Read also: the US charges four Russian hackers, Lapsus$ leaks 70GB of Globant data, and more.

This blog was written by an independent guest blogger. Credential stuffing attacks essentially doubled in number between 2020 and 2021. As reported by Help Net Security, researchers detected 2,831,028,247 credential stuffing attacks between October 2020 and September 2021—growth of 98% over the previous year. Of the sectors that did experience credential stuffing during that period, gaming, digital and social media, as well as financial services experienced the greatest volume of attacks.

The security community took a step backward last week in our ability to deal with the crisis involving Okta. Instead of exercising well-thought-out and practiced contingency plans to objectively assess risk, many individuals took a trolling posture on social media. The reaction was neither professional nor conducive to our mission as defenders against threat actors seeking to do us harm.

The dangers of email security are often understated. One successful email attack can lead to malware injection, system compromise, impersonation, espionage, ransomware and more. After all, phishing remains the top attack vector used by hackers. The FBI reported phishing scams were extremely prominent, with 323,972 complaints being made in the U.S. in 2021, compared to 241,342 the previous year. Adjusted losses resulting from these attacks is more than $44 million, a $10 million decrease from 2020.

The digital world is a vulnerable space prone to attacks of various kinds. Denial of Service is one of the regular strategy attacks used to crash any server. A DoS attack attempts to make a computer or network resource unavailable to its intended users by generating enormous traffic and costing the legitimate users valuable time and money.

The Trustwave SpiderLabs email security team has been monitoring the ongoing Russia-Ukraine crisis to ensure that our clients are protected and aware of any imminent threats. This research blog captures some of the phishing email threats we have discovered. Whenever there is a global event, threat actors are sure to take advantage of the situation. As the war between Russia and Ukraine continues, cybercriminals are pumping out spam emails that use the crisis as a lure.

Read also: Italy’s state railway operator halts ticket sales due to a suspected cyberattack, malicious npm packages target Azure developers, and more.

-In the hours after news broke that Lapsus$ claimed to have breached Okta, an enterprise identity and access management firm, SecurityScorecard’s Threat Research and Intelligence team conducted a rapid investigation into Lapsus$ to provide customers and partners with the very latest in actionable security intelligence and insights related to this emerging cybercrime group. -Lapsus$’s targets have quickly evolved from Brazilian and Portuguese organizations to high-profile U.S.

In an effort to stay ahead of improvements in automated detections and preventions, adversary groups continually look to new tactics, techniques and procedures (TTPs), and new tooling to progress their mission objectives. One group — known as BlackCat/ALPHV — has taken the sophisticated approach of developing their tooling from the ground up, using newer, more secure languages like Rust and highly customized configuration options per victim.

Trustwave is actively tracking the threat of Lapsus$ for our clients. We encourage all organizations, especially those part of the digital supply chain, to remain vigilant and ensure that cyber best practices are implemented. We are actively investigating all unusual login behaviors for clients that use Okta. For more information on the Okta incident, please visit their blog. Trustwave does not use Okta. Actionable security recommendations for organizations can be found below.

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Two days ago, several of our automated analyzers started alerting on a set of packages in the npm Registry.

The modern infrastructure is controlled by the DNS with pointers to both internal and third-party services. As a result, organizations are simultaneously expanding their attack surface and inviting potential cyber threats. Unknown subdomains can be challenging, as they are not always closely monitored.

Financially motivated adversary groups executing ransomware attacks have rightfully gotten our attention in recent years. Similar to Lulzec, there’s a new group catching attention with different motivations, targeting larger organizations.

Economic Denial of Sustainability (EDoS) is a cybersecurity threat targeting cloud environments. EDoS attacks exploit the elasticity of clouds, particularly auto-scaling capabilities, to inflate the billing of a cloud user until the account reaches bankruptcy or large-scale service withdrawal. EDoS attacks exploit the cloud’s economies of scale to disrupt or discontinue the availability of cloud services and infrastructure that support applications, systems, and corporate networks.

HTTP Response Splitting entails a kind of attack in which an attacker can fiddle with response headers that will be interpreted by the client. The attack is simple: an attacker passes malicious data to a vulnerable application, and the application includes the malicious data in the single HTTP response, thus leading a way to set arbitrary headers and embedding data according to the whims and wishes of the attacker.

Given Russia's reputation for highly-sophisticated cyberattacks, the country's invasion of Ukraine has sparked justified fears of an imminent global cyberwar. While, for the time being, Putin’s cyber efforts against Ukraine are surprisingly restrained, this may not be the case for other countries.

