Tag

2019

Browsing

The cyber security story for May 2019 is much the same as it was last month, with one mammoth breach raising the monthly total.

The offender this time is the First American Financial Corp., which breached sixteen years’ worth of insurance data. That incident accounted for more than 60% of all of May’s breached records.

In total, at least 1,389,463,242 records were compromised. That brings the annual running total to 7.28 billion and reduces the monthly average to 1.44 billion.

Cyber attacks

Ransomware

Data breaches

Financial information

Malicious insiders and miscellaneous incidents

In other news…

Source: IT Governance

Cybersecurity issues are becoming a day-to-day struggle for businesses. Trends show a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.

Additionally, recent research suggests that most companies have unprotected data and poor cybersecurity practices in place, making them vulnerable to data loss.

We’ve compiled 60 cybersecurity statistics to give you a better idea of the current state of overall security, and paint a picture of how potentially dire leaving your company unsecure can be.

Data Breaches by the Numbers

The increasing amount of large-scale, well-publicized breaches suggests that not only are the number of security breaches going up — they’re increasing in severity, as well.

  1. In 2016, 3 billion Yahoo accounts were hacked in one of the biggest breaches of all time. (Oath.com)
  2. In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers. (Uber)
  3. In 2017, 412 million user accounts were stolen from Friendfinder’s sites. (LeakedSource)
  4. In 2017, 147.9 million consumers were affected by the Equifax Breach. (Equifax)
  5. According to 2017 statistics, there are over 130 large-scale, targeted breaches in the U.S. per year, and that number is growing by 27 percent per year. (Accenture)
  6. Thirty-one percent of organizations have experienced cyber attacks on operational technology infrastructure. (Cisco)
  7. 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. (Malware Tech Blog)
  8. Attacks involving cryptojacking increased by 8,500 percent in 2017. (Symantec)
  9. In 2017, 5.4 billion attacks by the WannaCry virus were blocked. (Symantec)
  10. There are around 24,000 malicious mobile apps blocked every day. (Symantec)
  11. In 2017, the average number of breached records by country was 24,089. The nation with the most breaches annually was India with over 33k files; the US had 28.5k. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  12. In 2018, Under Armor reported that its “My Fitness Pal” was hacked, affecting 150 million users. (Under Armor)
  13. Between January 1, 2005 and April 18, 2018 there have been 8,854 recorded breaches. (ID Theft Resource Center)

Cybersecurity Costs

Average expenditures on cybercrime are increasing dramatically, and costs associated with these crimes can be crippling to companies who have not made cybersecurity part of their regular budget.

  1. In 2017, cyber crime costs accelerated with organizations spending nearly 23 percent more than 2016 — on average about $11.7 million. (Accenture)
  2. The average cost of a malware attack on a company is $2.4 million. (Accenture)
  3. The average cost in time of a malware attack is 50 days. (Accenture)
  4. From 2016 to 2017 there was an 22.7 percentage increase in cybersecurity costs. (Accenture)
  5. The average global cost of cyber crime increased by over 27 percent in 2017. (Accenture)
  6. The most expensive component of a cyber attack is information loss, which represents 43 percent of costs. (Accenture)
  7. Ransomware damage costs exceed $5 billion in 2017, 15 times the cost in 2015. (CSO Online)
  8. The Equifax breach cost the company over $4 billion in total. (Time Magazine)
  9. The average cost per lost or stolen records per individual is $141 — but that cost varies per country. Breaches are most expensive in the United States ($225) and Canada ($190). (Ponemon Institute’s 2017 Cost of Data Breach Study)
  10. In companies with over 50k compromised records, the average cost of a data breach is $6.3 million. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  11. Including turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill the cost of lost business globally was highest for U.S. companies at $4.13 million per company. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  12. Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (Cybersecurity Ventures)

Cybersecurity Facts and Figures

It’s crucial to have a grasp on the general landscape of metrics surrounding cybersecurity issues, including what the most common types of attacks are and where they come from.

