Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label supply chain attacks. Show all posts
supply chain security
Cyber Attacks Ransomware attack Ransomwares Software Providers Supply Chain supply chain attacks supply chain security

Ransomware Attack on Blue Yonder Disrupts Global Supply Chains

 

Blue Yonder, a leading supply chain software provider, recently experienced a ransomware attack that disrupted its private cloud services. The incident, which occurred on November 21, 2024, has affected operations for several high-profile clients, including major grocery chains in the UK and Fortune 500 companies. While the company’s Azure public cloud services remained unaffected, the breach significantly impacted its managed services environment. The attack led to immediate operational challenges for key customers. UK supermarket chains Morrisons and Sainsbury’s were among the most affected. 

Morrisons, which operates nearly 500 stores, reported delays in the flow of goods due to the outage. The retailer activated backup systems but acknowledged that its operations were still disrupted. Sainsbury’s similarly implemented contingency plans to address the situation and minimize the impact on its supply chain. In the United States, Blue Yonder serves prominent grocery retailers such as Kroger and Albertsons, though these companies have not confirmed whether their systems were directly affected. 

Other notable clients, including Procter & Gamble and Anheuser-Busch, also declined to comment on any disruptions they might have faced as a result of the attack. In response to the breach, Blue Yonder has enlisted the help of external cybersecurity firms to investigate the incident and implement stronger defenses. The company has initiated forensic protocols to safeguard its systems and prevent further breaches. While recovery efforts are reportedly making steady progress, Blue Yonder has not provided a timeline for full restoration. The company continues to emphasize its commitment to transparency and security as it works to resolve the issue. 

This attack highlights the growing risks faced by supply chain companies in an era of increasing cyber threats. Disruptions like these can have widespread consequences, affecting both businesses and consumers. A recent survey revealed that 62% of organizations experienced ransomware attacks originating from software supply chain vulnerabilities within the past year. Such findings underscore the critical importance of implementing robust cybersecurity measures to protect against similar incidents. 

As Blue Yonder continues its recovery efforts, the incident serves as a reminder of the potential vulnerabilities in supply chain operations. For affected businesses, the focus remains on mitigating disruptions and ensuring continuity, while industry stakeholders are left grappling with the broader implications of this growing threat.
Read more »
supply chain attacks
cyber resilience Cyber Security Cybersecurity Threats Cyble research dark web breaches IT Security software vulnerabilities supply chain attacks

Cyble Research Reveals Near-Daily Surge in Supply Chain Attacks

 

The prevalence of software supply chain attacks is on the rise, posing significant threats due to the extensive impact and severity of such incidents, according to threat intelligence researchers at Cyble.

Within a six-month span from February to mid-August, Cyble identified 90 claims of supply chain breaches made by cybercriminals on the dark web. This averages nearly one breach every other day. Supply chain attacks are notably more costly and damaging than other types of cyber breaches, making even a small number of these attacks particularly detrimental.

Cyble’s blog highlights that while infiltrations of an IT supplier’s codebase—similar to the SolarWinds incident in 2020 and Kaseya in 2021—are relatively uncommon, the software supply chain’s various components, including code, dependencies, and applications, remain a continuous source of vulnerabilities. These persistent risks leave all organizations exposed to potential cyberattacks.

Even when supply chain breaches do not compromise codebases, they can still result in the exposure of sensitive data, which attackers can exploit to breach other environments through methods such as phishing, spoofing, and credential theft. The interconnected nature of the physical and digital supply chain means that any manufacturer or supplier involved in downstream distribution could be considered a potential cyber risk, according to the researchers.

In their 2024 analysis, Cyble researchers examined the frequency and characteristics of supply chain attacks and explored defenses that can mitigate these risks.

Increasing Frequency of Supply Chain Attacks

Cyble’s dark web monitoring revealed 90 instances of cybercriminals claiming successful supply chain breaches between February and mid-August 2024.

IT service providers were the primary targets, accounting for one-third of these breaches. Technology product companies were also significantly impacted, experiencing 14 breaches. The aerospace and defense, manufacturing, and healthcare sectors followed, each reporting between eight and nine breaches.

Despite the concentration of attacks in certain industries, Cyble’s data shows that 22 out of 25 sectors tracked have experienced supply chain attacks in 2024. The U.S. led in the number of breaches claimed on the dark web, with 31 incidents, followed by the UK with 10, and Germany and Australia with five each. Japan and India each reported four breaches.

