The Sysdig Security Research team has identified a Cryptominer attack hitting a Kubernetes pod running WordPress, related to the recent Botnet Sysrv-Hello. The goals of the attack were to control the pod, mine cryptocurrency, and replicate itself from the compromised system. In particular, the attackers targeted a misconfigured WordPress to perform initial access.
The 2021 ICO Annual Report highlights areas of concern for UK organisations, including the rise of ransomware, the constant threat of email phishing, and the lack of public faith in companies’ handling of data. Let’s dive into some of the more interesting findings from the regulatory body’s latest report.
In late 2020, SolarWinds was the victim of a cyberattack that spread to their clients and went undetected for months. The foreign entities were able to add malicious code into the Orion system and gain access to companies of all sizes and across industries. The malicious code was distributed to all of the systems via a routine software update. Attacks like this are becoming increasingly frequent, amplifying the importance of security solutions that can quickly detect a potential breach.
In recent months, we’ve seen a sharp rise in software supply chain attacks that infect legitimate applications to distribute malware to users. SolarWinds, Codecov and Kesaya have all been victims of such attacks that went on to impact thousands of downstream businesses around the globe. Within minutes of these high-profile attacks making headline news, CEOs often ask: “Should we be concerned? How is it impacting us? What can we do to mitigate risk?” .
After being hit by a ransomware or phishing attack, it might be tempting for businesses to think the damage has been done and they can now focus on rebuilding. This is rarely the case. Research shows that 80% of organisations targeted by ransomware end up suffering another attack – and 46% are targeted by the same cybercriminals that hit them in the first place.
The U.S. government aims to tackle cybercrime, in particular attacks targeting critical infrastructure. For this purpose, the U.S. State Department has announced a reward of up to $10 million to anyone who offers valid information about any potential cyberattacks on critical infrastructure supported by foreign states.
AT&T Alien Labs has recently discovered a cluster of Linux ELF executables that have low or zero anti-virus detections in VirusTotal, though our internal threat analysis systems have flagged them as malicious. Upon inspection of the samples, Alien Labs has identified them as modifications of the open-source PRISM backdoor used by multiple threat actors in various campaigns.
One of the most worrisome trends in cybersecurity today is the skyrocketing incidence of supply chain attacks, such as the ones that hit SolarWinds last year and Kaseya more recently. Because they focus on compromising software development and delivery, supply chain attacks have forced developers and DevOps teams to scramble for solutions. Unfortunately, supply chain attacks are particularly challenging to prevent, detect and remediate, and, because of their stealthy nature, are often devastating.
In a world of automation, computers and the data on them have become the backbone of many organizations. But data is a double-edged sword. It can be leveraged by organizations to improve operations, but in the wrong hands, it can be a deadly weapon for hackers. So how do organizations ensure their data is safe?
U.S. President Joe Biden is under pressure to take a stand against a relentless pace of cybersecurity attacks. Russian-speaking hackers have claimed accountability for a recent ransomware assault on IT management software provider Kaseya VSA. The group of Russian threat actors also referred to as the Revil Group, launched a bombshell supply-chain hit during the weekend of July 4th, 2021 against Kaseya VSA and multiple managed service providers.
No discussion on ICS attacks could be complete without talking about what some would call, ‘the elephant in the room.’ Critical infrastructure has always been a target for warfare, and modern ICS are no exception. Several high-profile ICS disruptions have in fact been attributed to malicious hackers working at the behest of a military or intelligence agency.
The term DDoS attack refers to a malicious actor or group of actors intentionally trying to overwhelm a victim’s computer network with traffic. The large influx of network traffic being directed at the target can cause serious issues for legitimate traffic, such as regular users who need to access websites, data or services. Everyone from gamer sites to large enterprises fears the threat of distributed denial of service attacks.
Social engineering is a type of cyber attack that targets people to gain access to buildings, systems, or data. Social engineering attacks exploit human vulnerabilities to get inside a company’s IT system, for instance, and access its valuable information. Social engineering is one of the most common— and successful— forms of cyber attack. Social engineering attacks are constantly evolving, but they generally follow five main approaches.
Healthcare providers collect, process and share citizens’ most highly sensitive personal data – from names, dates of birth and contact details, to medical and financial information. The loss of this data by healthcare organisations can cause significant emotional distress to patients if private medical conditions are disclosed, and also make them more vulnerable to identity theft, fraud and further cyberattacks.
