Security News

Distributed denial-of-service attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory. "The attack [] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack," Akamai researchers said in a report published Tuesday.

Security analysts warn of a sharp rise in API attacks over the past year, with most companies still following inadequate practices to tackle the problem. More specifically, Salt Security reports a growth of 681% of API attack traffic in 2021, while the overall API traffic increased by 321%. These stats underline that as industries adopt API solutions, attacks against them are growing disproportionally.

A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees. According to American cybersecurity firm Proofpoint, the attackers use "Possibly compromised" email accounts of Ukrainian armed service members to deliver the phishing message.

Eighty-four percent of organizations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren't hit with a phishing attack, and you still end up at around 50% of all organizations having been hit with ransomware in 2021.

Guarding intellectual property has always been a priority for medical device manufacturers as competitors and even nation states are constantly trying to compromise or steal IP. For example, in January 2019, a Chinese national who stole secrets while working for medical device companies including Medtronic and Edwards, was sentenced to over two years in federal prison. Medical device companies face a very competitive environment, increasing the incentive for IP theft.

A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin, as a technologically advanced malware, allowing the attackers to carry out a variety of communications and information-gathering operations aimed at entities in the telecom, transportation, and manufacturing sectors that are of strategic interest to China.

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation warned US organizations that data wiping attacks targeting Ukraine could spill over to targets from other countries. Although the two malware strains have only been deployed against Ukrainian networks so far, the threat actors deploying them could also accidentally hit other targets, and US organizations should be ready to prevent such devastating attacks.

The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organizations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks, reflecting cybercriminals' continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities. In line with this, 68% of organizations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit.

Help Net Security: Healthcare Cybersecurity Report has been releasedOur newest report takes a closer look at one of the most targeted industries today - healthcare. Cyber attacks on Ukraine: DDoS, new data wiper, cloned websites, and Cyclops BlinkRussia started its invasion on Ukraine and, as predicted, the attacks in the physical world have been preceded and accompanied by cyber attacks.

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies said.