Significant Supply Chain Attacks in 2024

Cyble’s blog detailed eight notable attacks, ranging from codebase hijacks affecting over 100,000 sites to disruptions of essential services. Examples include:

  • jQuery Attack: In July, a supply chain attack targeted the JavaScript npm package manager, using trojanized versions of jQuery to exfiltrate sensitive form data from websites. This attack impacted multiple platforms and highlighted the urgent need for developers and website owners to verify package authenticity and monitor code for suspicious modifications.
  • Polyfill Attack: In late June, a fake domain impersonated the Polyfill.js library, injecting malware into over 100,000 websites. This malware redirected users to unauthorized sites, underscoring the security risks associated with external code libraries and the importance of vigilant website security.
  • Programming Language Breach: The threat actor IntelBroker claimed unauthorized access to a node package manager (npm) and GitHub account related to an undisclosed programming language, including private repositories with privileges to push and clone commits.
  • CDK Global Inc. Attack: On June 19, a ransomware attack targeted CDK Global Inc., a provider of software to automotive dealerships, disrupting sales and inventory operations for weeks across North American auto dealers, including major networks like Group1 Automotive Inc. and AutoNation Inc.
  • Access to 400+ Companies: IntelBroker also claimed in June to have access to over 400 companies through a compromised third-party contractor, with data access to platforms like Jira, GitHub, and AWS, potentially affecting large organizations such as Lockheed Martin and Samsung.
Mitigating Supply Chain Risks through Zero Trust and Resilience

To counter supply chain attacks, Cyble researchers recommend adopting zero trust principles, enhancing cyber resilience, and improving code security. Key defenses include:

  1. Network microsegmentation
  2. Strong access controls
  3. Robust user and device identity authentication
  4. Encrypting data both at rest and in transit
  5. Ransomware-resistant backups that are “immutable, air-gapped, and isolated”
  6. Honeypots for early detection of breaches
  7. Secure configuration of API and cloud service connections
  8. Monitoring for unusual activity using tools like SIEM and DLP
  9. Regular audits, vulnerability scanning, and penetration testing are also essential for maintaining these controls.

Enhancing Secure Development and Third-Party Risk Management

Cyble also emphasizes best practices for code security, including developer audits and partner assessments. The use of threat intelligence services like Cyble’s can further aid in evaluating partner and vendor risks.

Cyble’s third-party risk intelligence module assesses partner security across various areas, such as cyber hygiene, dark web exposure, and network vulnerabilities, providing specific recommendations for improvement. Their AI-powered vulnerability scanning also helps organizations identify and prioritize their own web-facing vulnerabilities.

As security becomes a more critical factor in purchasing decisions, vendors will likely need to improve their security controls and documentation to meet these demands, the report concludes.
Read more »
US Cybersecurity
Breach CISA critical infrastructure risk Cyber Security Data Analytics Information Security supply chain attacks US Cybersecurity

CISA Investigates Sisense Breach: Critical Infrastructure at Risk

 

In the fast-paced landscape of cybersecurity, recent events have once again brought to light the vulnerabilities that critical infrastructure organizations face. The breach of data analytics company Sisense, under investigation by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), serves as a stark reminder of the importance of robust security measures in protecting sensitive data and systems. 

Sisense, a prominent American business intelligence software company, found itself at the center of a security incident impacting not only its own operations but also critical infrastructure sector organizations across the United States. 

With offices in New York City, London, and Tel Aviv, and a clientele including major players like Nasdaq, ZoomInfo, Verizon, and Air Canada, the breach sent shockwaves through the cybersecurity community. CISA's involvement underscores the severity of the situation, with the agency actively collaborating with private industry partners to assess the extent of the breach and its implications for critical infrastructure. 

As investigations unfold, the focus is on understanding the nature of the compromise and mitigating potential risks to affected organizations. In response to the breach, CISA has issued recommendations for all Sisense customers to reset any credentials and secrets that may have been exposed or used to access the company's platform and services.

This proactive measure aims to prevent further unauthorized access and protect sensitive information from exploitation. Sisense's Chief Information Security Officer, Sangram Dash, echoed CISA's advice in a message to customers, emphasizing the importance of promptly rotating credentials used within the Sisense application. This precautionary step aligns with best practices in cybersecurity, where rapid response and mitigation are essential to minimizing the impact of security incidents. 

