CRD #2

Research highlights for security leaders from validated sources released between 1-7 July 2024, followed by a hyperlinked list of all monitored reports during the period.

Software vulnerabilities, compromised initials, and phishing as the top initial attack vectors

An analysis of over 1,200 incident response cases by Unit 42 (Palo Alto Networks) over the past 2.5 years revealed that threat actors most frequently gained initial access through software vulnerabilities. Phishing, traditionally the leading initial attack vector, remains equally prevalent. Additionally, the use of previously compromised credentials has increased five-fold since 2021, signaling the spread and effectiveness of information stealers as well as the growth of the initial access brokers market.

In light of these insights, the report emphasizes three core areas of focus: 1) Patch management; 2) Consistent security controls across all assets; and 3) Zero Trust networking with identity and access management.

Increase in extortion without encryption and BEC cases

Unit 42's data on investigation types over the last three years indicates that while extortion with encryption remains the most utilized tactic, its use has been lower over the past two years compared to 2021. Meanwhile, extortion without encryption and business email compromise (BEC) cases have risen slightly. The report also notes a considerable increase in network intrusion investigations in 2023, likely due to the massive exploitation campaigns targeting software vulnerabilities in MOVEit, Citrix Bleed, and Microsoft Exchange RCE.

Most attackers keep their promises; median ransom payment at $237,500

The report by Unit 42 also included data on whether ransomware actors fulfill their promises after receiving payment. In 67% of incidents, threat actors fully kept their promises. The study, which featured companies of all sizes, also showed that the 2023 median ransomware payment in 2023 was $237,500, while the median initial demand was $695,000. These should be taken as very general indicators, as the likelihood of ransomware actors keeping their promises, as well as ransom demands and payment levels, are highly dependent on the victim's profile and the particular threat actor.

Cloud security becoming top priority for leaders amid growing incidents

As organizations continue to adopt hybrid cloud infrastructures, a survey of over 1,500 DevOps decision-makers worldwide revealed that "data security and ransomware protection" is now the foremost leadership priority for 2024. Surprisingly, this focus on security is followed closely by revenue-generating priorities such as identifying optimal cloud solutions, implementing AI strategies, optimizing operations for cost reduction, and accelerating application development.

Another survey of over 1,500 manufacturing companies also indicates a perceptual shift among leaders, with cybersecurity risks emerging as a new addition to the top five external obstacles hindering organizational growth in 2024.

The reports link this prioritization with the possible career-changing impacts of public cyber incidents. Moreover, there has been a notable increase in cloud incidents as incident response data reveals an almost threefold rise in cloud-related cases from 2021 to 2023.

Fifth of industrial organizations experienced operational shutdowns as IT & OT teams remain siloed

A study by Palo Alto Networks surveying nearly 2,000 industrial organizations revealed a concerning indicator as almost one-fifth of respondents reported experiencing a shutdown of operations due to a cyber attack last year. Involving organizations from the Americas, Western-Europe, and Southeast Asia with more than thousand employees, the study highlights a critical challenge with OT & IT convergence: a mere 12% described the functions as aligned and 40% as frictional.

Incident response beyond the technical: a call to address the psychological harm of victims

A study by RUSI, based on interviews with over 40 ransomware victims and stakeholders in the UK, advocates for a systematic approach to addressing the psychological harm experienced by victims. It emphasizes the need to integrate mental health considerations into organizations' preparedness programs and incident response services.

The study, for example, reveals that responders often find themselves in unexpected "grief counselor" roles without adequate training. It also highlights the diverse individual harms caused by ransomware, including sleep deprivation, physical inactivity, poor nutrition, and strained relationships. The report also highlights a widespread skepticism about the effectiveness of law enforcement in cyber incident response.

The psychological impact of ransomware is expected to grow as threat actors not only stress entire organizations with multi-extortion tactics but also increasingly resort to harassment tactics targeting individual employees or customers.

Reports monitored: July 1-7

To take a deeper dive in the topics most relevant for you, we've listed all the research reports that were published in the first week of July.

About

evisec's Cybersecurity Research Digest provides security leaders verified strategic insights via a carefully curated weekly summary of evidence-led, unbiased and objective cybersecurity research publications. Read more about our service here.