Dynamic link library (DLL) hijacking is frequently written about by defenders due to its applications in evading automated detections. This technique is even more frequently used by adversaries in interactive intrusions. Despite the wealth of literature available to increase defenders’ awareness of DLL hijacking, CrowdStrike® Falcon OverWatch™ threat hunters see adversaries gravitate toward this tradecraft time and again to load malicious code.

Ransomware’s new favorite victim is educational institutions. Ransomware attacks, that exploit targets utilizing malicious software code, have increased tremendously over the past few years. In addition to targeting business sectors, cybercriminals are now attempting to ambush the security posture of educational sectors. Educational institutions are an easy prey for ransomware attackers as they lack the fundamental elements of a secured network.

Although it’s the holiday season, the festive spirit doesn’t extend to cyber attackers, who consider this a great opportunity to cause havoc. But the Mend research team doesn’t rest, and remains alert for threats and vulnerabilities. Our vigilant team has detected an attack on npm packages that utilized typosquatting to compromise nearly 300 NPM packages. Let’s take a look at the nature of the attack and what we did to protect our systems and our users.

At SecurityScorecard, we like to look ahead and focus on the future. However, the past can also teach us some valuable lessons, particularly in cybersecurity. 2022 was quite an eventful year in the space, with many high-profile attacks, including full-blown cyber warfare. Out of all threats we saw this past year, a few stood out. This article will cover seven of the most dangerous cyber threats of 2022, in no particular order.

A look in the rearview can tell you a lot about the future, so we revisited the top cyber security stories of 2022 with experts in the field. Yes, ‘tis the season when cyber security experts gaze into the crystal ball to tell us what to expect in the coming year, which is fine, but it’s also good to look in the rearview at a year that will be over next week, both for what happened but also for what it all might mean and what we can learn from it.

Personal data such as email addresses and passwords unlock our online identities and have become part and parcel of almost all accounts on the internet. Research indicates that there are over 5 billion daily web users worldwide and mobile phones account for about 60% of the world’s web traffic. Digital data examples include text messages, videos, satellite images and data from IoT, smart devices and social media.

Each year, cyber attacks and data breaches are becoming more devastating for organizations. According to the 2022 Cost of a Data Breach Report by IBM, the global average cost of a data breach reached a record US$4.35 million in 2022. However, security teams are often not ready to detect all security gaps in their organizations. The scope of their monitoring is usually so broad that it’s challenging to anticipate where a potential threat might come from.

Password attacks are one of the most common types of cyberattacks. They occur when someone tries to access your accounts by guessing or stealing your login credentials. You can prevent password attacks by enabling multi-factor authentication and using strong, unique passwords for your accounts. Read on to learn how you can keep yourself protected from these types of attacks.

Cybercriminals who use Business Email Compromise (BEC) attacks are switching up their tactics, with some groups now targeting actual merchandise instead of money in their phishing attacks. Trustwave’s email security solution MailMarshal is aware of and investigating this new methodology. MailMarshal is capable of defending an organization against BEC attacks. This Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S.

Sudden, unexpected, and potentially very damaging. Zero-day attacks are the perfect storm for malicious actors and one of the worst-case scenarios for developers, security professionals, and DevOps teams. Yet it’s not all bad news for those charged with protecting your code, software, and applications, as long as you expect the unexpected and prepare for it. Building a fast, effective mitigation response for zero-day attacks starts with these three tactics.

Read also: Microsoft fixes a Windows zero-day, security researchers detail a way to bypass popular web application firewalls, and more.

Resilient cybersecurity posture can only be achieved with a full understanding of your internal and external attack surface. CrowdStrike Falcon® Surface builds on our award-winning adversary intelligence with cutting-edge external attack surface management (EASM) capabilities for a complete picture of known and unknown externally exposed assets, all delivered via the unified CrowdStrike Falcon® platform.

The holiday season has arrived, and cyberattacks are expected to increase with the upcoming celebratory events. According to The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) 2022 Holiday Season Threat Trends and summary report, ransomware and phishing attacks are expected to increase in retail. With the FIFA World Cup 2022, many cybersecurity experts have advised heightened caution about online impersonation scams and phishing campaigns.

Law enforcement agencies in the United States, UK, Netherlands, Poland, and Germany have brought down the most popular DDoS-for-hire services on the internet, responsible for tens of millions of attacks against websites. 50 of the world's biggest "booter" sites used to launch disruptive distributed denial-of-service attacks have been taken down as part of "Operation Power Off" - a joint action by the US Department of Justice, FBI, the UK's National Crime Agency, and their equivalents.

A recent study shows that software attacks cause Millions of Christmas trees to go dark each year (Claus, 2021). Since many people believe that trees cannot be hacked, they tend to find themselves in a false sense of security that too often leaves them exposed. In this article, I want to show you why fuzzing is the right method to protect your Christmas tree against malicious software attacks while turning it into a video game console.

LDAP Nom Nom is a recently discovered brute-force technique for enumerating valid usernames in Active Directory — anonymously and without leaving any log entries behind. It abuses LDAP Ping, a little-known mechanism in Active Directory normally used by computers to check whether a domain controller is alive. This blog post explains how LDAP Ping works and how adversaries can abuse it with LDAP Nom Nom.

