Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The best way to understand real-world attacks is to observe them in the wild. Following this principle, our research team set up a decoy Kubernetes workload designed to attract malicious actors – a honeypot in a Kubernetes cluster we named the “Honey-pod.” Inside this pod, we deployed Apache Druid, a popular open-source analytics database known for its scalability and, unfortunately, for a history of exploitable vulnerabilities.

At 21 Apr, 20:53 GMT+0, our system, Aikido Intel started to alert us to five new package version of the xrpl package. It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads. We quickly confirmed the official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

The numbers are startling – organizations typically need 197 days to spot a cyber attack and another 69 days to contain it. This leaves systems vulnerable for more than eight months. The financial impact keeps growing. A typical cyber attack now costs organizations $4.45 million in damages – a 15% increase in the last three years. But there’s good news: cybersecurity works like asymmetric warfare. Defenders can stop an entire attack by breaking just one link in the attack chain.

Initial Access Brokers (IABs) are threat actors who infiltrate networks, systems, or organizations and sell this unauthorized access to other malicious actors. Instead of executing the entire cyber attack, IABs focus on the initial breach and monetize it by selling access to compromised systems. They assist ransomware operations, particularly RaaS schemes, by streamlining attacks and reducing workload at the start.

Several years ago, a security researcher discovered a vulnerability in Google Chrome that allowed fake domains to bypass the browser’s security measures. The researcher registered a domain that appeared as “xn--80ak6aa92e.com” but displayed as “apple.com” in the browser, demonstrating how easy it was to deceive users. This is just one example of what’s known as a homograph attack, or sometimes a ‘look-a-like domain’.

The energy sector has become a prime target for cyberattacks, with successful breaches posing severe risks to national security, economic stability, and public safety. Luckily, the industry is standing up and taking notice, with two-thirds of energy professionals (65%) now saying their leadership now sees cybersecurity as the greatest risk to their business.

CVE Trends, Vulnerabilities of SSRF On March 25, 2024, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory about an increasing yet commonly overlooked web application vulnerability, Server-Side Request Forgery (SSRF).

The threat facing healthcare organizations worldwide is being recognized at the highest level, with the United Nations calling for international cooperation to combat the issue. The international organization has asked its members to support fellow member nations by providing technical assistance and guidelines to bolster the resilience of health infrastructure against attack.