CANADIAN CYBERSECURITY INC.

💻📹 💲 Social commerce merchants can sell to anyone — anytime, anywhere. Social media platforms are increasing their monetization of global audiences with e-commerce. Thanks to omnichannel solutions—both physical and digital—social commerce could grow 32% at an annual rate, from US$730B today to over US$5T in 2030. ARK Investment Management LLC Big Ideas 2024 #socialcommerce #cybersecurity #canadiancybersecurity CANADIAN CYBERSECURITY INC.

👺 🤖 Advancements in technology caused a shift in the sophistication and breadth of the threat landscape. Generative artificial intelligence (#AI) made its first strides and was received with a broad and warm adoption by businesses and end-users alike. Generative pre-trained transformers (#GPTs) and large language models (#LLMs) took the world by storm, and every organization started to rethink their roadmaps, marking strategies and processes, all centered around generative artificial intelligence (AI). The widespread adoption and unmistakable benefits in productivity enhancement has not escaped cybercriminals. Through current generations of GPT and Gemini, many low-sophistication threat actors were able to reach new levels of sophistication while highly sophisticated threat actors could leverage generative AI to scale up their attack campaign and cast wider nets than before. This new threat landscape is one of more sophisticated threats, but not one where the level of sophistication is higher than what is currently witnessed. Radware 2024 Global Threat Analysis Report #ddos #appsec #cyberrisk #cybersecurity #canadiancybersecurity CANADIAN CYBERSECURITY INC.

🦹♂️ 📩 💸 Being compromised is costly. Based on data from the FBI’s Internet Crime Complaint Center - the median loss attributed to Business Email Compromise #BEC in 2022 and 2023 was around US$50,000. Verizon Businesss 2024 Databreach Investigations Report #databreach #cybersecurity #canadiancybersecurityCANADIAN CYBERSECURITY INC.

💻 📁 The top attacked HTTP Uniform Resource Identifiers (URI) were led by “/”, the universal URI for testing the presence of a web service and collecting information from header fields in server responses. There is a significant difference in the top targeted URIs for unsolicited events compared to the top targets in web application attacks where services are supporting real applications. The top URIs should be interpreted as the top services and applications that are targeted by actors that are randomly scanning and exploiting the internet. Typically, a URI will conform with a known and disclosed vulnerability. In HTTP, the user-agent string is often used for content negotiation, where the origin server selects suitable content or operating parameters for the response. For example, the user-agent string might be used by a web server to choose variants based on the known capabilities of a particular version of client software, and to differentiate its interface for smartphones or desktop browsers. The concept of content tailoring is built into the HTTP standard in RFC1945. As such, the user-agent field in a web request can be used to identify the client agent that makes the request. Some malicious actors are aware of this identifying feature being used to score the legitimacy of a web request by web security modules. This causes them to mask their origins by randomly generating and changing the user-agent to known legitimate values. Commercial and open source web service vulnerability scanning tools and programming language implementations can be identified through their user agent. For example, zgrab is the application-layer network scanning component of the Zmap open source scanning tool and “Go-http-client” is the default user agent header when using the Golang net/http package. Radware 2024 Global Threat Analysis Report #ddos #appsec #cyberrisk #cybersecurity #canadiancybersecurity CANADIAN CYBERSECURITY INC.

🤖 💥 Assisted by generative #AI and who knows what new improved AI technology 2024 will bring, threat actors are better equipped than ever to accelerate their hunt for zero days—but so are security researchers. And with that knowledge, we come full circle in the arms race between good and bad actors. AI might force us to adapt and change the way we approach threats and threat actors, but cybersecurity will not be fundamentally different in the future than it was in past. Radware 2024 Global Threat Analysis Report #ddos #appsec #cyberrisk #cybersecurity #canadiancybersecurity CANADIAN CYBERSECURITY INC.

💥 🌊 The number of DDoS attacks grew by 94% in 2023 compared to 2022, building on the previous year’s growth of 99%. The number of attacks has been trending at an average rate of 106 attacks per month or 3.48 attacks per day since Q1 2021. The Americas were targeted by almost half of all global DDoS attacks. The EMEA region, accounting for 39% of the DDoS attacks, had to mitigate 65% of the global DDoS attack volume. The APAC region accounted for almost 12% of global DDoS attacks. Radware 2024 Global Threat Analysis Report #ddos #appsec #cyberrisk #cybersecurity #canadiancybersecurity CANADIAN CYBERSECURITY INC.

✊ 👨⚖️ 🙏 Are social mood trends #socionomics motivating more #hacktivists? Radware 2024 Global Threat Analysis Report #ddos #appsec #cyberrisk #cybersecurity #canadiancybersecurity CANADIAN CYBERSECURITY INC.

🦹♂️ 🔑 Stolen credentials remain massively popular. 31% of all breaches over the past 10 years have involved the Use of stolen credentials. @Verizon Business 2024 Databreach Investigations Report #databreach #cybersecurity #canadiancybersecurity @CANADIAN CYBERSECURITY INC.

😲 ⏱️ The median time for users to fall for phishing emails is less than 60 seconds. @Verizon Business 2024 Databreach Investigations Report #databreach #cybersecurity #canadiancybersecurity @CANADIAN CYBERSECURITY INC.

👨🎓 🦹♂️ More training is needed. 68% of all breaches involved a non-malicious human element, caused by a person who either fell victim to a #SocialEngineering attack or made some type of error. @Verizon Business 2024 Databreach Investigations Report #databreach #cybersecurity #canadiancybersecurity @CANADIAN CYBERSECURITY INC.