Additionally, customers are urged to report any suspicious activity related to potentially exposed credentials or unauthorized access to Sisense services to CISA. This collaborative approach between organizations and government agencies is crucial in addressing cybersecurity threats effectively and safeguarding critical infrastructure from harm. The incident involving Sisense is not an isolated event. 

Similar supply chain attacks have targeted critical infrastructure organizations in the past, highlighting the need for heightened vigilance and resilience in the face of evolving cyber threats. One such attack, involving the 3CX breach a year ago, had far-reaching consequences, impacting power suppliers responsible for generating and distributing energy across the grid in the United States and Europe. 

As organizations grapple with the aftermath of the Sisense breach, lessons learned from this incident can inform future cybersecurity strategies. Proactive measures such as continuous monitoring, regular security assessments, and robust incident response plans are essential for mitigating risks and protecting critical infrastructure assets. 

The Sisense breach serves as a wake-up call for the cybersecurity community, emphasizing the interconnected nature of cyber threats and the imperative of collaboration in defending against them. By working together and adopting a proactive stance, organizations can bolster their defenses and safeguard critical infrastructure from cyber adversaries.
Read more »
supply chain attacks
Cyber Culture Cyber defense Cyber Security Data protection Data Retention Employee Training HR Strategies Incident response Security Preparedness supply chain attacks

Boost Cybersecurity: HR's Key Role in Guarding Your Business

 

If your company were to fall victim to ransomware today, whom would you contact? Or perhaps a more pertinent question: How would you go about contacting them? 

This scenario might appear ludicrous, there are  instances where organizations have been immobilized during the initial hours following a breach simply due to the absence of readily available contact information. 

With email and messaging systems rendered inaccessible, communication grinds to a halt, causing confusion among employees, customers, and suppliers alike. What begins as mild panic rapidly escalates into a full-blown crisis.

Commonly, people tend to associate cybersecurity exclusively with the IT or security department. However, safeguarding your company hinges on two crucial factors: the prevailing organizational culture and meticulous planning. This is precisely why some of the most pivotal players in the realm of cyber defense aren't housed within the IT team – they reside within the human resources (HR) department.

The HR team occupies a unique vantage point, enabling them to seamlessly integrate cybersecurity preparedness into the daily operations of an organization. 

Their responsibilities encompass establishing policies and processes to mitigate risks and fostering a business environment equipped to withstand foreseeable challenges, cyberattacks included. Notably, HR teams are also prime targets for hackers, given their role as custodians of sensitive personal information belonging to employees.

Regrettably, the significance of this role often goes unnoticed. Thus, sharing five strategies by which HR can fortify your business against cybercriminals.

1. Foster a Culture of Cybersecurity

Maintaining eternal vigilance is the requisite price for preserving our liberty to navigate the internet. The sheer volume of threats is staggering – recent findings indicate that educational institutions fend off over 2,300 intrusion attempts on average each week, while healthcare organizations combat more than 1,600 attacks. Given the barrage of digital threats, capturing them all becomes an incredibly daunting task. Yet, a robust cybersecurity culture equips an organization to counter these attacks and minimize the scope of damage when they do breach defenses. The challenge lies in uniting everyone under a shared understanding of appropriate online conduct.

To initiate this process, it is imperative to provide training tools that equip employees with the knowledge of permissible and prohibited online behaviors. Most organizations excel in this aspect. However, the implementation of this information on a daily basis often falls short.

The most effective means of ingraining cybersecurity as an integral aspect of individual responsibilities is its incorporation into performance evaluations. Rather than chastising employees for inadvertently clicking on dubious links, the approach should be constructive, focusing on how they uphold their cyber literacy training. Cyber health-check tools can be employed by workers to analyze their online conduct and address vulnerabilities (such as employing identical passwords across multiple platforms or neglecting two-factor authentication). Moreover, these tools can be harnessed to monitor the progress towards cybersecurity objectives at an organizational level.

Regular discourse on safety measures will seamlessly integrate them into the modus operandi of your business.

