A Russian government website appears to have been hacked over the weekend, causing an Internet search for the site to lead to a "Glory to Ukraine" sign in Ukrainian.

Russia's Ministry of Construction, Housing and Utilities website was targeted after many of the countrys state-owned companies and news organisations suffered hacking attempts since the Russian governments invasion of Ukraine on February 24.

Russia's state news agency RIA quoted a ministry representative on Sunday as saying that the site was down but users' personal data were protected. The website was working as normal by Monday.

RIA said that other media had reported that hackers were demanding a ransom to prevent the public disclosure of users' data.

Russias war on Ukraine is being fought not only with bombs but with bytes as cyber warfare plays an increasingly major role in the invasion.

Before the outbreak of the war, Ukraine saw a rise in cyberattacks on several of its banks and government departments. Many of the attacks came in the form of so-called wiper attacks which destroy data on machines or DDoS attacks, which uses multiple, distributed devices to flood systems.

In response, volunteer hackers began defending Ukraine with the so-called "IT Army," which was set up by Ukrainian digital minister Mykhailo Fedorov. The group is accessed by the messaging app Telegram and lists potential state-owned Russian targets.

Governments around the world have also come to Ukraines defence to support its cyber infrastructure. In the wake of this cyber warfare, countries such as the United States and Australia have issued recommendations to companies to strengthen their cyber security.

But Ukraine, like other Baltic states that were formerly occupied by the USSR, has been fighting cyber threats for decades. Their experience shows these countries have the strongest cybersecurity preparedness, with an index higher than Australia's, Canada's, and Europe's average, according to VPN service company Surfshark.

The study showed that Ukraine and Latvia, which both have an index of 75, surpass the European average by 3 per cent.

While Lithuania tops the survey, with an index of 93, almost 28 per cent higher than Europes average. Estonia was in second place with an index of over 90.

Meanwhile, Russias score is 2.5 per cent lower than Europes average and has an index of 71 per cent, according to Sufshark, which also said that Russia had the most data breaches in the first quarter of 2022, with close to 3.6 million internet users affected and a 136 per cent spike in cases after the invasion.

Russias latest hacking attacks were in early May, which kept video-hosting site RuTube offline for three days and altered satellite television menus in Moscow on Victory Day, when Russia celebrated the 77th anniversary of the Soviet Union's victory over Nazi Germany.

See the original post here:
Russias government website hacked with pro-Ukraine message displayed instead - Euronews

Despite a 15-fold increase in cyber-attacks, only 60% of organizations have improved their security posture.

The findings are explained in SecurityScorecard's report, The Fast and Frivolous: Pacing Remediation of Web-Facing Vulnerabilities.

Only 10% of Vulnerabilities are remediated each month

To measure the speed and progress of remediation, SecurityScorecard's research examined how quickly issues were addressed and how long they persisted across assets. The research showed the financial sector to be among the slowest remediation rates (median to fix 50% = 426 days), while utilities ranked among the fastest (median = 270 days). Somewhat surprisingly, despite a 15-fold increase in exploitation activity for vulnerabilities with published exploit code, there was little evidence that organizations in this sector fixed exploited flaws faster. Regardless of how many total vulnerabilities existed across their domain(s), organizations typically fixed about 10% of weaknesses each month.

"Vulnerabilities likely exist with vendors and service providers, which necessitates the need for continuous visibility into the entire ecosystem," said Wade Baker, partner and co-founder at the Cyentia Institute. "With greater visibility, organizations can prioritize risks and remediation based on data. This is key to effectively addressing cyber vulnerabilities."

Where the vulnerabilities exist

The research shows the "Information" sector (62.6%) and "Public" sector (61.6%) had the highest prevalence of open vulnerabilities. The "Financial" sector (48.6%) exhibited the lowest proportion of open vulnerabilities; however, there is less than a 10% difference between this and other sectors in terms of industries with the most open vulnerabilities. The analysis revealed that it typically takes organizations 12 months to remediate half of the vulnerabilities in their internet-facing infrastructure. When firms have fewer than 10 open vulnerabilities, it can take about a month to close just half of them, but when the list grows into the hundreds, it takes up to a year to reach the halfway point.

