Cyber Crime — Where We’re Being Attacked

Corvus Insurance released its Q3 2024 Cyber Threat Report. It identified where businesses are being attacked by cyber criminals. Close to 30% of the hits are linked to holes in the security of virtual private networks (VPN) and passwords that are weak and easy to hack.

These problems are linked to software that is outdated and less than adequate VPN protections. Here are some of the really bad ideas that administrators are using for these networks:

• User names like “admin” or “user”
• No multi-factor authentication (MFA)

Five groups — RansomHub, PLAY, LockBit 3.0, MEOW and Hunters International — are responsible for 40% of the the 1,257 attacks in the third quarter of this year. That number is slightly higher than the 1,248 of attacks that happened in the second quarter.

RansomHub had the most success with 195 victims in the quarter three. That’s a 160% jump from the number of successful attacks in the second quarter of 2024.

Jason Rebholz is the chief information security officer for Corvus. He said the construction industry was the most targeted sector in the third quarter. There were 83 reported ransomware attacks. That’s up 7.8% from the 77 in quarter two.

Healthcare also saw increased attacks. There were 53 of them reported in the third quarter, a 12.8% hike over the 42 in the second.

“Attackers are focused on finding the path of least resistance into a business to launch an attack, and in Q3 that entry point was the VPN," Rebholz said. "Businesses must strengthen defenses with multi-layered security approaches that extend beyond MFA. Today, MFA is mere table stakes and must be complemented with secure access controls capable of shoring up these current and future areas of vulnerability.”

Source link: Insurance Business America — https://bit.ly/4fWKFe2