Cyberattacks consistently hit the headlines throughout the year, and they aren’t expected to slow down any time soon. While the intensity and impact change from one attack to the other, there are always a few that rank the highest in terms of size. We looked at the five biggest cyberattacks of 2022 and how they influenced users around the globe.

A phishing attack is a fraudulent email pretending to be from a safe, familiar, or reliable source intended to induce the email recipient to reveal personal information such as financial information, personally identifiable information (PII), Passwords, or credit and bank account numbers to the writer.

Credential stuffing is on the rise. The number of annual credential spill incidents nearly doubled between 2016 and 2020, according to the F5 Labs 2021 Credential Stuffing Report. Organizations need to be wary of sophisticated attackers or risk becoming a victim of a credential stuffing attack. As one of the most common account takeover techniques, your team must be equipped with the knowledge necessary to prevent this from happening.

Recently, we’ve noticed an increase in user reports of SMS-based Business Email Compromise (BEC) messages. This seems to be part of a wider trend as phishing scams via text messages surge. The Federal Communications Commission (FCC) observed an increase in unsolicited text messages, with 2022 practically tripling the number of phishing texts reported to the FCC in 2019. Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile.

November has turned cold in much of the Northern Hemisphere, and there was plenty of cold comfort to go around in the world of cybersecurity. Our latest round-up looks at a massive company that can’t stop getting breached, another one scrambling to correct an unforced error, a worst-case scenario for the blending of church and state, and a depressing report on just how much money ransomware gangs are pulling in. Let’s get ready for a dip into the chilly waters of cybercrime.

‘Tis the season for a busy weekend of software supply chain attacks. Over the past three days, the Mend research team identified two separate attacks that published malicious packages to npm. Mend Supply Chain Defender quickly identified the malicious code; the owners were notified, and the packages were removed. That does not fully remove the risk, however. The first package has 9.5 million downloads, while account CI keys were compromised in the second, which can cause significant damage.

Another day, another legitimate cloud service exploited for a cyber espionage campaign… Researchers at ESET recently discovered Dolphin, a previously unreported backdoor used by the North-Korean threat actor APT37 (AKA ScarCruft and Reaper) against selected targets. The backdoor, deployed after the initial compromise using less sophisticated malware, was observed for the first time in early 2021, during a watering-hole attack on a South Korean online newspaper.

The Sysdig Threat Research Team (TRT) recently discovered threat actors leveraging an open source tool called PRoot to expand the scope of their operations to multiple Linux distributions and simplify their necessary efforts. Typically, the scope of an attack is limited by the varying configurations of each Linux distribution. Enter PRoot, an open source tool that provides an attacker with a consistent operational environment across different Linux distributions, such as Ubuntu, Fedora, and Alpine.

2022 has seen a slowdown for the cryptocurrency ecosystem, as well as a decrease in demand for cryptocurrency-related activities like cryptomining. Even before the catastrophic implosion of the FTX cryptocurrency exchange, multiple market bubbles (from failed exchanges other than FTX) and events like Ethereum’s highly anticipated transition from proof of work to proof of stake have dampened enthusiasm for cryptocurrencies.

To give system managers a number of advantages over traditional interfaces for streamlining and automating administrative chores, Microsoft created PowerShell, a built-in scripting language and command-line executor. The strength of PowerShell renders it a handy instrument for attackers to conduct file-less exploits, which are challenging to block and identify. Essentially, the PowerShell script is a simple text file with an a.ps1 extension. When you execute the file on the prompt, it will begin to run.

This year has seen an enormous increase in the number and claimed impact of hacktivist attacks on critical infrastructure and enterprises operating in critical services. Many attacks target unmanaged devices such as Internet of Things (IoT) and operational technology (OT) equipment. Attacks are motivated by geopolitical or social developments across the globe, with the goal of spreading a message or causing physical disruption.

A detailed overview of the Remote Code Execution (RCE) attacks, how it affects the Kubernetes infrastructure, and how the vulnerabilities of the K8 systems can be mitigated. Remote Code Execution (RCE) is a vulnerability in systems that cybercriminals can exploit to perform attacks. In RCE attacks, hackers execute malicious code in target systems remotely, irrespective of their location on the network. That’s because they don’t need the target systems to have the execution functionality.

Keeping track of what technologies are being utilized across your attack surface has become virtually impossible as a result of the pace of innovation, developer methodologies, and many other factors. Questions such as, “Where am I hosting all of my WordPress sites? Or “What 3rd-party software is it using?” often go unanswered because of the sheer number of domains organizations now have to monitor.

Due to the increasing number of cyberattacks, particularly zero days, organizations are scrambling to obtain the best security services available. While even the smallest organization might feel that implementing Two-Factor Authentication (2FA) will keep its data secure, a targeted attack from a nefarious threat actor could lure an employee into clicking and opening a malicious document.

Researchers investigating a newly-discovered botnet have admitted that they "accidentally" broke it. In November, security experts at Akamai described a Golang-based botnet that they had discovered, hijacking PCs via SSH and weak credentials in order to launch distributed denial-of-service (DDoS) attacks and mine cryptocurrency.