The government of a U.S. county announced on September 11 that a recent cyber incident had disrupted its online services. Subsequent coverage of the event has noted that it strongly resembles a ransomware attack. The disruption comes against a backdrop of frequent ransomware activity targeting state and local governments and the education sector.
Globally, fintech firms saw 2.5 times more attacks in Q1 2022. The BFSI industry is prone to cyberattacks every day. Fintech firms carry some vital data. Cybercriminals know it. They aim to exploit your system’s flaw to access the data. The worst part is they will use it for financial fraud. A successful data breach causes penalties and reputation losses. It scares away your customers. It is even motivating cybersecurity in Fintech. How do you make a secure financial platform?
Investors came into 2022 feeling good, with a three-year average annual return for the S&P 500 of 24%. In March, things changed. The Federal Reserve raised interest rates, signaling it was time to switch to bonds. The playbook said bonds were the much safer play. Then Russia invaded Ukraine. Commodity prices, especially energy and food, spiked. Supply chains broke. The E.U. faced a winter without enough energy to heat homes or power businesses.
A Denial-of-Service (DoS) is an attack meant to shut down a machine or network, making it inaccessible to its intended users, so dos Kubernetes is a potential target. In the case of Distributed Denial-of-Service (DDoS), the attacker will look to maintain some form of anonymity so their activities cannot be traced. They can route traffic through Tor and VPN infrastructure to scan, attack, or compromise the target, while maintaining anonymous communications.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the evolution of video conferencing since the 2020 pandemic, the security challenges faced by video conferencing tools, how companies and governments have acknowledged the risks, and the best practices to avoid such attacks.
Rclone is a data syncing tool often used by threat actors to exfiltrate data during a ransomware attack. Typically, the actors deploy Rclone after gaining remote access to the victim’s network. However, recently, Kroll experts have noted the use of Rclone in M365, using credentials stolen through network compromises or phishing attacks with minimal privileges to stealthily exfiltrate large amounts of SharePoint/OneDrive data.
Threat actors continue to evolve methods to access valid credentials using new techniques such as multi-factor authentication or MFA spamming that we must detect. On Sept. 15, the security world was worked into a frenzy across social media as details of Uber’s “cybersecurity incident” were revealed.
While Distributed Denial of Service (DDoS) attacks have been around for over a decade, they still continue to evolve and escalate, particularly during 2022. The tense geopolitical situation caused by the Russian invasion of Ukraine has affected the nature and intensity of these types of attacks, making states official participants in the DDoS mitigation market.
A lot of attention gets paid to preventing pass-the-hash and pass-the-ticket attacks, but these tactics limit adversaries to what they can perform from the command line. Compromising a plaintext password gives an attacker unlimited access to an account — which can include access to web applications, VPN, email and more. One way to extract plaintext passwords is through Kerberoasting, but this brute-force technique takes a lot of time and patience.
On the 22nd September 2022, Australian telecommunications company Optus reported that they had experienced a cyber breach affecting nearly 11 million customers, which may make it the worst cyber attack in Australia’s history. Details of this attack are still emerging, however it has taken a couple of twists in the weeks following the attack, and there are some early indicators as to what occurred. In the News.
