'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds

Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out. [TechWeb]( Follow Dark Reading: [RSS]( May 25, 2022 LATEST SECURITY NEWS & COMMENTARY ['There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds]( Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out. [Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021]( But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows. [DeFi Is Getting Pummeled by Cybercriminals]( Decentralized finance lost $1.8 billion to cyberattacks last year — and 80% of those events were the result of vulnerable code, analysts say. [New Attack Shows Weaponized PDF Files Remain a Threat]( Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows. [Crypto Hacks Aren't a Niche Concern; They Impact Wider Society]( Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace. [Strong Password Policy Isn't Enough, Study Shows]( New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [After the Okta Breach, Diversify Your Sources of Truth]( What subsequent protections do you have in place when your first line of defense goes down? [Partial Patching Still Provides Strong Protection Against APTs]( Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say. [Majority of Kubernetes API Servers Exposed to the Public Internet]( Shadowserver Foundation researchers find 380,000 open Kubernetes API servers. [MORE]( EDITORS' CHOICE [Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems]( The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories. LATEST FROM THE EDGE [New Connecticut Privacy Law Makes Path to Compliance More Complex]( As states address privacy with ad-hoc laws, corporate compliance teams try to balance yet another set of similar but diverging requirements. LATEST FROM DR TECHNOLOGY [DBIR Makes a Case for Passwordless]( The 2022 Data Breach Investigations Report repeatedly makes the point that criminals are stealing credentials to carry out their attacks. Tech Resources - [Sumo Logic for Continuous Intelligence]( - [De-identifying Analytics Data with Skyflow]( - [Five Cardinal Sins of Data Security and Privacy]( - [Considerations for Evaluating Endpoint Detection and Response Solutions]( - [Five Keys to a Secure Work-From-Anywhere Solution]( - [Broken Supply Chains Leave Medical Devices Vulnerable to Cyber Attacks]( - [Protecting Medical Device IP From Cybersecurity Threats]( [ACCESS TECH LIBRARY NOW]( - [Harnessing the Power of Security Automation]( With many organizations pinched for both dollars and manpower, security and IT teams are turning to a new class of technology and practices designed to automate repetitive and time-consuming tasks in security operations. How can companies truly unleash the potential ... - [The Value Drivers of Attack Surface Management, Revealed]( The value of modern ASM extends beyond the security benefits. It can save money as well through prevention, lower cyber insurance costs, lower human effort, and higher operational efficiency. Join to find out how modern attack surfaces have changed, why ... [MORE WEBINARS]( FEATURED REPORTS - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... - [How Enterprises Are Assessing Cybersecurity Risk in Today's Environment]( Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns. [MORE REPORTS]( CURRENT ISSUE [Incorporating a Prevention Mindset into Threat Detection and Response]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [XM Cyber Adds New Security Capability for Microsoft Active Directory]( [Nisos Announces $15 Million in Series B Funding Round]( [Netskope Expands Data Protection Capabilities to Endpoint Devices and Private Apps]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)