SiliconAngle reports that organizations with one unpatched security vulnerability were 33% more likely to have cyber insurance claims, while those that continued leveraging old unsupported software had a threefold increased likelihood of claims.
Seventy-six percent of reported incidents were attributed to phishing, which was over six times more common than the next most prevalent attack method, according to a report from Coalition. Moreover, phishing-related cyber insurance claims by Coalition members were also noted to have a 29% increase from the start of last year although ransomware claims had a 54% year-over-year decline.
"Threat actors are forever looking for targets with weak security controls or unprotected infrastructures these are the paths of least resistance into a company's network. Unfortunately, that's why human inaction, such as not patching a publicized critical vulnerability or updating out-of-date software, is a high-risk factor for a cyber incident or cyber claim," said Coalition Head of Claims Catherine Lyle.
More than 320 organizations in various sectors around the world, most of which are in Latin America, have been subjected to the new SteganoAmor attack campaign by the TA558 hacking operation that involved the use of steganography to enable the delivery of various malicious payloads, according to BleepingComputer.
Mounting zero-day vulnerabilities, more sophisticated living-off-the-land attack techniques, and escalating extortion levels were noted by Mandiant executives to be among the most pressing cybersecurity concerns faced by chief information security officers, CyberScoop reports.
Iranian state-backed threat operation MuddyWater, also known as TA450, Mango Sandstorm, and Boggy Sandstorm, has leveraged the novel DarkBeatC2 command-and-control infrastructure tool as part of its latest attack campaign, The Hacker News reports.