The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
- Investing in cyber resilience. Our in-depth report on cyber budgets and investment areas.
- Insurers’ risk appetite dries up. 2021 sees record payouts as ransomware attacks increase.
- GoDaddy security breach. Up to 1.2 million GoDaddy customers affected.
- New reporting rules. US banks soon required to report significant cyber incidents within 36 hours.
- E-skimming attacks. More than 4,000 online retailers with compromised websites alerted.
- Admin rights for all. Windows zero-day actively exploited by threat actors.
1. Three key findings in S-RM’s new report, ‘Investing in Cyber Resilience: Strategy, Spend, and the Search for Value.'
Strategy implementation is key: Companies with fully implemented cyber strategies report the best value for cyber security investments, however, roughly half of firms are yet to reach that level of maturity.
Cyber budgets are still behind the curve: Cyber budgets are expected to increase by an average of 8 percent in the next 12 months. Global cost of cybercrime will also grow by 15 percent a year over the next five years, reaching USD 10.5 trillion by 2025.
Hybrid working continues to be a challenge: 42 percent of decision makers acknowledge the tension between smooth business operations and staying on top of cyber security priorities.
SO WHAT? Investing in organisational resilience with a clearly defined strategy and matching financial investment has never been more important. This is particularly true in the face of hardening insurance markets; transferring cyber risk to a third party now comes with significant caveats.
2. Hardening insurance market reduces opportunity to transfer cyber risk.
Cyber insurance providers have halved the amount of cyber cover they provide to organisations in response to a surge of cyber incidents since the onset of the COVID-19 pandemic. US Insurers reportedly paid over USD 590 million in ransomware payments in the first half of 2021, compared to USD 416 million for the whole of 2020.
SO WHAT? In order to obtain cyber insurance nowadays, organisations are increasingly required to have a mature cyber security posture. Without appropriate investment into cyber security, organisations will not be able to transfer the cyber risk they face.
3. GoDaddy network compromised for two months
GoDaddy, one of the world’s largest domain registrars, has disclosed a data breach impacting 1.2 million customers. Although the incident was discovered on 17 November, investigations reveal that the threat actor had access to GoDaddy’s network and data as early as 6 September.
The threat actor accessed email addresses and customer numbers and, in some cases, passwords for past and present GoDaddy customers. In addition, active customers had their Secure File Transfer Protocol (SFTP) and database usernames and passwords exposed. A smaller group of active customers also had their Secure Sockets Layer (SSL) private key exposed.
SO WHAT? GoDaddy customers should ensure that their SSL authentication certificates are updated, strengthen passwords for SFTP access and closely monitor for targeted phishing activity.
4. US banks will have 36 hours to report cyber security incidents
US financial regulators have approved a new rule requiring banks to notify their primary regulator about significant security incidents within 36 hours after detection. Under the rule, a ‘significant cyber security incident’ refers to any event that results in actual or potential harm to the confidentiality, integrity, or availability of information systems.
The rule will come into force on 1 April 2022 and organisations need to be fully compliant by 1 May 2022.
SO WHAT? Organisations are increasingly subject to a variety of reporting obligations. Board members and senior management should be familiar with their obligations in the event of a cyber incident and notification requirements should be recorded in incident response plans.
5. NCSC warns more than 4,000 online retailers about e-skimming attacks
The UK’s National Cyber Security Centre (NCSC) identified over 4,000 online stores that had their websites compromised with digital card skimmers. According to the NCSC, most websites were compromised by threat actors who had exploited an unpatched vulnerability in Magento, a popular e-commerce platform. Personal and financial information for numerous customers is expected to have been stolen.
SO WHAT? Online retailers should have robust patch management programmes in place and ensure their software is always up to date. Such incidents can cause significant financial and reputational damage to a business.
6. Windows zero-day exploit published by researcher
A Windows zero-day vulnerability is being actively exploited in the wild. The exploit was published by a security researcher earlier this week and threat actors have been quick to employ it in their attacks. If exploited the local privilege escalation vulnerability could allow a threat actor to gain administrative or SYSTEM privileges on a compromised device.
The vulnerability affects Windows 10, Windows 11, and Windows Server.
SO WHAT? The exploit bypasses a patch released by Microsoft in November’s Patch Tuesday. No further patch or mitigating control has been released by Microsoft yet. IT and security teams should closely monitor Microsoft’s security updates and install a patch when released.