SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2023-11-28 00:00:00	Enquêter sur le risque de références compromises et d'actifs exposés à Internet explorez le rapport révélant les industries et les tailles d'entreprise avec les taux les plus élevés d'identification compromises et d'actifs exposés à Internet.En savoir plus Investigating the Risk of Compromised Credentials and Internet-Exposed Assets Explore the report revealing industries and company sizes with the highest rates of compromised credentials and internet-exposed assets. Read More (lien direct)	IntroductionIn this report, Kovrr collected and analyzed data to better understand one of the most common initial access vectors (1) - the use of compromised credentials (Valid Accounts - T1078) (2) to access internet-exposed assets (External Remote Services - T113) (3). The toxic combination of these two initial access vectors can allow malicious actors to gain a foothold in company networks before moving on to the next stage of their attack, which can be data theft, ransomware, denial of service, or any other action. There are numerous examples of breaches perpetrated by many attack groups that have occurred using this combination, for example, breaches by Lapsus (4) and APT39 (5), among others.Â âThis report seeks to demonstrate which industries and company sizes have the highest percentage of compromised credentials and number of internet-exposed assets and face a higher risk of having their networks breached by the toxic combination of the initial access vectors mentioned above.âIt should be noted that having an asset exposed to the internet does not inherently pose a risk or indicate that a company has poor security. In our highly digitized world, companies are required to expose services to the internet so their services can be accessed by customers, vendors, and remote employees. These services include VPN servers, SaaS applications developed by the company, databases, and shared storage units. However, there are some common cases when having an asset exposed to the internet can be extremely risky, for example:âWhen a company unintentionally exposes an asset due to misconfiguration.When a malicious third party obtains compromised credentials of a legitimate third party and accesses an exposed asset.Â Â âTo limit unnecessary internet exposure, companies should employ the following possible mitigations:âUse Multi-Factor Authentication (MFA) for any services or assets that require a connection so that compromised credentials on their own will not be enough to breach an exposed asset.Limit access to the asset to only specific accounts, domains, and/or IP ranges.Segment the internal company network and isolate critical areas so that even if a network is breached through access to an external asset, attackers will not be able to use that access to reach wider or more sensitive areas of the company network. âSummaryâThe following are the main findings from the collected data:âThe Services industry is by far the most exposed to attackers. Companies from that industry have the highest percentage of compromised credentials (74%). However, they have a relatively low amount of internet-exposed assets per company (34%). However, given that an average cyber loss in this industry has been shown to be about $45M, this is highly concerning (6). The Services industry (SIC Division I) is followed by Division E (Transportation, Communications, Electric, Gas, and Sanitary Services, with an average loss of around $58M), which is followed by Division D (Manufacturing, with an average loss of around $25M).Â The revenue range for companies with the highest number of compromised credentials is $1M-$10M, followed by $10M-$50M.Â A similar trend is also observed when evaluating company size by the number of employees. Indeed, companies with fewer employees have a higher share of compromised credentials.Â On average, the larger the company (both in terms of revenue and number of employees (7)), the greater the number of internet-exposed assets.There is a correlation between the industries and revenue ranges of companies targeted by ransomware and those with the highest share of compromised credentials.Â Â Â âMethodologyâThe data for this research was collected as follows:âData regarding compromised credentials was first collected from Hudson Rock, a provider of various cybercrime data. Data was collected for the previous six months, beginning March 2023.Â This data	Ransomware Threat Studies Prediction Cloud	APT 39 APT 39 APT 17	★★★
	2023-10-04 00:00:00	Fortune 1000 Cyber Risk Reportkovrrrr \\\'s Fortune 1000 Report tire des motifs de quantification innovante pour fournir aux entreprises une référence pour évaluer les fréquences relatives de cyber-risques et la gravité Fortune 1000 Cyber Risk ReportKovrr\\\'s Fortune 1000 report leverages our innovative quantification models to provide companies with a benchmark for gauging relative cyber risk frequencies and severitiesRead More (lien direct)	Executive SummaryThe growing rate of global cyber events, throughout all industries, has elevated cybersecurity governance to the forefront of corporate concern. Indeed, this rising prevalence spurred the US Securities and Exchange Commission (SEC) in July 2023 to mandate the disclosure of "material" cyber threats and incidents, albeit within a framework of somewhat ambiguous materiality definitions. Â This report leverages Kovrrâs risk quantification models to highlight the likely occurrence and relative costs of âmaterialâ cyber incidents companies might experience in the coming year, potentially eliciting consequences significant enough for SEC disclosures. Ultimately, Kovrr aims to provide insights for those companies seeking a deeper understanding of the types of cyber events and their respective financial impacts that are most likely to be disclosed in the coming years.MethodologyThe results of this report were determined via a comprehensive benchmarking exercise, using the US Fortune 1000 companies as the sample set due to the companies\' diverse range of industries. Kovrr\'s models capture a detailed representation of each company\'s technological profile and simulate yearly cyber event scenarios tailored to each companyâs exposure to risk. âThe models reveal âmaterialâ incidents in the form of data breaches, extortions, interruptions, and service provider events1. This report defines materiality as an interruption incident lasting over one hour or an incident where confidential data is breached. Smaller, non-material incidents are grouped and modeled in aggregate.