Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Business Safety. Show all posts

Report: macOS Most Vulnerable to Endpoint Attacks Compared to Windows and Linux

 

A new report from Picus Security has unveiled a concerning vulnerability in many IT environments: a high risk of complete takeover through escalated privileges. 

Simulated attacks revealed that while organizations can typically defend against seven out of ten attacks, the persistent threat of sophisticated cybercrime syndicates leaves a substantial margin for error.

Full environment takeovers occur when attackers gain administrator-level access, enabling them to freely navigate and compromise systems. Alarmingly, Picus successfully achieved domain admin access in 40% of the tested environments.

While Linux and Windows demonstrated relatively strong defenses against endpoint attacks, macOS proved significantly more vulnerable, raising concerns about its security posture. Picus CTO Volkan Ertürk emphasized the need for increased focus on securing macOS systems, recommending the use of threat repositories like the Picus Threat Library to identify and address vulnerabilities.

The report also highlighted the prevalence of basic security lapses, with a quarter of companies using easily guessable passwords and a mere 9% effectively preventing data exfiltration. Cybercrime groups like BlackByte, BabLock, and Hive posed the most significant challenges for organizations.

“Like a cascade of falling dominoes that starts with a single push, small gaps in cybersecurity can lead to big breaches,” said Dr. Suleyman Ozarslan, Picus co-founder and VP of Picus Labs.

It's clear that organizations are still experiencing challenges when it comes to threat exposure management and balancing priorities. Small gaps that lead to attackers obtaining domain admin access are not isolated incidents, they are widespread. Last year, the attack on MGM used domain admin privileges and super admin accounts. It stopped slot machines, shut down virtually all systems, and blocked a multi-billion-dollar company from doing business for days,” Ozarslan said.

The High Cost of Neglecting Backups: A Ransomware Wake-Up Call

 


Ransomware attacks are becoming increasingly costly for businesses, with a new study shedding light on just how damaging they can be. According to research from Sophos, a staggering 94% of organisations hit by ransomware in 2023 reported attempts by cybercriminals to compromise their backups. This alarming trend poses a significant threat to businesses, as compromised backups can lead to a doubling of ransom demands and payments compared to incidents where backups remain secure.

The impact is particularly severe for certain sectors, such as state and local government, the media, and the leisure and entertainment industry, where 99% of attacks attempted to compromise backups. Perhaps most concerning is the revelation that overall recovery costs can skyrocket when backups are compromised, with organisations facing recovery costs up to eight times higher than those whose backups remain unaffected.

To mitigate the risk of falling victim to ransomware attacks, businesses are urged to take proactive measures. First and foremost, it's essential to backup data frequently and store backups securely in a separate physical location, such as the cloud, to prevent them from being compromised alongside the main systems. Regularly testing the restoration process is also crucial to ensure backups are functional in the event of an attack.

Furthermore, securing backups with robust encryption and implementing layered defences to prevent unauthorised access is essential for ransomware defence. Vigilance against suspicious activity that could signal attackers attempting to access backups is also recommended.

While it's tempting to believe that your organisation won't be targeted by ransomware, the reality is that it's not a matter of if, but when. Therefore, taking proactive steps to secure backups and prepare for potential attacks is imperative for businesses of all sizes.

For businesses seeking additional guidance on ransomware remediation, you can follow this step-by-step guide in order to navigate the recovery process. This Ransomware Defender solution aims to minimise the impact of data breaches and ensure business continuity by storing backups in a highly secure environment isolated from the main infrastructure.

The threat of ransomware attacks targeting backups is real and growing, with significant implications for businesses' financial, operational, and reputational security. By implementing robust backup strategies and proactive defence measures, organisations can better protect themselves against the rising tide of ransomware attacks.


Cybersecurity Incidents are Rapidly Increasing in UAE

 

The majority of businesses in the United Arab Emirates experienced a cybersecurity issue at some point in the last two years. 

According to Kaspersky data, 87% of UAE businesses have experienced different kinds of cyber attacks over the past two years. However, 25% of those cybersecurity incidents were caused by malicious behaviour on the part of their employees. 

