Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

The Top Cyber Attacks of November 2022

November has turned cold in much of the Northern Hemisphere, and there was plenty of cold comfort to go around in the world of cybersecurity. Our latest round-up looks at a massive company that can’t stop getting breached, another one scrambling to correct an unforced error, a worst-case scenario for the blending of church and state, and a depressing report on just how much money ransomware gangs are pulling in. Let’s get ready for a dip into the chilly waters of cybercrime.

A Busy Weekend for npm Attacks, Including 'cors' Typosquatting

‘Tis the season for a busy weekend of software supply chain attacks. Over the past three days, the Mend research team identified two separate attacks that published malicious packages to npm. Mend Supply Chain Defender quickly identified the malicious code; the owners were notified, and the packages were removed. That does not fully remove the risk, however. The first package has 9.5 million downloads, while account CI keys were compromised in the second, which can cause significant damage.

Cloud Threats Memo: Cyber Espionage Exploiting Google Drive for C2 Infrastructure

Another day, another legitimate cloud service exploited for a cyber espionage campaign… Researchers at ESET recently discovered Dolphin, a previously unreported backdoor used by the North-Korean threat actor APT37 (AKA ScarCruft and Reaper) against selected targets. The backdoor, deployed after the initial compromise using less sophisticated malware, was observed for the first time in early 2021, during a watering-hole attack on a South Korean online newspaper.

Discovered new BYOF technique to cryptomining with PRoot

The Sysdig Threat Research Team (TRT) recently discovered threat actors leveraging an open source tool called PRoot to expand the scope of their operations to multiple Linux distributions and simplify their necessary efforts. Typically, the scope of an attack is limited by the varying configurations of each Linux distribution. Enter PRoot, an open source tool that provides an attacker with a consistent operational environment across different Linux distributions, such as Ubuntu, Fedora, and Alpine.

Cryptojacking Attacks See Growth Despite Weak Year for Cryptocurrency

2022 has seen a slowdown for the cryptocurrency ecosystem, as well as a decrease in demand for cryptocurrency-related activities like cryptomining. Even before the catastrophic implosion of the FTX cryptocurrency exchange, multiple market bubbles (from failed exchanges other than FTX) and events like Ethereum’s highly anticipated transition from proof of work to proof of stake have dampened enthusiasm for cryptocurrencies.

Defend Against Powershell Attacks

To give system managers a number of advantages over traditional interfaces for streamlining and automating administrative chores, Microsoft created PowerShell, a built-in scripting language and command-line executor. The strength of PowerShell renders it a handy instrument for attackers to conduct file-less exploits, which are challenging to block and identify. Essentially, the PowerShell script is a simple text file with an a.ps1 extension. When you execute the file on the prompt, it will begin to run.

See technologies on the attack surface plus updates to Attack Surface Custom Policies and API keys

Keeping track of what technologies are being utilized across your attack surface has become virtually impossible as a result of the pace of innovation, developer methodologies, and many other factors. Questions such as, “Where am I hosting all of my WordPress sites? Or “What 3rd-party software is it using?” often go unanswered because of the sheer number of domains organizations now have to monitor.

Bypassing 2FA Authentication with Evilginx2

Due to the increasing number of cyberattacks, particularly zero days, organizations are scrambling to obtain the best security services available. While even the smallest organization might feel that implementing Two-Factor Authentication (2FA) will keep its data secure, a targeted attack from a nefarious threat actor could lure an employee into clicking and opening a malicious document.

Whoops! Researchers accidentally crash botnet used to launch DDoS and cryptomining campaigns

Researchers investigating a newly-discovered botnet have admitted that they "accidentally" broke it. In November, security experts at Akamai described a Golang-based botnet that they had discovered, hijacking PCs via SSH and weak credentials in order to launch distributed denial-of-service (DDoS) attacks and mine cryptocurrency.

The Increasing Threat Posed by Hacktivist Attacks: An Analysis of Targeted Organizations, Devices and TTPs

This year has seen an enormous increase in the number and claimed impact of hacktivist attacks on critical infrastructure and enterprises operating in critical services. Many attacks target unmanaged devices such as Internet of Things (IoT) and operational technology (OT) equipment. Attacks are motivated by geopolitical or social developments across the globe, with the goal of spreading a message or causing physical disruption.