Record Low in Ransomware Payments & New Cybersecurity Enhancements, Email Authentication Challenges

[00:00:00] It's Wednesday, April 24th, 2024, and I'm Dave Sobel.

[00:00:06] Four things to know today.

[00:00:07] A record low in ransomware payment rates with 1.1 billion paid last quarter, or COVWARE.

[00:00:15] Over half of IT decision makers struggle with email authentication tools per EasyDemar.

[00:00:21] A new scam alert, cybercriminals using fake podcast invitations to harvest credentials,

[00:00:28] ConnectWise and Microsoft enhance cybersecurity with new Defender for Business integrations.

[00:00:33] This is the Business of Tech.

[00:00:37] Sky Kick would like to invite you to an upcoming webinar prepping from Microsoft 365 Copilot

[00:00:42] The Path to AI Ready.

[00:00:44] How do you maximize Copilot services revenue?

[00:00:48] With Copilot from Microsoft 365 now available, a critical question for many MSPs is

[00:00:54] How can I prepare my customers for AI readiness?

[00:00:58] Join this webinar to learn not just about acquiring the license, but also how to use

[00:01:02] automation to conduct assessments effectively and build a strong foundation for the future.

[00:01:08] You'll gain insights into strategies that ensure your customers are prepared for the

[00:01:12] next wave of innovation by building a robust foundation in M365 adoption,

[00:01:17] security standards and data risk resilience.

[00:01:20] Speakers, including a senior sales engineer, will get technical inside the Sky Kick platform.

[00:01:25] In the Americas, the 1st of May at 11am PDT.

[00:01:29] EMEA, the 1st of May at 11am CEST.

[00:01:32] And Australia, New Zealand, the 2nd of May at 11am AEST.

[00:01:36] Visit skykick.com slash MSP radio to sign up now.

[00:01:42] The U.S. Department of State is imposing visa restrictions on 13 individuals involved

[00:01:47] in the development and sale of commercial spyware, targeting journalists, academics,

[00:01:52] human rights defenders and U.S. government personnel.

[00:01:55] The move aims to counter the misuse and proliferation of spyware used by authoritarian

[00:02:01] governments. The names of those subjected to visa restrictions were not disclosed.

[00:02:07] This comes after the U.S. government enacted a new policy to enforce visa restraints on

[00:02:12] practices that threaten privacy and freedom of expression.

[00:02:17] According to cybersecurity firm Coveware, the first quarter of 2024 saw a record low of 28%

[00:02:24] companies paying ransomware demands, indicating an increasing refusal to pay.

[00:02:30] While the payment rate has decreased, the total amount paid to ransomware actors has reached

[00:02:35] $1.1 billion, indicating that ransomware gangs are targeting more organizations

[00:02:41] and demanding higher amounts.

[00:02:43] The average ransom payment in Q1 2024 has dropped by 32% to $381,980,

[00:02:52] with the median ransomware payment increasing by 25% to $250,000.

[00:02:58] Law enforcement operations such as the FBI's disruption of Lockbit have paid a significant

[00:03:04] impact on ransomware operations, leading to payment disputes and exit scams.

[00:03:10] Affiliates are also quitting cybercrime due to increased risks and reduced income opportunities.

[00:03:16] Distributed dial of service attacks are on the rise, with new threats emerging.

[00:03:21] Cloudflare reported a significant increase in HTTP DDoS attacks and a rise in

[00:03:28] in-network layered DDoS attacks. Mirai variant botnets continue to be a common

[00:03:35] source of attacks, and DNS-based DDoS attacks have become the most common attack vector.

[00:03:41] Emerging threats include Jenkins flood and HTTP2 continuation flood.

[00:03:47] Law firms and legal services are the most attacked industry, followed by the biotechnology

[00:03:53] industry.

[00:03:55] And according to a report from Imperva, nearly half of global web traffic is made up

[00:04:00] of internet bots, with a significant portion of this activity being malicious.

[00:04:05] The report highlights the rise of bad bot traffic, the impact of the Plaza Accord on

[00:04:11] Japan's economy, and the changing landscape of Japan's economic policies.

[00:04:16] The study also reveals that bad bots affect every industry, with gaming,

[00:04:21] telcom, and ISPs, and computing and IT being the most affected.

[00:04:25] The report emphasizes the need for organizations to proactively address the threat of bad bots

[00:04:31] and API-related abuses.

[00:04:35] Why do we care?

[00:04:36] The first two stories are about real results. Refusal to pay is good news, although the

[00:04:42] increase in median ransom payments and the total amount paid to actors suggests that while

[00:04:47] few are paying, those targeted are facing larger demands, likely reflecting a strategic

[00:04:53] shift by criminals to focus on more lucrative, high-value targets.

[00:04:57] And automated threats are an increasing concern and a dire warning for the future.

[00:05:05] EZDemarks' research reveals that over half of IT decision makers lack the expertise

[00:05:10] and resources to implement email authentication tools like SPF, DKIM, and DMARC.

[00:05:17] Google and Yahoo's upcoming changes to email services presents an opportunity for managed

[00:05:21] services providers to offer outsourced DMARC implementation.

[00:05:25] The research findings highlights the challenges faced by IT decision makers and the need for

[00:05:30] MSPs to become vital security partners in navigating compliance and introducing additional

[00:05:35] services.

[00:05:37] And speaking of expertise, a study from the University of Pennsylvania found that 96% of

[00:05:42] US hospitals share sensitive visitor data with Google, Meta, and data brokers.

