Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label 2023 Global Threat Report. Show all posts

Five Ways the Internet Became More Dangerous in 2023

The emergence of cyber dangers presents a serious threat to people, companies, and governments globally at a time when technical breakthroughs are the norm. The need to strengthen our digital defenses against an increasing flood of cyberattacks is highlighted by recent events. The cyber-world continually evolves, requiring a proactive response, from ransomware schemes to DDoS attacks.

1.SolarWinds Hack: A Silent Intruder

The SolarWinds cyberattack, a highly sophisticated infiltration, sent shockwaves through the cybersecurity community. Unearthed in 2021, the breach compromised the software supply chain, allowing hackers to infiltrate various government agencies and private companies. As NPR's investigation reveals, it became a "worst nightmare" scenario, emphasizing the need for heightened vigilance in securing digital supply chains.

2. Pipeline Hack: Fueling Concerns

The ransomware attack on the Colonial Pipeline in May 2021 crippled fuel delivery systems along the U.S. East Coast, highlighting the vulnerability of critical infrastructure. This event not only disrupted daily life but also exposed the potential for cyber attacks to have far-reaching consequences on essential services. As The New York Times reported, the incident prompted a reassessment of cybersecurity measures for critical infrastructure.

3. MGM and Caesar's Palace: Ransomware Hits the Jackpot

The gaming industry fell victim to cybercriminals as MGM Resorts and Caesar's Palace faced a ransomware attack. Wired's coverage sheds light on how these high-profile breaches compromised sensitive customer data and underscored the financial motivations driving cyber attacks. Such incidents emphasize the importance of robust cybersecurity measures for businesses of all sizes.

4.DDoS Attacks: Overwhelming the Defenses

Distributed Denial of Service (DDoS) attacks continue to be a prevalent threat, overwhelming online services and rendering them inaccessible. TheMessenger.com's exploration of DDoS attacks and artificial intelligence's role in combating them highlights the need for innovative solutions to mitigate the impact of such disruptions.

5. Government Alerts: A Call to Action

The Cybersecurity and Infrastructure Security Agency (CISA) issued advisories urging organizations to bolster their defenses against evolving cyber threats. CISA's warnings, as detailed in their advisory AA23-320A, emphasize the importance of implementing best practices and staying informed to counteract the ever-changing tactics employed by cyber adversaries.

The recent cyberattack increase is a sobering reminder of how urgently better cybersecurity measures are needed. To keep ahead of the always-changing threat landscape, we must use cutting-edge technologies, modify security policies, and learn from these instances as we navigate the digital landscape. The lessons learned from these incidents highlight our shared need to protect our digital future.

Elastic Global Threat Report Discloses Rising Threat of Ransomware

 

The latest study has indicated that ransomware is becoming a more diverse and prevalent threat, making countering it a difficult and time-consuming process. Furthermore, practically every cloud infrastructure attack starts with credential theft.

"Highly prevalent" ransomware 

Having said that, the majority of malware identified is made up of a couple of "highly prevalent" ransomware families linked with off-the-shelf tools. BlackCat, Conti, Hive, Sodinokibi, and Stop have ascended to the top of the list as the most prominent ransomware families, accounting for more than four-fifths (81%) of all ransomware activity.

The majority of threat actors choose Cobalt Strike and Metasploit as off-the-shelf tools (5.7% of all signature events). These families account for over two thirds (68%) of all Windows infection attempts.

91% of malware signature incidents were found on Linux endpoints, with Windows accounting for the remaining 6%. Most threat actors hide in appliances, edge devices, and other extremely low visibility platforms in order to stay undetected. 

Cloud issues 

Elastic discovered that focusing on cloud-based solutions is a completely different beast. Businesses are increasingly moving from on-premises solutions, but they are sloppy, resulting in numerous misconfigurations, inadequate access restrictions, insecure credentials, and no functional principle of least privilege models. Threat actors are taking use of all of this to infiltrate environments and deploy malware. 

Security experts also detected defence evasion (38%), credential access (37%), and execution (21%), as the most common strategies linked to threat detection signals for Amazon Web Services. More than half (53%) of all credential access incidents involved compromised legitimate Microsoft Azure accounts. 

“Today’s threat landscape is truly borderless, as adversaries morph into criminal enterprises focused on monetizing their attack strategies,” stated Jake King, head of security intelligence and director of engineering at Elastic. 

“Open source, commodity malware, and the use of AI have lowered the barrier to entry for attackers, but we’re also seeing the rise of automated detection and response systems that enable all engineers to better defend their infrastructures. It’s a cat-and-mouse game, and our strongest weapons are vigilance and the continued investment in new defence technologies and strategies.”

