CRD #3

Research highlights for security leaders from validated sources released between 8-21 July 2024, followed by a hyperlinked list of all monitored reports during the period.

We cut through the bias and marketing fluff to bring you relevant and objective insights backed by data and based on proper research.

Critical infrastructure companies continue to suffer from ransomware, increasingly opt to pay

A study analyzing energy, oil/gas, and utilities companies shows that critical infrastructure organizations continue to experience a high rate of successful ransomware attacks, with 67% reporting incidents against their systems last year. And most of these incidents were not minor – in 70% of cases, over half of the victims' devices were reported to be impacted.

Despite the alarming statistics, almost all (99%) of the victims that faced encrypted systems reported being able to restore or recover their data. In 2023, 51% used backups for restoration, and 61% paid the ransom to get back their data. The percentage of companies paying the ransom represents a notable (11%) increase from the prior year. The report attributes this to the observation that threat actors are increasingly able to compromise data backups.

A steady growth in the number and sophistication of DDoS attacks

Both Cloudflare and Imperva have recorded a significant year-over-year increase in the number of DDoS attacks, at 20% and 111% respectively. The studies highlight that more threat actors, likely using generative AI, are employing increasingly sophisticated attack methods. Geopolitical tensions are also contributing to the increased levels of attacks, as data from the Israel-Palestine and Russia-Ukraine conflicts indicate.

Cloudflare also reports that the occurrence of ransom DDoS attacks has been steadily growing, signaling changing extortion tactics by ransomware groups. Interestingly, among the DDoS victims who claimed to know the origin or reasoning of the attack, a surprising 59% attributed the activity to competitors, followed by disgruntled users or employees (21%) and state-sponsored actors (17%).

Incident cost indicators: downtime, ransomware recovery, and compliance

A survey of 200 executives from very large organizations in the US revealed that the average cost of IT system downtime was estimated to be $4.2 million per hour. Cyber breaches were identified as the most common reason for unplanned downtime (47% of the respondents), followed by hardware malfunctions, coding issues, or human error.

In a study of critical infrastructure providers, ransomware incident recovery costs were reported at around $3 million in both 2022 and 2023, representing a twofold increase from $1.5 million in 2021 and 2020. Another global survey examining the effects of breaches revealed that in 24% of organisations with more than 30,000 employees estimated the litigation costs of data breaches to surpass $7 million each year.

Cryptominers – not ransomware – the most common cloud intrusion goal

Google's Threat Horizons Report analyzing cloud intrusions shows that the most common end goal (in about 60% of cases) for cloud intrusions is installing cryptominers, followed by lateral movement (23.5%) and denial of service (5.9%) attempts.

The report also highlights that in almost half of the cloud intrusion cases, initial access is gained due to missing or weak credentials, followed by misconfigurations (30%), software issues (8.5%) and UI exposure (8.5%).

Cybersecurity funding steady in a passive VC market

According to PinPoint Research, cybersecurity companies raised $3.3 billion of VC funding in Q2 2024, representing a 21% year-over-year increase (excluding Wiz' $1 billion round). This signals healthy growth while overall global venture capital investments remain passive.

Bypassing AI restrictions for social engineering at scale

Research by ReliaQuest revealed that security restrictions in commercially available LLM-based tools like ChatGPT can be relatively easily bypassed with manipulative language entries, convincing the AI to assist with various cybercriminal activities.

Leveraging these models to craft high-quality social engineering emails in multiple languages, the researchers conducted a test among 1,000 individuals, resulting in a 2.8% success rate (clicking on a malicious link). While this rate is relatively low, the key advantage of using LLMs lies in their ability to create tailored, multilingual messages automatically and at scale, likely increasing the overall number of victims that can be impacted by a single threat actor.

Devs continue to lack secure software development skills

A study by the Linux Foundation highlights that educational programs continue to heavily prioritize functionality and efficiency while neglecting security training, resulting in a workforce unfamiliar with secure software development skills. The study, which promotes the foundation's language-agnostic secure architecture course, reveals that over half of professionals involved in software development have never taken a course on secure development practices. This is mainly due to employers not facilitating such competence building, with no budgets or time allocated.

Physical access ID badges remain popular, but a shift is coming

A survey analyzing the physical ID access control trends in organisations across the world showed increasing use of mobile identities as well as biometric technology. Although close to 70% of organizations still use physical ID badges to manage access to facilities, 39% now actively use mobile identities and biometrics via fingerprint, facial, or iris detection. Both categories have seen a yearly increase of nearly 10%.

Reports monitored: July 8-21

To take a deeper dive in the topics most relevant for you, we've listed all the research reports that were published in the second and third week of July 2024.

About

evisec's Cybersecurity Research Digest provides security leaders verified strategic insights via a carefully curated weekly summary of evidence-led, unbiased and objective cybersecurity research publications. Read more about our service here.