Page 3 - Threat Intelligence 11-15-2019

P. 3

Perspective:

State of the

Marketplace

News in the past week has been dominated by data breaches and
stories about the impact of recent Ransomware attacks on companies,

organizations and governments. As you read this week's threat
intelligence brief, you may notice a de-emphasis on internal
vulnerabilities in the news. While there are plenty of new vulnerabilities
month over month, most of the recent data breaches and ransomware
outbreaks are due to external attack vectors, social engineering, or

exploits that leverage previously reported internal vulnerabilities that
the target company did not remediate. Read on, and ask yourself these
three questions: Am I protected? Are there any blind-spots in my

environment? How would I know if I have been breached?

Data privacy is all over the headlines in the past few weeks because on

October 23, 2019, New York’s new breach notification provisions came
into effect. There are several articles in this week’s brief to guide you
through the various provisions in order to inform your security and data
privacy programs. Other states are following the lead of New York and
California, so if your institution is not impacted by either of their new

laws, expect something similar in your locality.

This week has an extended listing of social engineering attacks, as the

bad-actors around the world are getting very creative. One particular
article is of note: Paypal is now the preferred impersonated domain for
attackers. For the first time, Microsoft is no longer at the top of the list.

This represents a shift back to targeting individuals instead of
businesses. Individuals represent “soft targets” that don’t have the
benefit of firewalls and email filters to protect themselves against spam
and phishing attacks.

~Stay Secure

www.accumepartners.com

1 2 3 4 5 6 7 8