Security News

ExtraHop released findings from a survey on ransomware that sheds light on the discrepancies between how IT decision makers see their current security practices, and the reality of the ransomware attack landscape. This inflated confidence is even more dangerous in light of the frequency of ransomware attacks-as 85% reported having suffered at least one ransomware attack, and 74% reported experiencing multiple incidents in the past five years.

The BBC were the target of nearly 50 million malicious email attacks between 1st October 2021 and the end of January 2022. This means the BBC is facing an average of 383,278 email threats a day, which is a 35 per cent increase from the daily figure of 283,597 email attacks blocked per day observed by Parliament Street in Summer 2020.

Cybersecurity company Imperva on Friday said it recently mitigated a ransom distributed denial-of-service attack targeting an unnamed website that peaked at 2.5 million requests per second. "While ransom DDoS attacks are not new, they appear to be evolving and becoming more interesting with time and with each new phase," Nelli Klepfish, security analyst at Imperva, said.

The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analyzed phishing attack patterns that unfolded throughout 2021. Phishing actors focused on Facebook and other social media platforms because taking over social media accounts is commonly a stepping stone to reach a wider audience or perform highly effective spear-phishing attacks.

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service attacks aimed at its domestic infrastructure. As part of its recommendations to counter the DDoS attacks, the agency is urging organizations to ringfence network devices, enable logging, change passwords associated with key infrastructure elements, turn off automatic software updates, disable third-party plugins on websites, enforce data backups, and watch out phishing attacks.

Vade announced its annual ranking of the top 20 most impersonated brands in phishing. With six brands in the top 20, financial services was the most impersonated industry of 2021, representing 35% of all phishing pages, rising sharply based on its place at 28% in 2020.

How much do you actually know about how your carefully constructed defenses will stack up to an intruder? Finding ways into complex defenses is what cyber-adversaries do all day, every day, which means they can likely find paths through your systems that you may never have conceived of. New technologies can help you understand how an attacker can enter your organisation, move through it, and target your crown jewels.

A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the "First side-channel attack" on homomorphic encryption that could be exploited to leak data as the encryption process is underway. "Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it is being encrypted," Aydin Aysu, one of the authors of the study, said.

APWG saw 316,747 phishing attacks in December 2021 - the highest monthly total observed since it begain its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.

Internet security companies have recorded a massive wave of attacks against Ukrainian WordPress sites since Russia invaded Ukraine, aiming to take down the websites and cause general demoralization. Cybersecurity firm Wordfence, which protects 8,320 WordPress websites belonging to universities, government, military, and law enforcement entities in Ukraine, reports having recorded 144,000 attacks on February 25 alone.