May 2023 Security Update: Take a New Perspective on Ransomware Recovery, Insider Threats, and AI Malware Review

Security news underscores the need to review risk and data loss mitigation and response plans and adapt to evolving threat activity.

software security

Organizations Need a Better Plan to Recover from Ransomware

Veeam commissioned a study of 1,200 IT leaders around the world whose organizations had suffered at least one ransomware attack in 2022. The outcome of that research is compiled in the Veeam 2023 Ransomware Trends Report. Key findings include the need for better alignment between the backup and cybersecurity teams to ensure the ability to recover more quickly. Notably, 75 percent of cyberattacks were able to impact backup repositories.

The survey also found that 77 percent of ransoms are paid by insurance, but insurance is becoming more expensive and harder to get. Furthermore, while 80 percent of organizations paid ransom, one-fourth of them still could not recover their data.

Action Items: 

Some steps organizations can take to mitigate risks and damage from ransomware attacks include:

  • Align the IT backup team with the cybersecurity team.
  • Ensure at least one backup copy is immutable.
  • Develop and test an incident response plan that includes how to quickly recover from a ransomware attack.

Why You Need to Help Protect Cardholder Data

NordVPN research has found that American payment cards are prone to fraud. A study of 6 million cards found on the dark web revealed that 58.1 percent belong to Americans. The average price per American card was $6.86.

Action Items:

NordVPN breaks down the anatomy of a hack, explaining that cardholder data isn’t only stolen through data breaches. Some cards sold on the dark web are captured by brute force. Actions to take to increase security include:

  • Strong password requirements in payment and financial systems
  • Multifactor authentication requirements
  • System security and fraud detection solutions

How Effective is ChatGPT at Classifying Artifacts?

Lead security researcher at Endor Labs Henrik Plate conducted an experiment on how well ChatGPT performs open-source software malware review. He used ChatGPT for 1,800 binary classifications, asking the tool to determine whether they were malicious or benign.

ChatGPT was right 36 percent of the time, correctly classifying 19 of 34 artifacts. Additionally, 44 percent were false positives. Endor Labs points out that ChatGPT can be tricked by the way an artifact is named. The experiment also found that results were different when using ChatGPT 3.5 and 4.0.

Action Item:

  • Approach using large-language model malware review as input for manual reviews, but not to replace manual reviews.

Companies Need Better Insider Threat Protection

Code42 Software’s Annual Data Exposure Report reveals that insider risk is rising as one of the most challenging to detect and manage. The report states that although 72 percent of companies have an insider risk management program, loss incidents from insider threats rose in those companies by 32 percent year over year.

Action Items:

  • Protect from accidental data loss as well as loss that can be traced to malicious and negligent actions.
  • Retrain teams, especially those that have transitioned to remote or hybrid work.
  • Raise awareness among business leadership and get their buy-in on support for insider threat management initiatives.
  • Take a layered approach to protect data from insider threats, including data loss prevention (DLP), cloud access security broker (CASB), and user and entity behavior analysis (UEBA).

Information Stealer Malware Targeting Web Browsers and Crypto Wallets

Trend Micro reports that Bandit Stealer is emerging within the malware community. Bandit Stealer is primarily targeting the Windows platform, but it was developed with the Go programming language, which may allow cross-platform compatibility. It uses the runas.exe command, which can elevate a user’s privileges and execute malicious activities without detection.

Action Item:

  • Use access control mitigations that require necessary credentials for administrator actions.

For more security updates and insights, visit DevPro Journal’s Security resources page.

Jay McCall

Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is a cofounder of Managed Services Journal and DevPro Journal.

Datacap - We Solve Payment Problems
Jay McCall

Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is a cofounder of Managed Services Journal and DevPro Journal.