Types of Cyber Attacks - 10 Real World Cyber Attacks

A look into the haunting world of cyber warfare, presenting 10 chilling real-world cyber attacks that shook the foundations of our interconnected society. 

Witness the devastation caused by notorious cyber threats like Stuxnet, WannaCry, and NotPetya, as we dissect the sophisticated techniques employed by hackers and state-sponsored actors to breach critical infrastructure, cripple businesses, and compromise sensitive data. 

Through in-depth analysis and expert insights, we aim to shed light on the evolving cyber landscape, highlighting the importance of cybersecurity vigilance in safeguarding against these relentless digital assaults. Prepare to be awestruck and educated as we navigate through the dark realms of cyber warfare.

The European Aviation Industry’s New Cybersecurity Rules

Europe has expanded its cybersecurity rules around airline flight safety. And for the first time, the requirements cover a range of companies in the aviation supply chain. 

WSJ Pro Cybersecurity reporter Catherine Stupp joins host Julie Chang to discuss the new rules and how companies are responding

Triple Extortion Ransomware - What it is and how to prevent It

The global surge in ransomware attacks increased by 102% in 2021 compared to the beginning of 2020, and shows no sign of slowing down

The number of organizations impacted by ransomware globally has more than doubled in the first half of 2021 compared with 2020.

The healthcare and utilities sectors are the most targeted sectors while organizations in Asia Pacific are targeted more than any other region.

Since April, researchers at Check Point Research (CPR) have seen an average of over 1,000 organizations being impacted by ransomware every week.

Prominent attacks that have taken place at the end of 2020 and the beginning of 2021 point at a new attack chain – essentially an expansion to the double extortion ransomware technique, integrating an additional, unique threat to the process – that CPR calls the Triple Extortion. 

What is Triple Extortion? You can find out HERE.

A practical guide to Log4shell remediation

Log4Shell (CVE-2021 – 44228): is a zero-day vulnerability in Log4j, a popular Java logging framework. Log4j has left businesses and government officials scrambling to deal with the blatant cybersecurity threat to global computer networks. The bug disclosed recently could trigger potentially devastating cyberattacks spanning economic sectors and international borders, security experts say.

Leading researchers and technology companies have warned that hackers with links to foreign governments and ransomware criminal groups seek to exploit vulnerabilities in targets’ computer systems.

Find out more and what you should be doing HERE.

You can’t stop the ‘next SolarWinds’ — but you can slow it down

It was one of the biggest questions in cybersecurity of 2021, and it’s sure to remain on the minds of countless businesses into 2022, too: How do you prevent a software supply chain attack?

Such attacks have soared by 650% since mid-2020, due in large part to infiltration of open source software, according to a recent study by Sonatype.

But an even bigger driver of the question, of course, has been the unprecedented attack on SolarWinds and customers of its Orion network monitoring platform. In the attack, threat actors compromised the platform with malicious code that was then distributed as an update to thousands of customers, including numerous federal agencies.

Find out more, HERE. 

10 worst password snafus of 2021

Using strong and secure passwords is sound advice not just for your own personal accounts but for any accounts or services you use on the job. In fact, a weak password can create far more trouble for an organization that holds user data and other sensitive information. To show just how much trouble it can create, password manager Dashlane has unveiled a list of the worst password-related security incidents for 2021.

For its 2021's Worst Password Offenders list, Dashlane looked at the year's 10 worst security mishaps that involved hacked or stolen passwords. These fiascos show that advice about creating a strong password is still being ignored by too many individuals and too many organizations.

Read the full list HERE.

Essential Geopolitics How a Cyberattack on a Pipeline Revealed Critical Shortcomings

How the cyberattack on the Colonial Pipeline will accelerate efforts to boost the cybersecurity of critical infrastructure. Will it work? 

 

Kaspersky finds that cryptomining malware was up, financial malware down in Q1 2021

Bitcoin prices rocketed in early 2021, and so did the number of cybercriminals distributing malware to force infected devices to mine them, with numbers quadrupling from February to March alone.
Kaspersky finds that case of cryptomining malware were up, while financial malware was down in Q1 2021.

