Webroot’s Nastiest Malware List Highlights Attack Sophistication
… devastating targeted attacks of 2019, according to Webroot. And Dridex, once considered one of the most prominent banking trojans, is now used as an implant in the infection chain with Bitpaymer ransomware.
“As evidenced by the growing threat of social engineering scams like company impersonation and BEC, organizations are failing to implement sufficient and consistent security awareness training programs,” Moffitt said. “Organizations also need to establish a layered approach to security to ensure protection against cybercriminals’ evolving tactics. Beyond that, just some basic best practices can keep your organization from being caught with their pants down — locking down RDP, disabling macros and powershell for the 95% of employees that never use it, and stronger password security.”
Also Tuesday, ServiceNow research shows that despite a 24% average increase in annual spending on prevention, detection and remediation in 2019 compared with 2018, patching is delayed an average of 12 days due to data silos and poor organizational coordination. The average timeline to patch is 16 days.
At the same time, there was a 17% increase in cyberattacks over the past year, and 60% of breaches were linked to a vulnerability where a patch was available, but not applied.
“This study shows the vulnerability gap that has been a growing pain point for CIOs and CISOs,” said Sean Convery, general manager of ServiceNow security and risk. “Companies saw a 30% increase in downtime due to patching of vulnerabilities, which hurts customers, employees and brands. Many organizations have the motivation to address this challenge, but struggle to effectively leverage their resources for more impactful vulnerability management. Teams that invest in automation and maturing their IT and security team interactions will strengthen the security posture across their organizations.”