Blog
Cyber Threat Report
CASE STUDY

Studies Show Ransomware Has Already Caused Patient Deaths
No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Read More

As the threat of cyberattacks continues to grow, businesses must take proactive steps to protect their data and systems.

Compliance with regulatory requirements is a key aspect of this, but navigating the complex landscape of regulations can be challenging. That's where cyber insurance comes in.

Three-Quarters of Firms Predict Breach in Coming Year
Most said it was “somewhat to very likely” that they’d suffer a breach of customer data (70%) or IP (69%), or a successful cyber-attack (78%). Read More

As cyber threats become increasingly prevalent, organizations are looking for ways to protect themselves against potential data breaches and cyber threats.

US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt
Iranian hackers broke into a system used by a local government to support its election night operations but were kicked out before any attack could be launched, according to U.S. military and cybersecurity officials. Read More

Windows Zero-Day Exploited by Cybercriminals in Ransomware Attacks
The issue is an unspecified vulnerability in the CLFS driver that allows for privilege escalation. A local attacker can exploit this vulnerability to gain SYSTEM privileges. The vulnerability is easy to exploit and could be triggered without user interaction. Read More

Outlook Zero-Day Needs Quick Patching: Microsoft
The privilege elevation/authentication affects all supported versions of Microsoft Outlook for Windows, including Microsoft 365, Microsoft Office 2019, Microsoft Outlook 2016, and Microsoft Outlook 2013. Read More

Microsoft Lays off Team Responsible for AI Ethics
What was left of the team has now been wiped out completely. Read More

Background

Gaming and casino operators require top-notch IT security due to the sensitive nature of their operations, high revenue generated, storage of personally identifiable information, and regulatory compliance requirements. The most profitable area in a casino is the electronic gaming machines as they account for over 80% of gaming revenue according to research by the UNLV Center for Gaming Research Studies.

Cybercrime Groups Offer Six-Figure Salaries, bonuses, Paid Time Off to Attract Talent on Dark Web
Cybercriminals are offering high salaries and perks to attract the best. Some ads boasted annual salaries as high as $1.2 million for the skilled hackers. Read More

Phishing is the most common form of cybercrime, with over 3 billion phishing emails sent every day, scammers are constantly looking for new and innovative ways to steal your sensitive data.

Super Evasive Beep Malware Stuns Researchers
A new malware has surprised researchers with the use of a significant amount of evasion techniques to avoid sandboxes and resist analysis. Read More

By 2025, cybercrime will cost the world an estimated $10.5 trillion annually. As internet use grows, so does the threat of cyberattacks. For organizations, such attacks can result in devastating losses. As such, you want to make sure that you're always taking the proper measures to reduce the risk of your organization falling victim to hackers.

There are various methods of increasing cybersecurity. One of them is through the use of penetration testing. It's important to know what this is, and when to do it.

Want to know when you should perform a penetration test? keep reading to find out more.

Firmware Flaws Could Spell 'Lights Out' for Servers
Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access. Read More

The global market for cyber security awareness training is expected to grow by more than 45% in the next five years. This record growth highlights the importance that organizations place on improving cyber security.

Colonoscopy Prep Retail Website Breach Festered for Years
Personal Data of 244,000 in Flux After Malware Probe of Gastroenterologist Vendor.  Read More

In 2021, the ransomware industry in the United States alone resulted in over $1 billion in payments to cyber criminals. Given the ever-evolving nature of technology, there's no doubt that criminals will try to capitalize on the latest trends in cyber-attacks to make even more money.

Qualcomm, and Lenovo Flag Multiple High-Impact Firmware Vulnerabilities
“We opened Pandora’s box of ARM devices UEFI firmware vulnerabilities impacting enterprise vendors.” Read More

Last year, healthcare and manufacturing were some of the most targeted industries for cybercriminals to attack. Other industries followed not far behind, with bad actors focusing on banks and insurance companies, public/state administrations, educational institutions, professional and organizational services, and more. 

