2021)
71% of those who are affected by ransomware have been infected. Half of the ransomware attacks that are successful infect at least 20 computers in the organization. (Acronis, 2020)
The most common tactics hackers use to carry out ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities. (Cybersecurity & Infrastructure Security Agency, 2021)
65% of employers allow their employees to access company applications from unmanaged, personal devices. (Bitglass, 2020)
From a survey conducted with 1,263 companies, 80% of victims who submitted a ransom payment experienced another attack soon after, and 46% got access to their data but most of it was corrupted. (Cybereason, 2021)
Additionally, 60% of survey respondents experienced revenue loss and 53% stated their brands were damaged as a result. (Cybereason, 2021)
29% of respondents stated their companies were forced to remove jobs following a ransomware attack. (Cybereason, 2021)
42% of companies with cyber insurance policies in place indicated that insurance only covered a small part of damages resulting from a ransomware attack. (Cybereason, 2021)
Industry-Specific Ransomware Stats
Figure2 Ransomware attacks
Ransomware attacks impact almost all businesses of all sectors and sizes. In 2019, nearly 56% of organizations across multiple industries reported a ransomware attack. Check out more shocking statistics by industry below.
Healthcare
Over 2,100 data breaches in the healthcare industry have been reported since 2009. (Tech Jury, 2021)
Healthcare organizations dedicate only around 6% of their budget to cybersecurity measures. (Fierce Healthcare, 2020)
Ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020. (Health and Human Services, 2021)
Attacks on healthcare cost more than any other industry at $408 per record. (HIPAA Journal, 2020)
Ransomware attacks against U.S. healthcare providers have caused over $157 million in losses since 2016. (HIPAA Journal, 2020)
In 2020, 560 healthcare facilities were affected by ransomware attacks in 80 separate incidents. (Emsisoft, 2021)
Nearly 80 million people were affected by the Anthem Breach in 2015, the largest healthcare data breach in history. (Wall Street Journal, 2015)
Healthcare received 88%t of all ransomware attacks in the United States in 2016. (Becker’s, 2016)
In September 2020 alone, cybercriminals infiltrated and stole 9.7 million medical records. (HIPAA Journal, 2020)
Education
Ransomware attacks against universities increased by 100% between 2019 and 2020. (BlueVoyant, 2021)
The average cost of a ransomware attack in the higher education industry is $447,000. (BlueVoyant, 2021)
Since 2020, 1,681 higher education facilities have been affected by 84 ransomware attacks. (Emsisoft, 2021)
66% of universities lack basic email security configurations. (BlueVoyant, 2021)
38% of analyzed universities in the Cybersecurity in Higher Education Report had unsecured or open database ports. (BlueVoyant, 2021)
Cyberattacks against K-12 schools rose 18% in 2020. (K-12 Cybersecurity, 2020)
A school district in Massachusetts paid $10,000 in Bitcoin after a ransomware attack in April 2018. (Cyberscoop, 2018)
Finance & Insurance
62% of all records leaked in 2019 were from financial institutions. (Bitglass, 2019)
Over 204,000 people experienced a login attempt to access their banking information. (Hub Security, 2021)
90% of financial institutions have been targeted by ransomware attacks. (PR Distribution, 2018)
In 2020, 70% of the 52% of attacks that went after financial institutions came from the Kryptik Trojan malware. (Hub Security, 2021)
LokiBot has targeted over 100 financial institutions, getting away with more than $2 million in revenue. (Hub Security, 2021)
Banks experienced a 520% increase in phishing and ransomware attempts between March and June in 2020. (American Banker, 2020)
Government
In 2020, 33% of attacks on governmental bodies were ransomware (Security Intelligence, 2020)
In June 2019, a city in Florida paid a $600,000 ransom to recover hacked files. (CBS News, 2019)
Only around 38% of local and state government employees are trained in ransomware attack prevention. (IBM, 2020)
A ransomware attack against a Southern city in 2020 cost over $7 million. (SC Magazine, 2020)
A ransomware attack struck an East coast city in 2019 and caused a loss of over $18 million. (Baltimore Sun, 2019)
In 2019, 226 U.S. city mayors in 40 states agreed to a pact that denies ransom payments to cybercriminals. (Hashed Out, 2020)
In 2019, attacks against municipalities increased 60% from the year before. (Kaspersky Labs, 2019)
The top cybersecurity story in 2019 was ransomware attacks against state and local governments. (Government Technology, 2019)
48 of the 50 U.S. states were affected by at least one ransomware attack from 2013 to 2018. (Bank Info Security, 2019)
Mobile Ransomware Statistics
Figure3 Mobile Ransomware Statistics
With the increase of dependence on mobile phones, especially with the use of personal mobile devices in the workplace, comes a higher risk of ransomware attacks. Within the workplace, employees are likely to access sensitive information from their mobile devices via corporate Wi-Fi and oftentimes unsecured networks.
