Últimas notícias

Fique informado

New Report Explains COVID-19’s Impact on Cybersecurity

17 de setembro de 2020

Spotlight

Doc9 lança Guia Prático de Prompts para ChatGPT no Jurídico: Como Maximizar a Eficiência com a Inteligência Artificial

Para obter os melhores resultados com o ChatGPT no contexto jurídico, siga as dicas importantes do Guia Prático de Prompts da doc9.

28 de maio de 2024

Governo Federal apoia Rio Grande do Sul na emissão 2ª via da Carteira de Identidade Nacional

O mutirão coordenado pelo Governo do RS começou nos abrigos de Porto Alegre. Expedição da segunda via será imediata

20 de maio de 2024

Safe handling of digital identities: 5 key questions.

During the coronavirus crisis, the subject of digital identities has come to the forefront

21 de julho de 2020

Maximum SSL/TLS Certificate Validity is Now One Year. By Patrick Nohe

Starting on September 1st, SSL/TLS certificates cannot be issued for longer than 13 months (397 days). This change was first announced by Apple, at the CA/Browser Forum Spring Face-to-Face event in Bratislava back in March.

1 de julho de 2020

Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks

Of course, malicious emails would contain subjects relating to Covid-19, and malicious downloads would be Covid-19 related. This is how cybercriminals operate. Any opportunity to maximize effectiveness, no matter how contemptible, is taken.

While many have anecdotally suggested ways in which Covid-19 related cyberattacks would unfold, we have little data supporting the actual impact of Covid-19 on cybersecurity. Several have reported that the number of malicious emails with the subject related to Covid-19 has grown several hundred percent and that the majority of Covid-19 related emails are now malicious.

Beyond the anticipated increase in Covid-19 related malicious emails, videos, and an array of downloadable files, which we all anticipated, what else is going on behind the scenes?

Interestingly, cybersecurity company Cynet has just released a report (download here) detailing changes in cyberattacks they’ve observed across North America and Europe since the beginning of the Covid-19 pandemic. The report shares several interesting data points and findings, such as the cyberattack volume change observed in various industry sectors, the increased use of spear-phishing as an initial attack vector, and the approaches being used to distribute malware in spear-phishing attacks.

The two more interesting findings follow.

Fighting Fire with Fire

Cynet found that cybercriminals are not just “sort of” leveraging the Covid-19 pandemic, they’re going all in. Cybercriminals are pulling out their entire arsenal of new attack methods to ensure attack success best. This is like a sports team using all the new plays they’ve developed in one game rather than spreading them out across the season.

The report states that the percentage of attacks using new techniques has historically been around 20%. That is, 80% of attacks have used well-known techniques that are easily identified, assuming companies have updated preventative measures in place.

Since the Covid-19 pandemic, Cynet found that new attacks jumped to roughly 35% of all attacks. New attack techniques cannot be sufficiently detected by antivirus software alone and can only be effectively discovered using newer behavioral detection mechanisms. That is, the new detection approaches must be used to detect the new attack techniques being deployed.

Overburdened Security Staffs

Another interesting observation in the Cynet report is a huge spike in clients requesting expert assistance from their detection and response team (which Cynet calls CyOps). Client engagements increased a whopping 250% during the pandemic.

Beyond using advanced detection and response mechanisms, deep cybersecurity skills are required to detect and mitigate the sharp rise in the new attack techniques deployed during the Covid-19 pandemic.

The Cure?

Unfortunately, many companies do not yet have advanced detection and response technologies, such as Extended Detection and Response (XDR), or ongoing access to a 24×7 managed detection and response (MDR) team. When cyberattacks using new techniques spike as they are during this pandemic (or could do at any time), companies without these advanced protections are at higher risk.

We strongly recommend investigating both XDR and MDR solutions as a way to futureproof and immunize your cybersecurity stack.

And regardless of the security stack you have deployed, be wary of new malware attacks. Use threat hunting techniques to scour your systems to ensure new malware has not slipped through the cracks. The uptick in new malware means prevention and detection become trickier, and continuous threat hunting must become the norm.

Download the report here.

Source: The Hackers News

Bluetooth Flaw Could Let Hackers Attack You Wirelessly From 800 Feet Away

North Korea-Linked Hackers Are Now Spreading Their Own Ransomware

The Future of Privacy – Why Using and Protecting Personal Data Is a Vital Business Imperative