Measuring impact beyond a single incident
Determining the true impact of a cyber attack has always and will likely be one of the most challenging aspects of this technological age. In an environment where very limited transparency on the root cause and the true impact is afforded we are left with isolated examples to point to the direct cost of a…
Cybersecurity lessons learned from data breaches and brand trust matters
Your brand is a valuable asset, but it’s also a great attack vector. Threat actors exploit the public’s trust of your brand when they phish under your name or when they counterfeit your products. The problem gets harder because you engage with the world across so many digital platforms – the web, social media, mobile…
High volumes of attacks keep targeting video game companies and players
High volumes of attacks were used to target video game companies and players between 2018 and 2020, an Akamai report reveals. It also notes an uptick in attack traffic that correlates with COVID-19-related lockdowns. In addition, the report examines motivations driving the attacks and steps gamers can take to help protect their personal information, accounts,…
Bit-and-piece DDoS attacks increased 570% in Q2 2020
Attackers shifted tactics in Q2 2020, with a 570% increase in bit-and-piece DDoS attacks compared to the same period last year, according to Nexusguard. Perpetrators used bit-and-piece attacks to launch various amplification and elaborate UDP-based attacks to flood target networks with traffic. Analysts witnessed attacks using much smaller sizes—more than 51% of bit-and-piece attacks were…
Your best defense against ransomware: Find the early warning signs
scariest things for security pros is how quickly it can paralyze an organization. Just look at Honda, which was forced to shut down all global operations in June, and Garmin, which had its services knocked offline for days in July. Ransomware isn’t hard to detect but identifying it when the encryption and exfiltration are rampant…
A look at the top threats inside malicious emails
Web-phishing targeting various online services almost doubled during the COVID-19 pandemic: it accounted for 46 percent of the total number of fake web pages, Group-IB reveals. Ransomware, the headliner of the previous half-year, walked off stage: only 1 percent of emails analyzed contained this kind of malware. Every third email, meanwhile, contained spyware, which is…
What’s causing uncertainty about election security?
Confidence levels in securing the election are low, and declining, according to an ISACA survey of more than 3,000 IT governance, risk, security and audit professionals in the US. While federal, state and local governments continue to harden election infrastructure technical controls and security procedures, 56 percent of respondents are less confident in election security…
Improving privacy of a global genomic data sharing network
A Case Western Reserve University computer and data sciences researcher is working to shore up privacy protections for people whose genomic information is stored in a vast global collection of vital, personal data. Erman Ayday pursued novel methods for identifying and analyzing privacy vulnerabilities in the genomic data sharing network known commonly as “the Beacons.”…
Report: The cybersecurity impact of COVID-19
Cybersecurity company Cynet has released a report detailing changes in cyberattacks they’ve observed across North America and Europe since the beginning of the COVID-19 pandemic. The report shares the cyberattack volume change observed across industry sectors, the increased use of spear phishing as an initial attack vector, and the approaches being used to distribute malware…
Attacks growing in both scope and sophistication, exposing gaps in the cloud native toolchain
There’s a growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure, according to Aqua Security. While most attacks were aimed at abusing public cloud compute resources for cryptocurrency mining, the methods used open the door for higher-value targets that leverage security gaps in container software supply chains and runtime environments. The report…