This leaves the user and their organization with huge vulnerabilities to be exploited. Take a look at some Wi-Fi security tips to prevent falling victim to a hacker.
More than 68,000 new ransomware Trojans for mobile were found in 2019. (Hashed Out, 2020)
In 2017, mobile malware variants increased by 54%. (Symantec, 2018)
Over 4.2 million American mobile users have suffered ransomware attacks on their phones. (Kaspersky, 2020)
In 2018, Symantec detected over 18 million mobile malware instances. (Symantec, 2018)
60,176 mobile ransomware Trojans were detected in 80,638 users in 150 different countries in 2018. (Kaspersky, 2018)
There are over 4,000 mobile threat variants and families within the McAfee sample database. (McAfee, 2021)
Over 8,000 mobile banking ransomware Trojan installations were detected in 2018. (Kaspersky, 2018)
900,000 Android phones were hit by ScarePackage ransomware in just 30 days. (KnowBe4, 2020)
Ransomware Cryptocurrency Stats
Figure4 Ransomware Cryptocurrency Stats
Since the start of Bitcoin, the world’s first cryptocurrency, transferring money and data has become increasingly efficient. As of 2021, there are over 4,000 different types of cryptocurrency. With this advancement in digital and financial technology, new threats in cybersecurity have come to the surface.
In June 2020, a West Coast university paid cybercriminals $1.14 million in Bitcoin after a ransomware attack. (BBC News, 2020)
In 2017, 95% of all ransom payments were cashed out via BTC-e, a Bitcoin platform. (Bleeping Computer, 2017)
In 2020, ransomware payments were 7% of all funds received by cryptocurrency addresses. (Chainalysis, 2020)
Hackers who attacked an oil company earned over $90 million in Bitcoin. (Business Insider, 2021)
Cryptocurrency transactions can be traced back to the individual 60% of the time. (MIT Tech Review, 2017)
Illegal activity represented 2.1% of all cryptocurrency transaction volume or about $21.4 billion worth of transfers in 2019. (Chainalysis, 2021)
TheCost of Ransomware Attacks
Figure5 The Cost of Ransomware Attacks
Ransomware attacks can be costly (fiscally and to your reputation) — businesses around the globe that have been victims of ransomware attacks have spent around $144.2 million in resolving the effects of the attacks. Here are some statistics covering the costs that are caused by ransomware attacks.
The cost of ransomware attacks surpassed $7.5 billion in 2019. (Emsisoft, 2019)
In 2021, the average payout by a mid-sized organization was $170,404. (Sophos, 2021)
In May 2021, Chief Executive paid hackers $4.4 million in bitcoin after receiving a ransom note. (The Wall Street Journal, 2021)
In Q1 2017, FedEx lost an estimated $300 million from the NotPetya ransomware attack. (Cyberscoop, 2021)
The average cost to recover from a ransomware attack is $1.85 million. (Sophos, 2021)
Damage as a result of ransomware attacks was over $5 billion in 2017 — 15 times the cost in 2015. (Cyber Security Ventures, 2017)
Downtime costs are up 200% year-over-year (2019 vs. 2018). (Datto, 2019)
On average, ransomware attacks cause 15 business days of downtime. Due to this inactivity, businesses lost around $8,500 an hour. (Health IT Security, 2020)
Ransomware that attacked an unnamed oil and gas company cost $30 million. (Datto, 2017)
The hacker group behind an oil company attack allegedly acquired $90 million in ransom payments in only nine months from around 47 victims. (Fox Business, 2021)
Four times as many businesses affected by ransomware attacks with over 100 employees reported paying ransoms. (Dark Reading survey, 2020)
Ransomware Projections & Future Trends
Cybersecurity Ventures predicts that ransomware will cost $6 trillion annually. (Cybersecurity Ventures, 2020)
In the future, there will be an increase in organizations that will switch to zero-trust security models due to the vulnerability of identity-based threats. (RSA Security, 2020)
Remote workers will be the main target of cybercriminals throughout 2021. (Security Magazine, 2020)
84% of organizations will keep remote work as the norm even after COVID-19 restrictions are lifted, resulting in an increase of internet users and a greater risk of data exposure. (Bitglass, 2020)
Future hackers will target stay-at-home workers since personal devices are easier to hack than office hardware. (Security Magazine, 2020)
Ensure you take the steps to prevent an attack and data loss within your organization. Here are a few effective ways to prevent ransomware from affecting your company.