A New Microsoft Exchange Flaw is Being Used to Attack Servers
Delivers remote access tools and remote administration software. Exploit also chain bypasses mitigations. Read More

Background

A regional medical center had a segmented network design whereby different departments within the center (Administration, Radiology, Facilities, etc.) were separated from each other within the overall network as part of a relatively secure environment. But no matter how much security is in place, clicking on a malicious link or attachment in a phishing email can bypass that security. 

Maryland Bars State Employees from Using Kaspersky, TikTok, Huawei, and Others
The companies include Huawei Technologies, ZTE Corp., Alibaba-owned AliPay, Tecent-owned Tencent QQ, WeChat, and QQWallet, as well as Russian-owned cybersecurity and antivirus firm Kaspersky. Read More

The healthcare industry is full of acronyms. ACA, HIPAA, HHS, CHIP, and MARS-E are just a few. Understanding them is critical to your organization's success.

Keep reading for a MARS-E guide that tells you what you need to know about these important standards.

FTC Holds Company’s CEO Personally Liable for Security Failures
The FTC found that the company and its CEO had failed to develop and implement appropriate measures to protect consumers' personal information. Read More

Data Breaches Rise By 70% Globally in Q3 2022
The top five countries and regions most affected by data breaches in Q3 2022 were Russia, France, Indonesia, the US, and Spain. Read More

A cybersecurity framework, or CSF, is an organized set of rules, regulations, and procedures designed to protect against cyber threats. The main objective of a cybersecurity framework is to secure an organization's digital assets.

For organizations, cybersecurity compliance is specifically designed so that security professionals can reliably identify and mitigate all risks, regardless of complexity. For many, an established CSF is required (or heavily encouraged) in order to comply with state and industry standards or international regulations.

When it comes to disaster recovery, planning is essential. In reality, however, each emergency situation can differ. No matter how organized the plan may be, it is not always possible for an organization to cover each and every variable or extended outlier during an attack.

Multiple Cisco Products Impacted by L2 Network Security Control Bypass Flaws 
Cisco this week has confirmed that tens of its enterprise routers and switches are impacted by bypass vulnerabilities in the Layer-2 (L2) network security controls. Read More

When it comes to cyber-attacks, in-house IT professionals are working hard on implementing tools and strategies to protect their organizations, while cyber criminals and nation states are hard at work becoming more sophisticated in their approaches.

Apple Releases Another Urgent IOS Security Patch, So Install Now
Apple has released an urgent security patch that addresses multiple flaws in different versions of iOS, iPad OS, and macOS. Some of these flaws, the company confirmed, are being actively abused in the wild.  Read More

As technology continues to advance, so does the threat of cyber-attacks on organizations. According to recent reports done by the University of North Georgia, only 38% of global organizations claim they are prepared to handle a sophisticated cyber-attack.

Preparedness helps organizations effectively manage and mitigate the operational, legal, and reputational consequences of an event. In this article, we will take a look at some of the major steps your organization should take to protect its network and personal data.

Researchers say Cisco Firewall Software Remains Vulnerable to Attack Despite Patch
Rapid7 researchers conduct a test on Cisco's firewall where they find a major threat in Adaptive Security Software, ASDM, and Firepower Services Software for ASA, which was left unpatched for months. Read More

A CISO, (Chief Information Security Officer) or a vCISO, (virtual Chief Information Security Officer) are common practices offered by cyber security experts when providing organizations with security management. The question is, which one is more effective in providing protection to your company? 

Tenet Health’s $100 Million Cyber Shutdown Sparks 10 Questions All Boards Must Ask
The Tenet Health case reinforces why boards and senior leaders must be increasingly prepared to address rising cyber-related business interruption risks. Read More

In our final installment for the Kaplan e-learning web series, JANUS Associates takes an in-depth look at some of the ways an organization can prevent internal cyber threats along with how a ransomware attack can have major repercussions against your company's infrastructure and confidential data.

