Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label DDoS. Show all posts
TOX
Cyber Attacks CyberCrime CyberThreat DDoS DradonForce Meta's dominance RAMP RansomHub Ransomware Nerwork Rasnowmare attacks TOX

DragonForce Asserts Dominance Over RansomHub Ransomware Network

 


A series of targeted attacks involving DragonForce, a ransomware group that has reportedly been operating in the Middle East and North Africa region (MENA) are reported to have been launched against companies in the Kingdom of Saudi Arabia (KSA) amidst the escalating cyber threats throughout the region. A significant incident involving a real estate and construction company based in Riyadh, which underscored the group's commitment to targeting high-value targets within critical sectors, was one of the most significant incidents involving the group. 

In the recent past, there has been an increase in the sophistication of cyberattacks targeting major companies and vital infrastructure around the region, resulting in this recent development. In addition to demonstrating the increasing capabilities of threat actors such as DragonForce, this breach also emphasizes the need to maintain enhanced vigilance and preparedness among cybersecurity professionals and law enforcement agencies within the Kingdom of Saudi Arabia and its surrounding countries. 

Experts are anticipating that as the group's tactics continue to be effective, they will expand beyond MENA in terms of geographic scale. This incident has wider implications than just the immediate victims. As a cautionary marker of the rapidly evolving threat landscape, this incident serves as a warning of the threats that may threaten global digital security systems in the future. 

Cyble, a cybersecurity firm, has confirmed that a threat actor known as DragonForce recently posted a message on the RAMP cybercrime forum announcing a new “project.” This announcement was later mirrored on DragonForce's onion-based data leak site (DLS), marking the beginning of a new operational infrastructure for DragonForce. A part of this initiative was the introduction of two new onion domains that DragonForce launched, both protected by CAPTCHA verification, which aligned with the group's traditional Tor-based deployment practices. 

Interestingly, both of these sites are prominently branded and emblazoned with RansomHub, a group that specializes in ransomware. While it is still unclear whether DragonForce has seized control of RansomHub in the past or has just infiltrated its systems, Cyble has observed that RansomHub's onion site has been unavailable since March 31. As a result of this prolonged downtime, there has been considerable speculation within the cyber security community as to whether DragonForce may be planning to acquire or hostilely take over the RansomHub infrastructure. 

In addition to this development, DragonForce recently formally announced its plans to expand its ransomware-as-a-service operations, which are aligned with DragonForce's broader strategy of expanding the company's ransomware-as-a-service operations. As part of this initiative, the group introduced an affiliate-based model in which third-party actors—or “franchisees”—can operate under DragonForce brand names. 

As part of the new model, affiliates will reportedly be provided with comprehensive backend support, which includes anti-DDoS defences, advanced encryption protocols, and specialized toolkits that allow them to manage infections across a range of environments, including ESXi, NAS, BSD, and Windows. A significant investment is being made into infrastructure to attract and empower partners, thereby enhancing the group's reach and impact as a whole. This is a deliberate attempt by the group to streamline operations and present a more organized and business-like ransomware platform to victims by including features like encryption status monitoring and persistent communication mechanisms. 

Despite the uncertainty that surrounds RansomHub's future, it is currently possible that it will become fully absorbed under the DragonForce brand or continue to operate independently, but current indicators suggest that a possible consolidation within the ransomware ecosystem may result in increased sophistication and coordination among cybercriminals. 

Despite the increased competition in the ransomware-as-a-service (RaaS) market, DragonForce is positioning itself as a prominent player by offering its affiliates one of the most attractive commission structures on the dark web. This aggressive profit-sharing model aims to attract skilled cybercriminals in an attempt to build an affiliate network that is loyal, results-driven and enables partners to keep up to 80% of ransom payments successfully extorted from victims. A key component of DragonForce's communication strategy is TOX, a Tor-based instant messaging platform that serves as the main channel for communicating with both victims and affiliates as well as serving as a secure, secure means of communicating. 

In addition to providing the public key to the group, RAMP, an underground forum used by ransomware operators and access brokers, is also available to anyone interested in further securing these exchanges. This persistent presence on the platform, especially a forum visit traced back to February 24, 2025, indicates a sustained effort by them to maintain visibility and engagement within the key cybercriminal community. In addition to serving as a recruitment hub, the DragonForce affiliate network is also highlighted in advertisements displayed on RAMP as one of the most reliable networks within the dark web. With support for multiple platforms, including Windows, Linux, and ESXi, the ransomware framework is marketed as a robust system that can deliver consistent payouts while offering extensive back-end support. 

As of January 20th, 2025, the most recent affiliate-related announcements have been posted, but the associated PGP encryption key has been generated since September 2024, further demonstrating the organization's systematic approach to security. A prior operational leak involved sensitive affiliate-facing URLs that were used for extortion from victims. DragonForce underwent significant internal reforms after this. Among these reforms was the implementation of a new vetting process that requires prospective affiliates to provide verifiable evidence of victim access, such as data volume metrics and file trees, to justify their eligibility. 

Essentially, this shift was meant to ensure that only committed and capable individuals could be onboarded, which would lead to improved operational security and integrity for the organization. Furthermore, DragonForce offers a variety of premium services to vetted affiliates, including call services, which allow direct pressure to be applied to victims, as well as advanced decryption capabilities that can be used on NTLM and Kerberos hashes. A lot of these services are especially useful when access brokers are trying to navigate post-compromise stages in environments like Active Directory that are complex. 

It is important to remember that DragonForce ransomware is an independent entity and should not be confused with the Malaysian hacktivist group that operates under the same name. This group has been known for defacing websites and launching DDoS attacks, among other things. While the two organizations share a name, they are completely different in their motivations, structures, and methods, and they are not known to be affiliated with each other. 

As ongoing speculation continues regarding the nature of a potential alliance between RansomHub and DragonForce continues to surface, Cyble reports that this latest development closely follows DragonForce's announcement of a significant expansion of its ransomware service (RaaS) operations on March 18. The DragonForce Ransomware Cartel, as part of this strategic shift, introduced the franchise-style affiliate program, whereby partners can operate and launch their own ransomware campaigns under the umbrella of DragonForce Ransomware Cartel. 

Affiliates can take advantage of this model because it allows them to maintain a high degree of operational independence while still being overseen by a central management team. Backend support is provided in a comprehensive way to all participants, including dedicated admin and client panels as well as secure data hosting environments and a resilient, always-on infrastructure that is secured with anti-DDoS mechanisms that keep the system running smoothly. This structure is designed to maintain the group's overarching operational standards as well as balance affiliate autonomy with consistency and control. 

It is worth noting that DragonForce has also introduced a series of advanced technical upgrades to its ransomware payloads targeted at ESXi, NAS, BSD, and Windows platforms along with its structural expansion. In addition, several sophisticated features have been added to the security system, including real-time encryption tracking, detached execution processes, persistent user interface messages to reinforce ransom demands, and better recovery protocols to reduce disruption. In addition, the group developed the two-pass header protection technology to enhance the cryptographic robustness of the encryption engine by using external entropy sources. This technique is also integrated with the BearSSL AES-CTR encryption protocol to enhance its cryptography. 