Educate Your Employees
Utilize security training within your company to help your employees gain a better understanding of cybersecurity and its importance. Implementing these trainings will help ensure a working culture that is even more cyber-resilient.
Avoid Clicking on Suspicious Links
Be wary of opening or clicking on attachments or links that come from spam or unsolicited emails. According to Verizon’s 2018 Data Breach Investigations Report, phishing is involved in 70% of data breaches. To avoid this, it’s beneficial to know how to spot a phishing scam.
Use Email and Endpoint Protections
Be sure to scan all emails and filter malicious attachments and links, and keep firewalls and endpoint detection software up-to-date with the latest malware signatures. You should also notify users of out-of-network emails and provide VPNs for users to use outside of the network.
Use a Stronger Password System
Password security is crucial when protecting the assets of a company. Utilize two-factor authentication within your organization to prevent password sharing and the overuse of the same password. It may also be beneficial to use an SSO system for additional security.
Keep Immutable, Offsite Backups
Make sure you have backups of any important or sensitive data and systems. Practice your restore motion in the event of a ransomware strike. Limit access to backups as ransomware gangs often target backup files to cripple your ability to restore.
However, keep in mind that backups cannot help in cases where the ransomware actor has also exfiltrated the data to their own servers and threatens to release that data publicly unless the ransom is paid. To combat exfiltration, consider data loss prevention software.
How to Mitigate the Impact of Ransomware
Reduce Your Blast Radius
Your blast radius is the amount of damage that can be caused by compromising a single random user or device. Reduce your blast radius by limiting access to critical data so that only those that require access have it.
Implement a Zero Trust Security Model
Assume your perimeter defenses will fail and make sure everything within your perimeter is safe and secure. The Zero Trust security model requires you to authenticate all users and devices that connect to your network, every time they connect, not just once. You must also monitor activity in your environment and ensure users only have access to what they need, and nothing else.
Ransomware Statistics FAQ
Below are a few of the most frequently asked ransomware questions, with answers supported by additional ransomware statistics and facts.
Q: How long does a ransomware attack take?
A: The average time it takes for ransomware to start encrypting files in your computer is three seconds. (Commodo, 2020)
Q: What percentage of cyberattacks are ransomware?
A: Ransomware accounted for 15% of cyberattack incidents in the U.S. in 2018. (Statista, 2021)
Q: What is the average payout for ransomware?
A: In 2020, the average payout was $312,493, a 171% increase compared to 2019. (Mass.gov). So far in 2021, the largest payout was $170,404 (IT Pro).
Q: What is the average payout for small businesses?
A: Smaller businesses are impacted less than bigger companies. However, the average payout for a small business is around $5,900. (Datto)
Q: Do I have to pay for a ransomware attack?
The FBI does not support paying a ransom since it does not guarantee that you or your company will have the data returned to you (Federal Bureau of Investigation). Paying ransoms can also encourage the attacker to go after additional victims.
Ransomware is not going away any time soon — as an organization, it’s important to stay ahead of cybercriminals and take the steps to become more cyber aware. Learn how to protect your business and gauge your readiness for a potential ransomware attack with a free ransomware preparedness assessment.
source: thanks to Rob Sobers for this extensive article.
Each year, as online shopping ramps up in the weeks before the holidays, so do online scams targeting the elderly. This season – in many ways unprecedented – is no different in this regard. In fact, COVID-19, Zoom meetings, vaccination recommendations and travel warnings all provide ample and unique precedent for social engineering attacks.