SecurityScorecard collects and analyzes global threat signals that give organizations instant visibility into the security posture of vendors and business partners as well as the capability to do a self-assessment of their own security posture. The technology continuously monitors 10 groups of risk factors to instantly deliver an easy-to-understand A-F rating. Additionally, SecurityScorecard Ratings with Attack Surface Intelligence provides visibility into IP, network, domain or vendor's attack surface risk data, all in one pane of glass. This actionable, deep threat intelligence helps customers identify all of an organization's connected assets, expose previously unknown threats, conduct investigations at scale and prioritize vendor remediation.

For more information on the SecurityScorecard cybersecurity ratings platform or to request a demo, visit http://www.securityscorecard.com.

About SecurityScorecard

Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparentInstant SecurityScorecardrating. For more information, visitsecurityscorecard.comor connect with us onLinkedIn.

SOURCE Security Scorecard

Follow this link:
Too Fast and Too Frivolous - Cyber Attacks Speed Ahead By 15x, While Companies Stall In Addressing Vulnerabilities According to SecurityScorecard...

Global cyber futuristic financial network security concept. Fast speed internet connection. Block ... [+] chain network

A couple of times per year, I take a deep dive on writing about the newly reported cybersecurity statistics and trends that are impacting the digital landscape. Unfortunately, despite global efforts, every subsequent year the numbers get worse and show that we are far from being able to mitigate and contain the numerous cyber-threats targeting both industry and government.

Below is a synopsis with links on some of the recent cyber developments and threats that CISOs need to key a close watch on (and that you need to know) for the remaining part of 2022 and beyond.

While many of the statistics seem dire, there is some positive aspect on the trends side as the cybersecurity community has been taking several initiatives to create both cyber awareness and action. And for those attending the 2022 RSA Conference in San Francisco, hopefully the backdrop of the following statistics and trends from mid-year 2022 can also be useful to analyze and match with product and services roadmaps for cybersecurity.

"Caution cyber attacks ahead" road sign.

Despite another record year of breaches including Solar Winds, Colonial Pipeline and others, half of U.S. Business still have not put a cybersecurity risk plan in place. The list of the 50 Biggest Data Breaches 2004-2021 below is illustrative of the problem of protecting data in both industry and government.

The 50 Biggest Data Breaches (2004-2021) (visualcapitalist.com)

50-biggest-data-breaches-infographic

Cybercriminals can penetrate 93 percent of company networks

Link: Cybercriminals can penetrate 93 percent of company networks (betanews.com)

In 93 percent of cases, an external attacker can breach an organization's network perimeter and gain access to local network resources.

This is among the findings of a new study of pen testing projects from Positive Technologies, conducted among financial organizations, fuel and energy organizations, government bodies, industrial businesses, IT companies and other sectors.

An attacker's path from external networks to target systems begins with breaching the network perimeter. According to the research, on average, it takes two days to penetrate a company's internal network. Credential compromise is the main route in (71 percent of companies), primarily because of simple passwords being used, including for accounts used for system administration.

Many security executives say theyre unprepared for the threats that lie ahead

Link: Many security executives say theyre unprepared for the threats that lie ahead | TechRepublic

As cyberattacks grow in both number and sophistication, organizations are increasingly under the gun to protect themselves from compromise. Though companies have responded by upping their security budgets and adopting more advanced defenses, keeping up with the threats that will surface over the next few years will be a challenge.

For its report titled Cybersecurity Solutions for a Riskier World, ThoughtLab studied the security practices and performance of 1,200 companies in 13 industries and the public sector across 16 countries.