In addition to the technological and infrastructure advances made by DragonForce, Cyble points out that DragonForce's commitment to scale its operations at a very high level of professionalism will be reflected in these advancements. By creating a more refined and affiliate-focused ransomware ecosystem, the company hopes to attract experienced cybercriminals to collaborate with them. During the past year, DragonForce has continued to grow as a more structured and formidable player within the ransomware-as-a-service ecosystem. 

However, its recent activities indicate a broader shift in cybercriminal activity, characterized by a shift towards increasing sophistication, strategic alliances, and operational maturity in the cybercriminal underground. The apparent takeover or alignment of RansomHub with the company and the dramatic advancements in infrastructure and technology, along with the emergence of a series of threats, highlight the urgent need for the cybersecurity stakeholders to reevaluate threat models and strengthen their defensive positions. 

The most effective way for organizations, particularly those in critical sectors and high-risk regions, is to implement proactive threat intelligence strategies, enforce stringent access controls, and seriously prioritize incident response preparedness in order to counter evolving threats. With a digital landscape in which adversaries adopt business-like approaches to cause greater impact, only a cohesive and anticipatory security approach can prove robust in the face of the rising tide of cyber-extortion, which is becoming more organized and sophisticated by the day.
Read more »
Sensitive Information
Data Breach Data Leak data security DDoS Hackers Personal Data Police Sensitive Information

Hackers Leak 8,500 Files from Lexipol, Exposing U.S. Police Training Manuals

 

An anonymous hacker group called the “puppygirl hacker polycule” recently made headlines by leaking over 8,500 files from Lexipol, a private company that provides training materials and policy manuals for police departments across the United States. 

As first reported by The Daily Dot, the data breach exposed internal documents, including thousands of police policies, emails, phone numbers, addresses, and other sensitive information about Lexipol employees. The hackers published the stolen data on Distributed Denial of Secrets (DDoS), a nonprofit platform for leaked information. In a statement, the group said they targeted Lexipol because, in their view, there aren’t “enough hacks against the police,” so they took action themselves.  

Founded in 2003, Texas-based Lexipol LLC, also known for its online training platform PoliceOne, has become a significant force in police privatization. The company supplies policy manuals and training content to more than 20% of U.S. police departments, according to a 2022 Indiana Law Journal analysis. This widespread adoption has effectively shaped public policy, despite Lexipol being a private company. 

Critics have long raised concerns about Lexipol’s focus on minimizing legal liability for police departments rather than addressing issues like excessive force or racial profiling. The Intercept reported in 2020 that Lexipol’s training materials, used by the NYPD after the George Floyd protests, prioritized protecting departments from lawsuits rather than promoting accountability or reform. 

Additionally, Lexipol has actively opposed proposed changes to police use-of-force standards, favoring a more lenient “objectively reasonable” standard. The leaked documents revealed striking similarities in policy language across different police departments, with matching sections on use-of-force protocols and even identical “Code of Ethics” pages — some ending with a religious oath dedicating officers to their profession before God. 

Despite Lexipol’s intent to reduce legal risks for its clients, some police departments using its policies have faced legal consequences. In 2017, Culver City, CA, adopted a Lexipol manual that suggested detaining suspected undocumented immigrants based on “lack of English proficiency,” contradicting the city’s sanctuary status. Similarly, Spokane, WA, paid a $49,000 settlement in 2018 after police violated local immigration laws using Lexipol’s guidance. 

Although the puppygirl hacker polycule isn’t linked to previous major breaches, their tactics echo those of SiegedSec, a group known for hacking government sites and playfully demanding research into “IRL catgirls.” As political tensions rise, the hackers predict more “hacktivist” attacks, aiming to expose injustices and empower public awareness. The Lexipol breach serves as a stark reminder of the vulnerabilities in privatized law enforcement systems and the growing influence of cyberactivism.
Read more »
MirrorFace
Cyber Defence Cyber Security DDoS Hacker attack Hacker group Japan Japan Cyber Security MirrorFace

Japan’s New Active Cyber Defence Strategy to Counter Growing Threats

 

Japan is taking decisive steps to enhance its cybersecurity through a new strategy of “active cyber defence.” This approach enables authorized hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers and neutralize cyber-attack sources before they cause significant damage. The ruling Liberal Democratic Party (LDP), led by Prime Minister Shigeru Ishiba, plans to introduce relevant legislation during the current parliamentary session. The urgency for stronger cybersecurity measures has escalated due to recent attacks. 

The National Police Agency (NPA) revealed that the Chinese state-linked hacking group MirrorFace was responsible for over 200 cyberattacks targeting Japan’s foreign ministries and semiconductor industry between 2019 and 2024. Additionally, cyber incursions since late December 2024 disrupted financial services, delayed flights, and exposed vulnerabilities in Japan’s critical infrastructure. Japan’s revised 2022 National Security Strategy identifies cyberattacks as a growing threat, likening cross-border hacks of civilian infrastructure to intimidation tactics that stop short of war. 

This has prompted Japan to expand its SDF cyber unit from 620 members in March 2024 to about 2,400 today, with plans to reach 4,000 personnel by 2028. However, this remains small compared to China’s estimated 30,000-member cyber-attack force. The proposed active defence strategy aims to bolster cooperation between public and private sectors, focusing on safeguarding critical infrastructure, such as energy, transportation, finance, and telecommunications. Japan also plans to establish a National Cyber Security Office in 2025 to coordinate cybersecurity policy, identify vulnerabilities, and advise private sector organizations. 

To prevent misuse, strict safeguards will accompany the strategy. Hackers will need prior approval to break into servers unless immediate action is required during active attacks. Penalties will address excessive monitoring or personal data leaks, ensuring transparency and public trust. Trend Micro’s recent findings underscore the importance of these measures. The security firm attributed recent cyberattacks to distributed denial-of-service (DDoS) campaigns launched by botnets. These attacks overwhelmed network servers with data, causing widespread disruptions to services like Japan Airlines and major banks. 

While Japan’s proactive approach is a significant step forward, experts like Professor Kazuto Suzuki caution that it may not deter all attackers. He notes that cyber deterrence is challenging due to the unpredictability of attackers’ methods. However, this strategy is expected to instill some fear of retaliation among hackers and strengthen Japan’s cybersecurity posture. As cyber threats evolve, Japan’s active defence initiative represents a critical effort to protect its infrastructure, economy, and national security from escalating digital risks.
Read more »
Proxy Service
Cyber Security DDoS DDOS Attacks Free VPN IP Address Network Security Privacy Risks Proxy Service

Free VPN Big Mama Raises Security Concerns Amid Cybercrime Links

 

Big Mama VPN, a free virtual private network app, is drawing scrutiny for its involvement in both legitimate and questionable online activities. The app, popular among Android users with over a million downloads, provides a free VPN service while also enabling users to sell access to their home internet connections. This service is marketed as a residential proxy, allowing buyers to use real IP addresses for activities ranging from ad verification to scraping pricing data. However, cybersecurity experts warn of significant risks tied to this dual functionality. 

Teenagers have recently gained attention for using Big Mama VPN to cheat in the virtual reality game Gorilla Tag. By side-loading the app onto Meta’s Oculus headsets, players exploit location delays to gain an unfair advantage. While this usage might seem relatively harmless, the real issue lies in how Big Mama’s residential proxy network operates. Researchers have linked the app to cybercrime forums where it is heavily promoted for use in activities such as distributed denial-of-service (DDoS) attacks, phishing campaigns, and botnets. Cybersecurity firm Trend Micro discovered that Meta VR headsets are among the most popular devices using Big Mama VPN, alongside Samsung and Xiaomi devices. 

