Enterprise Cybersecurity Roundup [July 2021]
A major NSO spyware attack threatened the privacy of thousands when its "zero-click" architecture broke through Apple's security and iPhone privacy features in July. Another ransomware attack against IT solutions provider, Kaseya, put nearly 1,500 businesses in jeopardy last month with the threat of malicious SQL injections.
As cyberattacks continue to climb in severity— now threatening to violate both enterprise and consumer privacy rights— risk mediation specialists are taking a deep dive into how companies are responding to IT vulnerabilities. Are rising cybersecurity concerns being addressed in the proper capacity?
NSO spyware steals data from Apple iPhones worldwide
Thousands of iPhones across the world were exposed to NSO Group’s spyware, Pegasus, earlier this month. Designed to infect Android and iOS devices via “zero-click” architecture, this highly-advanced spyware was able to pull information like GPS locations, emails, and even access a device's camera and microphone without being prompted by end-user action.
Even the iPhone 12, Apple's latest model with its most up-to-date security features, fell victim to this sophisticated attack. Experts discovered that the spyware infiltrated devices via Apple’s iMessaging platform. By finding and exploiting several vulnerabilities in how the app handled content like images and emojis, attackers could launch malicious code without user involvement or detection.
Amnesty International’s Security Lab studied 67 of the infected iPhones, unveiling that their phone numbers had been leaked onto a list that now boasts over 50,000 stolen numbers from over 50 countries. To protect further personal information from being leaked onto these malicious sites, users are encouraged to regularly update credentials and block unfamiliar phone numbers. Meanwhile, the debate continues on whether or not tech companies are doing enough to protect their customers from unwanted intrusions.
REvil strikes again in global Kaseya ransomware attack
On July 2nd, Kaseya, a managed server provider (MSP) that aids in providing IT solutions, had its VSA servers hacked by an affiliate of the REvil ransomware group. The attackers exploited an authentication bypass vulnerability in Kaseya’s VSA interface, using this flaw to host a session where they could upload malicious material via SQL injection.
Kesaya’s severs shut down amid the attack to prevent further corruption. Customers were then notified of the breach through online SaaS services, email, and text. Nearly 800 to 1,500 businesses were originally thought to have had their servers open to the attack, but the company revealed on July 8th that only 60 of these servers were still exposed.
Kaseya's hackers asked for $70 million in ransom in exchange for a universal decryption tool. While investigations into this request are still ongoing, the Cybersecurity & Infrastructure Security Agency (CISA) has released several resources to help mitigate these types of ransomware threats moving forward. Examples include implementing a manual patch process and keeping data backed up on a separate server that can be easily accessed in an emergency.
Are businesses properly mitigating IT vulnerabilities and cyber risks?
There were 86 reported security incidents uncovered in July 2021 alone, accounting for ~33,727,641 breached records. From a data leak at UC San Diego Health to the second infiltration of Japan's public transportation system, cyberattacks are now forcing companies worldwide to reconsider their cybersecurity defense strategies.
Vulcan Cyber, a leading SaaS platform for risk and vulnerability remediation, recently conducted a research project with Pulse that focused on how businesses are dealing with cybersecurity risks. Between July 1st and July 9th, the companies surveyed 200 cybersecurity leaders about their current defense and remediation programs.
A staggering 76% of all respondents stated there had been some kind of security vulnerability that impacted their business in the past. According to the study, 64% of the IT leaders use scanners to find vulnerabilities and classify them, while 49% use manual means to identify and manage the issue.
In general, 85% of the IT leaders think it's important to understand and deal with potential vulnerabilities by following a risk-based approach. A CCO report published by Gan Integrity provides excellent insight into how companies can bolster their defense strategies, including a comprehensive list of issues businesses should keep on their radars in order of significance.
To read more about the Pulse and Vulcan Cyber research project, check out their report here.