Not surprisingly, cybercriminals often target those least able to protect themselves. This could be those without antivirus protection, young internet users or, unfortunately, your elderly loved ones. The FBI reported nearly $1 billion in scams targeting the elderly in 2020, with the average victim losing nearly $10,000.
This holiday season, it may be worth talking to elderly relatives about the fact that they can be targeted online. Whether they’re seasoned, vigilant technology users or still learning the ropes of things like text messaging, chat forums, email and online shopping, it won’t hurt to build an understanding of some of the most common elder fraud scams on the internet.
The most common types of online elder fraud
According to the FBI, these are some of the most common online scams targeting the elderly. While a handful of common scams against older citizens are conducted in person, the majority are enabled or made more convincing by the use of technology.
Romance scams: Criminals pose as interested romantic partners on social media or dating websites to capitalize on their elderly victims’ desire to find companions.
Tech support scams: Criminals pose as technology support representatives and offer to fix non-existent computer issues. The scammers gain remote access to victims’ devices and sensitive information.
Grandparent scams: Criminals pose as a relative—usually a child or grandchild—claiming to be in immediate financial need.
Government impersonation scams: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to provide funds or other payments.
Sweepstakes/charity/lottery scams: Criminals claim to work for legitimate charitable organizations to gain victims’ trust. Or they claim their targets have won a foreign lottery or sweepstake, which they can collect for a “fee.”
All of the above are examples of “confidence scams,” or ruses in which a cybercriminal assumes a fake identity to win the trust of their would-be victims. Since they form the basis of phishing attacks, confidence scams are very familiar to those working in the cybersecurity industry.
online scams
While romance scams are a mainstay among fraud attempts against the elderly, more timely methods are popular today. AARP lists Zoom phishing emails and COVID-19 vaccination card scams as ones to watch out for now. Phony online shopping websites surge this time of year, and are becoming increasingly believable, according to the group.
Given that the bulk of elder scams occur online, it’s no surprise that several of the FBI’s top tips for preventing them involve some measure of cyber awareness.
Tips for preventing online elder scams:
Recognize scam attempts and end all communication with the perpetrator.
Search online for the contact information (name, email, phone number, addresses) and the proposed offer. Other people have likely posted information online about individuals and businesses trying to run scams.
Resist the pressure to act quickly. Scammers create a sense of urgency to produce fear and lure victims into immediate action. Call the police immediately if you feel there is a danger to yourself or a loved one.
Never give or send any personally identifiable information, money, jewelry, gift cards, checks, or wire information to unverified people or businesses.
Make sure all computer anti-virus and security software and malware protections are up to date. Use reputable anti-virus software and firewalls.
Disconnect from the internet and shut down your device if you see a pop-up message or locked screen. Pop-ups are regularly used by perpetrators to spread malicious software. Enable pop-up blockers to avoid accidentally clicking on a pop-up.
Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
Take precautions to protect your identity if a criminal gains access to your device or account. Immediately contact your financial institutions to place protections on your accounts. Monitor your accounts and personal information for suspicious activity.
Pressure to act quickly is a hallmark of social engineering scams. It should set off alarm bells and it’s important to let older friends or family members know that. Using the internet as a tool to protect yourself, as recommended by the second bullet, is also a smart play. But more than anything, don’t overlook the importance of helping senior loved ones install an antivirus solution on their home computers. These can limit the damage of any successful scam in important ways.
Don’t wait until it’s too late. Protect the seniors in your life from online scams this holiday season. You might just save them significant money and hassle.
Practical advice for helping the elderly to avoid scams
Be suspicious and don’t engage. If an offer sounds too good to be true, probably is. These people are professional and will play on any perceived vulnerability. Don’t worry about appearing impolite.
Take time – never make an immediate decision when offered a deal. Think about the offer and consult an independent party or seek professional advice before agreeing.
Check out the credentials of a person or organisation before signing any agreement or handing over any money.
Protect bank details and person details. Never give personal details to anyone you don’t know or trust.
Never send money abroad, often these are requests received on-line. Even if it says it’s from someone you know it can still be a scam.
Shred any documents containing a home address before putting them in the bin or recycling.
Delete any unsolicited texts from your phone. Protect your phone by never replying.
Protect computers by always keeping the anti-virus and security programmes up-to-date and make sure you are using secure pages on sites which begin with ‘https’ in the address bar, rather than just http.