  1. Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations. The United States ranks highest with 18.2 percent of all ransomware attacks. (Symantec)
  2. Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53 percent of attacks. (Cisco)
  3. Most malicious domains, about 60 percent, are associated with spam campaigns. (Cisco)
  4. Seventy-four percent of companies have over 1,000 stale sensitive files. (Varonis)
  5. Malware and web-based attacks are the two most costly attack types — companies spent an average of US $2.4 million in defense. (Accenture)
  6. The financial services industry takes in the highest cost from cyber crime at an average of $18.3m per company surveyed. (Accenture)
  7. Microsoft Office formats such as Word, PowerPoint and Excel make up the most prevalent group of malicious file extensions at 38 percent of the total. (Cisco)
  8. About 20 percent of malicious domains are very new and used around 1 week after they are registered. (Cisco)
  9. Over 20 percent of cyber attacks in 2017 came from China, 11 percent from the US and 6 percent from the Russian Federation. (Symantec)
  10. The app categories with most cybersecurity issues are lifestyle apps, which account for 27 percent of malicious apps. Music and audio apps account for 20 percent. (Symantec)
  11. The information that apps most often leak are phone numbers (63 percent) and device location (37 percent). (Symantec)
  12. In 2017, spear-phishing emails were the most widely used infection vector, employed by 71 percent of those groups that staged cyber attacks. (Symantec)
  13. Between 2015 and 2017, the U.S. was the country most affected by targeted cyber attacks with 303 known large-scale attacks. (Symantec)
  14. In 2017, overall malware variants were up by 88 percent. (Symantec)
  15. Among the top 10 malware detections were Heur.AdvML.C 23,335,068 27.5 2 Heur.AdvML.B 10,408,782 12.3 3 and JS.Downloader 2,645,965 3.1 (Symantec)
  16. By 2020, the estimated number of passwords used by humans and machines worldwide will grow to 300 billion. (Cybersecurity Media)

Cybersecurity Risks

With new threats emerging every day, the risks of not securing files is more dangerous than ever, especially for companies.

  1. 21 percent of all files are not protected in any way. (Varonis)
  2. 41 percent of companies have over 1,000 sensitive files including credit card numbers and health records left unprotected. (Varonis)
  3. 70 percent of organizations say that they believe their security risk increased significantly in 2017. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  4. 69 percent of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  5. Nearly half of the security risk that organizations face stems from having multiple security vendors and products. (Cisco)
  6. 7 out of 10 organizations say their security risk increased significantly in 2017. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  7. 65 percent of companies have over 500 users who never are never prompted to change their passwords. (Varonis)
  8. Ransomware attacks are growing more than 350 percent annually. (Cisco)
  9. IoT attacks were up 600 percent in 2017. (Symantec)
  10. The industry with the highest number of attacks by ransomware is the healthcare industry. Attacks will quadruple by 2020. (CSO Online)
  11. 61 percent of breach victims in 2017 were businesses with under 1,000 employees. (Verizon)
  12. Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds at that time. (Cybersecurity Ventures)
  13. Variants of mobile malware increased by 54 percent in 2017. (Symantec)
  14. Today, 1 in 13 web requests lead to malware (Up 3 percent from 2016). (Symantec)
  15. 2017 represented an 80 percent increase in new malware on Mac computers. (Symantec)
  16. In 2017 there was a 13 percent overall increase in reported system vulnerabilities. (Symantec)
  17. 2017 brought a 29 percent Increase in industrial control system–related vulnerabilities. (Symantec)
  18. By 2020, we expect IT analysts covering cybersecurity will be predicting five-year spending forecasts (to 2025) at well over $1 trillion. (Cybersecurity Ventures)
  19. The United States and the Middle East spend the most on post-data breach response. Costs in the U.S. were $1.56 million and $1.43 million in the Middle East. (Ponemon Institute’s 2017 Cost of Data Breach Study)

There’s no question that the situation with cybercrime is dire. Luckily, by assessing your business’s cybersecurity risk, making with company-wide changes and improving overall security behavior, it’s possible to protect your business from most data breaches.