They also identified a vulnerability in the VPN’s system, which could have allowed proxy users to access local networks. Big Mama reportedly addressed and fixed this flaw within a week of it being flagged. However, the larger problem persists: using Big Mama exposes users to significant privacy risks. When users download the VPN, they implicitly consent to having their internet connection routed for other users. This is outlined in the app’s terms and conditions, but many users fail to fully understand the implications. Through its proxy marketplace, Big Mama sells access to tens of thousands of IP addresses worldwide, accepting payments exclusively in cryptocurrency. 

Cybersecurity researchers at firms like Orange Cyberdefense and Kela have linked this marketplace to illicit activities, with over 1,000 posts about Big Mama appearing on cybercrime forums. Big Mama’s ambiguous ownership further complicates matters. While the company is registered in Romania, it previously listed an address in Wyoming. Its representative, using the alias Alex A, claims the company does not advertise on forums and logs user activity to cooperate with law enforcement. Despite these assurances, the app has been repeatedly flagged for its potential role in cyberattacks, including an incident reported by Cisco Talos. 

Free VPNs like Big Mama often come with hidden costs, sacrificing user privacy and security for financial viability. By selling access to residential proxies, Big Mama has opened doors for cybercriminals to exploit unsuspecting users’ internet connections. This serves as a cautionary tale about the dangers of free services in the digital age. Users are advised to exercise extreme caution when downloading apps, especially from unofficial sources, and to consider the potential trade-offs involved in using free VPN services.
Read more »
phishing
Botnet Cyber Attacks Cyber Threats DDoS phishing

Cybersecurity Beyond Phishing: Six Underrated Threats


Cybercriminals are continually developing new methods to exploit vulnerabilities, and even the most tech-savvy individuals and organizations can find themselves at risk. While some cyberattacks like phishing and malware are well-known, several lesser-known but equally dangerous threats require attention. This blog post explores six types of cyberattacks you might not have considered but should be on your radar.

1. Botnet Attacks

A botnet attack involves a network of compromised computers, or "bots," which are controlled by a single entity, often referred to as a "botmaster." These botnets can be used to launch large-scale cyberattacks such as Distributed Denial-of-Service (DDoS) attacks, which overwhelm a target’s resources, rendering it inaccessible. 

In 2016, hackers used the Mirai botnet to take control of millions of devices and launched a huge DDoS attack on Dyn, a major domain name server provider.

Some hackers also take over IoT devices to "brick" them, which means they damage the device’s firmware so it becomes useless. They do this for fun or to teach people about cybersecurity.

2. LLMjacking

As language models become integral in various applications, they present new cyberattack vectors. LLMjacking, or Large Language Model hijacking, involves manipulating language models to generate harmful or misleading information. 

Attackers can exploit vulnerabilities in these models to spread misinformation, influence public opinion, or even automate phishing attacks. The rise of AI-powered tools necessitates the implementation of stringent security measures to safeguard against such manipulations.

Companies that utilize cloud-hosted Large Language Models (LLMs) are at risk of LLM jacking because they possess the necessary server resources to operate generative AI programs. Hackers might exploit these resources for personal purposes, such as creating their own images, or for more malicious activities like generating harmful code, contaminating the models, or stealing sensitive information.

While an individual hijacking a cloud-based LLM for personal use might not cause significant damage, the costs associated with resource usage can be substantial. A severe attack could result in charges ranging from $50,000 to $100,000 per day for the owner.

3. Ransomware

Unlike traditional malware that aims to steal information, ransomware directly extorts victims. Attackers encrypt valuable data and demand payment, often in cryptocurrency, for the decryption key. Organizations of all sizes are potential targets, and the financial and reputational damage can be severe. Preventative measures, including regular data backups and cybersecurity training, are crucial in mitigating the risks of ransomware attacks.

4. Insider Threats

An insider threat comes from within the organization, typically from employees, contractors, or business partners who have inside information concerning the organization’s security practices. These threats can be malicious or unintentional but are dangerous due to the privileged access insiders have. 

They may misuse their access to steal sensitive information, disrupt operations, or introduce vulnerabilities. Organizations need to implement strict access controls, regular monitoring, and education to reduce the risk of insider threats.

5. Man-in-the-Middle (MitM) Attacks

Man-in-the-middle attacks occur when an attacker intercepts communication between two parties without their knowledge. The attacker can then eavesdrop, manipulate, or steal sensitive information being exchanged. 

MitM attacks are particularly concerning for financial transactions and other confidential communications. Encrypted communication channels, strong authentication methods, and educating users about potential risks are effective strategies to prevent such attacks.

6. Phishing Schemes

Phishing remains one of the most prevalent cyber threats, evolving in sophistication and technique. Attackers use deceptive emails, messages, or websites to trick individuals into divulging personal information such as usernames, passwords, and credit card details. 

Spear phishing, a targeted form of phishing, involves personalized attacks on specific individuals or organizations, making them harder to detect. Continuous cybersecurity awareness training and employing advanced email filtering solutions can help protect against phishing schemes.

Read more »
Ukraine-Russia Conflict
Bank Hacking Cyber Attacks data security DDoS DDOS Attacks Russian Cyber Security Ukraine-Russia Conflict

DDoS Attacks Disrupt Major Russian Banks: Ukraine Claims Responsibility

 

Several major Russian banks experienced distributed denial-of-service (DDoS) attacks, disrupting their online services and mobile apps. On Wednesday, local media reported that state-owned VTB Bank was among those affected. The bank informed the state news agency TASS that an attack “planned from abroad” caused disruptions for its clients trying to access online services. 

The Russian Agricultural Bank also reported being targeted by a DDoS attack on Tuesday. However, the bank noted that the impact was minimal due to their implementation of an enhanced system to combat such attacks. Gazprombank, the third-largest private bank in Russia, faced difficulties with its app’s transaction services due to the attack, though the issue was quickly resolved. Other banks, including Alfa Bank, Rosbank, and Post Bank, were also reportedly affected. 

On Wednesday, Ukraine’s military intelligence (HUR) claimed responsibility for the DDoS campaign targeting the Russian banking sector. An anonymous source within HUR, speaking to Ukrainian media, mentioned that the attacks also affected several Russian payment systems and large telecom operators such as Beeline, Megafon, Tele2, and Rostelecom. While this claim has not been independently verified, the HUR official stated that the attack “is still ongoing and far from over.” 

This incident is part of a series of cyberattacks by Ukrainian entities against Russian targets. In October, pro-Ukrainian hackers and Ukraine’s security service (SBU) claimed to have breached Russia’s largest private bank, Alfa-Bank. In January, data allegedly belonging to 30 million Alfa-Bank customers was released by attackers involved in the breach. Earlier this year, the hacker group Blackjack, in cooperation with the SBU, breached a Moscow internet provider in retaliation for a Russian cyberattack on Ukraine’s largest telecom company, Kyivstar. 