2. Safeguard Sensitive Information

HR assumes custodial responsibility for some of the most sensitive data within an organization – a fact not lost on hackers. Over the past half-decade, numerous companies have embraced platforms that empower employees to independently manage routine tasks such as vacation requests. However, these third-party platforms carry inherent risks. Cybercriminals often target them through supply chain attacks, cognizant of the potential to access vast troves of data from multiple organizations. In 2021, a widely-used file transfer system fell victim to a breach, compromising over 300 organizations. The University of California was among those affected, with exposed information spanning employees' social security numbers, driver's licenses, and passport details (prompting the UC system to provide its staff with complimentary ID monitoring services).

Primary among the duties of HR professionals is to ensure the confidentiality of employee data. Rigorous due diligence is essential before enlisting the services of any third-party HR provider. Preference should be accorded to entities conforming to international standards (notably SOC 2 and ISO 27001), while online research should uncover any past security incidents associated with the provider. It is equally vital to ascertain the storage and backup mechanisms employed for your data. Depending on your geographical location and industry, compliance with data residency regulations may be obligatory.

3. Rationalize Data Retention Policies

Updating the data retention policy should be a priority for every HR department. Even if your organization's policy isn't documented, a policy nevertheless exists – the default being the indefinite retention of all data. This exposes you to significant risks. The severity of a breach is exacerbated by the volume of data at stake, especially if you retain unnecessary data. Many jurisdictions stipulate limits on the duration for which companies should retain sensitive information – typically around seven years for records pertaining to former employees.

4. Appoint an Incident Commander

While cybersecurity constitutes an ongoing collective responsibility, a designated individual should assume leadership during a breach. In cybersecurity parlance, this figure is known as the incident commander. Despite diverse perspectives on the most suitable course of action, decision-making authority rests with the incident commander.

The qualifications for an incident commander are succinct: they should possess a profound understanding of cybersecurity matters within your organization. Depending on the size of your enterprise, this individual could be a cybersecurity expert, the head of IT, or even an individual like Joanne from the accounting department, provided she has undergone relevant training. Regardless of the appointee's identity, their role should be pre-established, communicated clearly to your team, and ready to be activated in the event of an incident. Given the swiftness with which cybersecurity events unfold – exemplified by instances where hackers gave a mere 45-minute warning prior to disclosing sensitive information – identifying the incident commander ahead of time is critical to minimizing response delays.

5. Conduct Preparedness Drills

Effective cybersecurity hinges on both planning and practice. Numerous studies underscore the fact that individuals struggle to make sound decisions under stress. Much like fire or earthquake drills provide a framework for emergencies, the same principle applies to cybersecurity incidents. Allocate a two-hour window annually to execute a tabletop exercise involving key personnel, simulating the actions to be taken in the event of a hack. During these drills, a designated moderator outlines the attack's nature and scope, while participants collaboratively devise their responses.

Initial attempts at conducting such exercises may result in confusion, yet this is by design. The ensuing scramble highlights deficiencies in your strategies. Over time, these drills become second nature, enhancing your organization's capacity to effectively respond to cyber threats.
Read more »
Third Party Vendors
Cyber Security Supply Chain supply chain attacks supply chain security Third Party Vendors

What Choices Ought to Influence the Supply Chain in 2023?

 

Due to the increase in cybercrime, many businesses are infected by viruses and malware that are distributed to them by vendors and business partners. 

There has not been a definite plan of action that addresses this as of yet. However, new third-party risk assessment techniques, products, and services are now available to find security "weak spots" in the supply chain of your business. 

Threats by supply chain vendors 

BlueVoyant, a cybersecurity provider, reported in 2021 that 98% of organizations surveyed had been impacted by a supply chain security breach. In a global survey of 1,000 chief information officers conducted in 2022, 82% of respondents said their organizations were vulnerable to cyberattacks targeting their supply chains. 

There are multiple reasons for these statistics and concerns. The following stand out:

  • The enormous size of corporate supply chains can include up to 100,000 suppliers for a single business 
  • Different cybersecurity standards are required in different countries 
  • Supplier unpreparedness, lack of knowledge, and lack of resources for sound cybersecurity practices 
  • Lack of understanding of supplier security in areas like purchasing, which frequently issue requests for proposals from suppliers without mentioning the security requirements for conducting business with the company. 

Best practices for supply chain security 

While cybersecurity frameworks provide an excellent overview of general supply chain security requirements, they do not provide a detailed plan for implementation. 

