Tag Archives: internet-security

Office exploits continue to spread more than any other category of malware

The latest Internet Security Report from the WatchGuard Threat Lab shows a reduction in overall malware detections from the peaks seen in the first half of 2021, along with an increase in threats for Chrome and Microsoft Office and the ongoing Emotet botnet resurgence. Office exploits on the rise “While overall malware attacks in Q2 fell off from the all-time highs seen in previous quarters, over 81% of detections came via TLS encrypted connections, continuing … More ? The post Office exploits continue to spread more than any other category of malware appeared first on Help Net Security .

More:
Office exploits continue to spread more than any other category of malware

EMEA continues to be a hotspot for malware threats

Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to the latest quarterly Internet Security Report from the WatchGuard Threat Lab. Researchers also found that the Emotet botnet came back in a big way, the infamous Log4Shell vulnerability tripled its attack efforts and malicious cryptomining activity increased. Although findings from the Threat Lab’s Q4 2021 report showed ransomware attacks trending down year over year, that all changed … More ? The post EMEA continues to be a hotspot for malware threats appeared first on Help Net Security .

View the original here:
EMEA continues to be a hotspot for malware threats

The new age of DDoS – And we ‘joked’ that toasters would one day take down our banks

The size of DDoS attacks has increased exponentially thanks to hackers and cyber criminals making use of the IoT. A few years ago, just as the ‘Internet of Things’ (IoT) was starting to form as a concept, some of us in the cyber security community joked that in future our toasters would be able to take down our banks. Within the last few months that joke has started to become a reality. In September 2016, US security researcher Brian Krebs had his website, Krebs on Security, taken offline by the largest Distributed Denial of Service (DDoS) attack yet seen. A short while later OVH, a French internet hosting company, was struck by an even bigger attack. Then, in October, Domain Name Server (DNS) company Dyn – essentially a part of the ‘internet phone book’ which directs users to websites – also fell victim to an attack in which tens of millions of different internet addresses bombarded the company’s servers with excessive data, causing popular sites like Twitter, Spotify and Reddit to go offline. The size of attacks has increased exponentially thanks to hackers and cyber criminals making use of the IoT. These devices – including the likes of webcams Digital Video Recorders, and even fridges, toasters and pressure cookers – are typically designed to be quick and cheap to produce, and inherently have very poor levels of security. The majority run variants of the Linux operating system and many have very simple or default administrator username and password combinations, or use standard encryption tools where the ‘key’ is widely available on the internet. There are some with no security features at all. Worryingly, the end user can do little to prevent their use by cyber criminals and hackers, even if they were to become aware that their device has been compromised. Other than turning it off and disconnecting it from any internet connection – which would pretty much leave the device as ‘dumb’, and remove the features they bought it for – there’s very little scope to prevent it from being recruited by hackers. The risk posed stems from a piece of malware called ‘Mirai’ (Japanese for ‘the future’). Developed by a coder who goes under the pseudonym of ‘Anna-senpai’, Mirai turns computer systems running Linux into remotely controlled ‘bots’ that can be used as part of a ‘botnet’ in large-scale network attacks. Mirai was first unleashed on September 20, 2016, with attacks on the Krebs website reaching up to 620 Gbps. Soon after, OVH was hit with an attack which reached a staggering 1 Tbps. Both these attacks used in the region of 150,000 infected IoT devices, and produced volumes of traffic in DDoS attacks never seen before. It is thought Krebs was targeted as he has exposed an Israeli group called ‘vDOS’ operating on the ‘Dark Web’ that rented out DDoS attacks (known as ‘DDoS-as-a-Service’). Soon after these attacks, the source code for Mirai was released on the Dark Web. This now gave other hackers and cyber criminals the opportunity to undertake massive DDoS attacks,which resulted in the Dyn incident. In a change of tactic, the hackers attempted to take down part of the key infrastructure of the internet rather than just focusing on a single website. This begs the question: Just how will DDoS attacks develop in 2017 and what will the future hold for internet security? Source: http://www.itproportal.com/features/the-new-age-of-ddos-and-we-joked-that-toasters-would-one-day-take-down-our-banks/

Read the original post:
The new age of DDoS – And we ‘joked’ that toasters would one day take down our banks

Dormant IP addresses RIPE for hijacking

‘That’s not us spamming, honest’ cries hosting firm Spammers are using loop holes in the internet routing registry to commandeer address space and pump out junk mail, and potentially launch denial of service attacks and steal traffic.…

Read the original:
Dormant IP addresses RIPE for hijacking

Shellshock: ‘LARGER SCALE ATTACK’ on its way, warn securo-bods

Not just web servers under threat – though TENS of THOUSANDS have been hit The Shellshock vulnerability has already become the focus for malicious scanning and at least one botnet but crooks are still testing the waters with the vulnerability and much worse could follow, security watchers warn.…

Follow this link:
Shellshock: ‘LARGER SCALE ATTACK’ on its way, warn securo-bods

Spammer uses innocent hacked blogs to punt NAKED PICS of JLaw, McKayla Maroney

Gran’s knitting site etc sucked up into pr0n spam botnet A long established smut spammer is using hacked websites to sell stolen photographs of naked celebrities including Jennifer Lawrence, Kate Upton and McKayla Maroney.…

Read More:
Spammer uses innocent hacked blogs to punt NAKED PICS of JLaw, McKayla Maroney

Bad boy builds beastly Bash bug botnet – boxen battered

DDoS zombie army found in the wild hours after flaw surfaces Mere hours after its discovery, the Shell Shock Bash vulnerability was exploited by an attacker to build a botnet.…

See the original post:
Bad boy builds beastly Bash bug botnet – boxen battered