[00:05:48] Many hospitals do not have clear privacy policies, and even when they do, they often

[00:05:54] fail to inform visitors about transferring their data to third parties.

[00:05:58] This lack of transparency and regulation allows for the potential misuse and sale

[00:06:02] of personal data.

[00:06:04] The article highlights the need for stricter requirements and consequences for companies

[00:06:08] mishandling consumer data.

[00:06:11] Why do we care?

[00:06:13] Email authentication implementation is a key project to note with the changes

[00:06:17] to email delivery, although we remain skeptical this is a massive ongoing monitoring challenge.

[00:06:23] The lack of transparency on data is infuriating.

[00:06:26] So tell me why hospitals are giving Meta sensitive visitor information?

[00:06:31] I single them out as the most obvious to ask why.

[00:06:34] Moreover, there should be stringent requirements in place for the disclosure and consent

[00:06:39] processes regarding data sharing, particularly with third parties, and ultimately why data

[00:06:44] privacy laws have to exist if we as a society believe in protecting privacy.

[00:06:51] Businesses on their own clearly won't do it.

[00:06:57] Here's a new scam for you.

[00:06:59] Fake podcast invite scams are on the rise, with scammers targeting potential podcast

[00:07:05] guests to steal their online credentials.

[00:07:08] Scammers pose as podcast hosts, invite guests for a tech check, and then use

[00:07:13] the setup process to obtain login information.

[00:07:16] This deploy preys on people's vanity and thirst for exposure, and has become increasingly common.

[00:07:23] And a continuation of one we've talked about, a wave of social engineering attacks

[00:07:27] targeting open source software projects is causing concern in the coding community.

[00:07:32] The Open Source Security Foundation and the OpenJS Foundation have issued an alert about

[00:07:37] the attacks, targeting widely used Linux and JavaScript projects.

[00:07:42] The attacks have raised questions about trust within the open source community

[00:07:46] and the need for better communication and reporting mechanisms.

[00:07:51] Why do we care?

[00:07:53] The podcast scam hits close to home, obviously, but as someone who also

[00:07:58] gets pitches from MSPs, I wanted to share this one.

[00:08:04] ConnectWise and Microsoft are expanding cybersecurity protection for small businesses

[00:08:09] through new integrations with Microsoft Defender for Business into ConnectWise PSA

[00:08:14] and ConnectWise RMM.

[00:08:16] These integrations automate threat response, achieve unified management,

[00:08:20] and establish proactive defense measures, allowing MSPs to streamline operations

[00:08:24] and deliver enhanced cybersecurity services.

[00:08:27] The collaboration aims to equip partners with the tools needed for exceptional cybersecurity

[00:08:31] services and protect SMBs more efficiently and effectively.

[00:08:36] Mulberry and Acronis have partnered to offer embedded cyber insurance to small and mid-sized

[00:08:41] businesses in the US.

[00:08:43] Through the partnership, Acronis customers can opt in from Mulberry's cyber insurance

[00:08:48] directly through the Acronis platform, providing additional protection to Acronis'

[00:08:53] existing cybersecurity and data protection services.

[00:08:56] The aim is to improve the low percentage of SMBs purchasing cyber insurance by offering

[00:09:02] a unique standalone policy with affordable premiums and policy limits approved by state

[00:09:07] insurance authorities.

[00:09:10] CompTI announced that eight of its certifications have been approved for the US Department

[00:09:14] of Defense's Cyber Workforce Qualification and Management Program.

[00:09:18] This program aims to create a more diverse and qualified cyber workforce in IT,

[00:09:22] cybersecurity, and cyber intelligence areas.

[00:09:25] The certifications provide clear, standards-based training options for military personnel,

[00:09:30] civilian staff, and government contractors.

[00:09:34] Why do we care?

[00:09:36] These are very tactical updates, and so I'm making you aware of them.

[00:09:42] Today's episode is supported by Huntress.

[00:09:45] You want to focus on your clients and are always looking for ways to get more time.

[00:09:50] Use Huntress' fully managed cybersecurity platform to fight off cyber threats.

[00:09:56] Huntress is more than cybersecurity software for endpoints and identities.

[00:10:00] It's a 24x7 security operations center.

[00:10:03] It's security awareness training, community engagement, and dedicated partner support

[00:10:08] with an average CSAT score of 99.3%.

[00:10:12] Technology can only get you so far.

[00:10:15] Human expertise is what's needed to truly elevate and protect small businesses,

[00:10:20] and you get that with Huntress.

[00:10:23] Secure your clients and help them thrive with the number one rated EDR for SMBs

[00:10:27] on G2.

[00:10:28] Visit Huntress.com slash MSB radio to find out more.

[00:10:58] Reach out on LinkedIn if you're listing the podcast.

[00:11:01] Talk to you again tomorrow.

[00:11:04] The Business of Tech is written and produced by me,

[00:11:07] Dave Sobel.

[00:11:08] Under ethics guidelines, post it at businessof.tech.

[00:11:12] If you like the content, please make sure to hit that like button,

[00:11:16] follow or subscribe.

[00:11:17] It's free and easy and the best way to support the show and help us grow.

[00:11:22] You can also check out our Patreon where you can join the Business of Tech community

[00:11:27] at patreon.com slash MSB radio or buy our Why Do We Care merch at businessof.tech.

[00:11:35] Finally, if you're interested in advertising on the show, visit mspradio.com slash engage.

[00:11:42] Once again, thanks for listening to me.

[00:11:44] I will talk to you again on our next episode of the Business of Tech.