August 2021 Security Intelligence Roundup: Pipeline Changes, Social Engineering and Software Supply Chain Attacks

August 31, 2021
| |
3 min read

Ransomware catches people’s attention in part because it feeds on emotion. People click on links without looking at them first, and this remains one of the most common vectors for attack. While it may seem like the internet is filled with the same advice over and over again, even the most attentive person can slip up on a busy work day.

In our news roundup this week we have the rising costs of ransomware, how to avoid supply chain attacks (including covering the human element), and today’s social engineering. Check out our top advice and news from August.

Quick Briefs: Top Insights From August

2-Minute Read 🕒

5 Ways to Defend Against Supply Chain Cyberattacks

Supply chain attacks can sneak in to the best of code. Giving developers the power to prevent them (or act on them once a suspected attack might find a foothold in vulnerable code) requires having the right company culture. See how keeping this kind of attack top of mind can improve security by fostering a culture of open communication at the same time. Discover more ways to secure your software supply chain.

2-Minute Read 🕒

Spend Wisely (Not Just More) to Become Cyber Resilient

Sometimes, putting a little more money in ahead of time can save you dollars in the long run. Is there something in your life for which you’re willing to pay more to get a quality product, or because you know it will last a long time? The same can be true of future-proof cybersecurity tools. Whether it’s the decision to work inside- or out-of-house or what kind of tools to use, make sure you’re working smarter.

3-Minute Read 🕒

Ransomware Costs Expected to Reach $265 Billion by 2031

Every year, research company Cybersecurity Ventures produces a ransomware costs report. The 2021 edition places the cost of recovery from a successful ransomware attack at $20 billion. That’s based both on attackers aiming for higher takes and on an increasing number of attacks. What can employers do about it? Invest in awareness, know your tools and see more tips in this article.

Worth Your While: In-Depth Coverage To Sharpen Your Skills & Tighten Security

4-Minute Read 🕒

How Number Recycling Threatens Your Privacy Online

You may or may not have had cause to change your personal phone number at some time in your life. Or, you’ve worked in a job where you needed a work phone, then changed jobs and placed that phone in the hands of your former bosses. Phone companies recycle numbers and associate each one with its current SIM card, which attackers can use to their advantage. Maybe you’ve heard of SIM scams, where attackers lie about having lost a phone. See how this applies on an organizational scale and what employers can do about it.

3-Minute Read 🕒

A New Directive for Pipeline Operators Puts Cybersecurity in the Spotlight

In response to recent attacks, the United States Department of Homeland Security has provided a new security directive for pipeline operators. These cover a variety of requirements, including the hiring of a cybersecurity coordinator who is available 24/7 to the Transportation Security Administration and Cybersecurity and Infrastructure Security Agency 24/7. See what the government recommends for pipeline operators and what other infrastructure operators need to know in 2021.

3-Minute Read 🕒

Most Digital Attacks Today Involve Social Engineering

Everything always comes back to people. As the weak link in a cybersecurity fence, employees both make everything work and are a hot target for attackers. That’s why social engineering works. With social engineering being the most common type of attack found by Verizon Enterprise in 2021, employers would do well to watch out for them. Learn how to prevent social engineering attacks and what they look like today.

August’s Expert Insight: X-Force Researchers Uncover Operational Security Errors Plaguing Iranian Threat Group

IBM Security X-Force threat intelligence researchers have been keeping an eye on ITG18, a suspected Iranian threat group. That includes the discovery of led to the discovery of LittleLooter, a malicious custom Android backdoor that has not been previously linked to this threat actor. See what this means about the infrastructure and activity of the group today, as well as its scope and possible political motives related to attacking the Iranian reformist movement.

Want to keep up with today’s cybersecurity news and best practices? Watch this space for the Security Intelligence newsletter.

Megan Crouse
Freelance Writer and Editor
Megan Crouse is a contributor for SecurityIntelligence.