Security News

Britain's National Cyber Security Centre is prepared to share its cyber defence tech and threat intel feeds with British organisations in need of extra help, it said at the launch of its annual review today. You probably don't want the country's DNS being run by GCHQ! Chief techie Ian Levy highlighted the NCSC's Protective DNS service to The Register as one example of good things the cyber defence organisation has done, with the custom DNS resolver service being used by 1,000 NHS supply chain firms to prevent their devices visiting known malicious web domains.

While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have. If it takes too long, developers may lose the chance to make big money because competitors may come up with an exploit variant, dragging down the price.

The latest organized crime threat assessment from Europol issues a dire warning about the corrosive effect the rising influence of criminal syndicates is having on both the economy and society of the European Union. "The online environment and online trade provide criminals access to expertise and sophisticated tools enabling criminal activities," The Europol Threat Assessment said.

Out of over a thousand top-level domain choices, cyber-criminals and threat actors prefer a small set of 25, which accounts for 90% of all malicious sites. "First, we only study domains categorized by the Advanced URL Filtering service, and we only consider registered domains. Additionally, we validate whether domains existed the past one year by checking zone files and passive DNS, and by issuing active DNS queries. We do not consider domains that we categorize as parked, insufficient content or unknown for our calculations," explains the research by Palo Alto Networks Unit42.

Link11 has released new data from its network on the development of the DDoS threat: The number of attacks remains at a very high level in Q3 2021. While single attack methods are declining, multi-vector attacks are becoming the norm in the DDoS threat landscape.

As the 2021 holiday season approaches, supply chain and logistics, e-commerce and retail, and the travel industry see predictable increases in consumer and business activity - making them more vulnerable to cyber threats and leaving business, employee and consumer data at risk. In addition to increased consumer spending, the 2021 holiday season sees a significant impact on industries coping with the increase in consumer demands.

"As we stand at an inflection point in the way the world does business, enterprises have more opportunities than they think to get ahead of the competition and continue improving," said Mike Rulf, CTO of Americas at Syntax. "An honest assessment of capabilities now will only accelerate innovation in the future."

The Global Threat Landscape Report indicates a drastic rise in sophisticated cyberattacks targeting digital infrastructures, organizations, and individuals in 2021. Organizations struggle to address these threats due to their resource sophistication and their lack of understanding of evolving threat landscapes.

Research released Wednesday by security provider Armis looks at the ways that hospitals and patients are vulnerable to cyber threats. A full 85% of the healthcare respondents said they've seen an increase in cyber risk over the past 12 months.

Researchers discovered new Android spyware that provides similar capabilities to NSO Group's Pegasus controversial software. PhoneSpy disguises itself as a legitimate application and gives attackers complete access to data stored on a mobile device and grants full control over the targeted device, according to a Zimperium zLabs report published Wednesday.