Cybersafe Threats – 27th June

Cybersafe 27 June

Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks threatening the private and sensitive data of businesses all over the UK and the world as part of our Cybersafe Threats Weekly Update. As technology evolves, so do cyber criminals and their methods of attack. If your company does not have a Managed Cyber Security framework in place like Cybersafe, it runs a serious risk of cyber attackers infiltrating its network and data. The results could devastate your business if your data falls into the wrong hands.

Whether it be paying a ransom which could cost you a fortune, losing all your data and not being able to recover it, a fine due to GDPR breaches, or reputational damage, all of these effects could have a severe impact on how your business will be able to move forwards. 

Cybersafe Threats Weekly Update 27th June 2024  – Below, we update business leaders on what you and your employees need to look out for when assessing cyber threats to their data. This is all within our aim of making your business Cybersafe.

Here are the most prominent cyber threats to businesses which you should be aware of:

Data Breaches in the Cloud are surging

Managed cyber security is increasingly critical for enterprises as cloud breaches rise. A recent report reveals that nearly half of companies have experienced severe cloud incidents, with 14% facing violations in the past year, primarily due to human error and misconfiguration. Threat actors exploit known vulnerabilities (28% of breaches) and the absence of multi-factor authentication (17% of breaches). The main targets are SaaS applications (31%), cloud storage (30%), and cloud infrastructure (26%).

Based on a survey of nearly 3,000 organisations, the report shows a growing attack surface. Two-thirds of firms now use over 25 SaaS applications, and almost half of all corporate data is sensitive. However, fewer than 10% of enterprises encrypt 80% or more of their sensitive cloud data. Thales emphasises the need for organisations to manage their cloud data, encryption keys, and access visibility effectively.

Data sovereignty and privacy concerns are rising, with nearly half of organisations finding it harder to manage compliance in the cloud than on-premises. Faced with these challenges, companies must invest in modernising their security. This includes a significant focus on digital sovereignty and refactoring applications for better data security and processing, ensuring they stay ahead of the curve.

The surge in cloud attacks coincides with a global increase in cloud migration. However, there’s reason for optimism. It is predicted that over 70% of enterprises will use industry cloud platforms by 2027, up from 15% in 2023. Consequently, cloud security investment is expected to grow by 24% in 2024, signalling a positive trend in the fight against cloud breaches.

UK needs to take Cyber Security threat from China more seriously

Ciaran Martin, former head of the UK’s National Cyber Security Centre, warns that the UK is not adequately addressing a significant shift in China’s cyber-espionage tactics towards targeting critical infrastructure like energy and communications networks. The US had earlier alerted about Chinese state-backed hackers infiltrating key sectors, marking a pivotal change in Beijing’s cyber strategy, similar to Russia’s disruptive operations.

Martin stresses the need for the UK to clearly communicate to China that disrupting civilian infrastructure is unacceptable. He cites the FBI’s report on Volt Typhoon, a group embedding themselves in US critical sectors, as a grave concern. Highlighting recent ransomware attacks and espionage by Beijing-backed hackers, Martin calls for mandatory reporting of such incidents and stricter measures against ransom payments.

Google underplaying risk of compromised extensions to Chrome

According to Cornell University researchers, Google is downplaying the risks posed by compromised Chrome extensions, which affect nearly 350 million users globally. Despite Google’s assertion that less than 1% of Chrome Web Store extensions are insecure or malicious, half of the known vulnerable extensions remain available two years after their vulnerabilities were disclosed.

Researchers Sheryl Hsu, Manda Tran, and Aurore Fass highlight that many of these extensions share similar, often outdated, code from public repositories, indicating flaws in Google’s security reviews. Notably, 60% of extensions have never been updated, and many still use vulnerable JavaScript libraries.

These compromised extensions are a significant security concern as they can access sensitive data, propagate malware, and track users. Google’s response includes the Manifest v3 initiative, which limits extensions’ ability to execute external code. However, critics argue that it also aims to restrict ad-blocking capabilities, and most extensions still use the older Manifest v2.

In defence, Google’s Chrome Security Team detailed their two-tiered verification process, which includes automated and manual reviews to detect suspicious code and monitor extensions post-publication. Despite these measures, some malicious extensions still bypass these checks, raising concerns about the effectiveness of Google’s monitoring practices.

Get in contact for advice on Managed Cyber Security

Contact Cybersafe.co.uk for help on how we can help prevent cyber attacks on businesses from cyber criminals and how to become Cybersafe. We’ll send you the right direction for providers and products that help you with cyber security essentials.  Whether you have sensitive data or confidential information within your business, you are always likely to be a target for cyber criminals. We also have a podcast where you can stay up-to-date with the latest cyber security measures that will help your company fight against these threats.

Share the article:

More Posts:

11 July Cybersafe Threats - Covering Data Breaches

Cybersafe Threats – 11th July

Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks and cyber criminal activity threatening the private and sensitive data of businesses all

Cyber Criminal activity in the week leading up to the 4th July

Cybersafe Threats – 4th July

Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks and cyber criminal activity threatening the private and sensitive data of businesses all

Listen to our Podcast:

Stay Cybersafe

with our weekly updates