What organizations require is a guide for a multifaceted approach to supply chain security — but no single playbook can meet the needs of every organization. Instead, as organizations develop their own security approaches, leaders should follow supply chain security best practices: 

Become familiar with your data 

It may seem obvious, but it cannot be overstated: you must understand your own data, that is, what type of data your organization stores and how sensitive that data is. Use discovery and classification tools to find databases and files in your organization that contain sensitive data, such as customer data, financial information, health records, etc. 

Conduct a risk assessment of supply chain security 

Simply comprehending your data is insufficient. You must also understand your supply chain thoroughly in order to identify potential security risks and take preventative measures. 

Begin by gathering data on your third-party partners. What security safeguards do they have in place? Consider each partner's level of vulnerability, breadth and depth of data access, and the impact on your organization if their security is compromised. 

Next, evaluate the software and hardware products that your company employs. What are their weaknesses? Also, don't overlook compliance. Examine your organization's current security governance and consider where it may need to pivot. 

Create an incident response plan 

Attacks will occur, and your system will be compromised, no matter how thoroughly you prepare your organization's supply chain security. As a result, supply chain security best practices include more than just prevention — they also include preparation. 

An incident response plan should be a key component of your supply chain security app. This plan should outline everyone's responsibilities as well as all procedures to be followed in the event of a security incident. Make specific plans for data breaches, system shutdowns, and other security interruptions. And don't just write these procedures down. Test them, practice them, and make sure they're ready to go. 

Conclusion 

Because the supply chain is so fragile, maintaining solid supply chain security is a dangerous game. While eliminating all threats is impossible, adhering to best practices in supply chain security will position your organization to anticipate and mitigate their effects.
Read more »
Trojan
Canada Comm100 Data Theft malware Supply Chain Attack supply chain attacks supply chain security Trojan

Trojanized Comm100 Live Chat App Installer Distributed a JavaScript Backdoor

Cybersecurity platform CrowdStrike reported a supply chain attack that involved the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. The application suffered an attack from 27 September to 29, 2022. 

Additionally, the malicious group actively attacked other sectors of the organizations with the same installer including the industrial, technology, healthcare, manufacturing, telecommunications sectors, and insurance in North America and Europe. 

Canadian application Comm100 facilitates over 200,000 businesses with its customer service and communication products. With more than 15,000 clients, the Comm100 company offers chat and customer engagement applications to businesses in 51 countries. However, the company did not report anything on how many customers got affected by the attack. 

According to the Cybersecurity firm CrowdStrike, the malware was proliferated using a Comm100 installer that was downloadable from the company’s website. On September 26, the installer was signed with legitimate information on the Comm100 desktop agent app. 

“CrowdStrike Intelligence can confirm that the Microsoft Windows 7+ desktop agent hosted at hxxps[:]//dash11.comm100[.]io/livechat/electron/10000/Comm100LiveChat-Setup-win[.]exe that was available until the morning of September 29 was a trojanized installer.”, Crowdstrike confirmed. 

Also, a malicious loader DLL called MidlrtMd[.]dll has been used as part of the post-exploitation action. It starts an in-memory shellcode to inject an embedded payload into a new Notepad process (notepad[.]exe). The CrowdStrike believed that the China nexus threat actor is behind the attack because the group previously targeted several Asian online gambling organizations. 

“Furthermore, CrowdStrike Intelligence assesses with moderate confidence that this actor likely has a China nexus. This assessment is based on the presence of Chinese-language comments in the malware, the aforementioned tactics, techniques, and procedures (TTPs), and the connection to the targeting of online gambling entities in East and Southeast Asia — a previously established area of focus for China-nexus targeted intrusion actors”, CrowdStrike Intelligence customers reported.
Read more »
supply chain attacks
Android AWS iOS Mobile Security supply chain attacks

Over 1800 Mobile Apps Found Exposing AWS Credentials


Experts find hard-coded AWS credentials

Experts have found 1,859 applications across Android and iOS that contain hard-coded Amazon Web Services (AWS) credentials, becoming a major security threat. More than 77% of the apps contain valid AWS access tokens that allow access to private AWS cloud services. 

Mobile apps may contain vulnerabilities in the supply chain that can potentially cause exposure to sensitive data, which can be used by hackers for other attacks. Supply chain vulnerabilities in mobile apps are often added by app developers, intentionally or unintentionally. 