In 2021, the average number of cyberattacks and data breaches increased by 15.1% from the previous year. Over the next two years, the security executives polled by ThoughtLab see a rise in attacks from social engineering and ransomware as nation-states and cybercriminals grow more sophisticated. The main causes of these attacks will come from misconfigurations, human error, poor maintenance, and unknown assets.

Despite the increased efforts to combat security threats, many of those interviewed by ThoughtLab see several reasons for alarm. A full 44% of the executives surveyed said that their growing use of partners and suppliers exposes them to significant security risks. Some 30% said their budgets arent sufficient to ensure proper cybersecurity, while several pointed out that the criminals are better funded. A quarter of all the respondents said the convergence of digital and physical systems, such as Internet of Things devices, has increased their security risks.

Further, 41% of the executives dont think their security initiatives have kept up with digital transformation. More than a quarter said that new technologies are their biggest security concern. And just under a quarter cited a shortage of skilled workers as their largest cybersecurity challenge

2022 Study: 50% Of SMBs Have A Cybersecurity Plan In Place

Link: 2022 Study: 50% of SMBs Have a Cybersecurity Plan in Place | UpCity

UpCity, a small business intelligence firm that has matched over 2 million businesses to providers they can trust since its inception in 2009, surveyed 600 business owners and IT professionals on their 2022 cybersecurity plans, priorities, and budgets. Findings include:

Only 50% on U.S. businesses have a cybersecurity plan in place

Of those, 32% havent changed their cybersecurity plan since the pandemic forced remote and hybrid operations

The most common causes of cyber-attacks are malware (22%) and phishing (20%)

Cybercrime cost U.S. businesses more than $6.9 billion in 2021, and only 43% of businesses feel financially prepared to face a cyber-attack in 2022

Software supply chain attacks hit three out of five companies in 2021

Link: Software supply chain attacks hit three out of five companies in 2021 | CSO Online

Survey finds significant jump in software supply chain attacks after Log4j exposed.

More than three in five companies were targeted by software supply chain attacks in 2021, according to a recent survey by Anchore. The survey of 428 executives, directors, and managers in IT, security, development, and DevOps found that the organizations of nearly a third of the respondents (30%) were either significantly or moderately impacted by a software supply chain attack in 2021. Only 6% said the attacks had a minor impact on their software supply chain.

82 percent of CIOs believe their software supply chains are vulnerable

Link: 82 percent of CIOs believe their software supply chains are vulnerable (betanews.com)

A new global study of 1,000 CIOs finds that 82 percent say their organizations are vulnerable to cyberattacks targeting software supply chains.

The research from machine identity specialist Venafi suggests the shift to cloud native development, along with the increased speed brought about by the adoption of DevOps processes, has made the challenges connected with securing software supply chains infinitely more complex.

The increase in the number and sophistication of supply chain attacks, like SolarWinds and Kaseya, over the last 12 months has brought this issue into sharp focus, gaining the attention of CEOs and boards.

Report: Increase in socially engineered, sophisticated cybersecurity attacks plagues organizations

A new report that showed a sharp increase in cybersecurity attacks in 2021 urged organizations to consider when, not if, they too will be under attack. Attacks are becoming more sophisticated and socially engineered making them harder to detect.

Link: Report: Increase in socially engineered, sophisticated cybersecurity attacks plagues organizations - MedCity News

A new cybersecurity report from San Francisco-based Abnormal Security found that medical industries and insurance companies had a 45-60% chance of being the target of a phone fraud attack via email: a sophisticated scam where the scammer sends an email to the target, asking the target to call them. In the second half of 2021, those attacks increased by 10 percent.

Additionally, healthcare systems are seeing a rise in more legitimate-looking yet problematic business email compromise (BEC) attacks. This occurs when the scammer accesses the targets business email and impersonates the target, and then uses that identity to create rapport with victims and get them to pay money.

