Postinfection.pngThis week a report indicated cyber-attacks are up 200% with the top targeted industry being healthcare; Zusy malware is being paired with a spam campaign, enticing users to open attached PowerPoint file; it is very evident if an attacker has a target, they are most likely already in and 1/2 of data breaches are discovered 
within 38 days.

 

 

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

Cyber-attacks

Cyber-attacks are up 200% and healthcare is the main targeted sector.

Why is this significant?

  • According to a post-intrusion report, healthcare is the number 1 targeted sector based on threats detected, followed by education/media and food/beverage industry.
  • This report on Q1, healthcare indicates 164 threats detected per 1,000 host devices.  The number of threat detections is relevant, but there are also the undetected threats is the true number healthcare should be worried about.
  • “The average number of reconnaissance, lateral movement and exfiltration detections have all increased by more than 265%.”

//**Infiltration is inevitable.  Try Post-infection Protection for data security **//

Read the full story in infosecurity    

 

Malware

Spam campaigns are delivering malware dubbed Zusy, via PowerPoint files.

Why is this significant?

  • What makes this malware unique is that it executes malware embedded inside of a PowerPoint file via PowerShell commands without requiring the user to enable JavaScript or VBA macros.
  • The victim has to open the PowerPoint file to be infected and then a hypertext “Loading” appears, if the user hovers their mouse over the hypertext, the payload is then delivered.
  • This technique of user-triggered malware downloads is relatively new and can be used against the unaware users.

Read the full story on Threat Post

//** Learn more about PowerShell malware and how to protect against it in this whitepaper **//

Detection is failing

According to this study 1/2 of data breaches are discovered within 38 days. The other 1/2 go undetected for years, indicating that attackers are deep in the network.

Why is this significant?

  • Targeted attacks delivered with malware are moving laterally through networks most likely hiding out at the kernel level.
  • Detection is failing.  We are constantly hearing about attacks that occurred years prior for example, Red October and Yahoo
  • According to this study, 75% of vulnerabilities are shared online prior to NVD publication. This comes to show that vulnerabilities are in the public – even before a patch is released – and undoubtedly, they will be exploited.
Read the full story on Dark Reading