Axis Security has published its 2023 Security Service Edge (SSE) Adoption Report, finding that 65% of organizations plan to implement an SSE platform within the next two years, and 43% seek to implement one before the end of 2023. Additionally, 67% of respondents “plan to start their SASE strategy with a Security Service Edge (SSE) platform rather than WAN Edge Services.” The researchers also found that “[t]he top two legacy solutions that enterprise security teams will look to replace with SSE will be VPN Concentrators (63%) for VPN, SSL inspection services (50%) and DDoS (44%) with data loss prevention services (42%) being a very close fourth place.”
Delinea has published its 2022 State of Ransomware Report, finding that there’s been a sharp decrease in the volume of ransomware attacks, though the average ransom demand has gone up. Delinea found that only 25% of respondents said their organizations were hit by ransomware in 2022, down from 64% in 2021. The number of victims who paid the ransom also fell from 82% to 68%. The researchers aren’t sure what led to this decline, but they note that it may be due to the reorganization among major ransomware crews (particularly Conti) that took place during 2022. Despite the slowdown in attacks, the researchers found that the average ransom demand has gone up over the past year. The survey also highlights a discouraging trend: organizations seem to be taking the ransomware threat less seriously than they did in 2022. The researchers found that most (76%) of organizations increase their security budgets only after they’ve suffered a ransomware attack. For more on the ransomware trends of the year that just ended, see CyberWire Pro.
Victor Zhora, chief digital transformation officer at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, told Politico that Ukraine was gathering information on the ways in which Russian cyberattacks have constituted war crimes. Some of the Russian cyber intelligence work has allegedly been used to support "filtration," that is, the identification of civilians regarded as posing a threat to Russian occupation. “Russian troops often use filtration procedures on occupied territories to identify people who support Ukraine, who were engaged in public service, or military service, so they capture them, then torture, kill," Zhora said.
Some cyber activities, including even the spread of disinformation, may themselves qualify as war crimes. Disinformation seems a stretch (except, perhaps, insofar as it might be held to constitute incitement, or serve as an element of conspiracy), but disabling cyberattacks against civilian critical infrastructure might be an easier case. For any of these actions to amount to war crimes--and there's a strong prima facie case that they may--they would have to amount to violations of the laws of armed conflict. Ukrainian authorities are referring the digital evidence they've collected to the International Criminal Court with a view to eventual prosecution of the Russian personnel and officials responsible.
EU Reporter notes that the annual report from the European Union's cybersecurity agency, ENISA, describes ways in which Russia's war has driven an increase in cyberattacks. As we've had many occasions to observe, the consequences of those attacks have fallen short of prewar expectations.
SC Magazine reviews arguments for and against treating cyberspace as an operation domain. For millennia there were two such domains: land and maritime. The 20th Century saw the emergence of the third domain, air, and eventually the fourth, space. Over the last two decades cyberspace has come to be regarded as the fifth domain. The issue, as the discussion presents it, is that cyber operations in Russia's war have proven indecisive, and that, were cyberspace to be a proper domain, it would offer the prospect of decisive action. That's not unique to cyberspace, however. It's unusual that action in any one domain would prove decisive. US doctrine, at least, has stressed the importance of multidomain operations. There may well be good reasons not to consider cyberspace a fifth operational domain (a 2021 essay in The Strategy Bridge describes them), but lack of decisiveness alone doesn't seem to be one of them.
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.
The RSA Conference (meeting this year in San Francisco between April 24th and 27th) returns with two well-known showcases for young, innovative companies. Both the Launch Pad and the Innovation Sandbox opened for applications today, and they'll continue to accept them through February 10th.
LookingGlass Cyber released a blog today explaining the most prevalent known exploited vulnerabilities (KEV) present in the US financial sector in November of last year. Over half of the vulnerabilities detected by LookingGlass in November 2022 were found affecting insurance, with approximately a quarter composed of credit intermediaries, and a third resulting from third-party service providers. The most commonly observed KEV in the US financial services sector was CVE-2015-1635. The seven year old Remote Code Execution vulnerability is said to impact Windows, and is still common in critical infrastructure today. For more on these KEVs, see CyberWire Pro.
Today's issue includes events affecting the European Union, Japan, Pakistan, Russia, Ukraine, the United Kingdom, and the United States.