Articles of interest from the week of September 20, 2021

Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. "With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today," Microsoft 365 Defender Threat Intelligence Team said in a Tuesday report. (By Ravie Lakshmanan, The Hacker News) Ingalls: Business Email Compromise (BEC) constitutes 37% of ALL losses last year. Since "spoofing" is likely a subgroup of BEC, the total loss number is close to $2.1 billion! Email-based threats, like BEC attacks, are becoming a bigger problem for businesses. Ingalls has the ability to investigate Cloud-based BEC breaches as well as deploy tools into any on-premises environments to check for lateral movement by attackers who have access to Single Sign-On (SSO) credentials such as those managed by Microsoft Active Directory and Azure Active Directory. We are able to assist in remediation of any BEC breaches by analyzing email accounts, determining what actions attackers took (such as creation of forward and delete rules for inboxes, etc.), and purging email accounts of spear-phishing emails as well as unauthorized changes.

Ransomware Now Accounts for 69% of All Attacks That Use Malware

Ransomware attacks have hit "stratospheric" levels, according to a report released Wednesday by a cybersecurity firm. In the second quarter of 2021, ransomware accounted for 69% of all attacks involving malware, a 30% jump from the same quarter in 2020. The most popular targets for ransomware were governmental, medical, and industrial companies along with scientific and educational institutions. (By Lance Whitney, TechRepublic) Ingalls: One of the most telling statistics from the Verizon Data Breach Investigations Report (DBIR) is that Ransomware remains a serious threat to all industries and accounts for nearly a quarter of all malware-based attacks.  Ransomware has become so widespread and commonplace that a normal attack garners neither the shock of security professionals nor the attention of the media. Are You Prepared To Defend Against Ransomware?

New macOS Zero-Day Bug Lets Attackers Run Commands Remotely

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run commands on Macs running any macOS version up to the latest release, Big Sur. Zero-days are publicly disclosed flaws that haven't been patched by the vendor which, in some cases, are also actively exploited by attackers or have publicly available proof-of-concept exploits. (By Sergiu Gatlan, Bleeping Computer) Ingalls: Our MDR (Managed Detection and Response) services offer layered cybersecurity controls for effective risk management and rapid response. It was designed to be a method of proactive prevention against security threats to your environment, especially zero-day threats, making it one of the industry's leading cybersecurity tools. MDR is critical when it comes to staying ahead of all kinds of threats, detecting and stopping them before they become breaches.

DDoS Attacks Increased 11% in 1H 2021, Fueling a Global Security Crisis

In the first half of 2021, cybercriminals launched approximately 5.4 million Distributed Denial of Services (DDoS) attacks, increasing 11% over 1H 2020 figures. Additionally, data projections point to 2021 as another record-setting year on track to surpass 11 million global DDoS attacks. This long tail of attacker innovation is expected to last, fueling a growing cybersecurity crisis that will continue to impact public and private organizations. (By Help Net Security) Ingalls: We understand the DDoS threat. Since 2010, we’ve been in war rooms and boardrooms, investigating computer networks targeted and attacked by criminals and nation-state-sponsored hackers. This experience gives us a powerful edge in preventing and responding to cyberattacks. Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more, please contact us.

CISA, FBI, and NSA Release Conti Ransomware Advisory to Help Organizations Reduce Risk of Attack

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory today regarding increased Conti ransomware cyberattacks. The advisory includes technical details on the threat and mitigation steps that public and private sector organizations can take to reduce their risk to this ransomware. (By National Security Agency (NSA)) Ingalls: There is a critical need for businesses to take a proactive approach to cybersecurity in order to be positioned for early detection and fast response. One question businesses often ask is, should we pay the ransom? In one respect, paying a ransom can be seen as a cost-benefit decision. Broadly speaking, it’s better to not pay and so if you can, you should avoid doing so, but often this is not a viable option. So what are some of the considerations, when thinking through the Ransomware payment question?