Tag: potential | SpinSafe

Cybercriminals using fewer than 1% of thousands of potential exploits

December 20, 2023/in Internet Security

More than 26,000 vulnerabilities were disclosed in 2023, but cybercriminals only needed fewer than 1% of them, a Qualys Threat Research Unit report reveals. Almost half of exploited vulnerabilities were unknown to cyber defenders.

Statistics from 2023 reveal that malicious actors act fast when exploiting vulnerabilities before they get patched.

Over 26,000 vulnerabilities were disclosed in 2023, which is 5.6% more compared to the previous year. However, Qualys found that fewer than one percent of them contributed to the highest risk and were routinely exploited by threat groups.

Among 206 weaponized vulnerabilities, 109 were known to the US cyber defense agency CISA, while the rest 109 were unknown.

Ransomware groups such as LockBit and Cerber routinely exploited even fewer than that, only 20 vulnerabilities, despite having over 7,000 discovered vulnerabilities with a proof-of-concept exploit code that could result in successful exploitation. Cyber gangs did not use the lower quality code to ensure the highest likelihood of successful attacks.

Additionally, 15 vulnerabilities were exploited by malware and botnet groups.

“Many of these vulnerabilities, such as those found in MOVEit Transfer, Windows SmartScreen, and Google Chrome, are exploitable remotely, obviating the need for physical access to the targeted system,” researchers said.

Remote code execution is the most preferred type of exploit, with 60 vulnerabilities exploited in the wild. The five most prevalent types, comprising over 70% of weaponized vulnerabilities, also included security feature bypass, privilege escalation, buffer manipulation, and input validation and parsing.

Less time to react

The report reveals that network defenders must act with urgency. While the average time to exploit vulnerabilities in 2023 stands at 44 days, in numerous cases, exploits were available on the very same day vulnerabilities were published. The Modus operandi of attackers is shifting, leaving less time for response.

“25 percent of these security vulnerabilities were immediately targeted for exploitation, with the exploit being published on the same day as the vulnerability itself was publicly disclosed,”…

Source…

Chinese state-backed cyberattacks hack off potential adversaries

December 5, 2023/in Internet Security

Hong Kong, December 5 (ANI): Few doubt that China is responsible for a massive campaign of computer hacking and nefarious cyber activities. Beijing denies any culpability for cyberattacks, calling such accusations “baseless”, but the weight of evidence rests squarely against China.

The US Office of the Director of National Intelligence, in its 2023 Annual Threat Assessment, recognized the threat: “China probably currently represents the broadest, most active and persistent cyber espionage threat to US government and private-sector networks. China’s cyber pursuits and its industry’s export of related technologies increase the threats of aggressive cyber operations against the US homeland.”If this were not damning enough, the report continued: “China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.” This assessment was borne out by a Chinese state-sponsored threat group called Volt Typhoon, responsible for attacks this year, some of the largest ever, on American infrastructure. Five Eyes partners publicly disclosed the worrying threat posed by Volt Typhoon in May, since the group’s activities represent far more than the usual espionage conducted by nations. The group preplaced technical implants and achieved long-term access into adversaries’ networks, such prepositioning showing maturity in the People’s Liberation Army’s (PLA) joint information warfare capabilities.

Pukhraj Singh, Director of the Centre for Epistemic Security, wrote for the Australian Strategic Policy Institute (ASPI): “The military cyber elements seem to have been extricated from the stovepipes of the theater commands and are ready to produce strategic effects extending beyond the Indo-Pacific. And the integration isn’t just militaristic but also political: the PLA is the Chinese Communist Party’s (CCP) army. Strategic cyber operations are directly sanctioned by the Central Military Commission, and ultimately authorized by Xi.”Singh further posited: “The intelligence that has trickled through from the Five Eyespoints to interesting doctrinal and strategic developments in…

Source…

Gaming firm Razer hit by potential breach, hacker offering stolen data for $135k in crypto

July 10, 2023/in Computer Security

SINGAPORE – Gaming hardware company Razer has allegedly suffered a data breach, after a seller on a hackers’ forum offered stolen data for US$100,000 (S$134,898) in cryptocurrency on Saturday.

The firm said in a Twitter post on Monday that it is aware of a potential breach and is investigating.

Checks by The Straits Times found that the data being sold included the source code and back-end access logins for Razer’s website and its products.

This included folders labelled zVault – referring to Razer’s digital wallet that was launched in March 2017 and later gave way to Razer Gold in December 2018 – as well as those allegedly containing encryption keys and files pertaining to its reward system.

A sample seen by ST also showed the alleged e-mail addresses of customers with virtual credit in Razer Gold accounts. The seller claimed to have 404,000 accounts, but this could not be verified.

On the hackers’ forum, the seller said he would sell the data to only one customer for an asking price of US$100,000 in the Monero cryptocurrency. However, he added that he would be open to offers lower than the stipulated amount.

Unlike other cryptocurrencies such as Bitcoin or Ethereum, in which information on transactions is public as they take place on the blockchain, transactions on Monero are private, according to the cryptocurrency’s website.

Source…

Distributed Denial of Service (DDoS) Protection Market with Strategic Trends Growth, Revenue, Demand & Future Potential of Industry by 2030

May 3, 2023/in Internet Security

PRESS RELEASE

Published May 3, 2023

Coherent Market Insights has announced the publication of a new report titled Distributed Denial of Service (DDoS) Protection Market 2023, which provides regional and global market data expected to increase in value between 2023 and 2030. The in-depth analysis of the global Distributed Denial of Service (DDoS) Protection Market offers critical insights into the industry’s changing dynamics, value chain analysis, prominent investment pockets, competitive scenarios, geographical landscape, and key segments. It also includes a comprehensive examination of the driving and restraint components for the global market. Also provides superior information on the global market’s working tactics and potential opportunities. This will assist industry participants, policymakers, stakeholders, investors, and new entrants in the Distributed Denial of Service (DDoS) Protection Industry in identifying and grasp innovative opportunities.

Request a sample to obtain authentic analysis and comprehensive market insights @https://www.coherentmarketinsights.com/insight/request-sample/1182

Note – Updated Version 2023 is available

This study provides detailed information on emerging trends, market drivers, development opportunities, and market restraints that have the potential to influence the dynamics of the Distributed Denial of Service (DDoS) Protection market. The study assesses the global Distributed Denial of Service (DDoS) Protection market size and examines the approach trends of the key international players. The study also estimates the market’s size in terms of revenue over the forecast period. All data numbers, including percentage share splits and breakdowns, are derived from secondary sources and cross-checked with primary sources. The report conducted a Porter’s five forces analysis, SWOT analysis, regulatory landscape, and prominent buyers to examine the industry’s primary influencing variables and entry barriers.

What is New Additions in 2023?

Detailed industry forecast

Additional information on company participants

Customized reports and analyst assistance are available upon request.

…

Source…

Tag Archive for: potential

Less time to react