While not all reports from Ukrainian hackers or intelligence officials can be independently verified, the recent DDoS attacks on Russian banks had noticeable consequences, despite Russian claims of minimal impact. DDoS attacks are generally easier to mitigate, but this campaign stands out for its broad impact on multiple financial institutions and service providers. The ongoing cyber warfare between Ukraine and Russia underscores the escalating digital conflict between the two nations. Both sides have been leveraging cyber capabilities to disrupt each other’s critical infrastructure. 

The recent attacks highlight the necessity for robust cybersecurity measures and swift response strategies to minimize the impact on essential services and ensure the security of digital transactions. As cyber threats evolve, both nations will likely continue to enhance their defenses to protect against such incursions.
Read more »
Ransomware
AI Black Basta Cyber Security Cyber Threats DDoS Ransomware

Are We Ready for the Next Wave of Cyber Threats?



In our increasingly digital world, cybersecurity is a growing concern for everyone— from businesses and governments to everyday individuals. As technology advances, it opens up exciting possibilities and creates new, sophisticated cyber threats. Recent high-profile attacks, like those on Ascension and the French government, show just how damaging these threats can be.

Cybercriminals are always finding new ways to exploit weaknesses. According to Cybersecurity Ventures, global cybercrime damages could hit $10.5 trillion a year by 2025. This huge number highlights why strong cybersecurity measures are so important.

One major evolution in cyber threats is seen in ransomware attacks. These attacks used to be about locking up data and demanding a ransom to unlock it. Cybercriminals also steal data and threaten to release it publicly, which can disrupt businesses and ruin reputations. For example, in May, the Black Basta group attacked Ascension, the largest non-profit Catholic health system in the U.S., disrupting operations in its 140 hospitals and affecting patient care.

Supply chain attacks are another big concern. These attacks target vulnerabilities in the network of suppliers and partners that businesses rely on. This makes securing the entire supply chain crucial.

Cybercriminals are also using artificial intelligence (AI) to make their attacks more powerful. Examples include DeepLocker, a type of AI-powered malware that stays hidden until it reaches its target, and deepfake scams, where AI creates fake videos or audio to trick people into transferring money. AI-driven malware can change its behaviour to avoid detection, making it even more dangerous.

Distributed denial-of-service (DDoS) attacks are another serious threat. These attacks flood a website or network with so much traffic that it can’t function. In March 2024, a massive DDoS attack targeted over 300 web domains and 177,000 IP addresses linked to the French government, causing major disruptions.

Building a Strong Cybersecurity Defense

To fight these evolving threats, businesses need to build strong cybersecurity defenses. One effective approach is the zero-trust model, which means every access request is verified, no matter where it comes from. Key parts of this model include multi-factor authentication (MFA), which requires more than one form of verification to access systems, and least privilege access, which ensures users only have access to what they need to do their job.

Advanced monitoring tools are also essential. Security information and event management (SIEM) systems, combined with AI-driven analytics, help detect and respond to threats in real time by providing a comprehensive view of network activities.

Human error is a major vulnerability in cybersecurity, so employee training and awareness are crucial. Regular training programs can help employees recognise and respond to threats like phishing attacks, creating a culture of security awareness.

The Role of AI in Cybersecurity

While AI helps cybercriminals, it also offers powerful tools for defending against cyber threats. AI can analyse vast amounts of data to spot patterns and anomalies that might indicate an attack. It can detect unusual behaviour in networks and help security analysts respond more quickly and efficiently to threats.

AI can also identify and mitigate insider threats by analysing user behaviour and spotting deviations from typical activity patterns. This helps strengthen overall security.

The future of cybersecurity will involve constant innovation and adaptation to new challenges. AI will play a central role in both defence and predictive analytics, helping foresee and prevent potential threats. Ethical considerations and developing frameworks for responsible AI use will be important.

Businesses need to stay ahead by adopting new technologies and continuously improving their cybersecurity practices. Collaboration between industries and with government agencies will be crucial in creating comprehensive strategies.

Looking to the future, we need to keep an eye on potential threats and innovations. Quantum computing promises new breakthroughs but also poses a threat to current encryption methods. Advances in cryptography will lead to more secure ways to protect data against emerging threats.

As cyber threats evolve, staying informed and adopting best practices are essential. Continuous innovation and strategic planning are key to staying ahead of cybercriminals and protecting critical assets.


Read more »
Internet Archive
Botnet Cyber Attacks data security DDoS Internet Archive

History Meets Hackers: Internet Archive Battles Ongoing DDoS Attacks

Under Siege: Internet Archive Battles Ongoing DDoS Attacks

The Internet Archive is allegedly subject to continuing DDoS (distributed denial-of-service) attacks. The attacks began over the Memorial Day holiday weekend, according to the California-based charity, and some users reported being unable to access the digital archive site for several hours on Monday.

Why target the Internet Archive?

The motives behind DDoS attacks can vary. In the case of the Internet Archive, it seems:

  • Ideological Vendetta: Some believe that the attackers oppose the archive’s mission of open access to information. Perhaps they resent the democratization of knowledge or harbor a grudge against the organization.
  • Collateral Damage: The Internet Archive hosts controversial content, including political websites, historical documents, and even old Geocities pages. An attack on the archive could inadvertently affect unrelated sites.

"Archive.org is under DDoS attack," the nonprofit's X account announced Monday morning. "The data is not affected, but most services are unavailable."

The Internet Archive’s response

The nonprofit swiftly responded to the attacks. While details about the perpetrators have not surfaced, the organization changed its infrastructure to enhance resilience. It’s a delicate balancing act: maintaining accessibility while safeguarding against future attacks.

A few hours later, the organization reported that there was some "back and forth with the attackers." The business says it made certain improvements to its service but has not yet revealed further data on the attackers' identity or any likely motive for the attack.

Multiple X users reported that the site was still down Monday afternoon, despite Internet Archive's announcement that its services had been restored. On Monday, the organization verified that the DDoS attacks have resumed.

The archive site also reported network traffic difficulties on Sunday. Brewster Kahle, the founder and board chair of the Internet Archive, stated that the troubles on Sunday could have been caused by an "over-aggressive crawling group" or a DDoS attack and that the site typically experiences more technical issues on weekends.

The Anatomy of a DDoS Attack

DDoS attacks are like digital traffic jams. They flood a target server with an overwhelming volume of requests, causing it to slow down or crash. Here’s how they work:

  • Botnet Deployment: Attackers assemble a botnet—a network of compromised computers or devices—by infecting them with malware. These bots become unwitting foot soldiers in the attack.
  • Coordination: The attacker orchestrates the botnet to send a barrage of requests to the target server. The sheer volume overwhelms the server’s capacity to respond.
  • Impact: The target server becomes sluggish or unresponsive, affecting legitimate users who rely on its services.

The bigger picture

While additional digital archive sites exist, many of them use domain extensions headquartered outside of the United States. Internet Archive was started in San Francisco, California, in 1996. Kahle has been advocating for "universal access to all knowledge" through books, websites, and other forms of media for decades.

In addition to hacks, the archive group has faced several lawsuits in recent years. In 2020, major US book publishers sued the nonprofit over the Internet Archive's digital book lending scheme, alleging copyright infringement. Last year, a judge decided that the program breached the publishers' copyright. However, the foundation continues to contend that "controlled digital lending" is fair usage.

In 2023, Sony and Universal Music sued Internet Archive over their music archives, claiming copyright violation.

