CRD #4
On ransomware targeting, impact of insurers, using open source components, cost of data breaches & more.
Research highlights for security leaders from validated sources released between 22 July - 4 August 2024, followed by a hyperlinked list of all monitored reports during the period.
We cut through the bias and marketing fluff to bring you relevant and objective insights backed by data and based on proper research.
Ransomware levels grow, manufacturing top industry affected
Studies monitored during the last two weeks – observing publicly reported cases, leak sites, the number of litigations, or attack telemetry from security products – show a significant year-over-year increase (from 20% to 60%) globally in ransomware cases for Q2 2024. All reports identify LockBit as the most active player, indicating that numerous law enforcement operations have not yet influenced these statistics.
Across these studies, manufacturing is the top targeted industry, usually followed by professional services, IT, finance, and healthcare. However, high-level targeting data is somewhat impractical, as cybercriminals are often opportunistic and do not target specific industries or geographies.
In the case of manufacturing, this opportunism may simply stem from the number of available targets and the difficulty manufacturers face in managing their complex IT and OT environments. Additionally, there may be a perceived higher willingness to pay due to the significant cost of operational disruptions.
Re-victimization by ransomware actors accelerating
Analysis of ransomware victims since 2020 highlights the opportunism, complexity, and interconnectedness of the ransomware ecosystem, pointing out that re-victimization (recurring cyber extortion against the same victim) has accelerated since 2023.
The study explores several potential reasons for this, including re-posting a victim on a leak site as a tactic to exert additional pressure after an initial failed attempt. Another reason could stem from the overlap of members among ransomware groups: if a ransom is initially paid hoping the blackmailers will "honour" their promises, opportunistic criminals might exploit the victim again under a different group's name, preserving the original group's "brand" and "trustworthiness". According to the study, the average delay between re-victimizations is about eight months.
Customers absorbing the rising costs of data breaches
This year's Cost of a Data Breach report by IBM, the 19th in the series, studied over 600 organizations impacted by data breaches and included over 3,500 interviews with security and business leaders. The report measures the impact of data breaches by combining perceived data breach costs related to lost business, detection and escalations, post-breach response, and notification.
The global average cost this year increased 10% to USD 4,88 million. Considering global inflation, this growth is not major. The most surprising observation from the report, however, was that more than half of organizations said that they passed data breach costs on to customers by raising prices.
40% of organisations unable to stop threat actors gaining admin priviledge after initial access
IBM's study also features data on the cost and frequency of initial attack vectors: phishing and stolen or compromised credentials remain at the top, followed by zero-days and BEC.
What about after initial access and the effectiveness of layered defense? Another report analyzing vulnerability exposure revealed that 40% of pentested customer environments (based on 136 million attack simulations, but client profiles not specified) had weaknesses allowing attackers to achieve domain admin privileges after initial access was gained.
Code depends on open source, but only few keep track of software components
A study involving over 5,000 DevSecOps professionals worldwide highlights the problem with software supply chain security: 67% of developers say that a quarter or more of the code they work on is from open source libraries, yet only 21% of organisations use a software bill of materials (SBOM) to document and manage the security of these components.
The study – revealing that security and AI are top investment priorities for DevSecOps teams – also pointed out continued issues with collaboration between teams, as over half of security respondents reported having a difficult time getting development teams to prioritize vulnerability remediation.
Insurers increasingly influence vendor selection
A study based on in-depth interviews with security leaders across multiple industries highlighted the increasing significance of cyber insurers in the decision-making of CISOs. Security leaders report cases where they are satisfied with an existing vendor but are forced to make changes due to strict insurer requirements, adding another layer to the already complex buying and selling process for cyber products.
Individual password habits are still lacking
Outside the security and technology industry, passwords often dominate discussions about individual cybersecurity. A global study of over 6,000 individuals analyzing password-related practices revealed continued significant shortcomings in password management. The study found that 26% rely on memory, 24% write passwords down, and 19% store them in a browser or phone notes app. Additionally, 41% of people admitted to reusing passwords across multiple accounts.
Reports monitored: 22 July - 4 August
To take a deeper dive in the topics most relevant for you, we've listed all the research reports that were published during the observed period.
About
evisec's Cybersecurity Research Digest provides security leaders verified strategic insights via a carefully curated weekly summary of evidence-led, unbiased and objective cybersecurity research publications. Read more about our service here.