âKovrrâs models produce an assessment of the likely frequency and severity of cyber breaches experienced by Fortune 1000 companies, harnessing our industry insights from previously disclosed breaches, insurance claims data, and incidents that have not been publicly disclosed.----1Event incidents (data breaches, extortions, interruptions, and service provider events) are defined at the end of the report.âKey FindingsCyber Risk Across All IndustriesThe Oil, Gas Extraction, and Mining sector exhibits the highest probability of experiencing a material cyber event, with a frequency of 0.82 events per year (or approximately one material event every 1.2 years). However, the anticipated financial impact remains relatively modest, with a median cost of $28m. In contrast, the Utilities and Infrastructure industry faces a cyber event frequency of 0.62 events per year and a substantial financial impact of $57.9m.Annual Cost ScenariosAverage Annual Loss (AAL), which combines event frequency and cost across the full range of possibilities, allows us to compare the overall risk between industries. The Finance and Real Estate industry has the highest AAL at $34.3m, owing to the substantial financial ramifications of infrequent but high-impact events. Conversely, the Construction industry has the lowest AAL at $7.3m , indicative of its relatively lower exposure to cyber risk.Event DriversThe cyber event types reviewed in this report were interruptions, third-party service provider incidents, extortion events, and data breaches. The report reveals that interruption events are prevalent across industries. Also notably, the Retail Trade industry faces an annual frequency of 0.47 for data breaches (or approximately one material incident every 2 years), while the Finance and Real Estate sector follows closely with 0.42, underscoring their heightened exposure to data-centric cyber incidents.Cost DriversHighly regulated industries, notably Finance and Retail Trade, record the highest median costs per cyber event, totaling $70.5M, due to their extensive accumulation of PII. Third-party liability, regulatory compliance, and productivity loss augment the financial impact. The report also breaks down these costs further according to event type.Secondary Loss ConsiderationsWhile the primary financial impact is evident almost immediately, secondary losses often extend widely	Ransomware Data Breach Threat Studies		★★★
	2021-07-27 00:00:00	Un été des exploits d'été des exploits de ransomware qui ont eu lieu à l'été 2021 A Summer of ExploitsA summary of ransomware exploits that took place in the summer of 2021Read More (lien direct)	Over the past few weeks several dramatic vulnerabilities were exposed in different ubiquitous products and platforms, including the Microsoft Windows OS, the Solarwinds Serv-U Managed File Transfer and Serv-U Secure FTP products, and Kaseyaâs services.â1. Print Night Mare2. Print Nightmare Update3. Kaseya\'s Clients Important Notice4. CISA\'s public alert5. Reuters Article about Data ransom6. Microsoft\'s emergency patch fails7. SolarWinds Zero-day vulnerability8. SolarWinds alerted by Microsoft9. Kaseya restores servicesâSummary of the EventsâKaseyaWhat happened? On July 2nd, a cyber attack was launched against the IT solutions company Kaseya. Kaseya provides IT solutions including VSA, a unified remote-monitoring and management tool for handling networks and endpoints. In addition, the company provides compliance systems, service desks, and a professional services automation platform to over 40,000organizations worldwide.The cyberattack has been attributed to the REvil/Sodinikibi ransomware group whose ransomware was first detected in April 2019. The groupâs usual propagation method is phishing emails containing malicious links. Some of the groupâs most prominent victim industries in the last two years were healthcare facilities and local governments. REvil has offered a decryption key, allegedly universal - able to unlock all encrypted systems, for the âbargainâ price of $70 million via bitcoin (BTC) cryptocurrency. On July 13th, all of REvilâs online activity stopped and the groups data-dump websites were shut down without further information, leaving the victims of their latest attacks hostage with encrypted files and no valid payment address or decryption keys.Who was impacted? On July 2nd Kaseya claimed that the attack affected only a small number of on-premise clients, In a press release published on July 5th the company estimated that the number of clients impacted by the attack is between 800 and 1500 businesses.