ISBuzz Team

According to a new Sophos report, State of Ransomware in Healthcare 2022, twice as many healthcare organizations paid the ransom in 2021 vs 2020. Though they paid the ransom, only 2% got all of their data back. Interviews with 381 it enterprises in 31 countries revealed the following: Ransomware attacks on healthcare almost doubled – 66% of healthcare organizations surveyed were hit by ransomware in 2021, up from 34% in 2020Healthcare is most likely to pay the ransom, ranking first with 61% of organizations paying the ransom to get encrypted data back, compared with the global average of 46%; this…

Researchers at IBM’s X-Force team are reporting a 94% reduction in the duration of an enterprise ransomware attack from 2019 to 2021. Though the overall time was reduced, the attacker’s tools appeared to remain mostly the same. Research showed that ransomware operators were most efficient against enterprises “who have not implemented effective measures to combat the threat of ransomware.” Key Highlights The average duration of an enterprise ransomware attack reduced 94.34% between 2019 and 2021: 2019: 2+ months — The TrickBot (initial access) to Ryuk (deployment) attack path resulted in a 90% increase in ransomware attacks investigated by X-Force Incident…

It has been reported that Vodafone is piloting a new advertising ID system called TrustPid, which will work as a persistent user tracker at the mobile Internet Service Provider (ISP) level. The new system is in test phase in Germany and is intended to be impossible to bypass from within the web browser settings or through cookie blocking or IP address masking.

Following the news that: Third of UK Firms Have Experienced a Security Breach Since 2020  https://www.infosecurity-magazine.com/news/third-uk-security-breach-2020/

Following the exposure of the Microsoft Office vulnerability mentioned yesterday by the SANS Institute, the vulnerability has been named Follina, and Microsoft is aware of it. Researchers at the SANS Institute have provided further advice on how to tackle the threat below. Researchers at SANS Institute said: How it works: “Malicious Office documents are a popular means to introduce malware. Microsoft has restricted Office macros to make it more difficult to abuse them. However, this new vulnerability bypasses these restrictions. Malicious code is executed as the user opens the document. No warning is displayed Microsoft considers this a vulnerability in…

The Federal Trade Commission is taking action against Twitter, Inc. for deceptively using account security data for targeted advertising. More on the story here: https://www.ftc.gov/news-events/news/press-releases/2022/05/ftc-charges-twitter-deceptively-using-account-security-data-sell-targeted-ads

Following the news that: DuckDuckGo browser allows Microsoft trackers due to the search agreement [U] DuckDuckGo Working with Microsoft Concerning Browser Privacy – The Mac Observer

Amid the news that two thirds of British companies have been targeted by fraudsters in the past two years, it’s been revealed that cyberattacks are the most common crime.

In light of the news that CISA has added 41 vulnerabilities to its catalogue of known exploited flaws please see the below comments from the expert.

Please see comment by Industry leaders on the anniversary of GDPR. The comment focuses on how poor identity access management can lead to GDPR fines, and why organizations need to invest in Identity Data Fabrics.