The SURF Security Lifeguard Report
Episode 5
Keeping you afloat in dangerous times
Welcome to the latest edition of the SURF Security Lifeguard Report, our roundup of the top cybersecurity stories from the past week. We bring you the latest news to keep your cyber-strategy on the right track. And sprinkle in some extra facts about SURF Security you may not know.
Malware attacks surge 30% annually in 1H 2024
Malware-based threats increased 30% annually in the first half of 2024, according to a new report. That included a 92% year-on-year increase in May alone. Ransomware attacks increased by double digits in North America (15%) and Latin America (51%) during the period.
SURF' Enterprise Zero-Trust browser & extension scan for and block malicious content including downloads.
Less than half of European firms have AI controls in place
European organisations are failing to mitigate the potential risks posed by use of AI technology in the enterprise. Sapio Research found that 93% are aware of risks such as data security (43%), lack of accountability and transparency (29%) and “skills gaps for safe and effective use” (29%). But less than half (48%) have restrictions on what type of data can be entered into AI models and tools at work. Failure to do so could lead to data leakage and increase compliance risk.
SURF can prevent cut-and-paste risks in generative AI, and block downloads of specific AI tools.
Phishing and credential theft most common data breach attack vectors
Phishing (15%) and stolen or compromised credentials (16%) were the two most common vectors for data breaches, according to a new report from IBM. It revealed the average cost of a data breach grew annually to $4.9m last year. But incidents stemming from stolen and compromised credentials took the longest to identify and contain,?taking an average of 292 days.
领英推荐
SURF enforces multi-factor authentication (MFA) and offers multiple anti-phishing capabilities based on a web reputation and whitelisting approach.
ICO prepares £6m fine for NHS supplier after major 2022 breach
The UK’s data protection regulator has signalled its intention to fine an NHS IT supplier over £6m for serious security failings that led to a major ransomware breach in 2022. The Information Commissioner’s Office (ICO) said: “despite already installing measures on its corporate systems, our provisional finding is that Advanced failed to keep its healthcare systems secure.” The LockBit ransomware group is believed to have accessed the firm’s systems after it was able to establish an RDP session by using legitimate credentials. Advanced is reported not to have had MFA enabled. The incident caused major service disruption and the theft of data on 83,000 people.
SURF can protect against ransomeware by enforcing multi-factor authentication (MFA), preventing social engineering, and BONUS fact: SURF costs less than £6m.
OneDrive users targeted in sophisticated phishing campaign
Security researchers have discovered a sophisticated phishing campaign targeting Microsoft OneDrive users. Threat actors combined technical jargon and an urgent error message in their social engineering campaign—tricking recipients into opening a malicious email attachment and executing a malicious PowerShell script, compromising their systems.
SURF offers multi-layered anti-phishing and anti-malware capabilities. Suspect files can be executed in a sandbox for isolation.
Threat actor StormBamboo attacks ISP customers with DNS poisoning
Security researchers have uncovered a sophisticated supply chain attack which started with the compromise of an unnamed ISP. The China-aligned StormBamboo group used its ISP access to launch DNS poisoning attacks against certain customers. Specifically, it targeted insecure update mechanisms for certain applications run by these organisations, redirecting the traffic to a command-and-control server under its control, which then downloaded malware to the victim.
SURF blocks access to suspect domains like those hosting malicious C&C servers.
?