Endpoint devices played a big part in malware and ransomware attacks in 2021. According to a study covered by Help Net Security, security researchers detected more malware and ransomware endpoint infections in the first nine months of the year than they did for all of 2020. Attack scripts leveraging PowerSploit, Cobalt Strike, and other tools were particularly prevalent in that nine-month period, having grown 10% over the previous year after having already climbed 666% compared to 2019.

The ongoing war between Ukraine and Russia has placed organizations worldwide on full alert due to the possibility that cyber attacks related to the conflict may impact organizations outside the region.

Senior-level executives handle sensitive data and information daily – making them an enticing target for cybercriminals. One of the most complex schemes to date is the whaling attack, in which hackers impersonate high-ranking employees to gain access to computer systems and networks. Whaling attacks have seen a dramatic 131% increase between Q1 2020 and Q1 2021, costing enterprises around $1.8 billion in damages.

Stevenage, 15th March 2022 – Today new findings from the Bulletproof Annual Cyber Security Industry Threat report highlight the issue posed by poor security hygiene as automated attacks remain a high security threat to businesses. The research gathered throughout 2021, showed that 70% of total web activity is currently bot traffic.

Rapid proliferation of data, growing volume of domains and subdomains, and rise in third-party software have expedited the need for having a robust security program in place. As the web-facing attack surface grows, existing security practices are falling behind.

SecurityScorecard (SSC) has identified three separate DDoS attacks which all targeted Ukrainian government and financial websites leading up to and during Russia’s invasion of Ukraine. Details of these DDoS attacks have not yet been publicly identified.

Just days after Russia launched its invasion against the people of Ukraine, news reports emerged of several cyberattacks. Deployed systematically ahead of the land invasion, Russian cyberattacks against Ukraine have rendered Ukrainian banks, government departments and other core services unavailable through the use of sophisticated ‘data wipers

Modern cyberattacks are multifaceted, leveraging different tools and techniques and targeting multiple entry points. As noted in the CrowdStrike 2022 Global Threat Report, 62% of modern attacks do not use traditional malware and 80% of attacks use identity-based techniques, meaning that attacks target not only endpoints, but also cloud and identity layers with techniques that many legacy solutions have no visibility of or means of stopping.

If a couple of years ago Distributed Denial of Service attacks (DDoS) were just a nuisance for businesses, today they constitute serious, costly cybercrime. Equally, if not more alarming, is the use of cybercriminals as surrogates in state-to-state political conflicts. The tools for launching these attacks are easily available online. They are so simple and cheap to use that even amateur citizen fraudsters and kids can commit a financial crime.

Netskope is keeping a close watch on the rapidly changing situation in Ukraine. Along with the attention we are giving to the safety and well-being of Netskope employees in the region, we are in a state of high alert with respect to cyber threats and risks to our customers. Netskope Threat Labs is continuously monitoring cybersecurity threats related to the conflict in Ukraine.

The Russia-Ukraine conflict currently is ongoing and continues to escalate. Trustwave is on heightened alert, and we are actively monitoring malicious cyber activity associated with and adjacent to the conflict between Russia and Ukraine.

CrowdStrike is introducing memory scanning into the CrowdStrike Falcon sensor for Windows to increase visibility and detect in-memory threats, adding another layer of protection against fileless threats. In recent years, threat actors have increased their dependence on fileless or malware-free attacks.

Read also: Toyota suspends production due to a cyberattack, Enercom suffers satellite outage, and more.

Beyond the disturbing images of the invasion of Ukraine that began February 24 are the invisible cyberattacks that preceded it and continue to be waged on Ukraine by Russian state-sponsored and other threat actors, which also threaten the West. Vedere Labs, Forescout’s threat intelligence and research team, is closely monitoring the evolution of cyber activities connected to the Russian-Ukrainian conflict.

We’d like to start this post by saying that our thoughts are with everyone that is affected by the ongoing conflict in Ukraine. As widely reported in the news, we are also actively monitoring the increased level of malicious cyber activity related to the situation. Businesses should be under no illusions: the cyber security shock waves from the Ukraine crisis will extend across the world. It’s therefore important to stay informed and act quickly so that your business is protected.

Ideally, healthcare would be the last industry to be targeted by hackers and cyberattackers—surely no one would want to cripple critical hospital infrastructure and play around with lives. However, the healthcare industry continues to be the most affected in terms of average data breach cost, peaking at $9.2 million in 2021.