Read more »
OpenAI
Anonymous Sudan ChatGPT Cyber Attacks DDoS DDOS Attack Hacktivists OpenAI

OpenAI Reveals ChatGPT is Being Attacked by DDoS


AI organization behind ChatGPT, OpenAI, has acknowledged that distributed denial of service (DDoS) assaults are to blame for the sporadic disruptions that have plagued its main generative AI product.

As per the developer’s status page, ChatGPT and its API have been experiencing "periodic outages" since November 8 at approximately noon PST.

According to the most recent update published on November 8 at 19.49 PST, OpenAI said, “We are dealing with periodic outages due to an abnormal traffic pattern reflective of a DDoS attack. We are continuing work to mitigate this.”

While the application seemed to have been operating normally, a user of the API reported seeing a "429 - Too Many Requests" error, which is consistent with OpenAI's diagnosis of DDoS as the cause of the issue.

Hacktivists Claim Responsibility 

Hacktivist group Anonymous Sudan took to Telegram, claiming responsibility of the attacks. 

The group claimed to have targeted OpenAI specifically because of its support for Israel, in addition to its stated goal of going against "any American company." The nation has recently been under heavy fire for bombing civilians in Palestine.

The partnership between OpenAI and the Israeli occupation state, as well as the CEO's declaration that he is willing to increase investment in Israel and his multiple meetings with Israeli authorities, including Netanyahu, were mentioned in the statement.

Additionally, it asserted that “AI is now being used in the development of weapons and by intelligence agencies like Mossad” and that “Israel is using ChatGPT to oppress the Palestinians.”

"ChatGPT has a general biasness towards Israel and against Palestine," continued Anonymous Sudan.

In what it described as retaliation for a Quran-burning incident near Turkey's embassy in Stockholm, the group claimed responsibility for DDoS assaults against Swedish companies at the beginning of the year.

Jake Moore, cybersecurity advisor to ESET Global, DDoS mitigation providers must continually enhance their services. 

“Each year threat actors become better equipped and use more IP addresses such as home IoT devices to flood systems, making them more difficult to protect,” says Jake.

“Unfortunately, OpenAI remains one of the most talked about technology companies, making it a typical target for hackers. All that can be done to future-proof its network is to continue to expect the unexpected.”  

Read more »
Ransomware
Cyberattacks CyberCrime Cyberhackers Cybersecurity DDoS Digital Technology malware Ransomware

Defending Digital Fortresses: How Greater Manchester Fends off 10,000 Daily Cyber Assaults

 


Cyber hackers are targeting the council's systems at a rate of '10,000 a day', leading to threats to its software and systems by higher-ups. It has been agreed by councillors in Oldham that they will spend £682,000 on acquiring a ‘modern data protection service’ which will ensure the privacy of financial information as well as the personal information of thousands of citizens, in order to protect the data they are responsible for guarding. 

According to officers, at the moment, because of the current system in place the backup data is not protected against malicious damage or the cloud-based services are not protected from malicious intrusion. In light of this, the council has decided that it is necessary to move all of its data and backup requirements over to the Rubrik Air Gap system and to utilize it for its data recovery and backup. 

As stated in the report to the cabinet, the purpose of the decision was to ensure that both services and data will be protected against loss, which is essential in both disaster recovery scenarios as well as against accidental deletion, corruption, or other errors that could lead to information loss. 

According to the survey, three-fourths of councils (75 per cent) stated that they have been targeted by phishing attacks as this is the most common type of cyberattack against them, with the majority stating that it was the most common form of attack they have been targeted by. 

It can be noted that Distributed Denial-of-Service attacks (DDoS) were the second most common attack type - ranking as the most serious threat for six per cent of councils this year - which attempted to disrupt web traffic or services by overwhelming servers. With the increased digitalization driven by the pandemic, both the public and private sectors have been affected by the prevalence of cybercrime, which is being exacerbated by the increasing prevalence of cybercrime. 

A survey by Gallagher, an insurance company, shows that 15% of UK business owners rate cybercrime as one of the biggest risks to their business, and specifically that the post-pandemic reliance on technology has exacerbated the problem. There were eight months of interruption caused by the 2020 cyber attack on that local authority, as reported earlier this year by the leader of that local authority at a parliamentary committee. 

There is a type of malware known as ransomware that encrypts files and data in a way that prevents anyone from accessing those files without paying a ransom to the criminal group who has authorized the attack. Data that is stolen by an attacker may also be threatened with being leaked by the attacker. 

During the meeting, councillor Abdul Jabbar, cabinet member for finance and corporate resources, addressed the attendees with the following remarks: "We receive more than 10,000 attacks daily on our systems as a result of cyber attacks."
Read more »
India
Anti-DDoS Measures Cloud technology Cyber Security DDoS India

DDoS Attacks and Its Preventive Measures Organizations Should Adopt

The proliferation of Internet of Things (IoT) devices, now in the billions, coupled with the advancements in network infrastructure and the swift deployment of 5G, necessitates heightened agility from network operators and IT managers in pinpointing and rectifying security flaws. 

Additionally, in today's landscape, organizations are under constant threat from different types of attacks. These include ransomware, hacktivism, and DDoS attacks, all with the goal of either stealing information or causing disruptions in services. DDoS attacks are a particularly serious form of online service disruption, and they can occur due to either malicious intent or legitimate situations.

Cybercriminals are now employing the cloud to orchestrate DDoS attacks. India has witnessed a notable uptick in such attacks, capable of causing disruptions lasting from hours to even days. This not only affects revenue but also undermines customer trust and tarnishes reputation. Furthermore, targeted organizations may encounter legal or regulatory consequences, particularly if customer data is compromised. 

There are three primary categories of cloud-based DDoS attacks: volumetric, protocol, and app layer. Seasoned Managed Service Providers (MSPs) and cloud providers have robust DDoS filtering and defenses in operation. In order to effectively combat DDoS attacks, clients must swiftly detect attacks, implement countermeasures, closely oversee their systems, and incorporate detailed configurations. 

Now we will learn what are DDoS attacks, how to identify them, and their preventive measures. 

 What are DDoS attacks? 

A Distributed Denial-of-Service (DDoS) attack is when someone tries to disrupt a server, service, or network by flooding it with an enormous amount of internet traffic. This flood overwhelms the target and its supporting infrastructure. To make DDoS attacks work, the attackers use many hijacked computer systems to send attack traffic. 

These compromised systems can be regular computers or even devices like smart gadgets connected to the internet. In simple terms, a DDoS attack is like an unexpected traffic jam that blocks the usual flow of traffic on a highway, stopping it from reaching its destination. 

How to detect a DDoS attack on your system? 

When dealing with a DDoS attack, the most noticeable sign is a sudden slowdown or complete unavailability of a website or service. However, it's important to note that similar performance issues can arise from various causes, including a legitimate increase in traffic. This is why it's crucial to conduct further investigation. 

To identify potential DDoS attacks, traffic analytics tools play a vital role. They can help in recognizing certain red flags: 

  • Unusually high levels of traffic originating from a single IP address or within a specific IP range. 
  • A surge of traffic coming from users who share similar behaviour traits, such as device type, location, or web browser version. 
  • An abrupt and unexplained increase in requests directed at a particular page or endpoint. 
  • Peculiar traffic patterns, like sudden spikes during unconventional hours or patterns that seem artificial (for example, a spike occurring every 10 minutes). 