Cyber Insurers Look To Rescind Policies After Large Claims
Insurers are intently examining whether they can cancel cyber policies after claims have been filed. To do this, they scour through application documents searching for potential false statements. Read More

A company's cyber security plan can make all the difference in protecting against a data breach, but when a record 60% of all data breaches are internal, it can be hard to know who to trust. In this article, we will go through potential approaches you can take to protect your company's confidential and intellectual property.

TikTok Engaging in Excessive Data Collection
Connecting to mainland China-based infrastructure, the latest report identified multiple instances of unwarranted data harvesting. Read More

As technology continues to advance and organizations transition into a completely digital space for their private information and data, cyber insurance has become a commonality among numerous industries.

CISA: Here's How to Apply this Key Windows Patch Without Breaking Certificate Authentication
CISA now urges to apply a patch that broke logins for users connecting to Windows servers that handle authentication. Read More

Nearly Half of Cybersecurity Professionals Consider Quitting
45% of respondents said they considered quitting due to stress, and 46% said they knew of at least one person who did leave the industry within the last year specifically because of stress. Read More

Every organization, regardless of what you do, is at risk for a ransomware attack. This blog will give you some insight into best practices to minimize the risk of a successful attack.

Background

A commercial enterprise had a common, shared drive-type of network setup. Documents were shared by a multitude of employees throughout different departments and saved in a centralized manner. This common practice of centralizing data was the primary catalyst for the attack on their network.

How Costa Rica Found Itself at War Over Ransomware
Costa Rica failed to implement the cyber-preparedness strategy that it laid out five years ago and now serves as an example not only to other Latin American nations but also to the world. Read More

Ensuring that you keep your personal identifiable information (PII) safe and protected should be your number one priority. With these tips below, JANUS provides insight on how you can prevent fraud from occurring.

Patch Now: Zoom Chat Messages can Infect PCs, Macs, and Phones with Malware
Zoom recommends updating the app if you have done so yet. Scammers can now send messages through Zoom chat that can cause your vulnerable client app to install malicious code from an arbitrary server, such as malware and spyware. Read More

Proper on/offboarding policies and procedures can protect your data and streamline your operations. JANUS’ 8 cybersecurity best practices will help you create a hardened yet more resilient enterprise.

150-Year-Old Historically Black College Closes After Ransomware Attack
A renowned university will shut down after falling victim to ransomware amid efforts to recover from the pandemic. Read More

Data security is critical and incidents of data exfiltration result in unwanted attention to organizations, which can lead to financial losses and reputational damage.

Log4j Flaw: Thousands of Applications Are Still Vulnerable, Warn Security Researchers
Cybersecurity researchers warn that insecure instances of Lo4j are still out there to be exploited - and are easy for attackers to discover. Read More

IT challenges have never been greater. Protecting your assets, operations, clients, and employees has never been a more complicated and difficult task. You may have a thorough understanding of your IT compliance requirements or you may not, and the security partner that you choose may be the key to the success or failure of your initiatives.

Microsoft Patches 128 Windows Flaws, New Zero-Day Reported
On Tuesday, Microsoft issued a warning for an in-the-wild zero-day attack hitting Windows users. It credited the National Security Agency (NSA) with reporting the live exploitation. Read More

Kaspersky Blacklisted By FCC Alongside China Telecom & China Mobile
All three were added to list as they posed national security risks. Companies placed on the entity list are banned from buying parts and components from US companies without government approval. Read More

Analysts predict that cyber security will continue to be a top priority of enterprises around the world in 2022 and beyond. As of this published post, cyber attacks in 2022 are on track to greatly outnumber attacks that occurred in 2021.