If you think you or someone you know has been the victim of a scam, then speak to your bank immediately and report any fraud to your local government authority.
As we continue to see opportunities in the mass move to remote work, cyberattackers are updating their tactics, compelling cybersecurity security leaders to respond. Experts make their predictions about threat reduction, compliance, supply chain management, security spending and more.
Some Top Cyber Security Trends To Look Out For in 2022
As global economies look to exit the pandemic chaos, there is a cloud of uncertainty around navigating the new normal. While enterprises tout their efforts to accelerate digital transformation efforts, for security leaders in business there is a dark side to the rapid deployment of new technology.
Remote work, virtual meetings, hybrid cloud networks, and SaaS adoption have all brought about complex IT infrastructures that are opening up new threat avenues. Meanwhile, CSOs also must help ensure their organizations are in compliance with new regulations.
The recent onslaught of attacks, network vulnerabilities, and new compliance regimes means CSOs have their work cut out for them as they enter 2022. CSO has collected insights from analyst firms and industry experts to arrive at a list of top cybersecurity predictions for the year.
1. Companies to prioritize supply chain resiliency, responsible sourcing
Threat actors are progressively targeting smaller vendors and suppliers, making supply chain, or third-party, breaches almost inevitable. There have been a growing number of reports of third-party incidents plaguing firms. “60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements,” according to a Gartner prediction report. Before onboarding new suppliers or renewing contracts, companies will demand agreement on policies stipulating that their vendors will assume the risk of third-party attacks, paying for costs of remediation, the report suggests.
2. Privacy legislation will accelerate globally
As data residency continues to be one of the most important components of security, modern privacy laws could be expected to cover the personal information of 75% of the worldwide population, according to the Gartner prediction report. “The sheer scope of laws like GDPR, LGPD [Brazil’s general data protection law), and CCPA [the California Consumer Privacy Act] suggests that compliance officers will be managing multiple data protection legislation in various jurisdictions, and customers will want to know what kind of data is being collected and how it’s being used,” said the Gartner prediction report. According to Ben Smith, field CTO at network security company Netwitness, the flexibility of an organization’s IT architecture will become even more important as new privacy regulations are passed and enforced. “Regardless of your corporate size, if you are charged with securing your global organization, be thinking about your own architecture and where the data is collected, where it lives, and where it is handled,” Smith says.
cybersecurity
3. Hiring of resident compliance officers will pick up
As organizations face new regulations, there will be a demand for resident compliance officers to help navigate through the complex and evolving dictates. “Compliance officers will certainly rise on the recruiters’ agenda as regulatory bodies mandate there be a ‘single throat to choke,'” says Liz Miller, an analyst from Constellation Research. “Although, that’s exactly the opposite of what we need. What we do need are skilled tacticians and strategies, which can be trusted voices and leaders within (and across) an organization, capable of translating the complexity of new (and constantly shifting) global regulations into real business value for everyone from the CEO to the mailroom.”
4. Bossware will affect employee engagement and insider threats
With a major chunk of the global workforce forced to work from home by the pandemic, there is an upsurge in the usage of software that allows supervisors to monitor employees at all times. This has upset the remote working ecosystem to some extent, escalating employee distress. “Tattleware (also bossware) will degrade employee experience by 5% and increase insider threats in 2022,” according to a security prediction report by Forrester. “Employee backlash will grow as firms overreach, leading to an appreciable drop in technology satisfaction and employee engagement.” This, according to the report, may also lead to CISOs overcorrecting by reducing the scope of insider threat programs, thereby increasing risks.
5. Security products, supplier management will be consolidated
With major business processes moving to complex cloud environments, there will be a push on the part of enterprises to streamline management of security product suppliers. According to the Gartner prediction report, enterprises will look to adopt cloud delivered secure web gateways (SWGs), cloud access security brokers (CASBs), zero trust network access (ZTNA), and firewall as a service (FaaS) capabilities from the same vendor.
Vendors themselves will consolidate features formerly found in separate applications. “The growing complexity of cloud, cloud-native and devops environments will also lead to consolidation of functionality, with vendors tackling use cases from IT observability for security to cloud security posture management (CSPM), cloud workload protection, cloud asset attack surface management, and more,” says Scott Crawford, research director for information security at 451 Research.
