Time for a security roundup.
N-able‘s analysis of its 2022 Mail Assure data compared to 2021 showed an increase in phishing attempts over the prior year. That’s based on over 28 billion emails blocked by the cloud-based email security solution.
Specifically, phishing attempts against businesses increased from 776 million to 913 million, an 18% increase year over year. Moreover, there were 5 million more attempts by hackers to install viruses on MSP customer servers.
And according to a study by website security company Sansec, roughly 12% of online stores forget their backups in public folders due to human error or negligence.
The study examined 2,037 stores of various sizes and found that 250 (12.3%) exposed ZIP, SQL, and TAR archives on public web folders that can be freely accessed without requiring authentication.
CISA and the FBI issued a joint advisory about the ESXiArgs ransomware campaign, which targets unpatched and out-of-service or out-of-date versions of VMware ESXi. According to CISA, 3,800 VMware ESXi servers have been compromised globally, potentially leaving VMs running from the ESXi server unusable. They have also released a script to help with recovery.
While thinking about Federal responses, I wanted to cite a Washington Post analysis of this week’s State of the Union address, which notes the omission of cybersecurity in the speech. However, related issues of privacy, health and safety, and social media did make the speech. I’ve included a link to the analysis.
Why do we care?
It’s easy to focus on what was left out of the State of the Union. I’m not sure this is a big messaging problem to worry about, and instead will look more at the actions. There have been plenty, and I’m much more interested in CISA and FBI moves than if it makes it into the President’s speech. Let’s focus on what moves the needle.