J2SECOPS WEEKLY NEWS: This week in the J2 CSC, Human error, data breach investigations reports and poor hygiene; Oh and Ransomware has doubled year over year again!

In this week’s news roundup I am always intrigued and mildly bemused by the  annual Verizon reports. Information security, Data breaches, firmly on the board agenda, is the problem everyone has to deal with and not the only problem that IT and security professionals have to deal with anymore. Ongoing impacts are continuously felt across the whole business and its eco systems—from Business Continuity and Disaster Recovery Planning to legal teams, tied up in perpetual firefighting mode in term of advisory, seeking external opinion in terms of litigation, to your coalface employees, who can’t execute on the day to day operational activities they need to do their jobs. Everyone is an integral part in managing the risks and issues, people make mistakes and are not always malicious in intent. Visibility is key to understanding the problem, and then, and only then, can decisive action can be taken!

Verizon 2018 Data Breach Investigations Report

Verizon released the 11th version of their Data Breach Investigations Report (DBIR) for 2018 on the 10^th of April.
The headline for this year’s report is ransomware, present in 39% of malware related cases.
Beyond ransomware, other highlights from the report include:

• 53,308 reported security incidents, 2,216 data breaches, 65 countries, 67 contributors
• 76% of reported breaches were financially motivated
• 72% of reported attacks were perpetrated by outsiders
• 50% of reported attacks were perpetrated by organized crime groups
• Pretexting incidents nearly tripled from last year
• Companies are 3x more likely to be breached by social attacks than vulnerabilities

2018 Data Breach Investigations Report | Verizon

Unpatched Vulnerabilities Are The Source Of Most Data Breaches

It is all and well that we are all in the same boat in terms of keeping the lights on within all our own respective enterprises; by 2018 I had an expectation, as a starry eyed kid, that we would be commuting for home to work in flying cars and have automatons as personal assistants enhancing every aspect of our daily lives. The reality for most of the aforementioned enterprises, is that we cannot get the basics right, like patch management, let alone focus on innovation.

Here is an insightful report that the Ponemon Institute and ServiceNow put together detailing how much of a problem we are all facing.
Some of the insights include the concept of “patching paradox”, whereby the idea of hiring more people will improve security hygiene. Though in reality it doesn’t. 64% of companies are planning to hire more dedicated people to handle
vulnerabilities, accounting for a 50% increase in headcount – this alone will not improve their security posture if they don’t fix broken patching processes. The study shows that firms struggle with patching because they use manual processes and can’t prioritize what needs to be patched first. As stated previously due to the manual patching process 61% admit that this manual approach to patching puts them at a disadvantage, and 55% note that they spend more time dealing with internal processes than managing the vulnerabilities. All agree that more than 12 days are lost coordinating between teams to get patches applied. Some key Insights include:

• 73% have no common view of assets and applications across security and IT
• 57% admit that patches slip through the cracks due to emails and spreadsheets used to manage the process
• 62% have no easy way to track whether vulnerabilities of being patched in a timely manner
• 65% say they find it difficult to prioritize what needs to be patched first

Today’s state of vulnerability response: patch work demands attention | Ponemon Institute and ServiceNow

Brian Krebs angers userbase of pr0gramm.com for a good cause

• The angry userbase of pr0gramm.com, a German image board similar to Imgur, blocked by my Zscaler Agent ????, has donated over €103,000 ($126,000) to local cancer research organizations as a way to protest against an article published by Brian Krebs, an IT security journalist.
  
  Angry Users Donate $120K to Cancer Research After Brian Krebs' Coinhive Article| Bleeping Computer

Your Old Bitcoin addresses can be stolen so move now!

All Bitcoin addresses generated using the BitAddress client-side wallet pre-2013 and Bitcoinjs pre-2014 are affected.
Bitcoin users who generated Bitcoin addresses using affected tools are advised to generate new Bitcoin addresses with a new tool and move funds from old accounts to the new ones.

Old JavaScript Crypto Flaw Puts Bitcoin Funds at Risk | Bleeping Computer

How does Facebook make money anyway?

Revenues from Facebook’s two largest markets – North America and Europe - are expected to be affected as a result of the fallout from the Cambridge Analytica scandal. Both are extremely lucrative markets for Facebook. In 2017, Facebook earned an average of $84.41 from each North American user and $27.26 from each user in Europe. In contrast, each user in Asia was worth $7.61. Good news for Facebook investors is that the company is making significant inroads into new markets, such as Africa and Asia. While it does not contribute much to overall revenue, WhatsApp has become a runaway hit with users in Asia and South America. Other services, such as Instagram, are also making inroads into new markets.

How Does Facebook Make Money? | Rakesh Sharma