6. Spending on threat detection and response to grow
As significant malware campaigns — including ransomware, spearphishing, and sideloading attacks — proliferated in 2021, CISOs started focusing on getting ahead of cyberattackers in order to protect their businesses. “In 2022, we expect the many high-profile and far-reaching attacks in 2021 to drive further spending in threat detection and response — the area most frequently reported by respondents to our 451 Research Voice of the Enterprise: Information Security surveys, where they either have deployments in pilot/POC or plan to deploy in the next 6-24 months,” says 451’s Crawford.
7. Cyberinsurance premiums will increase
Cyber insurance will be more expensive, with premiums shooting up, in the wake of recent high-profile cyberattacks. “Cyberinsurances are much more expensive these days as costs surge, and are most likely to continue soaring,” says Constellation’s Miller.
While they do provide security coverage and have become a ‘must-have’ for organizations, they have also alerted the attackers to asking for even more ransom in the attacks, knowing it’s all covered.” Insurers, hurting from the losses assumed from old policies, are increasing prices by 25%-27% on average, she noted.
8. Use of CDT (customer data tokens) and BAT (basic attention tokens) to rise
Several experts have been predicting the launch of blockchain-enabled tokens as compensation to security-conscious customers for gathering and using their data. “In the coming few years, 25% of the Fortune Global 500 will employ blockchain-enabled CDT and BAT to compensate their customers,” according to a report by IDC.
Ransomware is one of the most common types of cyberattacks. With how vastly the internet has become embedded in our day-to-day lives, cyberattacks such as ransomware can cause costly disruptions.
According to the Harvard Business Review, the amount of money paid to ransomware hackers increased by 300% from 2020 to 2021. This is after ransomware attacks rose 500% from 2019 to 2020. But by learning more about ransomware, you can help protect yourself from becoming a victim.
ransomware
What is Ransomware?
Ransomware is a particular type of cyberattack used by hackers to extort a “ransom” from their victims. Malicious software is used to infect your computer and restrict access to your files and networks.
The cyberthief then demands a certain amount of money for you to regain access to your data. However, as you are dealing with cybercriminals, there are no guarantees that the hackers will restore access once you have paid the amount.
Over time, ransomware attacks have grown to become more complex and dangerous.
How Does Ransomware Work?
Hackers use malware in the form of an email, a clickable link, an online advertisement or a website to lure victims in. Once your computer has become infected with the malware, your data is encrypted, and you cannot gain access to it.
The severity of the attack depends on the kind of malware that has infected your computer. It can range from anywhere between a few files and folders, the computer itself becoming encrypted, to external drives and networked computers.
In most cases, the victim is unaware that their computer is infected unless they try to access the restricted files; or get a prompt demanding ransom.
Where to Report Ransomware?
Ransomware is a serious crime with strict laws in place to punish perpetrators. If you are a victim of a ransomware attack, you must report the incident immediately to ensure timely action. You can report such incidents through:
Once you have contacted one of the departments mentioned above, the appropriate authorities can help you deal with your case, retrieve your data and attempt to apprehend the criminals.
Can I Protect Myself from Ransomware?
Ransomware can result in breaches of confidential information, loss of data, disruption of work and financial loss due to damages. A few simple tips can help you stay safe from such malicious software and cyberattacks. You may also have a little browse through our cybersecurity academy, which is home to a large number of Cyber Security Guides
These include:
Keeping all applications, software, and operating systems up to date
Downloading and browsing content only on trusted sites
Downloading anti-virus and anti-malware software, running regular scans and keeping them up to date
Not opening emails or clicking on links sent through dubious unknown accounts
Regularly creating and securing backups of all your data
Having a robust continuity and contingency plan for your business in case of such attacks
Ransomware is, unfortunately, a common type of cyberattack. Hackers use different methods to infect your computer with malicious software that can encrypt your data and restrict your access to it.
Although new cybersecurity tools and anti-malware software provide some security against such attacks, it is always better to be careful on the internet to help avoid becoming a victim of ransomware.
Why not have a browse through our cybersecurity academy which has a large number of resources in helping you to up your game in the cybersecurity world.
Microsoft has taken another step toward making life considerably easier for enterprise admins seeking to secure fleets of remote iOS devices at the endpoint.
Microsoft Endpoint protection without the user friction
The MDE preview includes a new capability to install Defender for Endpoint remotely and automatically on any devices enrolled in the service. The company first announced its intention to deliver the feature last month.