âPrintNightmareWhat happened? On June 8th, Microsoft published a CVE advisory for a vulnerability in the Windows PrintSpooler service which is enabled by default in all Windows clients and servers across almost all modern Windows versions. This vulnerability was initially categorized as a low severity local privilege escalation (LPE) vulnerability by Microsoft and a patch for it was released on June 21st. A week later, researchers published a successful PoC of the exploitation and claimed that the vulnerability is in fact a high severity RCE and PE vulnerability. On July 1st, a separate vulnerability in the same Windows Print Spooler service was discovered, similar to the first vulnerability, this new âPrintNightmareââ was also a RCE andLPE vulnerability that would allow attackers system privileges with which they could install programs; view, change, or delete data; or create new accounts with full user rights.After the high severity of the vulnerability was acknowledged, Microsoft published an out-of band patch on July 6th and claimed to have fully addressed the public vulnerability. However, on July 7th researchers presented additional successful PoCs and claimed that the patch can be bypassed.Who was impacted? This vulnerability affects all modern unpatched client and server versions of Windows.According to Kaspersky, the vulnerability was already exploited but no further information regarding victims is currently available.âSolarwindsWhat happened? On July 9th, Solarwinds published an announcement claiming that they were informed by Microsoft of an exploited zero-day vulnerability in their Serv-U Managed File Transfer and Serv-U Secure FTP products.On July 10th, Solarwinds released a patch to fix the vulnerability and claimed that this event is unrelated to the Solarwinds supply chain attack that occurred in December of 2020.The vulnerability allows an attacker to run arbitrary code with privileges, and then install programs; view, change, or delete data; or	Ransomware Tool Vulnerability Studies		★★★
	2020-11-17 00:00:00	CRIMZONâ¢: The Data Behind the FrameworkA report that highlights a subset of the empirical validation for the CRIMZONâ¢ framework.Read More (lien direct)	âAbstract The CRIMZONâ¢ framework defines the minimal elements needed to provide a view of accumulated cyber risk. For natural catastrophe risk, individual policy exposures can be aggregated within geographic zones.Similarly, cyber exposures can be aggregated using CRIMZONâ¢. Location also holds importance when assessing cyber catastrophe risk, however, two additional elements must be taken into account to properly assess cyber risk accumulation: industry and company size. Insured companies with common characteristics related to location, industry, and entity size tend to be exposed to similar types of cyber events because these elements also correspond to technologies or service providers used. Based on an analysis of millions of cyber events in the last 20 years, Kovrr conducted extensive research, to serve as the core empirical validation for the CRIMZON framework. Below is a subset of the research, in which a study group of 120 CRIMZON was determined by selecting CRIMZON with the highest relevance to the cyber insurance market(he research group was compiled according to criteria detailed in (Appendix A) The total number of unique companies in the study group is 20,000, with an average number of 152 companies within a CRIMZON, and a median of 86 companies. The research criteria focused on companiesâ location industry, entity size, and the hosting and mail technology and service providers used by companies. The results showed a concentration of technologies and services when grouping by location, and further concentration when adding the additional elements of the CRIMZON, entity size and industry to the analysis. The research shows that companies within the same CRIMZON have the tendency to use the same service providers and technologies, and that different compositions of service providers and technologies can be found across CRIMZON. When trying to estimate accumulations of potential losses from cyber, insurance and reinsurance companies face two main challenges: identifying which policies are exposed to the same cyber events and determining how many policies will be affected at the same time. The former is related to the problem of enumerating all technologies and service providers each insured relies upon, the latter is equivalent to estimating the footprint of a cyber event. Analyzing accumulations by CRIMZON enables risk professionals to make sense of the size and extent of potential losses from cyber, without necessarily needing to collect detailed information about technologies and service providers for each insured. The framework is completely agnostic to the line of business, therefore unlocking a full range of possible applications across both silent and affirmative cyber coverages. Among these applications is the development of aggregate models. This research shows it is possible to estimate the two key ingredients needed for the development of industry loss curves, the hazard and the exposure, using the CRIMZON as the atomic unit of aggregation. By identifying the correlation across CRIMZON, an aggregate model can then be developed.âIntroduction - What are CRIMZONâ¢? The Cyber Risk Accumulation Zones (CRIMZONâ¢) framework defines the minimal elements needed to provide a view of aggregated cyber exposure. Kovrr launched CRIMZON during participation in the fourth cohort of the Lloydâs Lab, the insurance technology accelerator operated by Lloydâs of London. CRIMZON is an open framework created to facilitate better communication across players in the cyber insurance value chain. The framework allows users to overlay their data pertaining to loss, cyber attack frequency, as well as additional data onto the CRIMZON for additional insights of risk per zone and to detect correlations between different zones. The framework was created to support efforts for setting a standard for data collection for cyber risk management.The CRIMZON are composed of the following three elements:Location - country-level worldwide a	Vulnerability Studies Cloud		★★★

Last update at: 2024-05-19 23:08:19
See our sources.

To see everything: Our RSS (filtrered)