Tag Archive for: attacks

Manufacturing sector top target for ransomware attacks last year

/in


Palo Alto said UK manufacturers and professional and legal services are most at risk of ransomware attacks.

The UK’s manufacturing sector is the prime target for ransomware attacks, according to data from Palo Alto Networks’ threat intelligence arm, Unit 42, seen by City A.M.

In 2023, manufacturers bore the brunt of ransomware assaults, accounting for 17.2 per cent of all attacks recorded in the UK, totalling 45 incidents.

They are particularly at risk due to their low tolerance for operational disruption, which can negatively impact production, cyber security company Palo Alto said.

With only one fewer incident last year, professional and legal services followed closely behind, suffering 16.9 per cent of ransomware attacks, as cyber criminals targeted sensitive data.

In 2023, the first year the study has been conducted, 261 ransomware attacks targeted UK organisations.

The UK’s technology and education sectors both experienced 8.4 per cent of attacks.

A ransomware attack is when hackers use malicious software to encrypt files or systems, demanding payment, often in cryptocurrency, for their release. The impact on businesses can include loss of data, reputational damage, regulatory penalties and higher insurance premiums.

Palo Alto Networks recently released a separate report, revealing that the frequency of cyber assaults on UK companies has surged, with attacks occurring on a monthly, weekly, and even daily basis for 76 per cent of respondents.

Amid the rise, regulatory pressure is mounting on companies, particularly in critical infrastructure sectors, to enhance their cyber security measures.

For example, the Product Security and Telecommunications Infrastructure (PSTI) Act is coming into force on 29 April. It will require manufacturers of internet-connected or ‘smart’ products to ensure they meet minimum security requirements, protecting consumers.

Similarly tagged content:

Source…

Cybertech Global Tel Aviv | Gil Schwed: We’re In the 5th Generation of Cyber Attacks

/in


“We are in the midst of some of the most sophisticated attacks we have seen, from all types of attackers – ideological ones, nation-state-sponsored organizations, financial criminals, and more,” said Check Point Software Technologies Founder & CEO, Gil Schwed, on the main stage of Cybertech Global Tel Aviv this morning (Tuesday).

“The major countries try to use their cyber power. Some aspects are behind the scenes – collecting intel, gaining control over critical systems, etc., while others aspects are fighting the actual cyber war – from WannaCry on Ukraine a few years ago to mainstream attacks on Israel from Hezbollah and Iran. The sophistication level is increasing, the internet is an open universe and technologies often find themselves spreading.”

Schwed addressed the specific challenges Israel is currently facing in its cyber war with Iran, saying that “the good news is that Israel sees the attacks and can fight them. The bad news is that many organizations are behind on their defense.

“We’re in the 5th generation of cyberattacks: attacks that are very hard to identify, polymorphic – meaning they look different every time, and are multiple-stage attacks, causing a lot of damage which is more difficult to repair.”

At the end of his talk, Schwed was surprised by Cybertech’s CEO Amir Rapaport and Chairman Yossi Vardi with an honorary plaque, in honor of his devotion to Cybertech over the past 10 years.

Source…

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

/in


Apr 09, 2024NewsroomBotnet / Vulnerability

D-Link NAS Devices

Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices.

Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in an advisory, said it does not plan to ship a patch and instead urges customers to replace them.

“The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hard-coded credentials, and a command injection vulnerability via the system parameter,” security researcher who goes by the name netsecfish said in late March 2024.

Cybersecurity

Successful exploitation of the flaws could lead to arbitrary command execution on the affected D-Link NAS devices, granting threat actors the ability to access sensitive information, alter system configurations, or even trigger a denial-of-service (DoS) condition.

The issues affect the following models –

  • DNS-320L
  • DNS-325
  • DNS-327L, and
  • DNS-340L

Threat intelligence firm GreyNoise said it observed attackers attempting to weaponize the flaws to deliver the Mirai botnet malware, thus making it possible to remotely commandeer the D-Link devices.

D-Link NAS Devices

In the absence of a fix, the Shadowserver Foundation is recommending that users either take these devices offline or have remote access to the appliance firewalled to mitigate potential threats.

Cybersecurity

The findings once again illustrate that Mirai botnets are continuously adapting and incorporating new vulnerabilities into their repertoire, with threat actors swiftly developing new variants that are designed to abuse these issues to breach as many devices as possible.

With network devices becoming common targets for financially motivated and nation-state-linked attackers, the development comes as Palo Alto Networks Unit 42 revealed that threat actors are increasingly switching to malware-initiated scanning attacks to flag vulnerabilities in target networks.

“Some scanning attacks originate from benign networks likely driven by malware on infected machines,”…

Source…

How can the energy sector bolster its resilience to ransomware attacks?

/in


Since it plays a vital role in every functioning society, the energy sector has always been a prime target for state-backed cybercriminals. The cyber threats targeting this industry have grown significantly in recent years, as geopolitical tensions have fueled an increase in state-sponsored cyber espionage. According to one report on OT/ICS cyber security incidents, the energy sector recorded 39% of all attacks, with nearly 60% of these attacks attributed to state-affiliated groups.

energy sector attacks

As well as the threat of politically motivated attacks aimed at gaining a strategic advantage, threat actors are also attracted to the potential financial gains from accessing vast stores of sensitive Information. Attackers have also seized the opportunity to cause significant operational disruption as leverage in ransoms. A recent high-profile example is the ransomware attack against Schneider Electric, in which the Cactus ransomware gang claimed to have stolen 1.5 TB of data after breaching their systems.

As cyberattacks and ransomware rates continue to increase, there is a real concern among energy providers about the operational resilience of the industry, especially since the risks are compounded by the growing economic challenges and shifting regulatory demands.

So how can the sector navigate these challenges successfully?

Understanding the risk factors

The energy sector’s risks are partly driven by its reliance on outdated and legacy technologies. Many of the technologies and systems used by the industry have long life ratios, so over time they become more vulnerable and difficult to patch. Moreover, energy providers still rely on ageing OT assets like industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, and programmable logic controllers (PLCs).

At the same time, the deployment of Internet of Things (IoT) devices, including smart sensors within energy grids and automated systems in distribution facilities, has introduced an additional layer of complexity to security. These IoT devices are not typically designed to integrate seamlessly with conventional security protocols and often come with insufficient security protections, such as…

Source…