Kaspersky has published two reports detailing the state of the cybersecurity threat landscape in the first quarter of 2021. The first report, details desktop attacks and found that cryptomining malware has exploded in popularity, while the second report covering mobile devices, revealed that a popular Trojan targeting gamers has made the leap from PC to Android. 

Read the article and access the reports HERE. 

 

Cybersecurity: Are false positives real?

All alerts mean something, even if it's just that an employee needs more training. The threat of breach is constant, and those companies who make assumptions about alerts could be in big trouble.

Read the article "Cybersecurity: There's no such thing as a false positive" HERE.

Significant Cyber Attacks from 2006-2020

Committing a cyber crime can have serious consequences. In the U.S., a cyber criminal can receive up to 20 years in prison for hacking into a government institution if it compromises national security.

Yet, despite the consequences, cyber criminals continue to wreak havoc across the globe. But some countries seem to be targeted more than others.

Using data from Specops Software, this graphic looks at the countries that have experienced the most significant cyber attacks over the last two decades.

To view the infographic and the full post click HERE. 

Cyber attacks turn deadly

Experts have been warning for years that it's not a matter of if, but when, hackers will kill somebody. What already has happened and what still could happen is mind-boggling.

To view CLICK HERE

Smart Home devices are vulnerable to remote attacks

The number of connected devices in the average home is rising very rapidly. The Internet of Things (IoT), is likely to be the norm in the next couple of years. However the IoT can also contain many vulnerabilities and security issues.

Smart home devices may be vulnerable to attacks due to outdated software, or unpatched security flaws, or weak credentials according to a new report that was recently produced by Avast. This report can be accessed HERE.

16 million different home networks worldwide have been included in Avast’s study. The report focuses on 21 countries in North and South America, Europe, and the Asia Pacific region. 56 million devices were scanned as part of the study. Two out of five (40.8%) smart homes worldwide have at least one device that is vulnerable to attacks, out of which,69.2% are vulnerable due to weak credentials. The UK Government advocates that strong security should be built into internet-connected products by design.

In October 2018, the UK government published the Code of Practice for Consumer IoT Security to support all parties involved in the development, manufacturing and retail of consumer IoT. You can access this HERE.

Aditionally, the NCSC (National Cyber Security Centre) has called for the adoption of Secure by Default which covers the long-term technical effort to ensure that the right security primitivesare built in to software and hardware. Read that HERE.

DDoS attacks enter the terabit era

From Deloitte CIO Journal

Deloitte Global predicts in 2017, Distributed Denial-of-Service (DDoS) attacks, a form of cyberattack, will become larger in scale, harder to mitigate and more frequent. Over the past few years, it has been a game of cat and mouse in which neither side has become too powerful, but this might change in 2017 due to the abundance of insecure IoT devices and the fact that large-scale attacks which exploit IoT devices' vulnerabilities have become simpler to execute.

Can our technology really be trusted?

A cyber-attacker outsmarts a “smart contract”

From The Economist –

“IS IT theft if no rules are broken? That is what users of the DAO, a futuristic investment fund, were left pondering after June 17th, when an unknown attacker made off with around 3.6m “ether”, an online currency similar to bitcoin. As cyber-heists go, it was a big one: the ether were worth about $55m at the time of the attack, about a third of the DAO’s assets. But the DAO, which stands for Decentralised Autonomous Organisation, does not have rules as such, or staff to enforce them: instead, it has computer code, which is supposed to embody its purpose and to operate automatically. If the attacker found a flaw in the code, whose fault is that? Indeed, some cyber-libertarians are arguing that whereas the heist was not a crime, altering digital ledgers to retrieve the lost ether would be an affront to the whole project.”

Read More>>

Concerns about SWIFT

The international payments-messaging system SWIFT, used by 11,000 banks, issued a mandatory software upgrade to users of its Alliance Access interface, as concern deepened about cyber-attacks on the banking system. The non-profit body said criminals were using malicious software to disguise fraudulent transactions. In February cyber-criminals stole $81m from Bangladesh’s central bank—one of the biggest heists in history.

Is total cyber-attack prevention possible?

It is impossible to prevent all cyber threats

From Finextra -

“George Quigley, Partner, KPMG, speaks about if financial institutions can possibly prevent cyber-attacks, and explains what the four a’s are – availability, access, accuracy, and agility – and why they are so important.”

Read more>>