CISA & FBI Warning: Hackers Used These Tricks to Dodge Multi-Factor Authentication and Steal Email From NGO
Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) to compromise networks and high-value domain accounts. The goal? Accessing the victim's cloud and email. Read More

Ukraine Asks ICANN to Delete All Russian Domains
In response to the Russian invasion of Ukraine, the request has been made to disable country code top-level domains associated with Russia. Read More

Ukraine Ministry of Defense Confirms DDoS Attack; State Banks Loses Connectivity
The websites of Ukraine's defense ministry as well as state banks Privatbank and Oschadbank were down on Tuesday due to an alleged DDoS attack. Read More

Cyber security attacks are on the rise in schools. More technology means more potential threats. Unfortunately, some educators and students are unaware and unprepared for the repercussions posed by these cyber threats.

FBI Says More Cyberattacks Come from This Country Than Everywhere Else Combined
Currently investigating over 2,000 attacks on US targets, with new files coming every 12 hours. Read More

Due diligence is a process that confirms facts or details of something being purchased, or a contract for services. Due diligence examines all aspects of the deal to confirm that everything is as represented verbally and in writing by the offeror. It’s undertaken to prevent misrepresentations and to uncover potential fraud.

Federal Banking Regulators Issue Cybersecurity Breach Notification Requirement
Beginning in April 2022, banking organizations and bank service providers will be subject to the shortest regulatory breach notification reporting time frame of any law to date—36 hours. Read More

The United States Secret Service Electronic Crimes Task Force (ECTF) recently presented a 3-hour webinar titled Ransomware: An Emerging Threat. This presentation included members of government agencies and private corporations and contains a wealth of information. The entire session has been published on YouTube and full information is detailed below.

FTC Warns Businesses on Patching Log4j Holes… Or Else
The US Federal Trade Commission warned companies that vulnerable Log4j software needs to be fixed, responsibly, in a timely manner, or face the wrath of Lina Khan. Read More

Terrifying Cyber Weapon ‘Against Which There’s No Defense’
The Israeli company’s flagship spyware, Pegasus, is considered one of the most powerful cyber-surveillance tools available on the market. It’s continuing to make headlines as revelations on the tech’s reach, and its consequences, keep piling up. Read More

Log4J, a critical vulnerability, is actively being exploited worldwide. Researchers and major technology companies warn that hackers linked to foreign governments and criminal ransomware groups are already exploiting the vulnerability at a rate in excess of 100 attacks per minute.

Whether you’re a small company or one as large as Colonial Pipeline or T-Mobile, not having any cyber incident response plan will cause major problems and disruptions. When you’re hit with a breach, without a plan in place, your security and management teams will be scrambling and likely to make expensive mistakes. 

Bosses Are Reluctant to Spend Money on Cybersecurity... Then They Get Hacked
Cyberattacks like ransomware, business email compromise (BEC) scams, and data breaches are some of the key issues businesses are facing today. Despite the number of high-profile incidents and their expensive fallout, many boardrooms are still reluctant to free up the budget. Read Article

The modern security challenges facing law firms are more complex than ever. Regardless of its size, a firm is obligated to follow the data breach laws established in all 50 states, which require disclosure within a reasonable time following a cyber attack. This has forced law firms to take preventative measures to mitigate the risk of a breach by implementing security policies and procedures.

Organizations More Susceptible to Ransomware Attacks During Weekends & Holidays
In a recent survey, 37% of security professionals admitted their organization does not have contingency plans for a prompt response to ransomware attacks during the weekends and holidays. Read Article

The Department of Defense (DoD) has suspended the original cybersecurity certification program pending major changes. On November 4, 2021, the DoD announced the completion of an internal review of its Cybersecurity Maturity Model Certification (CMMC) program and the release of Model 2.0.

Patricia Fisher, President and CEO of JANUS Associates, Inc. is one of the Founding Partners of the Connecticut Technology Council (CTC) and continues on the board in addition to leading the Cyber Security Task Force. Ms. Fisher is also involved in other technology-oriented associations.

