New research by threat detection and response firm Vectra AI shows that the most common threats to corporate networks remain consistent throughout all companies regardless of their size. Researchers calculated the relative frequency of threat detections that were triggered during a three-month span. The results detail the top 10 threat detections that customers receive by relative frequency.
Microsoft Office 365 a Major Supply Chain Attack Vector
Community Chats Webinars Library
Performance issues are not the only concern users have about Microsoft Office 365 and Azure cloud services: the office productivity suite also represents a major threat vector and an attractive target for network and supply chain attacks.
On a quantitative level, Office 365 draws over 250 million active users, according to Microsoft statistics. Attackers can thus intuitively guess that a certain percentage of these users lack proper security protection, and as a bonus, often serve as an easy entry point into an organization’s Azure cloud data, including APIs. A conservative estimate, for example, might peg the percentage of vulnerable machines at 10% the word “vulnerable” varies depending on the talents of the hacker, which can also include ethical hackers which would represent over 25 million easy targets to penetrate.
DHS directive will compel pipeline companies to report cyberattacks
SHARE
The U.S. Department of Homeland Security is preparing to issue a directive that will require all pipeline companies to report cybersecurity incidents following the ransomware attack on Colonial Pipeline Co. earlier this month.
The Washington Post reported today that the Transportation Security Administration, a unit of the DHS, will issue the reporting directive later this week. The TSA will then follow up in the coming weeks with a “more robust set” of mandatory rules for how pipeline companies must safeguard systems and the steps they should take if they are hacked.
Cybersecurity Regs for Pipelines Reportedly Coming Soon bankinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from bankinfosecurity.com Daily Mail and Mail on Sunday newspapers.
Should Paying Ransoms to Attackers Be Banned?
Compliance
Compliance
Compliance
DougOlenick) • May 24, 2021
Statement posted on CNA website after ransomware attack
Insurance company CNA s apparent decision to pay attackers a $40 million ransom and Colonial Pipeline Co. s payment of a $4.4 million ransom are stirring debate over whether such payments should be banned under federal law.
Bloomberg News reported Thursday that Chicago-based CNA had paid the hefty ransom (see:
Insurer CNA Disconnects Systems After Cybersecurity Attack ). Meanwhile, Colonial Pipeline CEO Joseph Blount confirmed Wednesday that the company had paid a ransom on May 7 after discovering an attack using DarkSide ransomware that led the company to temporarily shut down its fuel pipeline serving the East Coast.