Businesses Suffered 50% More Cyberattack Attempts per Week in 2021

Link: Businesses Suffered 50% More Cyberattack Attempts per Week in 2021 (darkreading.com)

Check Point Research on Monday reported that it found 50% more attack attempts per week on corporate networks globally in calendar year 2021 compared with 2020.

The researchers define a cyberattack attempt as a single isolated cyber occurrence that could be at any point in the attack chain scanning/exploiting vulnerabilities, sending phishing emails, malicious website access, malicious file downloads (from Web/email), second-stage downloads, and command-and-control communications. All of the attack attempts Check Point cites in the research were detected and stopped by its team.

Cyber-attacks per organization by Industry in 2021

The education/research sector sustained the most attacks in 2021, followed by government/military and communications.

Social engineering and phishing are easy means to corporate jewels that can include sensitive and proprietary emails and business E-Mail compromise is a favorite target of hackers.

Social engineering and phishing are easy means to corporate jewels that can include sensitive and proprietary emails.

$43 billion stolen through Business Email Compromise since 2016, reports FBI

Link: $43 billion stolen through Business Email Compromise since 2016 (tripwire.com)

Over US $43 billion has been lost through Business Email Compromise attacks since 2016, according to data released this week by the FBI.

The FBIs Internet Crime Complaint Center (IC3) issued a public service announcement on May 4 2022, sharing updated statistics on Business Email Compromise (BEC) attacks which use a variety of social engineering and phishing techniques to break into accounts and trick companies into transferring large amounts of money into the hands of criminals.

The report looked at 241,206 incidents reported to law enforcement and banking institutions between June 2016 and December 2021 and says that the combined domestic and international losses incurred amounted to US $43.31 billion.

Worryingly, there has been a 65% increase recorded in identified global losses between July 2019 and December 2021

And how to better protect:

The FBI offers a number of tips to companies wishing to better protect themselves from Business Email Compromise attacks:

$43 billion stolen through Business Email Compromise since 2016, reports FBI

Link: $43 billion stolen through Business Email Compromise since 2016 (tripwire.com)

Over US $43 billion has been lost through Business Email Compromise attacks since 2016, according to data released this week by the FBI.

The FBIs Internet Crime Complaint Center (IC3) issued a public service announcement on May 4 2022, sharing updated statistics on Business Email Compromise (BEC) attacks which use a variety of social engineering and phishing techniques to break into accounts and trick companies into transferring large amounts of money into the hands of criminals.

The report looked at 241,206 incidents reported to law enforcement and banking institutions between June 2016 and December 2021 and says that the combined domestic and international losses incurred amounted to US $43.31 billion.

Worryingly, there has been a 65% increase recorded in identified global losses between July 2019 and December 2021

What Should Business do to Mitigate Cyber-threats?!

Group of people. Human Resources. Global network. Diversity.

The forementioned links highlight many serious vulnerabilities that industry experts have attested. But the C-Suite does not have to remain idle in response to those threats and stats. My suggestion for all businesses, especially small and medium ones who are often at risk of being put out of business by a cyber-attack, is to seriously look at cyber-risk and plan accordingly as part of a corporate operational strategy. NIST and MITRE offer great resources for cyber-risk management planning and are continually updated. Also, some potential actions to take are excerpted from my recent article in Homeland Security Today, A Cybersecurity Risk Management Strategy for the C-Suite.

Risk Management and Assessment for Business Investment Concept. Modern graphic interface showing ... [+] symbols of strategy in risky plan analysis to control unpredictable loss and build financial safety.

A Cybersecurity Risk Management Strategy for the C-Suite.

Link: A Cybersecurity Risk Management Strategy for the C-Suite - HS Today

Create a corporate risk management strategy and vulnerability framework that identifies digital assets and data to be protected. A risk assessment can quickly identify and prioritize cyber vulnerabilities so that you can immediately deploy solutions to protect critical assets from malicious cyber actors while immediately improving overall operational cybersecurity.

