Cyber threats are a big deal in today’s society. It seems like every other day, there is a new scam or cyber attack that is making the rounds. In this blog post, we will take a look at some of the biggest threats and scams that you need to be aware of. We will also discuss how to protect yourself from these attacks.

Pro-Russian threat actor group Killnet claims to have launched DDoS attacks against Starlink and the United States’ government website whitehouse.gov. Starlink is a satellite internet service company operated by SpaceX. In 2019, SpaceX began launching Starlink satellites, and as of September 2022 is reported to have launched more than 3,000 satellites into low-Earth orbit (LEO).

Vice Society, the cybercriminal gang responsible for the attack, is believed to have used internal login credentials leaked on the dark web to access LAUSD’s network and launch the ransomware attack. Twenty-three internal LAUSD credentials were leaked on the dark web leading up to the attack, with at least one set granting access to LAUSD’s Virtual Private Network (VPN).

Cryptomining attacks are becoming more notable in-line with the rise of blockchain and cryptocurrencies, so detecting cryptomining has become a high priority. Security researchers have found data breaches related to various cryptominer binaries running within victims’ infrastructures. The default openness of Kubernetes clusters and the availability of the extensive compute power required for mining makes Kubernetes clusters a perfect target for cryptomining attacks.

Internal reconnaissance is one of the first steps an attacker will take once they have compromised a user or computer account in your network. Using various tools or scripts, they enumerate and collect information that will help them identify what assets they should try to compromise next to get what they want. For example, BloodHound will map out attack paths that can enable an adversary to escalate their privileges from ordinary user to admin.

Businesses are more vulnerable to cybercrime now than ever before. Hackers are getting smarter and more sophisticated, and they are constantly coming up with new ways to exploit businesses online. If you want to protect your business from cybercrime, you need to be aware of the top 5 cyber threats that are facing businesses today. In this blog post, we will discuss each of these threats in detail and provide tips on how you can protect your business from them.

Citing senior Cybersecurity and Infrastructure Security Agency (CISA) officials, journalistsreported on November 8 that DDoS attacks had temporarily disabled the website of a state government. A group claiming to be pro-Russian hacktivists, CyberArmyofRussia_Reborn, claimed responsibility for that attack and another on the website of a U.S. political party’s governing body on the same day, specifying one target IP address for each organization.

Account takeover is an attack where cybercriminals take ownership of user accounts using stolen credentials. It is essentially an identity theft fraud where the hacker, who now has full control over the user’s account, performs malicious activities posing as the real user. These malicious activities might include sending out phishing emails or messages, stealing and misusing sensitive financial or personal information, or using stolen information to takeover more user accounts.

TeamTNT is a notorious cloud-targeting threat actor, who generates the majority of their criminal profits through cryptojacking. Sysdig TRT attributed more than $8,100 worth of cryptocurrency to TeamTNT, which was mined on stolen cloud infrastructure, costing the victims more than $430,000. The full impact of TeamTNT and similar entities is unknowable, but at $1 of profit for every $53 the victim is billed, the damage to cloud users is extensive.

“Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.” – Clifford Stoll, Astronomer and engineer This identity security week, it’s important to understand the importance of passwords in cybersecurity, how easily they can be compromised if you are not careful, and how ManageEngine ADSelfService Plus helps fortify your passwords and enhance your organizational security.