Ideal preventive measures that organizations should adopt against Distributed Denial of Service (DDoS) attacks are as follows: 

  • Firstly, strengthening security measures involves regularly applying updates, fine-tuning configurations, and reinforcing systems to withstand potential attacks, thus effectively safeguarding them. 
  • Secondly, deploying Anti-DDoS Measures entails configuring resources to be less susceptible to attacks. In the event of an attack, it is crucial to ensure that it does not lead to a complete organizational disruption. 
  • Thirdly, leveraging Anti-DDoS Tools enables the activation of functionalities and the incorporation of specialized instruments to provide a defense against DDoS attacks or reduce their potential impact.
  • Fourthly, developing a DDoS Response Strategy involves preparing your security or operations team for managing a DDoS attack and implementing additional measures to safeguard the system.
  • Furthermore, establishing DDoS monitoring entails vigilantly watching for indicators of an attack and meticulously documenting them for future enhancements.
In today's highly interconnected world, where digital technologies play an ever-expanding role, organizations would be wise to collaborate with a cybersecurity specialist. This becomes particularly crucial if cybersecurity is not their main focus or if they operate with budget constraints. 
Read more »
Telegram
Cyber Attacks DDoS Hactivist Group Messaging Apps Telegram

Hackers Attack Telegram With DDoS After Targeting Microsoft and X

 

Anonymous Sudan has launched a distributed denial-of-service (DDoS) attack against Telegram in response to the messaging platform's decision to deactivate its principal account, according to threat intelligence firm SOCRadar. 

Anonymous Sudan, claiming to be a hacktivist group motivated by political and religious concerns, carried out DDoS attacks against organisations in Australia, Denmark, France, Germany, India, Israel, Sweden, and the United Kingdom. 

The group has been active since the beginning of the year, and on January 18, it launched its Telegram channel, proclaiming its intention to undertake cyberattacks against any entity that opposes Sudan. The group's operations began with the targeting of many Swedish websites. 

However, in June, Microsoft 365, Outlook, Microsoft Teams, OneDrive for Business, and SharePoint Online were the targets of a string of disruptive DDoS attacks launched by Anonymous Sudan, which quickly gained attention. Cloud computing platform Azure from Microsoft was also impacted. Microsoft, which records the group as Storm-1359, confirmed DDoS attacks were the cause of the interruption after Anonymous Sudan boasted about the strike on their Telegram channel. 

With the goal of forcing Elon Musk into establishing the Starlink service in Sudan, the organisation launched a disruptive DDoS attack against X (previously Twitter) in late August. The hacktivists' primary Telegram channel has been moved temporarily as a result of the attack on Telegram, which had a different objective than the group's usual targets but yet failed to accomplish its goal. 

Uncertainty around the ban on Telegram has led the threat intelligence company to speculate that it may be connected to recent attacks on X or the use of bot accounts. Current DDoS and defacement operations are being carried out by the Anonymous Sudan group, which may not be based in Sudan and may actually have connections to the Russian hacking collective KillNet, according to previous reports from SOCRadar and Truesec. 

The group doesn't request the support of pro-Islamic organisations, only communicates with Russian hackers, and mostly posts in English and Russian rather than Arabic. The campaigns that have been noticed also have no connection to political issues regarding Sudan. 

The group also doesn't seem to be associated with the original Anonymous Sudan hacktivists, who first showed up in Sudan in 2019, or with Anonymous, the decentralised, anti-political hacktivist movement.
Read more »
phishing
Cyber Attacks CyberCrime DDoS Email Microsoft 365 Microsoft Outlook Outlook phishing

Outlook Services Paralyzed: Anonymous Sudan's DDoS Onslaught

 


In the last few days, several distributed denial-of-service (DDoS) attacks have been launched against Microsoft Outlook, one of the world's leading email providers. Anonymous Sudan, a hackers' collective, has launched DDoS attacks against Microsoft Outlook. The attacks, which aim to disrupt services and create concerns about various issues, have disrupted Outlook users worldwide. Additionally, online platforms are quite vulnerable to cyber threats because they are hosted online. 

Several outages have been reported today on Outlook.com for the same reason as yesterday's outages. Anonymous Sudan, an Internet hacking collective, claims that it performs DDoS attacks against the service on hackers' behalf. 

It has been claimed, however, that the hacktivist group Anonymous Sudan is responsible for the attack. They assert that they are conducting a distributed denial of service (DDoS) attack on Microsoft's service in protest of US involvement in Sudanese internal affairs by operating cyberattacks against its infrastructure. 

Approximately 1 million Outlook users across the globe have been affected by this outage, which follows two more major outages yesterday. Due to this issue, Outlook's mobile app cannot be used by users in a wide range of countries as users cannot send or receive emails. 

There have been complaints on Twitter about Outlook's spotty email service. Users assert that it has impacted their productivity as a result. 

It was announced over the weekend that the hacktivist group would be launching a campaign against the US as a response to the US interference in Sudanese internal affairs recently as part of its anti-US campaign. They cited the visit made by Secretary of State Antony Blinken to Saudi Arabia last week, in which he discussed the ongoing humanitarian situation in the country. 

There has also been an announcement by the White House that economic sanctions will be imposed on various corrupt government entities in Sudan, including the Sudanese Armed Forces (SAF) and the Rapid Support Forces (RSF), which are considered responsible for the escalation of the conflict. 

In response to this, Anonymous Sudan launched a distributed denial of service attack in late November, targeting the ride-sharing platform Lyft, in an attempt to overload a site or server with bot requests, thereby essentially bringing it to a standstill. 

It is also worth noting that several regional healthcare providers across the country were also taken offline during the weekend campaign.

Email communication was interrupted by several disruptions, including delayed or failed delivery of messages, intermittent connectivity problems, and slow response times. This was as a result of this issue. Individual users were inconvenienced by these interruptions; however, businesses that rely on Outlook for their day-to-day operations were also facing challenges as a result of these disruptions. This attack demonstrates the vulnerability of online platforms and emphasizes the need for robust cybersecurity measures to guard against threats of this nature. This is to ensure online platforms remain secure. 

In many tweets posted to Twitter by Microsoft, the company has alternated back and forth between saying they have mitigated the issue and that the issue is back again, implying that these outages are caused by technical issues. 

A group called Anonymous Sudan is claiming responsibility for the outages, claiming they are out to protest the US infiltrating Sudanese internal affairs through its involvement in the DDoS attacks against Microsoft and claim responsibility for the outages as well.

As a result of the continuous DDoS attacks on Microsoft Outlook and Microsoft 365 services, the group has been taunting Microsoft in its statements in the past month. 

There is increasing evidence that Microsoft Outlook continues to suffer crippling attacks from Anonymous Sudan, which frequently result in the suspension of service and the growth of concerns about the security of the online environment due to DDoS attacks launched by Anonymous Sudan. It has been observed that these deliberate disruptions hurt the user experience and the online platform. This is because these disruptions expose them to cyber threats. 

This ongoing situation only confirms the importance of cybersecurity measures to safeguard critical online services. The necessity of introducing these measures would be essential to ensure their protection in the future. Additionally, it raises questions about the platform's ability to cope with persistent and coordinated attacks on its cybersecurity system. 

