Page 3 - Threat Intelligence 9-5-2019
P. 3
Perspective:
State of the
Marketplace
AI and “deepfakes” have just delivered a new tool to bad actors,
providing them with the ability to mimic the voice of known users to
enhance their attacking capabilities. A scammer used deepfake
technology to mimic the voice of a CEO to commit a BEC attack. The
deepfake was sophisticated enough to have a slight German accent and
follow the same speech patterns as the CEO. The company lost
$243,000.
A recent report finds that 34% of vulnerabilities found this year have
remained unpatched. Many of these vulnerabilities are from major
companies: Microsoft, Oracle, IBM and SUSE. 53% of these are remote
vulnerabilities, which can be leveraged if the target system has internet
exposure. The sheer volume is an issue: around 3,771 of the 11,092
vulnerabilities in 2019 are unpatched. Ensure that you keep your
systems patched, and that you have compensating controls for anything
that you cannot patch.
A new report from ProPublica takes a deep dive into the role of
insurance in ransomware attacks. Insurers approve or recommend
paying a ransom when doing so is likely to minimize costs by restoring
operations quickly. Because recovering files from backups can be time-
consuming, it can leave insurers on the hook for costs ranging from
employee overtime to crisis management public relations efforts. As
insurance companies have approved six- and seven-figure ransom
payments over the past year, criminals’ demands have climbed as well.
And finally, not all threats are external. A recent survey finds that 1 in 4
employees would steal company information to help apply for a position
at a competitor. It helps to know what your employees have access to
and to have solutions in place to spot user activities that don’t coincide
with normal behavior.
3
~Stay Secure
www.accumepartners.com
