Tag Archive for: limited

As-a-Service tools empower criminals with limited tech skills

/in


As-a-service attacks continue to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up the majority of malicious tools in use by attackers, according to Darktrace.

as-a-Service malware tools

Cybercriminals exploit as-a-Service tools

As-a-Service tools can provide attackers with everything from pre-made malware to templates for phishing emails, payment processing systems and even helplines to enable criminals to mount attacks with limited technical knowledge.

The most common as-a-Service tools Darktrace saw in use from July to December 2023 were:

  • Malware loaders (77% of investigated threats), which can deliver and execute other forms of malware and enable attackers to repeatedly target affected networks.
  • Cryptominers (52% of investigated threats), which use an infected device to mine for cryptocurrency.
  • Botnets (39% of investigated threats) enrol users in wider networks of infected devices, which attackers then leverage in larger-scale attacks on other targets.
  • Information-stealing malware (36% of investigated threats), malicious software like spyware or worms, designed to secretly access and collect sensitive data from a victim’s computer or network.
  • Proxy botnets (15% of investigated threats), more sophisticated botnets that use proxies to hide the true source of their activity.

Phishing threats escalate in business communications

Darktrace identified Hive ransomware as one of the major Ransomware-as-a-Service attacks at the beginning of 2023. With the dismantling of Hive by the US government in January 2023, Darktrace observed the rapid growth of a range of threats filling the void, including ScamClub, a malvertising actor notorious for spreading fake virus alerts to notable news sites, and AsyncRAT, responsible for attacking US infrastructure employees in recent months.

As businesses continue to rely on email and collaboration tools for communication, methods such as phishing continue to cause a headache for security teams. Darktrace detected 10.4 million phishing emails across its customer fleet between the 1st September and the 31st December 2023.

But the report also highlights how cybercriminals are embracing more…

Source…

TMH on why information is limited – and a Q&A

/in


Tallahassee Memorial HealthCare continues to be impacted by a severe computer system security issue that began plaguing the hospital late Thursday. Hospital officials say an investigation is still underway to determine the nature and magnitude of the problem.

Below is the latest information provided by the Tallahassee Memorial HealthCare communications team. If you are a doctor, nurse or patient and want to share your experiences on the record or anonymously, email [email protected]

Feds on the scene:FBI working with TMH to ‘assess the situation;’ computers still offline after cyber incident

3:30 p.m. Tuesday, Feb. 7 update

As Tallahassee Memorial HealthCare (TMH) continues to manage the information technology security event that occurred Thursday, Feb. 2, we would like to recognize and thank the community partners who are helping us navigate this challenge.

Thank you to HCA Florida Capital Hospital and Leon County EMS. We’ve been meeting regularly with our partners and have collaborated closely behind the scenes to coordinate the flow of patients being routed to HCA. We are extremely appreciative of their partnership to ensure our community continues to receive medical care.

We also thank our partners at the Florida Department of Health (DOH), Centralis and RICOH, who have been working diligently to support us as we remain on downtime procedures.

Additional partners who continue to support us include the Big Bend Healthcare Coalition, Tallahassee Fire Department, Apalachee Health Center, Encompass Health and Select Specialty Hospital.

We are in communication with our partners daily and are working together to ensure safe, high-quality patient care continues for our community.

We understand that our community is eager for more information about this event. Our teams are working around the clock in collaboration with outside experts and state and federal agencies to investigate the cause of the event and safely restore all computer systems as quickly as possible. We will provide updates as this investigation progresses, bearing in mind that security, privacy and law enforcement considerations impact the amount of detail we can provide.

We will continue to share updates…

Source…

Radware Delivers Cloud DDoS Protection for ESDS Software Solution Limited

/in


MAHWAH, N.J., July 13, 2022 (GLOBE NEWSWIRE) — Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today announced that ESDS Software Solution Limited selected Radware’s Cloud DDoS Protection Service to support its data centers in India. ESDS is among India’s leading managed cloud service and end-to-end multi-cloud requirements providers. ESDS engaged Radware to further increase its visibility to network and application performance as well as speed time to protection against malicious DDoS attacks.

“ISP customers depend on us to maintain a high level of security and availability, which is why security reliability is important to our business,” said Rushikesh Jadhav, chief technology officer at ESDS. “We decided to work with Radware because it provides a comprehensive cloud DDoS service that can automatically generate protection for zero-day and unknown DDoS attacks in real time through a unified portal.”

DDoS attacks are becoming more frequent, powerful and sophisticated. According to a Radware report, the number of blocked malicious events per company has risen more than 30% from 2020 to 2021. In addition, the average blocked volume per company has grown by 26% during the same time period.

“Recognized as one of India’s leading cloud service providers, ESDS is continually advancing critical cloud-based tools to create added business value and protection for customers that serve many different industries,” said Nikhil Karan Taneja, Radware’s vice president and managing director for India, the Middle East, and South Asia. “We are pleased to offer ESDS a comprehensive cloud security solution built to defend against even the most determined threat actors.”

Radware’s Cloud DDoS Protection Service protects customers from large and sophisticated DDoS attacks, including randomized and reflective DDoS attacks, burst DDoS attacks, SSL floods, and IoT botnet DDoS attacks. Radware was recently ranked a global leader in Forrester’s report, “The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021.”

Disclaimer
ESDS Software Solution Limited is proposing, subject to receipt of requisite approvals,…

Source…

Experts are divided on why russia’s cyber offensive against Ukraine has been limited so far

/in


There have been several hacks of Ukrainian organizations, but no reports yet of the sort of high-impact cyberattacks on transportation or electric infrastructure that some feared.

The possible explanations for this, analysts say, range from disorganization in Russian military planning to hardened Ukrainian defenses, to the fact that bombs and bullets take precedence over hacking in wartime.

The reason Russia has so far not flexed in cyberspace during the war may be unattainable — or require being inside the minds of Russian spy chiefs. But how US, European and Ukrainian officials perceive the situation shapes how they allocate resources to defend Ukrainian computer networks as the war continues.

“What we have seen to date from Russia’s state cyber actors appears to reflect the same challenges seen in their conventional forces,” said a US cyber defense official, who spoke on the condition of anonymity because they were not authorized to speak to the press. “It is likely that inadequate preparation and bad assumptions have resulted in a haphazard performance that underplays their known capabilities.”

Limited Russian cyberattacks

Cyberattacks have played a supporting, not a central, role in the war and hacking incidents preceded and accompanied Russia’s bombardment of Ukraine:

• February 15: Cyberattacks temporarily knocked the websites of Ukrainian agencies and big banks offline. The White House blamed Russia for the incident (the Kremlin denied involvement).
• February 23: Hours before Russian airstrikes began hitting Ukraine, a cyberattack deleted data at multiple Ukrainian government agencies and private companies.

• February 25: Ukrainian government officials accused hackers working for the Belarusian Ministry of Defense of trying to break into the private email accounts of Ukrainian military personnel.

• March 10: Unidentified hackers caused disruptions at Ukrainian internet service provider Triolan, which has customers in big Ukrainian cities. Triolan blamed “the enemy” (a reference to Russia) for the incident but did not provide evidence to support the allegation.

Gen. Paul Nakasone, the most senior military cyber official in the US government, offered a vague,…

Source…