Posts tagged with "cybercriminal"

Graph via BeyondTrust.com for Atlas VPN for use by 360 Magazine

In 2020 Number of Vulnerabilities in Microsoft Products Exceeded 1,000 for the First Time

Microsoft products are used by billions of people worldwide. Historically, however, they are known to have many vulnerabilities that pose security risks to users of the software.

According to data presented by the Atlas VPN team, the total number of vulnerabilities in Microsoft products reached 1,268 in 2020—an increase of 181% in five years. Windows was the most vulnerability-ridden Microsoft product. It had a total of 907 issues, of which 132 were critical. However, Windows Server had the largest number of critical issues. In 2020, 902 vulnerabilities were detected in Windows Server, of which 138 were critical.

Issues were also found in other Microsoft products, such as Microsoft Edge and Internet Explorer. Together, these browsers had 92 vulnerabilities in 2020. In total, 61 or even 66% of these vulnerabilities were of critical level. Meanwhile, Microsoft Office had 79 vulnerabilities, 5 of which were critical. 

Ruth Cizynski, the cybersecurity researcher and author at Atlas VPN, shares her thoughts on the situation :

 “These numbers are a massive problem because every Microsoft product has millions of users. Therefore, it is important that consumers update their software applications on time. Software updates can include security patches that can fix vulnerabilities and save users from getting hacked.”

Elevation of privilege is the most common Microsoft vulnerability

A wide range of vulnerabilities was discovered in various Microsoft products last year.  However, some types of vulnerabilities were more common than others. Elevation of privilege was the most frequently detected issue in Microsoft products. It was discovered 559 times and made up 44% of all Microsoft vulnerabilities in 2020.

Next up is remote code execution. In total, 345 such vulnerabilities were found last year, putting it in second place on the list. Remote code execution accounted for 27% of the total number of Microsoft vulnerabilities in 2020.

Information disclosure occupies the third spot on the list. There were 179 such issues discovered in 2020. Together, they made up 14% of all Microsoft vulnerabilities that year.

To learn more, click HERE.

Graph via Sophos for Atlas VPN for use by 360 Magazine

India, Austria, and US Most Hit with Ransomware

Ransomware attacks are one of the leading cyber threats that organizations have to face.

According to the data presented by the Atlas VPN team, organizations in India, Austria, and the United States are among the most hit with ransomware attacks. To compare, more than 50% of companies in the mentioned countries experienced such attacks in the past year, while the global average is 37%.

Out of 300 interviewees from India, 68% suffered from a ransomware attack. At the same time, 57 out of 100 respondents from Austria experienced a ransomware attack in the last year. Next up, in the United States, 51% of participants, out of 500 questioned, reported that they were hit with a ransomware attack.

Retail and Education Sectors Suffer the Most Ransomware Attacks

Some organizations in specific sectors are more susceptible to hacker attacks due to their lower security levels or valuable data. However, cybercriminals do not shy away from attacking even the biggest companies or government administrations.

Out of 435 respondents in the retail industry, 44% were hit with a ransomware attack last year. Hackers strike retailers when it could hurt them the most, for example, on Black Friday or Christmas seasons.

Retailers share first place with education organizations—out of 499 education interviewees 44% experienced such malicious attacks. Cybercriminals usually deploy ransomware attacks at the start of a school year to cause maximum disruption.

The business and professional services industry suffered the third most ransomware attacks, with a total of 42% out of 361 respondents stating they experienced a ransomware attack in the past year. Companies in this industry are usually smaller with less staff, meaning they might not have a dedicated person to ensure security. Out of 117 participants in the Central government and non-departmental public body (NDPB) sector, 40% reported being attacked with ransomware in the last year.

Conclusion

Cybersecurity writer and researcher at Atlas VPN Anton Petrov shares his advice on how to protect your organization against ransomware attacks.

“Prepare a plan in case you… get hacked. Always have a backup of your data so you don’t have to pay a ransom. Investing in cybersecurity will cost you less than having to deal with the aftermath of a ransomware attack.”

Like with everything else, there’s a way to protect your data in order to make sure hackers don’t get to it and cause serious financial damage.

Cyber Florida Publishes Free Cybersecurity Guide

Cyber Florida is pleased to announce the launch of Cyber Defense for SMBs, a free resource for small and medium-sized businesses. This beginner’s guide introduces readers to the fundamentals of cybersecurity for business to help SMBs be better prepared to respond to, and recover from, cyberattacks. Cyber Defense for SMBs is available as a free digital download at http://www.cyberflorida.org/SMB.

“Small businesses are targeted by cybercriminals precisely because they are small,” remarked Cyber Florida Director Sri Sridharan. “Criminals know these businesses likely lack the financial resources necessary to employ state-of-the-art cyber defenses. Our goals with this guide are to help Florida’s small businesses avoid becoming victims of this troubling trend and if they are targeted, to help them be better prepared to recover and respond appropriately,” he said.

The 2018 Verizon Data Breach Investigations Report stated that 58% of data breach victims in 2017 were categorized as small businesses. 

With input from experts in academia, private industry, government, and the military, this guide offers guidance to help SMBs identify the most cost-effective cybersecurity best practices for their business. Detailing some of the most important and urgent factors affecting cybersecurity, Cyber Defense for SMBs reviews the common threats SMBs are likely to encounter and industry-standard best practices for cyberattack prevention and mitigation, crisis management, and post-incident response.

In support of this effort, Cyber Florida has teamed up with the National Cyber Security Alliance to offer free workshops throughout the state of Florida that will provide SMB leaders with hands-on guidance. Workshops are planned for Tampa, Orlando, Miami, Jacksonville, and Tallahassee during the first quarter of 2019. For more details and to register for a workshop, please visit http://www.cyberflorida.org/SMB. 

Accompanying this initiative is a resource-rich webpage, www.cyberflorida.org/SMB, that offers planning and assessment worksheets and links to other helpful organizations and resources. The webpage will be updated often with tips and articles to help SMB leaders stay abreast of best practices, as cybersecurity is a rapidly changing field. 

Cyber Florida Director Sri Sridharan is available for press interviews. To schedule an interview, please contact Kate Whitaker at the email or phone listed above. For all other inquiries or questions, visit the Cyber Florida website at www.cyberflorida.org.

Disclaimer:
Cyber Defense for SMBs is made available by the Florida Center for Cybersecurity for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney and/or cybersecurity professional with the sufficient expertise necessary to address your organization’s specific needs. Use of this guide does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.

About Cyber Florida: The Florida Center for Cybersecurity
The Florida Center for Cybersecurity (Cyber Florida) is a state-funded organization dedicated to positioning Florida as a national leader in cybersecurity through education and workforce development; innovative, interdisciplinary research; and community outreach. Hosted at the University of South Florida, Cyber Florida works with all 12 State University System of Florida (SUS) institutions as well as industry, government and defense to build partnerships and develop programs that grow and strengthen Florida’s cybersecurity industry.