Well-known security flaws are still the preferred attack channel for cybercrime, and ransomware is still its tool of choice.
The tenable security company revealed this Thursday (16) its Threat Scenario Report for the year 2022, which shows worrying facts about Brazil. The country leads the world in the volume of improperly exposed data, according to company metrics.
- Stalkerware: Secretly installed spy apps grow by 358% in Brazil
- Brazil is the fifth most affected by the new Emotet malware contamination
And Brazil is in the lead with a little yielding. The company points out that, throughout the year, 1,335 incidents were investigated, in which 257 terabytes of data were exposed. Of that, 112TB was in Brazil alone, or about 43%.
The report also points out that these breaches allowed 2.29 billion records to be exposed worldwide, with more than 800 million leaked due to insecure databases.
Old flaws, eternal problems
The report highlights that while zero-day threats, the name given to vulnerabilities discovered by cybercrime before there is a security update, are a perennial risk, they shouldn’t be the primary concern for businesses.
On the contrary: most of the attacks analyzed in the course of 2022 used already known and documented vulnerabilities, for which a fix already existed. Cybercriminals take advantage of companies’ slowness to patch to continue exploiting flaws that have existed for years.
As Tenable points out, the very serious Log4J flaw, which affects software libraries used by all types of systems and was discovered in 2021, continued to be widely exploited even in 2022. Only 21% of companies had adopted solutions to mitigate the problem after a full year of its discovery.
In general, a common problem is a lack of proactivity in installing security updates. In February 2023, a glitch in the vmware ESXi enabled the ransomware to spread to more than 1,800 hosts, 17 of them in Brazil. Bankruptcy, however, had been documented since 2021, and as of February 13, 2023, had only been resolved by 34% of companies. After the disclosure of the attacks and the severity of the vulnerability, 87% of companies had applied patches just 10 days later, which shows a strong reaction, but also indicates that 13% are still without protection.
Ransomware remains the main threat
Furthermore, cybercrime has yet to find a new type of attack as effective as the ransomwarewhich continues to be the main threat in the market, in Brazil and in the rest of the world.
The study reports that 52% of cyberattacks recorded in Brazil involved ransomware. The number is higher than the global average, which is 35.4%.
The criminals mainly targeted the public administration, which was the target of 42% of ransomware attacks in Brazil. Rounding out the podium of the most threatened sectors are the retail trade, with 19%, and finance and insurance, with 9%.
Tenable also reinforces that, in recent years, there has been a shift in the profile of ransomware attacks, which no longer behave like WannaCry, which rocked the world in 2017.
Back then, the attacks extorted their victims only by encrypting their data and demanding payment in cryptocurrencies to ransom them. However, cybercriminals have since realized that they could also take advantage of the hack to steal sensitive information and threaten to release it. In this way they can monetize the same attack twice, in a model known as “double extortion”.
Trending on Canaltech:
- An object hit the moon and this astronomer managed to film the impact
- The asteroid is getting closer to Earth than the Moon this week
- NASA Spotlight: The Omega Centauri star cluster is the astronomical photo of the day
- Commissioner Gordon Finally Catches Batman ‘Disappearing’
- What is a Mary Sue character?
- The movement of giant icebergs can affect marine life and ship routes
Source: Terra
Rose James is a Gossipify movie and series reviewer known for her in-depth analysis and unique perspective on the latest releases. With a background in film studies, she provides engaging and informative reviews, and keeps readers up to date with industry trends and emerging talents.