2020 was the year of the DDoS attack. Distributed Denial of Service (DDoS) attacks spiked over the last year, driven by the pandemic and the fact that so many people were locked down, working from home, and using online services to get through the pandemic. According to a report from NETSCOUT, more than 10 million DDoS attacks were launched last year, targeting many of the remote and essential services people were using to make it through the lockdown.
On 26 April 2020, 189 countries across Asia, Europe, the Middle East, North America, and South America shut down schools marking one of the largest mass school closures in history. But today, more than a year since COVID-19 forced entire cohorts online, economies continue to flit in and out of lockdowns and schools are continuing to resort to remote or hybrid-learning arrangements.
Back in June, I wrote about the Transportation Security Agency’s (TSA) new security directive concerning pipeline owners and operators. The order mandated those entities to disclose security incidents such as the ransomware attack that affected the Colonial Pipeline Company back in May to the TSA and the Cybersecurity & Infrastructure Security Agency (CISA).
Account takeover (ATO) is a dangerous form of business email compromise (BEC). Attackers gain access to a legitimate email account within an organisation, often by stealing credentials through spear phishing. They’ll then send emails from the compromised account with the goal of getting a fraudulent payment authorised or accessing sensitive data to exfiltrate.
As operations at sports stadiums become more dependent on data centers and online networks, and as the performance metrics and health data of athletes become more vulnerable to illicit exposure or alteration, the $80 billion industry of competitive sports has become increasingly vulnerable to cyberattacks. As a business they are generating big money and big data, both of which are perfect for hackers.
Cyberattacks On Utilities. Here are the top two things Water Utilities need to do right now to secure our drinking water supply from cyberattacks.
The SANS 2021 Top New Attacks and Threat Report is now available for download, covering the security trends and top threats to watch for as the world emerges from the pandemic. Presented at the SANS threat expert panel discussion held during the RSAConference 2021 Virtual Experience, the top attack category the report highlights is supply chain attacks – and with good reason.
Most discussions around cybersecurity understandably focus on information technology (IT). Assets like cloud services and data centers are typically what companies spend the most time and effort securing. Recently, though, operational technology (OT) has come under increasing scrutiny from leading security experts in both the private and public sectors. In June, for instance, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet about ransomware attacks on OT.
The internet is an incredible tool for education. Unfortunately, not everyone uses it to better themselves or the world around them. There are plenty of opportunities to learn how to defraud, damage, and steal from organizations – so many in fact, that this open source of hacking knowledge is a new technology service industry in its own right: crime-as-a-service.
Higher education has increasingly been attracting the attention of cybercriminals. In March, the FBI released an advisory in response to a barrage of ransomware attacks on schools, and Inside Higher Education recently reported that colleges and universities are becoming favorite victims of bad actors. It's not just colleges themselves that are being targeted; their vendors and third parties are being attacked in the hopes of compromising an institution’s data.
Doxing is the act of publishing private or identifying information about an individual or organization on the internet. Doxing is short for Dropping Dox (documents), and it only has negative connotations. The intention of doxers is to harass victims by revealing information that's either incriminating, defamatory or just immensely embarrassing. Doxing is sometimes spelled as Doxxing.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the legacy between the healthcare industry and cyberattacks, the vulnerable points in the healthcare system, and how risks can be mitigated. Did you know that for 10th year in a row, the healthcare industry has seen the highest impact from cyberattacks of any industry?
In a never-ending game of cat and mouse, threat actors are exploiting, controlling and maintaining persistent access in compromised cloud infrastructure. While cloud practitioners are armed with best-in-class knowledge, support, and security practices, it is statistically impossible to have a common security posture for all cloud instances worldwide. Attackers know this, and use it to their advantage. By applying evolved tactics, techniques and procedures (TTPs), attackers are exploiting edge cases.
The AEC industry is very familiar with good risk management. Whether it is managing safety risk, financial risk, legal risk, or project risk, AEC firms are adept at identifying, prioritizing and mitigating risk. Today, the risk of ransomware seems high, with a steady stream of news stories about the latest company to fall victim to an attack. But is it high for everyone in every industry?
