Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AgentTesla is a Windows malware written in.NET, designed to steal sensitive information from the victim's system. It’s considered commodity malware given its accessibility and relatively low cost. Commodity malware poses a significant threat as it enables less sophisticated cybercriminals to conduct various types of cyberattacks without requiring extensive technical knowledge. AgentTesla has been a persistent and widespread threat since its emergence in 2014.

Welcome to the sixteenth edition of Cloudflare’s DDoS Threat Report. This edition covers DDoS trends and key findings for the fourth and final quarter of the year 2023, complete with a review of major trends throughout the year.

For the first time ever, the U.S. Justice Department announced the existence of an FBI-developed decryption tool that has been used to save hundreds of victim organizations attacked by one of the most prolific ransomware variants in the world. In an announcement made last month, the Justice Department made the world aware of the existence of a decryption tool to be used by those organizations hit by Blackcat – also known as ALPHV or Noberus.

An attack surface is the total number of channels, pathways, or areas that threat actors can utilize to gain unauthorized access to networks. The result is that they can obtain private information or carry out a cyber-attack. An attack surface comprises the organizational assets a threat actor can exploit to gain unauthorized access. Attack surfaces include systems that are directly involved in mission-critical operations, as well as those that provide peripheral services or access to important data.

Cyberattacks continue to be a cause for concern for businesses. Although great strides have been made to combat this issue, the ability of threat actors to adapt, combined with other factors such as the rise in remote working or the increase in the number of devices with Internet access, means that cybercrime persists. According to a study by Cybersecurity Ventures, a cyberattack took place every 39 seconds in 2023, which translates into over 2,200 cases per day.

In the cyber realm, where digital defense and offense is an ongoing game of cat and mouse, one of the most potent weapons in an attacker's arsenal is the web shell. A seemingly innocuous piece of code that, once embedded in a server, allows an attacker to maintain their access and control. The hidden danger of web shells is their stealthiness and versatility, making them a challenging threat to uncover and neutralize.

With over half of organizations being the victim of password-based attacks in the last year, new data sheds light on the risk of phishing attacks and the use of password-based credentials. If you don’t think credentials are a key element in cyber attacks, I refer you back to an article of mine from the middle of last year where 15 billion (with a ‘b’) credentials are on sale on the dark web.

Recent research identifying nearly 100,000 exposed industrial control systems (ICS) around the world should serve as a critical wake-up call to national government policymakers responsible for ensuring national security, public health, and safety within their borders. These systems, fundamental to our critical infrastructure, underpin essential services that sustain modern society… and they should not be publicly exposed on the Internet!

Working from home (WFH) has brought with it advantages such as flexibility and access to global talent, but it has also introduced new security threats to organizations. The shift to a remote or hybrid workforce has forced companies to adopt more software-as-a-service (SaaS) applications, which has caused almost 40% of companies to lose control of their IT and security environments, according to data from a Cloudflare study.

With so much of an attack riding on a cybercriminals ability to gain access to systems, applications and data, experts predict the trend of rising impersonation is only going to get worse.