Make sure you’ve done everything you can do to avoid your company becoming a victim to an attack. The time to change the culture toward improved cybersecurity is now.

Source: Varonis

Google spinoff Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.

RSA CONFERENCE 2019 – San Francisco – Chronicle, the division that spun out of Alphabet’s X, rocked the cybersecurity industry today with a new security data platform that ultimately could whittle down the number of security tools organizations run today to monitor and manage incidents.

The new Backstory cloud-based service works with Chronicle’s VirusTotal malware intelligence platform, and lets organizations view previous security data over time and more quickly spot and pinpoint details on malicious activity. “It gives security teams insight into what’s happening in the enterprise right now, with the same level of visibility into what happened yesterday, a month ago, even a year ago,” for example, Stephen Gillett, Chronicle CEO and co-founder said today in a media event for the rollout.

What makes Backstory unique from other security offerings, not surprisingly, is its Google-esque approach to drilling down into activity on the network and devices and its ability to store, index, and search mass amounts of data. Most enterprises are constrained by the amount of data they can store and manage over a long period of time.

Backstory, however, could prompt some housecleaning for security teams and security operations centers that for years have been amassing multiple, and sometimes redundant security tools and threat intelligence feeds. The platform is Chronicle’s first commercially developed product.

Rick Caccia, chief marketing officer at Chronicle, told Dark Reading that among the tools that Backstory ultimately could replace or streamline are network monitoring, network traffic analysis, log monitoring, security information event management (SIEM) tools, and even threat intelligence feeds. Tool overload has become a chronic problem for organizations: the average company runs dozens of security tools and often doesn’t have the people power to properly employ or even stay on top of the tools and the data they generate.

Several companies already are using Backstory, including manufacturing firm Paccar, Quanta Services, and Oscar Health, and several security vendors today announced partnerships to integrate with Backstory — Carbon Black, Avast, CriticalSTART, and others.

Chuck Markarian, CISO at Paccar, which builds trucks, said his company expects Backstory to replace anywhere from three- to six of its existing security tools in the next year.

“In general, managing our costs is huge, [and] managing our spend in security, and figuring out how we can use less feeds,” he said during a customer panel during the media event. Managing multiple security tools is challenging, he said, so whittling down the number of tools is key.

“I can’t find the people to manage it and I keep going back to our board and saying ‘I need another tool, I need another tool,'” Markarian said. “I want to get that number [of tools] dramatically down.”

Backstory initially provides a tool for threat hunting and security investigations, said Jon Oltsik, senior principle analyst for Enterprise Security Group. “In its current iteration, I think Chronicle [Backstory] assumes a role for threat hunting and security investigations. Its pricing, data capacity, and query speed are built for this,” he said.

Oltsik also predicts Backstory will streamline and also eliminate the need for some point security tools.

“In the future, I could see Chronicle becoming an aggregation hub for other security analytics tools [such as endpoint detection & response, network traffic analysis, and threat intelligence, for example] and then subsuming some of these standalone technologies over time,” depending on Chronicle’s roadmap for the platform, he told Dark Reading.

Many large companies already have multiple security products for the same function, Chronicle’s Caccia said. “They have three network monitoring tools and multiple SIEMs,” for example, he said. Chronicle is pricing Backstory by customer, he said, hoping to target the pricing below its potential competitors. Some companies already spend a half-million dollars per year on tools, including subscribing to cloud-based capacity for storage and computing power for cloud services like that of Amazon, he said

Operation Aurora’ Roots

Backstory grew out of the Google’s firsthand experience in 2009 when the company was hacked by Chinese nation-state actors, during the so-called Operation Aurora. Former Google security engineers who used big data analytics to build internal security tools for the search engine giant in the wake of the attacks. That work influenced Chronicle’s development of Backstory, led by former Google engineers and Chronicle co-founders Gillett and Mike Wiaceck, CSO at Chronicle.