Growing concern about malicious insider threats

Employees engaging in malicious online activities are becoming a serious concern for businesses across all industries, with Kaspersky identifying them as "the most dangerous of all employees who can provoke cyber incidents."

Kaspersky claims a number of factors encourage individuals to engage in illicit activities against their employers, including understanding their firm's IT and cybersecurity infrastructure, access to the company network, and taking advantage of colleagues' knowledge to launch social engineering attacks.

Jake Moore, global security advisor at ESET, concurs that malicious insider threats are "a significant worry" for businesses, but he emphasises that "humans also carry an accidental risk in business situations." 

He further elaborates: "Accidental threats might include employees inadvertently bringing in malware or enabling data leakage, which can often be mitigated with annual and ad hoc training programs for all staff.”

Although UAE-based companies are facing high levels of cybercrime, which includes 66% experiencing data breaches, the problem is not getting any better.

A previous Kaspersky study, published in December 2023, found that 77% of APAC companies lack the tools required to detect cyberattacks. Meanwhile, 87% of businesses have a cybersecurity talent shortage, making it more difficult to halt cyber criminals in their tracks.

Security officials in the UAE have previously struggled to maintain safe remote access to employee and corporate-owned devices, according to Mohammed Al-Moneer, Infoblox's regional senior director for META. He stated that firms are concerned about data leaks and cloud attacks "and do not believe they have a firm handle on the insider threat." 

Merely 15% of participants in the UAE, according to the Infoblox report, feel that their company is equipped to protect its networks against insider attacks. 

Gopan Sivasankaran, general manager of Secureworks' META region, explained that the UAE's thriving digital economy and increased use of data make it an "attractive" target for both hacker groups and hostile states. 

"The insight from the incident response engagements and active attacks on businesses we've worked on in the Middle East over the last year show organisations in the UAE have been victims to large scale wiper attacks as well as nation-state sponsored attacks," he said.

Fortinet: Remote Working has Resulted in Breaches for Two-Thirds of Businesses

 

When the COVID-19 global epidemic hit nearly three years ago, millions of people were compelled to complete their tasks away from their offices and coworkers. Due to this, there has been an unheard-of rise in the number of workers who complete the majority of their work online from any location with internet access—likely at home. Work-from-home (WFH) employees have been a thing for a while, but they have never made up the majority of a company's workforce. 

Organizations, particularly IT departments, had to quickly adapt as the situation changed after the 2020 coronavirus shutdowns and remote workers started to predominate. The phrase "hybrid workforce" became widely used to describe the occurrence after workers dispersed around the globe and subsequently returned to on-site workplaces for a few months, though many did so less frequently than before. 

In its "2023 Work-From-Anywhere Global Survey," Fortinet discovered that most of the 570 organisations polled are still willing to allow employees to work from home or are adopting a hybrid-work strategy for their staff. In the last two to three years, work-from-anywhere (WFA) employee vulnerabilities have been cited as a possible cause of data breaches by nearly two-thirds (62%) of the firms. 

According to Peter Newton, senior director of product and solutions at Fortinet, the report clearly calls out the personal use of office PCs, home network users, and other users as the main worries by the organisations. 

"That highlights the fact that vulnerabilities associated with home networks, personal applications, and personal devices all act as back-door into companies' networks, applications, and data, highlighting the need for continued security awareness training for employees as well as technologies like SASE, SD-WAN, on-prem security appliances, and [zero-trust network access]," he said in an interview with SDxCentral. 

The survey found that different businesses use very different security measures for protecting remote workers. Newton asserts that individuals who have suffered a breach associated with WFA are more inclined to invest in both conventional technologies, such as laptop antivirus and VPN, as well as cutting-edge techniques, such as SASE, SD-WAN, and zero-trust network access (ZTNA). 

94% of respondents intend to increase their security budget to account for WFA policies, with more than a third (37%) anticipating an increase of 10% or more, the report reads. 

“We see the organizations are still in their early stage when it comes to WFA strategy and solutions. Some just started and some ventured further along. Regardless, there is no one-size-fits-all solution, and securing WFA needs a layered-defense and a combination of solutions that work together,” Newton added.