In practice, this seems relatively friction-free.
Once configured, the app will be installed on iPhones and iPads without requiring any user interaction. The devices are then added to the Microsoft Defender Security console and the user is informed that the installation has taken place.
With MDE installed, the device will gain all the anti-phishing, jailbreak detection, and vulnerability assessment tools offered by the service. These include unsafe connection blocking, which is invaluable for remote workers who may unknowingly use insecure networks.
This information is also made available to security teams who can monitor threats across all active endpoints via the console. These teams will receive an alert about any security events — for example, if a device has been jailbroken. And if Conditional Access is in place, the device will be blocked from accessing corporate data once it exceeds the acceptable risk score.
What this means is those security professionals attempting to protect existing teams or onboarding new recruits can put MDE protection in place without requiring user interaction. It’s an approach that allows users to focus on their job, rather than needing to negotiate a complicated installation process.
“This eases the deployment frictions and significantly reduces the time needed to deploy the app across all devices as Microsoft Defender for Endpoint gets silently activated on targeted devices and starts protecting your iOS estate,” Microsoft’s Sunayana Singh wrote in a blog post.
Defender for Endpoint on iOS protects iOS devices (iPads and iPhones) running iOS 12.0 and later. To install MDE, admins must open up the Microsoft Endpoint Admin Center and open Devices>Configuration Profiles>Create Profile where they choose the platform (iOS/iPadOS), set up a VPN connection, and install the code. More information on deployment is available here.
Microsoft has been moving fast to support Apple fleets.
It first introduced iOS support for Defender for Endpoint in December 2020 and gave enterprise IT remote endpoint device security alerts a few months later.
The company isn’t entirely motivated by the need to support the rapidly growing number of Apple devices in use across the enterprise, though this will clearly be part of the mission.
It reflects Microsoft’s much wider strategy to expand its services — including security — across all active platforms. Defender for Endpoint also supports Linux, Android, and Windows 10 on Arm devices. (While the company appears sadly reluctant to license Windows to Arm-powered Macs, it continues to optimize its services for the platform and has updated MDE for Apple Silicon.)
A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Foreign Ministry of Affairs (MID) with New Year lures to compromise Windows systems with malware.
North Korean Hackers Start New Year with Attacks on Russian Foreign Ministry
“This activity cluster demonstrates the patient and persistent nature of advanced actors in waging multi-phased campaigns against perceived high-value networks,” researchers from Lumen Technologies’ Black Lotus Labs said in an analysis shared with The Hacker News.
The Konni group’s tactics, techniques, and procedures (TTPs) are known to overlap with threat actors belonging to the broader Kimsuky umbrella, which is also tracked by the cybersecurity community under the monikers Velvet Chollima, ITG16, Black Banshee, and Thallium.
The most recent attacks involved the actor gaining access to the target networks through stolen credentials, exploiting the foothold to load malware for intelligence gathering purposes, with early signs of the activity documented by MalwareBytes as far back as July 2021.
Subsequent iterations of the phishing campaign are believed to have unfolded in three waves — the first commencing on October 19, 2021 to harvest credentials from MID personnel, followed by leveraging COVID-19 themed lures in November to install a rogue version of the Russian-mandated vaccination registration software that served as a loader for additional payloads.
Figure 1
“The timing of this activity closely aligned with the passage of Russian Vaccine Passport laws that mandated Russians had to receive a QR code from the government to prove vaccination in order to access public places such as restaurants and bars,” the researchers noted.
The third attack, also corroborated by Cluster25 earlier this week, began on December 20, 2021, using New Year’s Eve festivities as a spear-phishing theme to trigger a multi-stage infection chain that culminated in the installation of a remote access trojan named Konni RAT.
Specifically, the intrusions transpired by first compromising the email account belonging to a staff member of the MID, from which emails were sent to at least two other MID entities, including the Russian Embassy in Indonesia and Sergey Alexeyevich Ryabkov, a deputy minister overseeing non-proliferation and arms control.
The email missives seemingly propagated a “Happy New Year’s” message, only to contain a trojanized screensaver attachment that’s designed to retrieve and run next-stage executables from a remote server. The final stage of the attack is the deployment of the Konni RAT trojan, which conducts reconnaissance of the infected machine and exfiltrates the collected information back to the server.
