Read: The Need for Digital Transformation in Finance

The September 2023 OptionOne Cybersecurity Briefing

By OptionOne Technologies

We searched through the most popular cybersecurity websites to bring you the latest industry news, updates, and tips.

Cybersecurity Threat News

Malicious Apps Targeting Businesses SaaS Products Are Becoming More Common

Threat actors have “changed the playing field” by introducing malicious apps that connect with SaaS applications like Salesforce and perform unauthorized activities, The Hacker News reported. When they connect to the core SaaS stack, they request permissions that allow the app to read, update, create, and delete content.

Threat actors increasingly employ sophisticated phishing attacks to link harmful apps to central SaaS applications. They lure employees to seemingly legitimate sites, where they can link an app to their SaaS, or mislead them to malicious websites through brand name typos.

Some threat actors publish these harmful apps on app stores, like the Salesforce AppExchange, masking their malicious intentions behind functional services. These apps often deliver as promised but possess the latent threat of striking at any given moment.

Some of the dangers posed by these apps include data breaches, system compromise, compliance violations, and performance issues.

Securing data within a SaaS application is a crucial task for the security team. This task involves SaaS threat detection to identify and neutralize malicious apps before they compromise the data. Visibility of third-party apps, their permissions, and activities are vital.

Moreover, stringent security settings on hub apps can mitigate risks. These measures include mandatory admin approval for app connections, restrictive access to third-party apps, and only integrating apps from verified marketplaces.

Bot Attacks from the Middle East and Africa Are Rising

Automated attacks from threat actors in the Middle East and Africa are increasing, DarkReading reported. According to research by Netacea, 21% of reported bot attacks originated from the Middle East over the past 12 months, while 13% originated from Africa.

Ecommerce was the most-attacked sector, with 28% of online retailers reporting bot attacks originating from the Middle East last year. Other targeted sectors included telecommunications (22%), financial services (20%), and travel and online gaming (18%, in each case).

Cyril Noel Tagoe, principal security researcher at Netacea, said that bot attacks may not always be from the country they seem to originate from, as threat actors will attempt to disguise their vectors using proxies. However, the rise in attacks suggests that “there is infrastructure in the Middle East and Africa that has been compromised.

Apple Patches Three Zero-Days

Apple has recently addressed three serious zero-day vulnerabilities that were potentially being exploited in the field on iOS devices, Infosecurity Magazine reported. The first of these, CVE-2023-41991, is a certificate validation issue affecting the Apple Security framework. This flaw could potentially allow a malicious app to bypass signature validation. It has been rectified in multiple versions of iOS, iPadOS, watchOS, and macOS Ventura.

Secondly, CVE-2023-41992, which has an impact on Apple’s kernel, was resolved with the implementation of improved checks. This vulnerability could provide a local attacker with the opportunity to escalate their privileges. Like the previous flaw, this one has also been addressed in several versions of iOS, iPadOS, watchOS, and macOS, including macOS Monterey.

Lastly, CVE-2023-41993 targets the WebKit browser engine. It could, if manipulated, lead to arbitrary code execution. Apple has addressed this issue in multiple versions of iOS, iPadOS, and Safari.

Both Bill Marczak from the University of Toronto’s Citizen Lab and Maddie Stone from Google’s Threat Analysis Group discovered these vulnerabilities. They are well-known for uncovering threats devised by commercial spyware manufacturers that target journalists, dissidents, rights groups, and more.

Citizen Lab recently exposed two zero-day vulnerabilities being used in the “BlastPass” exploit to distribute Pegasus spyware. These vulnerabilities are often leveraged by companies like NSO Group to provide their clients, typically government agencies, with eavesdropping capabilities.

However, due to the misuse of commercial spyware by foreign states, these actions have attracted controversy and resulted in a ban on their use by federal agencies.

Cybersecurity Business News

Intel Hit with $400 Million EU Antitrust Fine

Intel, the U.S. chipmaker, has been slapped with a hefty penalty of 376 million euros ($400 million) by the European Union in an antitrust case, Cybernews reported. The case originates from Intel’s actions between 2002 and 2006.

A previous fine of €1.06 billion, imposed in 2009, was dismissed by the Luxembourg-based General Court, Europe’s second highest, last year. Despite the dismissal, the court agreed with the European Commission’s accusation that Intel had illegally ousted competition from the market.

This agreement led to the EU antitrust watchdog reopening the case against Intel. The initial 2009 ruling claimed that Intel had intentionally obstructed its rival chipmaker, Advanced Micro Devices. On a recent Friday, the EU watchdog declared that it had reinstated a fine due to Intel’s practices from November 2002 to December 2006. During this period, Intel had paid companies like HP, Acer, and Lenovo to either stop or delay the production of rival products.

The European Commission commented on this matter, stating, “The General Court confirmed that Intel’s naked restrictions amounted to an abuse of a dominant market position under EU competition rules.” As of now, Intel has not publicly responded to any requests for comments. Notably, the Commission appealed against the General Court’s ruling from last year at the EU Court of Justice, which is Europe’s top court.

U.S. Cyber Insurance Claims Spike

The first half of 2023 saw a significant escalation in the frequency and severity of cyber insurance claims for businesses, CSO reported. The claims were stated in Coalition’s 2023 Cyber Claims Report: Mid-year Update. This surge is largely attributed to ransomware, funds transfer fraud (FTF), and business email compromise (BEC) attacks.

An alarming statistic reveals that companies with revenue exceeding $100 million witnessed the largest increase in the number of claims (20%). Furthermore, these companies also experienced notable losses due to these attacks, with a sharp rise of 72% in claims severity when compared to the second half of 2022.

The landscape of cyber insurance has transformed into a progressively complex domain. As the number and severity of attacks inflate, the demand for extensive coverage is escalating alongside evolving conditions of policies.

This is resulting in more intricate and costly insurance plans, which are increasingly difficult to qualify for. This situation brings forth a host of new challenges and considerations for Chief Information Security Officers (CISOs) and their organizations when contemplating the best strategies for cyber insurance investment.

In the wake of the above developments, it is noteworthy to mention the findings from Delinea’s recent research. The study pointed out that the process of obtaining cyber insurance has become significantly more time-consuming for U.S. businesses. It revealed a considerable rise in the number of companies that now require six months or more to get insured, showing a year-on-year increase.

This research underscored a substantial disconnect between insurance carriers and businesses that are in a rush to secure affordable, all-encompassing coverage. Consequently, many organizations continue to invest in cybersecurity solutions to meet the prerequisites for cyber insurance policies.

Overall claims frequency increased by 12% in the first half of 2023, while claims severity increased by 42% with an average loss amount of more than $115,000, according to Coalition’s report.

Thanks for Reading

That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.




Subscribe to our Newsletter

* indicates required