Recent Attacks, Threats, and Breaches

There are so many breaches and attacks these days, that it is hard to keep up. Here are a few of the recent highlights:

1. Panasonic Breach

Panasonic is the latest high-profile victim of cybercriminals. It released a statement that it had suffered a breach of its network and that some data had been accessed during an intrusion.

The company claims it contained the breach and enacted countermeasures successfully. But investigation of the leak is ongoing, and until completed, the full extent of the damage has yet to be known. Some outlets reported that the breach began in early Summer. If that is the case, we could soon be hearing more about how deeply hackers infiltrated Panasonic systems.

2. New Phishing Report

No matter how much phishing is reported and how much security awareness training is done, it seems there is always someone willing to click to a dubious link or attachment. Terranova Security’s 2021 Phishing Benchmark Global Report found:

• 8% of those surveyed fail to spot nefarious emails
• Education, Finance and Insurance, and IT exhibited the highest totals, all scoring over 25%
• Healthcare, Transport, and Consumer Product all kept their click rates under 10%
• Overall, more than 50% of initial clickers on phishing emails downloaded a malicious file link.
• IT had the highest click-to-download ratio across all industries, with 84% of those who clicked on the initial phishing link eventually downloading the malware file.
• The United States fared better overall, with an 8.7% click rate and a 40.9% click-to-download rate.
• Canada had a 14.1% click rate and a 59.8% click-to-download rate.
• 8% of North American employees would fall victim to a phishing email if they were to receive one today

3. Vulnerabilities Increase for Fifth Straight Year

The US-CERT Vulnerability Database announced that the USA set a new record of security vulnerabilities for 2021. This marks the fifth year in a row setting a new annual total. As of December 8, 2021, a total of 18,376 vulnerabilities were detected in production code.

The good news is that fewer high-severity vulnerabilities were found compared to 2020.

Conclusions Drawn

With high-profile companies continually being the subject of security breach headlines, phishing and ransomware on a definite increase, and the number of vulnerabilities rising, these are not happy times for the security space.

While there are many remedial actions that can and must be taken, the best defense is to prevent a breach from happening in the first place. The single most effective action that IT can take is to be diligent in installing patches. And that’s where Syxsense comes in.

Syxsense takes care of:

• Patch distribution: sending the right patches to the right devices rapidly.
• Patch supersedence: automatically ignoring older patches that are included as part of a newer release
• Eliminating network overload: If you push Microsoft Office patches out to 300 machines simultaneously, it can stall the network due to the quantity of data involved. Intelligent management platforms send the patch across the wire once to be shared peer-to-peer within the network.
• Mobile devices returning to the office: The system detects their presence, quarantines the devices, checks for compliance, and remediates any issues before allowing them back onto the network.
• Patch approval: Some organizations require various points of approval before patches are released. Good management tools make it easy to set this up once and thereafter be implemented automatically as part of the patching process.
• Audits: Integrated management of vulnerability scanning and patch remediation simplifies the task of gathering up information for audits via drag and drop capabilities.
• Patch roll back: If a patch caused an issue, it should be a simple matter to roll it back without IT jumping through hoops.
• Threat alerts: Intelligent management sifts through enormous log entries and narrows threats downs to the handful requiring urgent attention.