This week’s Cyber Security Headlines – Week in Review, Sep 13-17, 2021, is hosted by Rich Stroffolino with our guest, Geoff Belknap, CISO, LinkedIn
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion.
Ransomware accounts for a quarter of cyber insurance claims
This comes from a new study from the insurance giant Marsh, and looked at all cyber insurance claims from 2016 to 2020. Over that whole period ransomware accounted for 25% of claims, but in 2020, this percentage rose to 32%. The cyber insurance market is booming, estimated to be worth $20 billion by 2025. The thing that drives firms to insurance is often fear of ransomware, but ransomware is also a major factor driving up costs for insurers. A recent study by the cyber insurer Coalition found that this rise in costs is due to firms consistently choosing to pay ransoms and cover recovery costs through insurance, while also deferring security upgrade costs.
Hackers steal data from United Nations
Bloomberg reports that the unidentified people behind the theft appear to have gained access simply by using login credentials stolen from a UN employee. Entry was gained by logging in to the employee’s Umoja account. Umoja is the ERP system implemented by the UN in 2015. It has been theorized that the username and password used in the cyber-attack were purchased from a website on the dark web. Researchers found that the UN’s systems were first accessed by hackers on April 5, 2021, and that network intrusions continued to take place until August 7.
91% of IT teams have felt ‘forced’ to trade security for business operations
According to a study released on Thursday by HP Wolf Security, the teams felt pressured to compromise security due to the need for business continuity during the pandemic, especially in regard to employees who work from home. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a “ticking time bomb” for corporate security incidents. It also appears there are general feelings of apathy and frustration when it comes to managing cybersecurity in a remote workplace, and that younger workers in particular are more likely to circumvent existing security controls in order to manage their workloads, with 48% of this group saying that security tools, such as website restrictions or VPN requirements, are a hindrance — and 31% have at least attempted to bypass them.
SSID Stripping is a new take on spoofing
Researchers at AirEye disclosed the newly discovered vulnerability, which impacts devices running Windows, macOS, Ubuntu, Android and iOS. The researchers showed how malicious actors could alter SSIDs to make them appear to be legitimate networks. One approach used a NULL byte in the name, which would show only the name of the network before that byte on Apple devices. Similar approaches with non-printable characters also served to erroneously display SSIDs. While most operating systems have protections against spoofed SSIDs, SSID Stripping can cause the networks to be displayed as legitimate, prompting users to manually connect. AirEye released a free assessment tool to determine vulnerability of corporate networks to the attacks.
Thanks to our episode sponsor, Sonrai
Industrial control systems hammered by cyber attacks
According to new data from Kaspersky, 33.8% of industrial control systems (or ICS) that it monitored were targeted by a cyber attack in the first half of 2021. Internet-based threats were the leading vector with 18.2% of attempts, with removable media accounting for 5.2% followed by email attachments with 3%. The one encouraging sign, unlike attacks on IoT systems, which saw a doubling of attacks in the first half of 2021, ICS attacks only increased 0.4% from the last half of 2020. Still the number of unpatched or unsecured systems exposed to the public-facing internet is troubling, with the number of ICS vulnerabilities reported up 41% in the first half of the year.