In the current security landscape, there is a growing threat of cyber-attacks. The majority of the attacks occurred through phishing and in most cases have arrived through email attachments or via the target organization’s websites or phone/SMS. Cybercriminals usually launch large spam campaigns, in which thousands of deceptive emails are sent which are presented as “important”, “urgent” and highly targeted. A few of the breaches also occur with the help of stolen or weak credentials and human error. ‘DSCI Threat Intelligence and Research Team’ have observed following cyber threat patterns during last month (Fig.1.):
Also due to ignorance in critical security updates (bug fixes, Sec Feature update, and others), organizations still struggling with minor/ major breaches. For example, recently multiple vulnerabilities (CVE-2020-2243 XSS, CVE-2020-2239: date disclosure vulnerability) were identified in Jenkins Plugins respectively and were asked to patch immediately. Process of patching required to be very agile and automated in the advanced threat landscape.
These days, data breaches are targeting the enterprise with the intent to inflict reputational damage or harm a business function or an individual, or theft of valuable data. In today’s stringent regulatory environment, stolen data can cost organizations heavy penalties, low consumer trust, and huge financial loss.
Cyber Threats
Please visit this link and learn more about recent cyber threats: https://www.dsci.in/sites/default/files/Express%20Blog_DSCI%20Threat%20Intelligence%20%26%20Research.pdf
Recommendations:
For detailed recommendations, please read DSCI Threat Intelligence and Research advisory.