Cyber News of the Week

Welcome to this week's Cyber News Weekly Update! As technology continues to advance, so do the risks associated with it. Every week, we gather the latest news and insights on cyber threats, data breaches, and other essential topics in the world of cyber security.

• As per the findings from Proofpoint , threat actors in 2022 demonstrated a continuous evolution of tactics to overcome user defenses, employing #MultiFactorAuthentication (#MFA ) bypass kits, resulting in the proliferation of millions of #Phishing messages. While pre-packaged toolkits have long facilitated phishing activities for cyber criminals, the emergence of specialised MFA bypassing tools such as EvilProxy, Evilginx2, and NakedPages was notable in 2022. In addition, Proofpoint's The Human Factor Report highlighted a rise in telephone-oriented attack delivery (TOAD) threats, reaching a peak of over 13 million instances per month during the same year.

Despite being considered an effective method for enhancing system, program, and network security, it is alarming to discover that even Multi-Factor Authentication (MFA) can be bypassed. Cyber criminals continually strive to find loopholes in our defences, and unfortunately, they often succeed. Our recommendation at Infosec K2K would be to implement a robust #CyberSecurityStrategy within your organisation, which includes comprehensive scanning of your IT landscape to minimise the risk of attacks. Consider setting up a #SecurityOperationsCentre (#SOC ) for continuous monitoring to ensure round-the-clock protection.

Discover other findings from the report on Infosecurity Magazine : https://www.infosecurity-magazine.com/news/mfa-bypass-account-million-monthly/

• A survey commissioned by CyberSmart and conducted by Censuswide found that 47% of senior leaders at small and medium-sized enterprises (#SMEs ) in the UK believe that the #CostOfLivingCrisis has heightened their vulnerability to #CyberAttacks . According to the report, the primary factor contributing to the surge in cyber threats was perceived to be disgruntled employees, with 38% of respondents attributing it to malicious #InsiderThreats . Additionally, 35% of participants highlighted overworked and distracted employees making mistakes as the second most significant reason.

Unsurprisingly, the cost of living crisis has impacted organisations' ability to maintain a robust level of cyber security protection. Tight budgets and re-evaluated priorities make it easy for oversights to occur, resulting in significant vulnerabilities. To ensure adequate protection for your organisation, it is crucial, as emphasised in this report, that employees possess #CyberSecurityAwareness and take responsibility for their actions. Investing in #CyberSecurityTraining becomes essential to educate your workforce and prevent cyber criminals from exploiting our inadvertent mistakes.

Learn more about what was uncovered in the research on DIGIT.FYI : https://www.digit.fyi/cost-of-living-crisis-leading-to-increased-cyber-security-risks/

• During the pandemic, numerous digital initiatives within organisations led to a significant increase in both human and non-human identities. However, the investments made in cyber security to protect these initiatives have struggled to keep pace. According to research from The CyberArk 2023 Identity Security Threat Landscape Report, every organization in the UK (100%) anticipates facing a security compromise related to identity in 2023. A majority of them (61%) believe this will occur as a consequence of #DigitalTransformation initiatives like cloud adoption or legacy application migration. UK firms are bracing for a 3.4x growth in human and machine #Identities , many of which have sensitive access, throughout 2023.

In today's ever-evolving technology landscape, the rise of attacks targeting digital identities necessitates robust protection measures. At Infosec K2K , we specialise in #IdentityAndAccessManagement (#IAM ), ensuring that you are well-prepared to defend against such threats. With our expertise, we comprehensively manage, monitor, and secure access activity, allowing only authorised individuals to gain entry while keeping unauthorised ones at bay. Our industry-leading Identity & Access Management solutions from CyberArk , Cyolo , and TrustBuilder not only facilitate digital transformation but also play a vital role in ensuring regulatory compliance, scalability, and efficiency enhancement. Rest assured, with us, your security needs are in capable hands.

Learn more about the impact that identity-related incidents are having on organisations in the UK on Digitalisation World : https://digitalisationworld.com/news/65649/economic-squeeze-and-rise-of-ai-increase-identity-centric-cybersecurity-risk

• The commerce sector in Asia-Pacific (#APAC ) experienced a staggering surge of cyber attacks last year, with over 1.15 billion incidents targeting retailers, hotels, and travel-related organisations. These figures highlight the #SecurityRisks associated with the expanding digitisation efforts in the region. As revealed in Akamai Technologies 's Entering Through The Gift Shop: Attacks on Commerce Report, retailers in India and China faced the highest number of attacks, which can be attributed to the popularity of loyalty and rewards programs, as well as the proliferation of shopping festivals, which provided cyber criminals with ample opportunities to exploit. Globally, the retail industry remains the primary target within the commerce sector, accounting for 62% of all attacks.

The findings of this study underscore the critical need for the commerce sector to comprehend the consequences of inadequate protection against cyber attacks. It emphasises the significance of investing resources, including time, effort, and financial resources, into establishing a robust cyber security strategy. If your internal IT teams are overwhelmed, it may be prudent to explore the option of outsourcing a team of #CyberSecurityExperts , such as ourselves at Infosec K2K , on a consultative, flexible or more permanent basis. By doing so, you can alleviate the burden in-house and prioritise safeguarding your most valuable assets with ease.

Read more about the current state of the APAC commerce sector ComputerWeekly.com : https://www.computerweekly.com/news/366541739/Cyber-attacks-against-APAC-commerce-sector-surpass-11-billion

• Despite the immediate release of #Log4J patches in 2021, exploit attempts continue to persist in the tens of millions. @Microsoft remains steadfast in its efforts to combat this prevalent phishing method. Security researchers at ESET have put forth a theory that the global exploitation of the critical Log4J #Vulnerability could escalate further as cyber criminals find new avenues to bypass Microsoft's ongoing anti-phishing measures. Ondrej Kubovi? , a Security Awareness Specialist at ESET , shared the latest data on Log4J exploit attempts, revealing a staggering 166 million attacks in 2022, with a subsequent 13% increase projected for 2023.

In the ongoing battle against #CyberCrime , it is crucial to remain proactive in enhancing our defensive measures. Specifically, it is recommended to conduct a thorough review of your systems to identify any usage of Log4J and ensure that the software is promptly updated to address any vulnerabilities. In general, organisations and individuals can protect themselves by regularly updating software across all devices, installing reliable anti-virus software, and raising awareness of the Log4J vulnerability among their workforce. At Infosec K2K , we offer comprehensive #VulnerabilityManagement and #PenetrationTesting solutions to assist in mitigating the risk of attacks.

Read more about the prevalence of the Log4j vulnerability on IT Pro: https://www.itpro.com/security/cyber-attacks/log4j-exploits-may-rise-further-as-microsoft-continues-war-on-phishing

Got questions about this week’s news? We’re here to help! Learn how best to bolster your cyber security defences when you get in touch with our expert team at Infosec K2K.?

Stay updated on all things #CyberSecurityNews when you subscribe to our weekly newsletter by clicking 'Subscribe' at the top of this page!