New Threat Intelligence Report Provides Actionable Intelligence Against Cyberattacks


In today’s world scenario, it has become a prime requirement for security experts to expand their focus on vulnerabilities that the innovative technologies may possess. They must build expertise when it comes to managing security risk, which can be acquired by a continuous analysis on global threat landscape and study the affects of a business’ decisions on its threat profile. Likewise, business heads must also put efforts into attaining awareness of their security posture, risk exposure and cyber-defense tactics that can subsequently impact their business operations.

BlackBerry Global Threat Intelligence Report

According to the report, modern business leaders get an easy access to this information. The global BlackBerry Threat Research and Intelligence team provided an actionable intelligence on attacks, threat actors and campaigns. The report was based on the telemetry obtained from Blackerry’s AI-based products and analytical capabilities, supplemented by other public and private intelligence sources. This allows you to make informed decisions and take prompt, effective action.

Mentioned below, are some of the key highlights of the ‘Global Threat Intelligence Report’: 

  • 90 days by the numbers: In order to create the intelligence report, the team surveyed more than 1.5 million stopped cyberattacks that has occurred between the period Dec. 1, 2022 and Feb. 28, 2023. 
  • Top 10 countries experiencing cyberattacks during this period: The US continues to lead in the percentage of attacks that were thwarted. Brazil has just overtaken Canada as the second most frequently targeted nation, with Japan and Canada following. However, the danger landscape has altered. Singapore made its debut appearance in the top 10. 
  • Most targeted industries by number of attacks: The telemetry shows that consumers in finance, healthcare services, and retailing of food and essentials were the targets of 60% of all malware-based attacks. 
  • Most common weapons: The most often utilized tools were droppers, downloaders, remote access tools (RATs), and ransomware. A targeted attack employing the Warzone RAT against a Taiwanese semiconductor business, cybercriminal gangs using Agent Tesla and RedLine Infostealer, and increased use of BlackCat ransomware were all things BlackBerry noted during the data gathering period. 

  • Industry-specific attacks: During this time, the healthcare sector had a sizable number of cyberattacks. This report also goes in-depth on attacks against manufacturing, critical infrastructure, financial institutions, and other key targets of sophisticated and occasionally state-sponsored threat actors engaged in espionage and intellectual property campaigns. However, as this analysis reveals, these crucial sectors are also frequently affected by crimeware and commodity malware.

Moreover, the report also provided actionable defensive countermeasures that a business could adopt, against some of the most notable threat actors, cyber weapons and attacks that they have mentioned. The defenses are apparently in the form of MITRE ATT&CK® and MITRE D3FEND™ mappings.  

CrowdSrike: Cybercriminals Are Choosing Data Extortion Over Ransomware Attacks


CrowdStrike’s threat intelligence recently reported that cybercriminals have been learning how data extortion attacks are more profitable than ransomware attacks, leading to a drastic shift in the behavior of cyber activities throughout 2022. 

The cybersecurity vendor's "2023 Global Threat Report," which summarizes CrowdStrike's research on cybercrime (or "e-Crime") from the previous year, was released this week. The report's major sections address ongoing geopolitical disputes, cloud-related attacks, and extortion attacks without the use of software. 

One of the major findings from the CrowdStrike research is that the number of malicious actors who conducted data theft and extortion attacks without the use of ransomware increased by 20% in 2022 compared to the previous year. Data extortion is the practice of obtaining confidential information from target companies and then threatening to post the information online if the victim does not provide the ransom demanded by the attacker. 

Data extortion has frequently been a part of ransomware operations, with the fear of data exposure intended to provide additional incentive for the victim to pay the demanded ransom. However, as per the CrowdStrike findings, more attackers are now inclining toward data extortion, while abandoning the ransomware element altogether. 

Adam Meyers, head of intelligence at CrowdStrike says that “We’re seeing more and more threat actors moving away from ransomware[…]Ransomware is noisy. It attracts attention. It’s detectable. Encryption is complex.” 

According to Meyers, the rise in extortion addresses the adaptability of cyber adversaries. He further adds that while ransom payments were down slightly in 2022, both extortion and ransomware-as-a-service (RaaS) have witnessed a significant boost. 

CrowdStrike observed and noted the overall waning interest in malware. The firm reported that in 2022, up from 62% in 2021, malware-free activity accounted for 71% of its threat detections. 

"This was partly related to adversaries' prolific abuse of valid credentials to facilitate access and persistence in victim environments[…]Another contributing factor was the rate at which new vulnerabilities were disclosed and the speed with which adversaries were able to operationalize exploits," the report said. 

While also noting the improved resilience of the RaaS network, CrowdStrike stated that affiliated hackers will continue to be a major concern as they move from one network to another despite the move away from conventional ransomware deployment.