Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Research Reports Reveal Concerns About IoT Risks and Microsoft Flaws

    By
    Sean Michael Kerner
    -
    March 30, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Crypto-Currency Ad Bad

      Multiple research reports released the week of March 26-30, reveal prevailing trends in the cyber-security attack landscape.

      In the aggregate, the reports provide a snapshot of some to the top concerns facing enterprise IT today, including cryptocurrency mining, ransomware and IoT threats.

      Among the reports, the Shared Assessments Program and the Ponemon Institute released a study on third party risk, that reveals a significant level of concern about IoT devices. Recorded Future’s study looked at top vulnerabilities, finding that Microsoft software products are a top target, outpacing Adobe Flash. SentinelOne released a report on the current state of ransomware and Vectra’s report looks at crypto-currency mining operations.

      On March 26, the Shared Assessments Program and the Ponemon Institute released their second annual IoT third party risk survey, The Internet of Things (IoT): A New Era of Third Party Risk. 

      Among the top-level findings in the study is that organizations have a high degree of concern about IoT risks. 97 percent of respondents indicated that the likelihood of a security incident related to unsecured IoT devices could be catastrophic for their organization.

      Also of note, 81 percent reported that they expect a data breach to be caused by an unsecured IoT device in the next 24 months. Ransomware related to IoT device insecurity is another key concern, with 60 percent of organizations worried that the IoT ecosystem is vulnerable to ransomware attacks.

      While there is plenty of concern about IoT device risks, few organizations are apparently doing much to mitigate the risk.  Less than half (46 percent) indicated they have a policy in place to disable risky IoT devices and only 28 percent said that IoT-related risk is included as part of third party due diligence.

      Vulnerabilities

      On March 27, Recorded Future released its top vulnerabilities of 2017 report, revealing that Microsoft application vulnerabilities became more popular with cyber-criminals than in past years.

      According to Recorded Future, in 2016 Adobe Flash accounted for six of the top 10 vulnerabilities. In 2017, however, seven of the top 10 vulnerabilities used in phishing attacks and exploit kits made use of Microsoft product vulnerabilities.

      The most common vulnerability used by cyber-criminals in 2017 according to Recorded Future was CVE-2017-0199, which was patched by Microsoft in April 2017. CVE-2017-0199 is a remote code execution vulnerability that has broad impact across Microsoft Office products.

      Ransomware

      SentinelOne releases its Global Ransomware Report 2018 on March 27, providing insight into the state of ransomware attacks. According to SentineOne, a primary cause of ransomware attacks as identified by 56 percent of organizations, is employee carelessness. Respondents also identified legacy antivirus (AV) technologies as another key cause for ransomware attacks impacting their organizations.

      Ransomware attackers encrypt critical business data and then demand that their victims to pay a ransom, usually in some form of crypto-currency, to restore access to their data. Paying the ransom is something that 45 percent of victimized U.S. organizations did in 2017, according to SentinelOne. Unfortunately even after paying the ransom, the cyber-criminals restored access to the data in only 26 percent of the reported attacks. 

      Adding insult to injury, SentinelOne reported that ransomware attackers were likely to go after U.S. organizations that had previously paid the ransoms. Looking at what amounts were paid by victim organizations, SentinelOne found the global average ransom paid to be $49,060, while the the average value of ransoms paid by U.S. companies was higher at $57,088.

      On an optimistic note, 96 percent of SentinelOne’s survey respondents that had previously been a victim of a ransomware attack, were confident that their organization’s could block future attacks.

      Cryptocurrency Mining

      On March 29, Vectra released its Attacker Behavior Industry Report, highlighting the trends in crypto-currency mining operations. The growth of crypto-currency mining has been highlighted by multiple reports in 2018, including one released March 22 by Symantec.

      According to Vectra, 60 percent of all the crypto-currency mining detections, occurred in higher education. In contrast, the entertainment and leisure industry vertical only accounted for 6 percent, while financial services came in at 3 percent of detections.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×