Risk management strategies should include people, processes, and technologies. This includes protecting and backing up business enterprise systems such as financial systems, email exchange servers, HR, and procurement systems with new security tools (encryption, threat intel and detection, firewalls, etc.) and policies. That risk management approach must include knowing your inventory and gaps, integrating cybersecurity hygiene practices, procuring, and orchestrating an appropriate cyber-tool stack. It should also include having an incident response plan in place if you do get breached.

Also see my recent article from the Donald Allen Cybersecurity blog (his blog is a great resource and I suggest you subscribe for free!):

The Risk Management Imperative For Cybersecurity

Link: Cybersecurity Risk Management An Imperative for The Digital Age The Donald Allen Cybersecurity Blog (dacybersecurity.com)

Because of the new digital cyber risk environment, a security strategy for risk management is imperative.

A security strategy of risk management to meet these growing cyber-threat challenges needs to be both comprehensive and adaptive. It involves people, processes, and technologies.

Securing your data is key.

Because of digital transformation and a pandemic that transferred many from working at the office to home, data is at greater risk for a breach.

Securing data necessitates a hyper-security focus. At its core, the practice of vigilant and encompasses, identifying gaps, assessing vulnerabilities, and mitigating threats. Data security and cyber risk management are an integral part of the overall enterprise risk management (ERM) framework to stay ahead of the threats.

Defined by the most basic elements in informed risk management, cybersecurity is composed of:

Successful cybersecurity will also require the integration of emerging technologies for identity management, authentication, horizon monitoring, malware mitigation, resilience, and forensics. Automation and artificial intelligence are already impacting the capabilities in those areas.

Cybersecurity capabilities in information sharing, hardware, software, encryption, analytics, training, and protocols, must keep pace to protect and preempt the increasingly sophisticated threats in both the public and private sectors.

The Infographic I created below provides a pathway for exploring risk management frameworks:

cyber risk management infographic

Infographic: Strategic Paths to Cybersecurity, by Chuck Brooks

The Three Pillars of Cybersecurity Strategy

The growth and sophistication of cyber-attacks over the last couple of years, many of them state actor sponsored has caused both government and industry to reevaluate and bolster their risk management strategy approaches to cyber-defense.

There are three strong pillars of risk management that can be integrated into a successful cybersecurity strategy: Security by Design, Defense in Depth, and Zero Trust.

For more details, please see my article in FORBES, Combining Three Pillars Of Cybersecurity.

Link: Combining Three Pillars Of Cybersecurity (forbes.com)

I mentioned that there are some positive cybersecurity trends earlier. One such initiative is a new government focus on a Zero Trust Management strategy. That topic is subject matter for another article.

Please see GovCon Expert Chuck Brooks Authors New Zero Trust White Paper; Anacomp CEO Tom Cunningham Quoted for a quick overview of the benefits and need for Zero Trust in cybersecurity.

Link: GovCon Expert Chuck Brooks Authors New Zero Trust White Paper; Anacomp CEO Tom Cunningham Quoted (executivegov.com)

Ransomware, the Scourge Continues and is still trending a preferred method of cyber-attack in 2022

3D rendering Glowing text Ransomware attack on Computer Chipset. spyware, malware, virus Trojan, ... [+] hacker attack Concept

The Colonial Pipeline attack showed how a ransomware attack against an industrial target can have very real consequences for people, as gasoline supplies to much of the north-eastern United States were limited because of the attack.

Ransomware attacks, and ransom payments, are rampant among critical infrastructure organizations

Link: Ransomware attacks, and ransom payments, are rampant among critical infrastructure organizations - Help Net Security

80% of critical infrastructure organizations experienced a ransomware attack in the last year, with an equal number reporting that their security budgets have risen since 2020, a Claroty report reveals.

