Search This Blog

Showing posts with label survey. Show all posts

Survey: 89% Firms Experienced One or More Successful Email Breach


During the past 12 months, 89 percent of firms had one or more successful email intrusions, resulting in significant expenses. 

The vast majority of security teams believe that their email protection measures are useless against the most significant inbound threats, such as ransomware. This is according to a survey of business customers using Microsoft 365 for email commissioned by Cyren and conducted by Osterman Research. The survey examined issues with phishing, business email compromise (BEC), and ransomware threats, attacks that became costly incidents, and readiness to cope with attacks and incidents. 

“Security team managers are most concerned that current email security solutions do not block serious inbound threats (particularly ransomware), which requires time for response and remediation by the security team before dangerous threats are triggered by users,” according to the report.

Less than half of those surveyed felt their companies can prevent email threats from being delivered. Whereas, less than half of firms consider their current email security solutions to be efficient. Techniques to detect and stop mass-mailed phishing emails are seen as the least effective, followed by safeguards against impersonation attacks. 

As a result, it's perhaps unsurprising that nearly every company polled has experienced one or more sorts of email breaches. Overall, successful ransomware attacks have climbed by 71% in the last three years, Microsoft 365 credential compromise has increased by 49%, and successful phishing assaults have increased by 44%, according to the report. 

Email Defences 

When the firms looked into where email defence falls short, they discovered that, surprisingly, the use of email client plug-ins for users to flag questionable communications is on the upswing. According to a 2019 survey, half of the firms now employ an automatic email client plug-in for users to flag questionable email messages for review by skilled security personnel, up from 37% in 2019. The most common recipients of these reports are security operations centre analysts, email administrators, and an email security vendor or service provider, however, 78 percent of firms alert two or more groups. 

In addition, most firms now provide user training on email dangers, according to the survey: More than 99% of companies provide training at least once a year, and one out of every seven companies provides email security training monthly or more regularly. 

“Training more frequently reduces a range of threat markers Among organizations offering training every 90 days or more frequently, the likelihood of employees falling for a phishing, BEC or ransomware threat is less than organizations only training once or twice a year,” as per the report.

Furthermore, the survey discovered that more regular training leads to a higher number of suspicious messages being reported, as well as a higher percentage of these messages being reported as such. The survey also revealed that firms are utilising at least one additional security product to supplement Microsoft 365's basic email protections. However, the survey discovered that their implementation efficacy differs. 

The report explained, “Additive tools include Microsoft 365 Defender, security awareness training technology, a third-party secure email gateway or a third-party specialized anti-phishing add-on. There is a wide range of deployment patterns with the use of these tools.”

The firms came to the conclusion that these kinds of flaws, as well as weak defences in general, result in significant expenses for businesses.

“Costs include post-incident remediation, manual removal of malicious messages from inboxes, and time wasted on triaging messages reported as suspicious that prove to be benign. Organizations face a range of other costs too, including alert fatigue, cybersecurity analyst turnover, and regulatory fines” the report further read.

An Advisory Issued by Carnegie Mellon University Warns Against the Vulnerability in Checkbox Survey


In the wild, CERT Coordination Center (CERT/CC) in Carnegie Mellon University alerts about a Checkbox Survey vulnerability that might enable a remote attacker to unleash arbitrary code without actual identification. 

A checkbox is a GUI widget that allows the user to choose between one of the two mutually exclusive alternatives. The Checkbox Survey allows organizations generate professional surveys with quick access from any desktop or mobile device, as a customizable online surveillance tool designed in ASP.NET. For example, a basic yes/no inquiry may ask the user to answer in 'yes' or 'no.' Checkboxes will be displayed with the required choices. 

This vulnerability in the Checkbox Survey, which was identified as CVE-2021-27852, is linked to the insecure deserialization of view state data, a technique applied by the ASP.NET web page framework. 

Microsoft stated that “When the HTML markup for the page is rendered, the current state of the page and values that must be retained during postback are serialized into base64-encoded strings. This information is then put into the view state hidden field or fields.”

By using a _VSTATE arguments, before version 7.0 – the Checkbox survey engaged its View State functionality that is deserialized using Los Formatter. 

“Checkbox Survey before version 7.0 insecurely deserializes ASP.NET View State data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable server, “ read the advisory.

The Checkbox Survey Code organizes the data but overlooks the server configuration of the ASP.NET View State Message Authentication Code (MAC), which an attacker can effectively use to generate a piece of unexpected information that could lead to the execution of the code in the deserialized version. 

The advisory further states that “Checkbox Survey is an ASP.NET application that can add survey functionality to a website. Before version 7.0, Checkbox Survey implements its View State functionality by accepting a _VSTATE argument, which it then deserializes using Los Formatter. Because this data is manually handled by the Checkbox Survey code, the ASP.NET View State Message Authentication Code (MAC) setting on the server is ignored. Without MAC, an attacker can create arbitrary data that will be deserialized, resulting in arbitrary code execution.” 

As an impact of the flaw, a remote, unauthenticated attacker can perform arbitrary Code with the capabilities of a web server by creating a specific request to a server using the Checkbox Survey 6.x. 

View State Data is not being used from Checkbox Survey 7.0. This vulnerability is therefore not included in Checkbox Survey Versions 7.0 or later. One must remove the Checkbox Survey of versions older than 7. 

Also, Checkbox said that they no longer develop Checkbox Survey 6 version, hence it is not at all safe to use this version. If one cannot update to an unimpaired Checkbox Survey version, then at least this software must be deleted from every machine it is installed in.