Tag Archive for: industries

Amazon GuardDuty Enhances Security Across Industries with Advanced Malware Protection

/in


Amazon’s GuardDuty, a comprehensive threat detection service, has significantly expanded its capabilities to offer advanced malware protection to its tens of thousands of users across various sectors worldwide. This addition is designed to strengthen defenses against a growing range of cybersecurity threats by integrating sophisticated file scanning for workloads on Amazon Elastic Block Store (Amazon EBS) volumes to identify malware presence. GuardDuty’s continuous evolution in its security approach highlights Amazon’s commitment to protecting its customers’ resources and data from unauthorized access and other cyber risks.

Robust Defense Mechanisms Against Cyber Threats

Amazon GuardDuty leverages machine learning (ML), anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. This innovative approach enables GuardDuty to detect unusual or unauthorized activities, such as cryptocurrency mining, accessing Amazon Simple Storage Service (Amazon S3) data from suspicious locations, and unauthorized access to Amazon Elastic Kubernetes Service (Amazon EKS) clusters. By constantly updating its ML models and adding new anomaly detections, GuardDuty stays ahead of cybercriminals, ensuring robust security for its users.

GuardDuty Malware Protection: A Game-Changer for Cybersecurity

The introduction of GuardDuty Malware Protection marks a significant advancement in Amazon’s cybersecurity efforts. This feature extends GuardDuty’s capabilities to scan files on Amazon EBS volumes for malware, adding an extra layer of security for cloud workloads. It represents a proactive approach to cybersecurity, enabling real-time detection and response to potential threats. This development not only enhances the security posture of Amazon’s cloud environment but also offers peace of mind to the thousands of businesses relying on Amazon’s cloud services for their operations.

Implications for Businesses and Future Outlook

The continuous enhancement of Amazon GuardDuty, including the latest malware protection capabilities, underscores the importance of advanced cybersecurity measures in today’s digital…

Source…

What are the most-targeted industries for cyber attacks?

/in


Every business is a potential target for cyber attacks, but hackers choose targets in some industries more than others. The most targeted industries for cyber attacks often include firms operating in “critical” sectors like energy, health, and finance which are targeted by both for-profit hacking groups and state-backed adversaries aiming to do damage to international rivals.

Other industries are targeted because of the lucrative information they hold – retail is a top target for cyber attacks and law firms are often singled out for the same reason. Meanwhile government agencies, councils, and educational establishments often find themselves in hot water due to under-investment and lack of understanding of the importance of security. 

Source…

New Python Variant of Chaes Malware Targets Banking and Logistics Industries

/in


Sep 05, 2023THNCyber Threat / Malware

Chaes Malware

Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes.

“It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced communication protocol,” Morphisec said in a new detailed technical write-up shared with The Hacker News.

Chaes, which first emerged in 2020, is known to target e-commerce customers in Latin America, particularly Brazil, to steal sensitive financial information.

A subsequent analysis from Avast in early 2022 found that the threat actors behind the operation, who call themselves Lucifer, had breached more than 800 WordPress websites to deliver Chaes to users of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago.

Further updates were detected in December 2022, when Brazilian cybersecurity company Tempest Security Intelligence uncovered the malware’s use of Windows Management Instrumentation (WMI) in its infection chain to facilitate the collection of system metadata, such as BIOS, processor, disk size, and memory information.

Cybersecurity

The latest iteration of the malware, dubbed Chae$ 4 in reference to debug log messages present in the source code, packs in “significant transformations and enhancements,” including an expanded catalog of services targeted for credential theft as well as clipper functionalities.

Despite the changes in the malware architecture, the overall delivery mechanism has remained the same in attacks that were identified in January 2023.

Chaes Malware

Potential victims landing on one of the compromised websites are greeted by a pop-up message asking them to download an installer for Java Runtime or an antivirus solution, triggering the deployment of a malicious MSI file that, in turn, launches a primary orchestrator module known as ChaesCore.

The component is responsible for establishing a communication channel with the command-and-control (C2) server from where it fetches additional modules that support post-compromise activity and data theft –

  • Init, which gathers extensive information about the system
  • Online, which…

Source…

New research shows reported ransomware attacks have doubled across key industries

/in


Fifth-annual report from Barracuda analyzes ransomware attack patterns that occurred between August 2022 and July 2023

Highlights:

  • Barracuda researchers identified and analyzed 175 publicly reported ransomware attacks from the past 12 months, and found that in three key industries — municipalities, education, and healthcare ― reported attacks have doubled since last year and more than quadrupled since 2021.

  • Researchers also saw a spike in the number of attacks on infrastructure-related industries.

CAMPBELL, Calif., Aug. 2, 2023 /PRNewswire/ — Barracuda Networks, Inc., a leading provider of cloud-first security solutions, today published its fifth annual Threat Spotlight on ransomware. The new report looks at ransomware attack patterns that occurred between August 2022 and July 2023.

Barracuda Logo. (PRNewsFoto/Barracuda Networks, Inc.)

Barracuda Logo. (PRNewsFoto/Barracuda Networks, Inc.)

Read the full Threat Spotlight blog post: https://blog.barracuda.com/2023/08/02/threat-spotlight-ransomware-attacks-double-ai-tactics/

An in-depth look at ransomware trends
Barracuda researchers analyzed 175 publicly reported successful ransomware attacks across the world between August 2022 and July 2023, and in the primary categories Barracuda has been tracking — municipalities, healthcare and education — the number of reported attacks have all doubled since last year and more than quadrupled since 2021.

While successful ransomware attacks targeting infrastructure-related industries are lower in volume compared to the top three sectors, these industries also experienced more than twice the number of attacks compared to last year.

The analysis revealed similar patterns of escalation in other industries, particularly ransomware attacks on software businesses.

In the past 12 months, Barracuda’s SOC-as-a-service team observed the following types of incidents: business email compromise (BEC), ransomware, malware infection, insider threat, identity theft, and data leakage. Ransomware accounted for 27.3% of incidents, second only to BEC (36.4%).

This year also, Barracuda researchers also took a closer look the impact of generative AI tactics on ransomware attacks, looking at ways cybercriminals can use these capabilities to strike faster…

Source…