Security Digest (June 2023)

June 2023

As always, Advanced is proud to be here for all your security needs. Reach out now ([email protected]) to determine how you can improve your security posture and keep your business running smoothly.

– The Advanced Security Task Force

• HP has released their Security Threat Insights Report Q1 2023, providing an assessment of the modern threat landscape.
• Notable numbers from the threat report include an estimation that roughly 14% of malicious threats pass through email security gateways undetected, emphasizing the importance of end user training. HP also estimates that 80% of all threats to a given organization come via email.
• HP also observed an increase in OneNote utilization by threat actors. OneNote files (identifiable by their .one filetype) can be used to deliver malicious code while bypassing standard security measures. Once delivered, victims will see an attachment requesting the client enter credentials to access shared documents.
• Most vendors and users will never provide confidential documents through OneNote. As always, Advanced strongly recommends calling the sender, or Advanced directly, to verify any suspicious looking email.
• The full HP Q1 Threat Report can be seen here.

• HP has advised of on observed rise in ChromeLoader malware on end user systems.
• ChromeLoader malware is installed as a Chrome extension from false websites advertising free movie and music downloads.
• Advanced advises all users be cautious of files downloaded from the web. If you would like to implement website filtering in your environment to reduce the threat of malicious files, reach out to Advanced for flexible options.
• Additional information on ChromeLoader can be seen here.

• The FTC’s Standards for Safeguarding Customer Information (Safeguards, for short) went into action in 2003.
• The guidelines provide a list of protocols for financial institutions to follow to maintain the safety of customer data.
• Effective June 9th, the amendment expands the definition of a financial institution to include various types of businesses, including auto dealerships, real estate appraisers, and more.
• Full details on compliance, and how your company can achieve it, can be seen here.

• Verizon has published their 2023 Data Breach Investigation Report (DBIR) detailing the modern threat landscape in Cybersecurity.
• 83% of breaches are initiated by external attackers looking for quick financial gain.
• 84% of breaches target humans as the attack vector, using social engineering and BEC strategies.
• One out of every five breaches, 19%, originate from the inside.
• System intrusion, basic web application attacks and social engineering are among the leading attack strategies.
• The median cost to victims per ransomware incident more than doubled over the past two years to $26,000
• 24% of breaches this year involved ransomware, continuing its long-term upward trend as a primary attack strategy.
• 74% of financial and insurance industry breaches involved compromised personal data — leading all industries by a wide margin.
• The full report can be seen here.

• Microsoft has published a report detailing a Distributed Denial Of Service (DDoS) attack on the company’s services on June 6th.
• DDoS attacks are performed by sending large amounts of traffic to public facing servers to overwhelm available resources. The primary goal of a DDoS will be to bring services down, rather than compromise or steal data.
• The threat actors, who Microsoft classify as “Storm-1359”, caused widespread service issues to various Office 365 applications.
• Microsoft has mitigated these efforts, and has implemented additional DDoS controls to thwart future attacks. Additional details can be seen here.

• St. Margaret’s Health in Illinois fell victim to a ransomware attack in February 2021, forcing them to shut down IT infrastructure at Spring Valley hospital.
• The payment system was taken offline for months causing billing delays and a significant economic impact on the organization.
• On June 16th the organization shut down its Spring Valley and Peru facilities due to a number of factors, including the cyberattack, the COVID-19 pandemic, and staffing shortages. The closure of the hospital is expected to have a dramatic impact on residents and marks the first time a hospital has officially cited a cyberattack as a reason for the ceasing its operations.
• Details on the closure can be seen here.