Information Security News 7-3-2023

Share This Post

Global Rise in DDoS Attacks Threatens Digital Infrastructure

Article Link: https://www.helpnetsecurity.com/2023/06/29/ddos-attacks-worldwide-number/

Mobile Cyberattacks Soar, Especially Against Android Users

Article Link: https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users

  • Data from Zimperium’s 2023 Global Mobile Threat Report suggests that attackers are increasingly targeting users through their mobile devices. The report noted that 23% of Android and 24% of iOS apps were considered malicious.
  • In addition to malicious apps, the report highlighted that many websites are also built to specifically target mobile devices, with Android devices being targeted more than iOS devices. This difference exists due to more vulnerabilities being disclosed on Android devices (500-900 vulnerabilities a year) compared to iOS devices (about 300 vulnerabilities a year).
  • Last, Zimperium found that the number of compromised mobile devices has grown significantly over the past year with a 187% increase between their report in 2022 and their new 2023 report. The data was conveyed another way: An average of four malicious phishing links are clicked per device.
  • Link to Zimperium’s Report: https://www.zimperium.com/global-mobile-threat-report/

Employees Worry Less About Cybersecurity Best Practices in the Summer

Article Link: https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/

Cybersecurity is the Healthcare Your Organization Needs

Article Link: https://www.darkreading.com/vulnerabilities-threats/cybersecurity-is-the-healthcare-your-organization-needs

  • This article analogizes the cybersecurity industry to how we receive personal healthcare. The main idea is focusing on staying healthy instead of finding a new pill for every security symptom you see.
  • Vendor messaging over time has trained the marketplace to believe the solution to cybersecurity challenges is new technology. Despite the desire for a quick and easy solution, the growth of security budgets alongside incidents highlights that you can’t simply outspend risk.
  • As the article notes, security’s basic food groups include prevention, detection, response, and remediation. Combining these with regular “checkups” and conditioning through initiatives like awareness training and tabletop exercises allow for a healthy organizational security posture.

5 Things CISOs Need to Know About Securing OT Environments

Article Link: https://thehackernews.com/2023/06/5-things-cisos-need-to-know-about.html

  • In recent years, an uptick in cyberattacks against industrial facilities and the trend of IT/OT convergence driven by Industry 4.0 have highlighted the vacuum of ownership around OT security. This article looks to provide tips to CISOs who have long focused on securing IT systems.
  • While both IT and OT look at maintaining safety, the process for each is different. Specifically, confidentiality is vital to IT security and resource safety and availability, or reliability, is key to OT security and resource safety.
  • Several other key points are discussed in this article. These include the differences in network segmentation between OT and IT, how downtime is less of an option for OT systems, all OT access is considered remote access, and IT tools and systems do not always work for OT systems.

SEC Notice to SolarWinds CISO and CFO Roils Cybersecurity Industry

Article Link: https://www.csoonline.com/article/643618/sec-notice-to-solarwinds-ciso-and-cfo-roils-cybersecurity-industry.html

  • Recently, several current and former employees of SolarWinds received Wells Notices from the SEC, essentially documents that suggest a potential lawsuit for those on the receiving end of the notices, as a result of SolarWinds’ 2020 cybersecurity incident.
  • Typically, a Wells Notice is directed at C-suite members for committing fraud along the lines of Ponzi schemes. That said, failing to disclose the true gravity of an incident or failing to disclose an incident in a timely manner could be considered fraud.
  • Other CISOs raised concerns about holding CISOs and CFOs directly liable for cyber incidents in the wake of SolarWinds personnel receiving these Wells Notices. Specifically, there were concerns about cyberattacks that are novel and unavoidable. Likewise, there is increased concern around how the SEC using SolarWinds personnel as an example could impact both the desire of security personnel wanting to be CISOs and the process of incident reporting in the future.

SEC Delays Finalized Cybersecurity Rules Until Fall 2023

Article Link: https://www.jdsupra.com/legalnews/sec-delays-finalized-cybersecurity-1691011/

  • The SEC recently postponed the release of its final rules for Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure for public companies until October 2023 at the earliest. If the final rule was enacted in October, 30 days would need to pass at a minimum for the new rules to come into effect. However, this timeline can be extended, should the SEC choose to do so.
  • The proposed rules focus on enhancing the cybersecurity of public companies. Several of the proposed rules include a four-day disclosure requirement for material cybersecurity incidents and increased disclosures on cybersecurity expertise within an organization’s board of directors.
  • Link to Proposed Rules Overview: https://www.paulhastings.com/insights/client-alerts/the-board-is-set-preparing-for-the-secs-upcoming-cybersecurity-rules

5 Free Online Cybersecurity Courses You Should Check Out

Article Link: https://www.helpnetsecurity.com/2023/06/26/free-online-cybersecurity-courses/

  • This article looks at five free cybersecurity courses that focus on a variety of different topics for security personnel and general employees alike to improve their skillsets.
  • The courses discussed include a course on cryptography, a course on network and communication security, a security awareness training course, a security operations and administration course, and a systems & application security course.


Reach out to our incident response team for help

More To Explore

Information Security News – 2/3/2025

Phishing Campaign Baits Hook with Malicious Amazon PDFs Article Link: https://www.darkreading.com/cyberattacks-data-breaches/phishing-campaign-malicious-amazon-pdfs Cybersecurity Crisis in Numbers Article Link: https://www.helpnetsecurity.com/2025/01/29/data-breach-notices/ Google Forced to Step Up Phishing Defenses

Information Security News – 1/27/2025

Ransomware Attackers Are “Vishing” Organizations Via Microsoft Teams Article Link: https://www.helpnetsecurity.com/2025/01/21/ransomware-attackers-are-vishing-organizations-via-microsoft-teams-email-bombing/ FTC Orders GM to Stop Collecting and Selling Driver’s Data Article Link: https://www.bleepingcomputer.com/news/legal/ftc-orders-gm-to-stop-collecting-and-selling-drivers-data/ Brave

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.