The case between Anonymous Sudan and Microsoft in a world where cybersecurity threats are increasing by the day, serves as a timely reminder of the importance of continuous vigilance. This is to prevent these threats from becoming stronger as they progress in a direction not fully understood by users.
Read more »
German Federal Criminal Police Office
Cyber Attacks cybercriminals Cybersecurity DDoS Flyhosting German Authorities German Federal Criminal Police Office

German Police Raid FlyHosting, a DDoS-Friendly Hosting Provider

 


In a report, German authorities have seized Internet servers used by FlyHosting, a dark web company that offers DDoS-for-hire services. On November 20, 2022, FlyHosting posted an advertisement on a cybercrime forum to attract customers. The company stated that it is a German hosting company offering services to anyone searching for an environment to host malware, botnet controllers, or a DDoS-for-hire platform that can handle traffic spikes for hire. 

According to a statement issued today by the German Federal Criminal Police Office, they performed eight searches on March 30 to investigate criminal activity. Moreover, five individuals between the ages of 16 and 24 have been identified as suspected operators of "internet services" since 2021. As far as the suspects and the service in question were concerned, no names or other details were given by the German authorities. 

This statement indicates that previously unknown perpetrators used the Internet services provided by the suspects, in particular, for 'DDoS attacks'. These are attacks by which a large number of data packets are transmitted simultaneously via the Internet in an attempt to disrupt other data processing systems. 

According to a Telegram chat channel frequented by individuals interested or involved in the DDoS-for-hire industry, a raid on FlyHosting surfaced on Thursday morning. FlyHosting's customers have just heard the following news from Dstatcc. 

Several weeks ago, Flyhosting moved its system into an upgraded police room, according to the warning. As per the police, the support provided for DDO attacks, C&C/C2, and Stresser were not working properly. The police are expected to investigate files, payment logs, and IPs further. 

As a result of the DDoS attacks facilitated by the defendants in several cases since mid-2021, the websites of several companies as well as the Hesse Police have been overloaded in several cases. According to German authorities, the defendants' websites cannot operate fully because of these attacks. This means they will not be able to function at all times and in all places as a result of these attacks. 

There has been a report in the media that police have searched and seized the mobile phones, laptops, tablets, storage media, and handwritten notes of two unnamed defendants in connection with this case. Moreover, the police also confiscated servers in the Netherlands, Germany, and Finland that were provided by suspects. Germany's Hessen Police confirmed in response to questions in an interview that FlyHosting was the subject of the seizures.

There seems to be a broader clampdown on DDoS-for-hire services by law enforcement around the world, which is the probable reason for the raids on FlyHosting. Earlier this week, the National Crime Agency announced that it has been establishing phony DDoS-for-hire websites, which are intended to gather information on users as well as remind users that launching DDoS attacks is illegal. As a result, people seeking such services may become more paranoid due to this. 

There have been reports that the Department of Justice (DOJ) announced Operation Power Off in December 2022. This was an operation aimed at seizing more than four dozen domains responsible for over 30 million DDoS attacks. This operation has led to six U.S. men being charged with computer crimes for allegedly owning popular DDoS-for-hire companies that cybercriminals attacked.   
Read more »
Technology
Cyber risks Cyberattacks Cybersecurity Data Loss DDoS Healthcare HIT Technology

Protect Yourself from Healthcare Cyber Risks

 

It has become increasingly apparent in the past few years that technology has played a significant role to assist hospitals and patients in managing their interactions. This is at a time when healthcare systems are stretched to their limits. HMIS has been concerned with the issue of cyber security for quite some time. The use of Health information technology (HIT) in hospitals has made it possible for them to synchronize patient information safely and securely. 

Cyberattacks are no longer a thing of the past for organizations. A resilient business with superior risk management separates it from a data breach business.  

Many techniques can be used to ensure resilience, including meticulous calculations of all potential risks and implementing control measures to mitigate them if necessary. As a result of healthcare cybersecurity, services that protect patients' data and privacy from cyber threats and attacks are being adopted by healthcare organizations around the globe. 

A crucial factor for the success of healthcare is the safety of patient information, which means that all stakeholders must take every precaution to ensure that patient information remains sensitive. There is no doubt that healthcare cybersecurity threats extend internally and externally, which is why it is imperative to realize this. 

There has been a rapid evolution of hacking tactics used to exploit population fears. This was done to use the panic during the pandemic. Keeping up with the ever-evolving threats, especially in the healthcare sector, is made possible by cybersecurity best practices. 

The absence of a secure cybersecurity framework invites unwanted cyber threats, which can put the hospital and its patients at risk in terms of both financial and clinical risks. Cyber frauds, malware and ransomware attacks, phishing attacks, and other cyber scams are a few of the most common threats facing the healthcare industry. 

A Review of Common Health Cyber Risks 

As part of the healthcare system, hospitals also store patient health records that contain sensitive information. 

In addition, they received a large payment from the company. A cybercriminal who wants to steal money from a patient's account is eager to obtain payment details from the patient's account. They use them for identity theft and financial fraud, which enables them to steal money from the patient. 

Fraudulent emails 

As the name suggests, phishing refers to a process in which a threat actor appears as a legitimate entity or individual. This can trick you into divulging confidential data to them. To get access to your network, the attacker manipulates you into opening malicious content downloaded to your computer, tricking you into giving them access to your network by clicking on the content. When this type of writing is done, it will usually evoke the fear of missing out (FOMO) and a sense of urgency.

Healthcare organizations likely receive a tremendous amount of emails and messages since they cater to the public. There are many ways threat actors can pose as prospective patients or business partners to launch phishing attacks against them. 

Attacks by ransomware

It is well known that ransomware encrypts your computer and locks you out of your network in an attempt to take control of the system. They intend to encrypt your files in a way that makes them inaccessible without the key to decrypt them. You will then be asked to pay them a ransom to regain access to your system.

Because healthcare organizations possess ransomware-sensitive data, they are prone to ransomware attacks. In most cases, attackers would prefer to pay up than allow their confidential information to be compromised or exposed. 

Increasing Supply Chain Vulnerability

Attacks on supply chains may come from any one of the multiple areas that are part of and contribute to it. Health insurance companies work with a wide range of suppliers and partners who provide them with products and services that enable them to operate effectively. Several third parties have been granted authorization access to their network so that they can make their operations seamless. 

Health organizations can do one of the most important things to stay on top of these threats. Getting your healthcare system's cybersecurity up to speed is essential if you want to ensure its integrity.

1. Staff Cyber Security Training

A robust technical control system can make it much more challenging for unauthorized people to gain access to your systems which is why it is beneficial to put in place such controls. Social engineers circumvent system safeguards by using phishing and spoofing. These tactics take advantage of users' lack of security awareness. All employees are required to undergo cybersecurity training so they know what to do to prevent data loss or theft. 

2. User Access Controlled 

Hackers are often pictured congregating in dark underground rooms and huddled close together when hacking. 

Your systems are constantly penetrated and decrypted to compromise your privacy. There are, however, some exceptions to this rule, such as most successful attacks coming through a system's front door i.e. by attempting to access the system through an authenticated user account. You need to define the different roles each employee within your organization plays. This will enable you to create a system access control policy that is feasible to implement within your organization. This information should already be available in the human resources department.