During a demonstration of Backstory at the media event today, Wiaceck said the more data you add to Backstory, the more detailed a picture and story it provides of a threat or attack. “Attackers can’t hide” in Backstory, he said.

Meanwhile, ICS/SCADA vendor Siemens, plans to offer Backstory as part of its managed security service for ICS customers, according to Leo Simonovich, global head of industrial cyber and digital security at Siemens, which partnered with Chronicle on Backstory.

“For us, it’s providing our customers the understanding of what’s happening in their enviornment,” Simonovich said in an interview. “We’re hoping one day it [Backstory] will become the backgone of [our] managed security service.”

Source: Dark Reading

 

It’s time. We’ve rounded up all our best games of 2018, then followed that up with another bunch of games you might’ve missed. We’ve done plenty of retrospective to close out the year. Now it’s our chance to look ahead at a packed spring schedule (and beyond), rounding up all the games we’re most excited about for 2019.

That part is key: Most excited about. That means you’ll find some obvious picks here, like Metro Exodus. You’ll also find some smaller, more niche picks like Disco Elysium, Heaven’s Vault, and The Occupation. And it means this is not a comprehensive list. It’s just our favorites.

Sorry in advance if we cut your favorite game from the list.

Resident Evil 2 – January 25

The first major PC release of 2019 is Capcom’s Resident Evil 2 remake ($60 preorder on Humble), due to release at the end of January. It’s probably the safest possible bet Capcom could make after the bold first-person pivot of Resident Evil VII. The Resident Evil 2 remake brings back all the fans’ old favorites. Leon’s here! And Claire! And Ada Wong! And Raccoon City! Also, it’s been redone to use the over-the-shoulder camera from Resident Evil IV!

It’s like a mashup of everyone’s favorite Resident Evils. That’s less exciting (to me at least) than a proper Resident Evil VII follow-up, but it’ll be great to have this classic story playable on modern machines, and with mechanics befitting a 2019 video game. So long, fixed camera angles. Adios, tank controls. We can do better now.

The Occupation – February 5

The Occupation was supposed to release in October. Now it’s supposed to release in February. I don’t think anyone even announced a delay—it just slipped into the future as if the original date never existed, the perfect way to delay a game that’s about a corrupt government cracking down on civil liberties to keep citizens safe.

Delay or no, The Occupation‘s still one of my most anticipated games for 2019. The game takes place over four real-time hours, with characters and events sticking to a strict schedule. You play a journalist, trying to uncover the facts behind a deadly crime—but you need to make decisions about what leads to pursue and how to follow them. Do you meet with the government official you have an appointment with? Or perhaps blow them off and root through a colleague’s empty office?

I’ve played a lot of so-called “immersive sims” over the years, but none as ambitious as The Occupation. I hope the delay gave the team enough time to fine-tune the details.

Metro Exodus – February 15

Usually these lists become outdated because of delays, but not this time. The day after we recorded our 2019 preview video, Metro Exodus ($60 preorder on Humble) announced it was moving its release date up a week, from February 22 to February 15. That takes it out of competition with Anthem and puts it back up against Crackdown 3, as well as Far Cry: New Dawn.

Metro is the one I’m looking forward to most though. I loved the cramped corridor shooting of Metro 2033 and Last Light, and while I’m a bit less enamored with the idea of a pseudo-open-world Metro game I’m curious to see whether it works, guiding Artyom on some grand journey through the Russian countryside.

Far Cry: New Dawn – February 15

Metro Exodus ’s strongest competition, Far Cry: New Dawn ($40 preorder on Humble) releases the same day with a brighter and goofier take on the post-apocalypse. And you know what? I’m kind of looking forward to it. I think Far Cry’s serious numbered entries are mostly mediocre (especially Far Cry 5) but the gimmicky spin-offs like Blood Dragon and Primal are interesting experiments—even when they don’t quite work out.

