The endpoint continue to represent a big risk factor when it comes to cybersecurity: 90% of successful attacks and as many as 70% of successful data breaches they originate precisely through connected devices.
Users are six to ten times more likely to fall victim to a phishing attack via text message versus one via emailand over half of companies (62%) have suffered a breach at least partially attributable to remote working in the last three years.
This was revealed by the Mobile Security Index 2023 Of Verizon Business, now in its sixth edition. The study illustrates the main threats found in the protection of mobile devices thanks to insights from Verizon partners such as Akamai, Fortinet, Lookout, Allot, Ibm, Proofpoint, Check Point e Ivanti. The report also provides insights and best practices to support organizations in achieving the correct flexibility and security in all business processes.
The risks associated with the use of portable devices
The research underlines like 61% of Chief Information Security Officers and 53% of CEOs respondents believe that their companies are not adequately prepared to deal with possible targeted cyber attacks in the next 12 months. In this context, finding a balance between user experience, privacy and costs becomes a crucial priority.
Cybersecurity: the guide to managing risk in the bank
The approach Bring Your Own Devicehybrid work and the proliferation ofInternet of Things they have significantly expanded the scope and complexity of endpoint protection. This scenario has generated a significant impact not only on the company but also on its employees, shareholders and customers.
It is precisely from this perspective that the reason why, over a third of users (34%), has made at least one of the following five basic security mistakes: 18% clicked on a phishing link; 13% downloaded malware via smishing (phishing via SMS); 11% downloaded generic malware; 9% have shared personal data with a scammer; 8% revealed a password to an untrustworthy source.
The technological development of connected devices increases attack surfaces
Protecting IoT devices represents one of the most complex challenges in mobile device security. The increase in the number of devices makes them an attractive target as an attack vector, while the increase in their power means that they themselves reveal themselves as attack vehicles, for example by becoming part of a botnet used to execute a distributed denial of service attack.
All this is even more true if we consider the shortcomings in terms of best practices to be adopted to reduce risks. The study highlights how 71% of users do not change the default password of their home Wi-Fiwhile almost a third (equal to 28%) do not protect their connection with a password.
AI as a challenge for cybersecurity
The recent development of generative artificial intelligence has also proven to be a challenge for cyber security. Anyone with access to the internet can create a convincing but false deepfake. Cybercriminals exploit this technology to make their phishing attacks even more effective.
For example, an audio sample of a person is enough to create a realistic imitation of their voice. A simple online video interview with a CEO could be manipulated into a highly credible voice message, instructing an employee to change payment details for a major supplier or reset login credentials to a critical system.
For Black Friday, 30 million Italian telephone numbers are on sale on the dark web
But it’s not just businesses that are at risk: during the investigations conducted on the occasion of Black Friday, the Cyber Threat Intelligence team of Yarix (Ycti)Digital Security division of Var Groupbrought to light an underground forum on the dark web which he put up for sale 30 million telephone numbers of Italian users, in packages containing considerable volumes of information such as name, surname, e-mail address, residence and domicile, at prices accessible to most.
And give they may have been used to conduct malicious campaigns of various kinds on the occasion of Black Fridaycome phishing (scams via email, messages or telephone) and other operations Social Engineering. The investigations into the origin of the threat actor and the legitimacy/origin of the data set are still underway.
Between January and October 2023, Yarix took over over 66 thousand compromised devices containing Italian access credentials33% regarding the main Italian e-Commerce platforms.
In addition to the increase in the sale of data relating to Italian consumers on the dark web, Yarix has visibility of an ongoing sale of exploits and vulnerabilities, some of which concern software used by e-commerce platforms. The data sets can be purchased starting from a base of 100 dollars up to a million dollars paid in cryptocurrency.
Fake shops are also on the increase for the month of October and the first half of November – stores that reproduce the original stores extremely faithfully to steal personal and payment data – in the fashion sector. Compared to the same period in 2022, an overall increase of 50% was recorded.
@ALL RIGHTS RESERVED