Cyber Risk Update 10 NOV 2022
A Microsoft analysis of the global threat landscape over the last year showed that cyberattacks targeting critical infrastructure doubled, with a jump from 20% to 40% attribution to nation-state threat actors. https://www.darkreading.com/attacks-breaches/microsoft-zero-day-nation-state-groups-tactics
US Treasury says financial ransomware losses topped $1.2 billion last year:
The sharp increase in cost underscores the damage of ransomware on the private sector. The Financial Crimes Enforcement Network (FinCEN) noted that its analysis indicates that ransomware continues to pose a significant threat to U.S. critical infrastructure sectors, businesses, and the public.
A supply chain compromise is “the manipulation of products, such as devices or software, or their delivery mechanisms before receipt by the end consumer,” according to MITRE. Put another way, a supply chain compromise is the result of an adversary inserting themselves into an organization’s “social circle” by compromising an entity or product along that organization’s critical business supply path.
Denial of Service Attack against SLTT:
Mississippi election websites affected by Election Day DDoS incident “An abnormally large increase in traffic volume due to DDoS activity caused the public-facing side of our websites to be periodically inaccessible this afternoon. We want to be extremely clear and reassure Mississippians our election system is secure and has not been compromised.”
Cyber Criminals also like repeat customers:
Over a third, (36%) of companies who paid a ransom to cyber criminals went on to be targeted for a second time, according to the latest Cyber Readiness Report from Hiscox.