This summer was a busy one for cybersecurity teams. From ransomware to data breaches and vulnerability exploitation, these incidents continue to alert security leaders on the risks of extended networks and remote workplaces.
As cybercrime evolves, it is our job to learn from the latest attacks in order to make our organizations stronger. This blog covers the five most impactful cybersecurity stories of the summer.
Earlier this year, we learned that zero day exploits are behind half of the biggest vulnerabilities. 67% of them, to be precise.
What is a zero day exploit? It’s the code that attackers use to leverage or exploit a software vulnerability to compromise a system or network.
The surge in zero day attacks is an ongoing concern for security teams, as businesses increasingly run on software, and software is often vulnerable to malicious exploitation of unknown vulnerabilities.
This summer gave us plenty of evidence:
While these headline-grabbing attacks have been put under the microscope, many open-source, enterprise applications, and APIs are targets of zero day attacks every day.
To help you stay ahead, we’ve compiled some resources and a quick guide: Everything to know about zero day attacks and remediation. We also have an on-demand webinar where you can get tips and tactics to reduce the risk of zero days.
IBM released the Cost of a Data Breach Report 2022, revealing that the average total cost of a data breach is $4.35 million. Reaching an all-time high, this figure represents a 2.6% increase from last year, when the average cost of a breach was $4.24 million. The number has climbed 12.7% since the 2020 report.
In critical infrastructures, it rises to $4.82 million —this means organizations in the financial services, industrial, technology, energy, transportation, communication, healthcare, education and public sector industries.
As a recent example from this summer, tech giant T-Mobile has agreed to pay customers US$350 million to settle multiple class-action suits stemming from a data breach disclosed last year, affecting tens of millions of customers.
The company also agreed to spend an extra $150 million on cybersecurity through the end of 2023. It was reported that more than 76 million US residents affected by the breach will be part of the proposed class.
What are the causes of a data breach?
The use of stolen or compromised credentials remains the most common cause of a data breach, as per IBM’s research. Stolen or compromised credentials were the primary attack vector in 19% of breaches in the 2022 study, and also the top attack vector in the 2021 study, having caused 20% of breaches.
66% of organizations surveyed in 2021 were hit by ransomware, up from 37% in 2020, according to the State of Ransomware 2022 report released by Sophos this summer.
Ransom payments are also higher: In 2021, 11% of organizations said they paid ransoms of $1 million or more, up from 4% in 2020. The average ransom paid by organizations that had data encrypted reached $812,360.
The experiences of IT security professionals working at the frontline has revealed an ever more challenging attack environment, coupled by the growing financial and operational burden ransomware places on its victims.
The threat of ransomware is industry-agnostic. In the “Cybersecurity and Financial System Resilience” report published earlier this month, the Federal Reserve Board deemed ransomware attacks, nation-state incursions, and third-party access the top three cybersecurity threats to the U.S. financial industry.
In healthcare, ransomware attacks aren’t just disruptive and expensive, they can put patient safety at serious risk. In a joint alert issued August 11, the Federal Bureau of Investigation and Homeland Security’s Cybersecurity and Infrastructure Security Agency advised about the Zeppelin strain of ransomware, which has been aimed at healthcare organizations.
The alert outlines the tactics, techniques and procedures (TTPs) and incidents of consequence (IOC) of the Zeppelin variant, and outlines recommendations to help hospitals and health systems mitigate its risks.
Attackers gained access to a Cisco employee’s VPN client via their compromised Google account, which was synchronizing credentials saved in the victim’s browser.
“Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account,” wrote Cisco Talos.
The attacker conducted a series of sophisticated voice phishing attacks (vishing) disguised as trusted organizations, in order to convince the victim to accept multi-factor authentication (MFA) push notifications. Once the MFA push was accepted, the attacker gained access to the Cisco VPN and conducted a variety of activities to maintain access, minimize forensic artifacts, and increase their level of access to systems within the environment.
However, the Cisco Talos research team stated they have not identified any evidence suggesting that the bad actor gained access to critical internal systems, such as those related to product development, code signing, etc.
Despite the frequency of social engineering attacks, organizations continue to face challenges mitigating those threats. User training is paramount, including password hygiene, cybersecurity basics, and making sure employees know the legitimate ways that support staff will contact them, in order to avoid giving away sensitive information.
In early August, it was reported that digital communication platform Twilio suffered a data breach after its employees were targeted by a phishing campaign.
The attackers sent SMS messages to Twilio employees asking them to reset their password or alerting them to a change in their schedule. Each message included a link with keywords, like “Twilio,” “SSO” (single sign-on), and “Okta,” the name of the user authentication service used by many companies. The link directed employees to a page that mimicked a real Twilio sign-in page, allowing attackers to collect the information employees inputted there.
It was later revealed that this same campaign has targeted over 130 companies apart from Twilio, including Microsoft, Signal, DoorDash, Best Buy, Twitter, Verizon Wireless, T-Mobile, AT&T, Best Buy, Riot Games, and Epic Games. The campaign, nicknamed “0ktapus” by security researchers, harnessed login credentials belonging to nearly 10,000 individuals by imitating the popular single sign-on service Okta.
This incident reminds us that protecting our networks is a collective responsibility, and by adopting proper cyber-hygiene practices, we are making sure that cybercriminals have fewer entry points into systems, data, and devices.
Read more: 7 Tips to Stay Safe Online
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|