So a post-apocalyptic Far Cry? One that’s set on the same map as Far Cry 5, but without all the political and religious overtones? It probably won’t break new ground for the series or for games as a whole, but it at least sounds like a decently fun time. And hey, Fallout 76 set the bar pretty low, so…

Anthem – February 22

Once upon a time February 22 was supposed to be the crowded day, but first Crackdown 3 dipped to February 15 and then Metro followed suit. Now only Anthem ($60 preorder on Origin) remains, BioWare’s take on a Destiny-style shooter—except maybe with a better story? That’s a pretty thin maybe, based on what I’ve seen so far, but I’m still holding out some hope. It is BioWare, after all.

We really don’t know though. BioWare’s been reticent about showing off Anthem’s story, instead focusing on how it plays. And I can say: It plays great. At our E3 demo I claimed Anthem plays “even smoother than Destiny,” which is high praise coming from me. Rocketing around in my little mech, strafing waterfalls and diving underwater, then exploding back out of a pool to shoot some nearby foes—it’s effortless.

But I loved the shooting in Mass Effect: Andromeda and not much else, so…well, I hope the story’s decent. Fingers crossed.

The Sinking City – March 21

Frogwares’s Sherlock Holmes series is the closest I’ve come to a gaming guilty pleasure. They’re low budget, often buggy, the cases you solve hit-or-miss, and the mechanics for finding a solution even more inconsistent. And yet they often rise above their station, delivering excellent character moments for Holmes and Watson, or seizing on a neat detective game gimmick (like Crimes and Punishments with its red herring endings).

Point being: I’m always interested in what Frogwares is up to, even if the results aren’t perfect. And with Cyanide’s 2018 Call of Cthulhu game a mess, that makes Frogwares’s Sinking City our best hope for a truly unsettling mythos experience. The cinematic trailer below gives me no idea whether this is mostly an action game or a detective game, but I’m at least excited to find out.

Sekiro: Shadows Die Twice – March 22

Dark Souls is dead. Long live Dark Souls. If you believe From Software, the Dark Souls series is finished forever. That doesn’t mean From Software is done making that style of game though.

Enter Sekiro: Shadows Die Twice ($60 preorder on Steam). It’s not a Souls game, but Sekiro takes those ideas—deliberate combat, pattern recognition, grand boss battles, impenetrable lore—and transposes them to Japan’s Sengoku period. It is, in so many ways, recognizable as a From Software game.

And yet it’s not afraid to deviate from Dark Souls as well. Exploration is more active, as your character has a grappling hook-arm that allows him to leap to rooftops and branches or swing across gaps. That, in turn, makes stealth a viable option—either bypassing enemies entirely or leaping down on them unawares for a quick kill.

Mortal Kombat XI – April 23

We don’t know much about Mortal Kombat XI yet. Announced in December at The Game Awards, all we’ve seen is a single CGI trailer of Dark Raiden fighting two Scorpions. That means uh…well, Dark Raiden and Scorpion are in the game. It also seems like the character customization elements of Injustice 2 will make it over to this latest Mortal Kombat.

But what will the campaign look like? That’s what I’m most curious to see. The seamless cinematic-driven campaigns of Mortal Kombat IX andX were great, but after four games (including the Injustices) it seems like it might be time for a shakeup. Rumors claim Mortal Kombat XI will include a full-on adventure mode with a map to explore, a la 2005’s Shaolin Monks, but we’ll see.

Rage 2 – May 14

I still find it hard to believe Bethesda’s funding Rage 2 ($60 on Amazon), a sequel to one of the all-time blandest games, but…well, Prey was great. Maybe another of Bethesda’s weird bets will pay off. After all, Rage 2 mashes up id’s shooting with Avalanche’s Mad Max driving, which certainly sounds like a winning combination.

The question is whether the story can pull its weight as well. Lest we forget, the first Rage played pretty well. It was just boring as hell. Rage 2 seems to be shifting towards a quirkier Borderlands-lite style of humor, which might help propel the action along…or might get old quick. It’s hard to tell.

Either way, I’m looking forward to Rage 2—and that’s a sentence I never thought I’d write a year ago.

Source: IT News