3. A Depth Approach to Security 

A security software maker cannot guarantee 100 percent that their application will prevent hacks with their application for the duration of its use. There are several levels of security that you need to have, and that's why you need them. Getting around one will not give an attacker access to your data, even if they manage to circumvent one successfully. There are several security measures you can take to keep intruders out of your network. These measures include a firewall, an anti-virus program, and a whitelist of approved applications. 

Since this is the same as the different forms of security you might install in your own home, it does not seem a big deal that there are different types of security. Lighting, door locks, alarms, security cameras, guard dogs, and security guards are some of them that can be installed to improve security around homes.

4. Recovery of Lost Data 

Among the reasons why cyberattacks are carried out is the theft of personal data, which is a common occurrence. An infection caused by a virus as well as a DDoS attack can cause disruptions to your work. While DDoS attacks and malware infections have the potential to corrupt your data and render it unusable, they aren't likely to overtly steal information. The loss of your data is much more devastating than having it accessed unauthorized by someone else. As with hackers gaining access to patient data, it can not only damage your reputation, but it can also cripple your operations to the extent that it can bring down your entire company and public image.
Read more »
Twitter
cyber attack Cyber Attacks DDoS service disruption Twitter

Twitter Returns After Two-Hour Outage Affecting Tweets

On Wednesday, Twitter experienced a service disruption that resulted in users being unable to access certain parts of the platform, specifically the "Following" and "For you" feed. These feeds displayed an error message rather than the expected content. 

The problem was widespread and affected users globally. The issue persisted for approximately two hours before being resolved by Twitter's engineering team. 

DownDetector, a website that tracks service outages, reported issues with Twitter at 10:00 GMT, but the problem was resolved by 12:00. In the UK alone, over 5,000 users reported problems to DownDetector within half an hour of the Twitter service outage. 

The root cause of the outage is still unknown, and it is unclear if Twitter's recent 200 staff layoffs on Monday played any role in the incident. Further investigation is needed to identify the underlying cause of the outage and prevent similar incidents from occurring in the future. 

Even though some parts of Twitter, like the feeds, were not working, users could still send tweets as usual. However, no one could see or interact with those tweets. This caused top trending hashtags including "#TwitterDown" and "Welcome To Twitter".

Nevertheless, Twitter has had some temporary problems in the past few months. During a short outage in early February, some users were mistakenly told they had reached the daily limit for sending tweets. 

"It started shortly before the Musk takeover itself. The main spike has happened after the takeover, with four to five incidents in a month - which was comparable to what used to happen in a year,” Alp Toker, director of internet outage tracker NetBlocks, said Twitter has started experiencing more issues under Mr. Musk's tenure as CEO. 

Now we will learn why social media platforms generally suffer service disruptions and sudden outrage:

Social media networks can suffer shutdowns for a variety of reasons, including technical issues, cyber-attacks, policy violations, and government censorship. Technical issues such as server errors or bugs can cause social media networks to crash and become unavailable to users. 

In some cases, these issues can be quickly resolved, and the platform can be restored. However, if the issue is more severe, it may take longer to fix, and the platform may be down for an extended period. 

Cyber attacks such as Distributed Denial of Service (DDoS) attacks can also cause social media networks to go down. These attacks overwhelm a network with traffic, causing it to become unavailable to users. Cyber attackers may launch DDoS attacks for various reasons, such as to disrupt a particular organization or to extort money.
Read more »
US Military
Cyber Criminals Cyber Security DDoS HHS US Military

Block KillNet's DDoS Bots Using These Proxy IP Addresses

 


The US government has issued a warning about the Russian cybercrime gang stepping up its attacks against hospitals and health clinics by flooding their networks and using, as part of its warning, a free tool that is designed to help organizations defend against KillNet distributed-denial-of-service (DDoS) bots. 

Currently, tens of thousands of proxy IP addresses are listed on the KillNet open proxy IP blocklist. These IP addresses are being used by Russian hackers in their attempts to flood networks with traffic. Following the investigation that SecurityScorecard's threat researchers conducted on Killnet and other network spamming miscreants, the security company built this list of threats.

Although DDoS attacks are relatively unsophisticated, like many other attacks, they can still take a serious toll, especially when they disrupt hospitals, according to a recent blog post by the security firm using KillNet as an example. 

A website taken down by the Russian gang toward the end of January was one of 14 hospitals targeted in the United States. The University of Michigan Hospitals and Health Centers, Stanford Hospital, Duke University, and Cedars-Sinai Medical Center, among others, were some of the hospitals. There are several reasons for using DDoS attacks, one of which is to mask more intrusive activities. 

A report released by the US Department of Health and Human Services (HHS) on Wednesday confirmed that KillNet is a threat to the healthcare sector and prompted DHS to issue a second warning. A similar security alert has been issued by the Department of Homeland Security twice in the last few months.  

It is common for pro-Kremlin supporters to attach an ideological bent to their attacks - sometimes using empty threats to convey their message. "Killmilk, one of the leading members of the KillNet group, has threatened the US Congress with the sale of the health and personal information of American citizens to attack US policies concerned with Ukraine," according to the December security alert from HHS. According to the US, the planned attack has not yet been carried out. 

In a similar vein, the gang threatened to attack ventilators and other technical devices in British hospitals if another alleged KillNet criminal arrested in London in May was not released as soon as he was arrested. 

Although KillNet may claim to have carried out attacks on the US military, it is wise to take its claims with a pinch of salt, according to HHS. Given the fact that the group tends to exaggerate, there is a possibility that some of these operational and development announcements may simply be meant to garner attention, both publicly and within the cybercrime underground. According to the FBI and private security researchers, the group's DDoS campaigns have been viewed as publicity stunts, which, as annoying as they have been, have had "limited success." 

A Public Relations Stunt That Could Turn Wrong   

KillNet claimed responsibility on October 10 for deactivating more than a dozen websites associated with US airports as part of an attack aimed at knocking the websites offline. Although the large-scale DDoS attack was disruptive, it did not disrupt air travel or harm the operation of the airports. 

As soon as someone claimed to have unleashed a second bot army against JPMorgan Chase a day later, the same criminals saw similarly feeble results. In my opinion, some PR agency is trying to increase their budget for PR. 

It was then that at the beginning of November, a US Treasury official announced that the department had halted a "pretty low-level" DDOS attack designed to disrupt critical infrastructure nodes in the department, also attributed to Killnet.  

KillNet's DDoS attacks usually do not cause major damage but they have the potential to disrupt healthcare organizations and the millions of patients they serve for hours, days, or even weeks - and this can be especially damaging to organizations and patients in the healthcare sector.  

It has been reported that these bots are flooding the network traffic of patients and doctors, preventing them from sending and receiving health information online and making it harder for patients to schedule appointments in the future.  

Furthermore, sometimes miscreants use DDoS attacks as a distraction for their security teams to keep their attention while they work on more dangerous attacks, including the theft of sensitive information or the deployment of ransomware. 

According to HHS, it is likely that pro-Russian ransomware groups, including those that were part of the defunct Conti group, will respond to KillNet's appeal and offer support. These results will most likely lead to KillNet targeting entities that will be victimized by extortion or DDoS attacks as a means of extortion, a tactic that several ransomware groups have employed.
Read more »
Subscribe to: Posts (Atom)