Security News

Healthcare organizations, already an attractive target for ransomware given the highly sensitive data they hold, saw such attacks almost double between 2020 and 2021, according to a survey released this week by Sophos. "The proportion of healthcare organizations directly impacted by ransomware has almost doubled in 12 months. In the face of this near-normalization, healthcare organizations have gotten better at dealing with the aftermath of an attack: virtually everyone now gets some encrypted data back and nearly three quarters are able to use backups to restore data."

Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021. The report highlights that DDoS threats continue to grow in sophistication, size, and frequency.

Vishing cases have increased almost 550 percent during 2021, and vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021. In this video for Help Net Security, Eric George, Director of Solutions Engineering, PhishLabs, talks about this constantly evolving threat.

Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time. Today, Atlassian released a security advisory disclosing that CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability tracked in both Confluence Server and Data Center.

Atlassian has warned users of its Confluence collaboration tool that they should either restrict internet access to the software, or disable it, in light of a critical-rated unauthenticated remote-code-execution flaw in the product that is actively under attack. The flaw is present in version 7.18 of Confluence Server, which is under attack, as well as potentially versions 7.4 and higher of Confluence Server and Confluence Data Center.

An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices. "Control over firmware gives attackers virtually unmatched powers both to directly cause damage and to enable other long-term strategic goals," firmware and hardware security firm Eclypsium said in a report shared with The Hacker News.

Microsoft said it blocked a Lebanon-based hacking group it tracks as Polonium from using the OneDrive cloud storage platform for data exfiltration and command and control while targeting and compromising Israelian organizations. Throughout the attacks that mainly targeted Israel's critical manufacturing, IT, and defense industry sectors since February 2022, Polonium operators have also likely coordinated their hacking attempts with multiple Iran-linked threat actors, according to Redmond's analysis.

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. It is important to note that contrary to TrickBot's module that targeted UEFI firmware flaws, aiding Conti infections and later undertaken by the ransomware group, the new findings indicate that the malicious engineers were striving to discover new, unknown vulnerabilities in the ME. Firmware attacks in ransomware.

Rather than the typical ransom request for data restoration that has become commonplace, criminals are increasingly expanding their radius. Secondhand victims, including dental practices and insurance providers, could be potential targets based on the data obtained in the primary ransomware attack.

There is no question that the level of threats facing today's businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for?