“While this particular campaign was highly targeted, it is vital for defenders to understand the evolving capabilities of advanced actors to achieve infection of coveted targets,” the researcher said, urging organizations to watch out for phishing emails and use multi-factor authentication to secure accounts.
Vodafone apologised for what it believes is a one-off “technical glitch”
A customer has alerted Vodafone to a privacy breach after she was sent the personal details of 18 other customers.
On Vodafone’s Facebook page on Tuesday night, the customer said she had received “hundreds” of other people’s accounts and bills along with her own monthly bill.
Vodafone spokesman Sam Sinnott confirmed the telco had sent a PDF containing the name, address and phone numbers for 18 customer accounts to the woman along with her e-bill. The company believed it was a one-off breach.
“There was no credit card or banking information involved in this incident, nor was there any information related to a customer’s calling or usage history,” Sinnott said in a statement on Thursday.
Vodafone had been in touch with the 18 account holders whose details were sent to the customer.
“Our investigations to date into the bill run in question indicates this issue was an isolated technical glitch, however, we will continue to work with our billing delivery partner to understand the root cause,” he said.
“Our privacy, technical and billing teams are continuing to review the incident with urgency, and we will take all appropriate steps as needed to reassure customers and prevent any reoccurrence.”
Google Chrome users need to be on high alert. After a record breaking number of attacks last year, Google has already issued the first serious new upgrade warning of 2022 to all the browser’s two billion users.
Google Issues Warning For 2 Billion Chrome Users
Google confirmed the news in a new blog post, where it revealed an eye-opening 37 security vulnerabilities have been discovered. Google has classified 10 of these vulnerabilities as posing a ‘High’ threat level with a further hack ranked as critically dangerous. Linux, macOS and Windows users are all affected and need to take immediate action.
Google is currently restricting information about all the new attacks to buy Chrome users time, but it has revealed the areas that these top threats are targeting:
Critical – CVE-2022-0096: Use after free in Storage. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-11-30
High – CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-08-17
High – CVE-2022-0098: Use after free in Screen Capture. Reported by @ginggilBesel on 2021-11-24
High – CVE-2022-0099: Use after free in Sign-in. Reported by Rox on 2021-09-01
High – CVE-2022-0100: Heap buffer overflow in Media streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-08-10
High – CVE-2022-0101: Heap buffer overflow in Bookmarks. Reported by raven (@raid_akame) on 2021-09-14
High – CVE-2022-0102: Type Confusion in V8 . Reported by Brendon Tiszka on 2021-10-14
High – CVE-2022-0103: Use after free in SwiftShader. Reported by Abraruddin Khan and Omair on 2021-11-21
High – CVE-2022-0104: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-25
High – CVE-2022-0105: Use after free in PDF. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28
High – CVE-2022-0106: Use after free in Autofill. Reported by Khalil Zhani on 2021-12-10
Goole Chrome
It may be a new year, but these threats follow a familiar pattern. ‘Use-After-Free’ (UAF) exploits have been the favored route of attack on Chrome for several months now and make up the majority of exploits once again. There have now been almost 50 UAF vulnerabilities found in Chrome since September. UAF vulnerabilities are memory exploits created when a program fails to clear the pointer to the memory after it is freed.
Heap buffer overflow flaws also remain a popular route of attack. Also referred to as ‘Heap Smashing’, memory on the heap is dynamically allocated and typically contains program data. With an overflow, critical data structures can be overwritten which makes it an ideal target for hackers.
What You Need To Do
In response to these threats, Google has released Chrome 97, a major new version of Chrome, to all users. Google warns that this release (exact version number 97.0.4692.71) “will roll out over the coming days/weeks”. This means you may not be able to protect yourself immediately.
Am I Protected ?
To check if you are protected, navigate to Settings > Help > About Google Chrome. If your Chrome browser is listed as 97.0.4692.71 or higher, you are safe. If the update is not yet available for your browser, it is important that you check regularly for the new version. And remember, it is critical that you restart your browser after you have updated because you are not protected until this is done. Something many users forget.
Browser hacks broke records in 2021 and I fully expect them to be smashed again in 2022. So start the new year with a good deed and make checking your browser version the very next thing you do. Do it now.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of the cookies. Cookie & Privacy Policy
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