Cybercriminals Sell Access to International Shipping, Logistics Giants
The underground is offering initial access brokers with entry to companies key in global supply chains. Read Article
A Russian-based group has masqueraded as a legitimate cyber security consultancy. The Baston Secure company website, logo displayed as BS, hosted and hired multiple jobs for cyber security specialists and offered what appeared to be legitimate cyber security services.

Data breaches, insider threats, loss of client trust—these are all security and privacy threats all organizations face today. Learn more about what action Privacy and Security Professionals are taking today. #PSR21

In coordination with the Cyber Bytes Foundation, GENEDGE is hosting CMMC Industry Day. Join JANUS, industry leaders, and businesses as we gather to share ideas, resources, and best practices for navigating Cybersecurity Maturity Model Certification (CMMC) compliance.

It was reported today that a former executive of a health care provider accessed the Protected Health Information (PHI) of nearly 38,000 Individuals. Conflicting accounts also suggest 3rd party vendor involvement although that has not officially been confirmed.

New Ransomware Encrypts Your Data & Makes Nasty Threats, Too
A group behind the new ransomware variant threatens to go beyond encrypting data in their attempts to force victims to pay up. Read Article

T-Mobile Confirms Data Breach Affects Over 47 Million People
The stolen files include personal info such as names and social security numbers. Read Article

LockBit Ransomware Gang is Now Hiring Corporate Insiders
The group is hiring corporate insiders to infiltrate and encrypt corporate networks. In exchange, these insiders-cum-partners are promised millions of dollars. Read Article

Looking at the cybersecurity headlines from the past few years, we’ve seen significant data breaches happening more frequently and increasing in severity. At the same time, the cost of cyber insurance is rapidly rising, coverage limits are shrinking, and loss exclusions are more so than ever.

The Connecticut (CT) State Legislature has enacted major changes to CT Data Breach Notification Laws, effective October 1, 2021. These changes are a direct result of the worsening threat landscape, and it is safe to say that regulations will most likely continue to be enacted at both the state and federal levels.  

IBM Report: Data-Breach Costs Hit 17-Year High of $4.24M
Data-breach costs jumped nearly 10% from an average of $3.86 million to $4.24 million per incident over the past year. Read Article

U.S. Announces New 2nd Round Cybersecurity Requirements for Critical Pipeline Owners
The Department of Homeland Security on Tuesday required owners and operators of critical pipelines that transport hazardous liquids and natural gas to implement "urgently needed protections against cyber intrusions." Read Article

From January 2020 through May 2021, New York State Department of Financial Services (NYDFS) regulated companies reported in excess of 70 Ransomware attacks ranging from costly shutdowns to disruptions in business operations. Successful Ransomware attacks continue to escalate in total numbers and overall severity, with no sector safe from an attack. Government agencies, companies, educational institutions, and nonprofits are all targets. 

Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability

The fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios. Read Article

Approximately 66% of hacked organizations expressed uncertainty that they could ever fully recover. Getting hacked or falling prey to Ransomware is a big deal—for you, your business, your customers, and your employees!

CVS Health Faces Data Breach,1B Search Records Exposed
Over 1 billion search records were accidentally posted online in a CVS Health data breach in late March, as reported by an independent cybersecurity researcher. Read Article

Ransomware and hacking is a major problem and effective cyber security is the only way to safeguard your operations and assets. The risk of not taking care of business is losing your business.

If you've been reading the news at all lately, you know that cybersecurity is more important now than ever. After a series of devastating cyber issues, the entire economy was shaken.

Here's what you need to know. The past week has shown how fast attack capabilities can evolve. To follow are key timely events impacting Cyber Security that we here at JANUS Associates believe worthy of your note. For your convenience, we've compiled all articles here where they will also be archived for future reference.

New call-to-action
New call-to-action

Subscribe to Cyber Threat Report