The developers don't know the downside of the security impacts, putting the app users' privacy, as well as the employer and organizations' privacy at risk too. 

Source of the Problem

Researchers at Broadcom Software looked into why and where exactly the AWS access tokens were inside the applications, and whether present in other apps too. They found over half (53%) of the apps were using the same AWS access tokens found in other apps. 

These apps, interestingly, were from different app developers and organizations. This way, the experts found a supply chain vulnerability, it could be traced to a shared library, third-party SDK, or other shared components used in making the apps. 

Why app developers are using hard-coded access keys?

  • Downloading or uploading assets and resources needed for the applications, generally large media files, images, or recordings. 
  • To access configuration files for the app and/or register the device or get device info for cloud storage. 
  • Access cloud services that need authentication, like translation services.
  • For no particular reason, the dead code was used for testing and never removed. 

In one incident discovered by Symantec, an unknown B2B company that offers an intranet and communication platform and also provides a mobile software development kit (SDK) to its customers had its cloud infrastructure keys embedded in the SDK to access the translation service. 

It led to the leak of all of its customers' personal information- corporate data and financial records that belonged to more than 15000 medium to large-sized firms. 

How can users stay safe from supply chain attacks?

It is possible to protect yourself from supply chain issues, one can add security scanning solutions to the app development lifecycle and if using an outsourced provider, you can review Mobile App Report Cards, which can notice any malicious app behaviors or vulnerabilities for every launch of the mobile app, can all be helpful in to highlight potential issues. 

If you're an app developer, you can look for a report card that both scans SDKs and frameworks in your apps and finds the source of any vulnerabilities or suspicious behaviors. 




Read more »
zero Day vulnerability
Cyber Attacks RCE Flaw supply chain attacks zero Day vulnerability

Last Year, Brute-Forcing Passwords and ProxyLogon Exploits were Among the Most Common Attack Vectors

 

Last year, brute-forcing passwords and exploiting ProxyLogon vulnerabilities against Microsoft Exchange Server were among the most prominent attack methods. According to ESET's Q3 Threat Report, which covers September to December 2021, while supply chain attacks increased over 2020, the year 2021 was marked by the continuous discovery of zero-day vulnerabilities potent enough to wreak havoc on enterprise systems. The discovery of zero-day flaws in Exchange Server, as well as Microsoft's emergency patches to address on-premise issues, haunted IT admins well into the year.

The end of the year was similarly tumultuous in terms of RDP attacks, which grew in severity throughout 2020 and 2021. Despite the fact that 2021 was no longer distinguished by the chaos of freshly imposed lockdowns and fast migrations to remote work, the data from the final weeks of T3 2021 eclipsed all prior records, amounting to a remarkable yearly surge of 897% in total attack attempts thwarted. The only positive news from the RDP attack front is that the number of targets has been gradually decreasing, albeit the rampage does not appear to be coming to a stop anytime soon. 

Ransomware, previously described as "more aggressive than ever" in the Q4 2020 Threat Report, outperformed the worst predictions in 2021, with attacks on critical infrastructure, outrageous ransom demands, and over US$5 billion in bitcoin transactions tied to potential ransomware payments identified in the first half of 2021 alone. 

However, the pressure from the opposing side has been increasing as well, as evidenced by increased law enforcement efforts against ransomware and other cybercriminal endeavors. While the intensive crackdown prompted numerous gangs to quit the scene – even providing decryption keys – it appears that other attackers are becoming even more daring: T3 saw the biggest ransom demand yet, US$240 million, tripling the prior report's figure. 

The repercussions of a critical vulnerability in Log4j were also discovered in the last four months of 2021. The remote code execution (RCE) flaw in Log4j, tracked as CVE-2021-44228, received a CVSS severity level of 10.0, sending organizations scrambling to repair the problem. Threat actors immediately began attempting to exploit the flaw.

Despite the fact that the vulnerability was only made public in the last three weeks of 2021, ESET has classified CVE-2021-44228 as one of the top five attack vectors of the year. 

According to the study, there has been a significant increase in Android banking malware, with a 428% increase in 2021 compared to 2020. According to ESET, infection rates connected with Android banking Trojans including SharkBot, Anatsa, Vultur, and BRATA have now surpassed adware levels.
Read more »
Subscribe to: Posts (Atom)