Tag Archive for: global

Russia-Ukraine and Israel-Hamas Wars Reveal All [Cyber] Conflicts Are Global


During an impassioned public plea in October, President Joe Biden linked the Gaza and Ukraine conflicts, saying each is “vital for America’s national security.” The subsequent funding bill also linked the two and quickly became political, with debates about the connection raging. 

However, while debates continue, cyberspace reflects the two conflicts being intimately linked to broader geopolitical alliances. It also serves as proof of the blurring lines between traditional hacktivism as an ideologically motivated activity and organized nation-state actor attacks. 

Cyber War’s Reach

The wide-reaching effects of cyber war mean that even civilians of countries not directly involved in a war might be impacted.

For instance, in 2020, Israel faced a significant cyber threat targeting critical water infrastructure. For the US, this threat became a reality in 2023. The Iranian CyberAv3ngers group exploited vulnerabilities in US industrial control systems, revealing significant cybersecurity weaknesses in American water utilities.

The nature of modern cyber warfare adds a global aspect to nearly every conflict. Nations must tackle the issue with universally coordinated and revamped tactics able to combat sophisticated nation-states in a truly global digital battlefield.

The Blurring of Lines

The trend of cybercriminals declaring allegiances to nation-states and actively participating in geopolitical conflicts comes as the distinction between hacktivists, cybercriminals, and nation-state actors continues to erode.

Hacktivist groups, such as SiegedSec, have been acting against the West by declaring allegiances to Russia and targeting Israel’s government infrastructure and Shufersal, the country’s largest supermarket chain.

The increasingly complex web of alliances and motives in the cyber realm means that nation-state actors, traditionally associated with espionage, are now engaging in economic crimes. North Korean state actors are this trend’s epitome, being responsible for a quarter of all global cryptocurrency currency thefts.

Meanwhile, Chinese state actors have gone to unprecedented lengths to conduct economic espionage and intellectual property theft. These actors routinely…

Source…

Record-breaking year for global ransomware incidents- new report




Record-breaking year for global ransomware incidents- new report | Insurance Business Canada















Activity greatly surpassed the total seen in the prior year

Record-breaking year for global ransomware incidents- new report


Cyber

By
Abigail Adriatico

Ransomware activity for 2023 had surpassed the total number recorded in 2022 by 68%, according to a report by Corvus Insurance (Corvus), a cyber underwriter.

Corvus’ Q4 2023 Ransomware Report found that ransomware attacks occurred at a record-setting pace during 2023. It revealed that for the first three quarters of the year, ransomware attacks had been increasing, only slightly declining by the last quarter.

Source…

Inside the Cyber Av3ngers Global PLC Hack


There is perhaps no organization that better embodies the true spirit of a villain like the hacktivist group. Ripped from the pages of a graphic novel, these organizations are as altruistic in the motives as they are ruthless in getting results. Fueled by an unwavering belief in a cause that they know is right, these groups are bold, intelligent and dangerous. 

One such case is a group that goes by the name of the Cyber Av3ngers. The Iran-affiliated group has been vehement in their anti-Israel stance, using social media to propagate a narrative that the social and economic issues of the region are the result of corrupt and over-zealous military action by Israel. 

The group first registered on the cybersecurity radar in September of last year, taking credit for attacks against Israeli infrastructure and tech companies that were widely disputed. However, in November a municipal water authority in Pennsylvania revealed that they had been the victim of a Cyber Av3ngers attack that compromised OT assets by accessing the organization’s programmable logic controllers. 

The attack was made possible by exploiting poor password protocols and unsecure internet connections. According to several reports, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Cyber Av3ngers utilized basic techniques to scan the internet, identify the devices made by Israel-based Unitronics, and then log in using default credentials that were never changed during implementation.

For those unfamiliar with PLCs, these devices are used help control and monitor various production processes, and can include regulating the functionality of instrumentation and automation equipment. By obtaining access to the PLC, a hacker has a way into the industrial control system and, depending on the level of segmented cyber defense, potentially unlimited control of the production facility or enterprise. It’s a gateway into critical OT systems. 

In this instance, the group could have turned pumps on or off to control water supply, or infiltrated key operational systems that impact water treatment. Fortunately, the utility in question was able to identify the attack quickly…

Source…

Researchers Uncover Major Surge in Global Botnet Activity


Security researchers have discovered a significant increase in global botnet activity between December 2023 and the first week of January 2024, with spikes observed exceeding one million devices.

Writing in an advisory published on Friday, Netscout ASERT explained that, on a typical day, approximately 10,000 such devices engaged in malicious reconnaissance scanning last year, with a high watermark of 20,000 devices. 

However, on December 8 2023, this number surged to 35,144 devices, signaling a notable departure from the norm.

According to the technical write-up, the situation escalated on December 20, with another spike reaching 43,194 distinct devices. Subsequent spikes, occurring in shorter intervals, culminated in a record-breaking surge on December 29, involving a staggering 143,957 devices, nearly ten times the usual levels. 

Disturbingly, this heightened activity persisted, with high watermarks fluctuating between 50,000 and 100,000 devices.

As the new year unfolded, the scale of the threat became even more pronounced, with January 5 and 6 witnessing spikes exceeding one million distinct devices each day – 1,294,416 and 1,134,999, respectively. A subsequent spike of 192,916 on January 8 affirmed the sustained intensity of this cyber onslaught.

Read more on botnets: Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems

Further analysis revealed that this surge emanated from five key countries: the United States, China, Vietnam, Taiwan and Russia. 

“Analysis of the activity has uncovered a rise in the use of cheap or free cloud and hosting servers that attackers are using to create botnet launch pads,” Netscout wrote. “These servers are used via trials, free accounts or low-cost accounts, which provide anonymity and minimal overhead to maintain.”

Adversaries utilizing these new botnets focused on scanning global internet ports, particularly ports 80, 443, 3389, 5060, 6881, 8000, 8080, 8081, 808 and 8888. Additionally, signs of potential email server exploits surfaced through increased scanning of ports 636, 993 and 6002.

“These consistently elevated levels indicate a new weaponization of the cloud against the global internet,” reads the…

Source…