Ransomware Trends, Statistics and Facts in 2022

Read the original:
Alarming Cyber Statistics For Mid-Year 2022 That You Need To Know - Forbes

Internet security consists of a range of security tactics for protecting activities and transactions conducted online over the internet. These tactics are meant to safeguard users from threats such as hacking into computer systems, email addresses, or websites; malicious software that can infect and inherently damage systems; and identity theft by hackers who steal personal data such as bank account information and credit card numbers. Internet security is a specific aspect of broader concepts such as cybersecurity and computer security, being focused on the specific threats and vulnerabilities of online access and use of the internet.

In today's digital landscape, many of our daily activities rely on the internet. Various forms of communication, entertainment, and financial and work-related tasks are accomplished online. This means that tons of data and sensitive information are constantly being shared over the internet. The internet is mostly private and secure, but it can also be an insecure channel for exchanging information. With a high risk of intrusion by hackers and cybercriminals, internet security is a top priority for individuals and businesses alike.

While the web presents users with lots of information and services, it also includes several risks. Cyberattacks are only increasing in sophistication and volume, with many cybercriminals using a combination of different types of attacks to accomplish a single goal. Though the list of potential threats is extensive, here are some of the most common internet security threats:

Malware:Short for "malicious software," malware comes in several forms, including computer viruses, worms, Trojans, and dishonest spyware.

Computer worm: A computer worm is a software program that copies itself from one computer to the next. It does not require human interaction to create these copies and can spread rapidly and in great volume.

Spam: Spam refers to unwanted messages in your email inbox. In some cases, spam can simply include junk mail that advertises goods or services you aren't interested in. These are usually considered harmless, but some can include links that will install malicious software on your computer if they're clicked on.

Phishing: Phishing scams are created by cybercriminals attempting to solicit private or sensitive information. They can pose as your bank or web service and lure you into clicking links to verify details like account information or passwords.

Botnet: A botnet is a network of private computers that have been compromised. Infected with malicious software, these computers are controlled by a single user and are often prompted to engage in nefarious activities, such as sending spam messages or denial-of-service (DoS) attacks.

Internet security requires a combination of several products and technologies to properly safeguard data. It's important to consider several types of internet security strategies when taking proper measures to help keep your network secure. These tactics can include:

There are several internet security products and solutions available to help keep your internet usage secure. These include:

Choosing the right package of products is important for securing your data across the internet. Bringing together web filtering, content inspection, antivirus, zero-day anti-malware, SSL inspection, data loss prevention, and broad integration, our portfolio delivers a comprehensive web security solution available on-premises, as a cloud service, or as a hybrid of both.

More Cybersecurity Articles

Read this article:
What Is Internet Security? | Trellix

Get a deal on a top-rated VPN and self-paced IT certification courses that cover ethical hacking, CISSP and more.

Cybersecurity is more important than ever, and its critical that decision-makers invest wisely when it comes to security. Dont miss this deal: VPN Unlimited & Infosec4TC Platinum Cyber Security Course Membership Lifetime Access.

VPN Unlimited is one of the top-rated VPNs, and its trusted by more than 10 million customers worldwide. The award-winning VPN Unlimited offers reliable protection on your private internet or public Wi-Fi, allowing you to access more than 400 VPN servers in more than 80 locations globally without sacrificing speed or bandwidth. You can surf on a variety of VPN protocols. Youll also enjoy a better browsing experience with features like trusted networks, ping tests and favorite servers to conveniently manage your connections and get you connected safely and quickly.

Additionally, you can take your cybersecurity skills to a new level with a Platinum Membership to Infosec4TC. With this membership, youll have lifetime access to more than 90 online, self-paced certification courses covering topics like ethical hacking, CISSP and many other internationally-recognized IT certifications. Youll have all the latest exam questions and extra study materials to help you pass IT certification exams on your first try.

Take your cybersecurity into your own hands with VPN Unlimited & Infosec4TC Platinum Cyber Security Course Membership Lifetime Access. Get this for $89.99 today, which is 92% off the regular price.

Prices and availability are subject to change.

Read the original:
With this VPN and 90+ training courses, take cybersecurity to the next level - TechRepublic