Tag Archive for: Reveals

WatchGuard reveals rise in remote access software exploits

/in


WatchGuard Technologies, a leading provider of unified cybersecurity, has released their latest Internet Security Report that reveals a rise in cyber actors exploiting remote access software, increases in the use of password-stealers and info-stealers, and an 89% expansion in endpoint ransomware attacks.

The report, compiled by WatchGuard Threat Lab researchers, also found a decline in malware arriving over encrypted connections. Additionally, the study shows that cyber threat actors are pivoting from script-based methods to other ‘living-off-the-land’ techniques to launch endpoint attacks.

According to Corey Nachreiner, the Chief Security Officer at WatchGuard, the continued evolution of attack methods necessitates heightened attention to recent tactics for businesses to reinforce their security strategies. He emphasised the importance of social engineering education in conjunction with a unified security approach incorporating layered defence strategies, all of which can be effectively managed by service providers.

The Internet Security Report for Q3 2023 highlighted several notable key points. For instance, cyber attackers increasingly use remote management tools and software to circumvent anti-malware detection. An example provided by the report notes a tech support scam resulting in the user downloading an unauthorised version of TeamViewer, allowing the attacker full remote access to the computer.

Q3 of 2023 also saw the variant ‘Medusa’ surge, driving a quarter-to-quarter increase of 89% in endpoint ransomware attacks. In response to heightened protections around PowerShell and other scripting, threat actors instead pivoted to utilising different ‘living-off-the-land’ techniques. Malware arrival via encrypted connections declined to 48%, yet total malware detections rose by 14%.

The report also reveals the increase of ‘commoditised malware’. A new malware family, Lazy.360502, emerged in the top ten list, proving to be a dual threat as it delivers an adware variant (2345explorer) as well as the Vidar password stealer. The increased use of this malware, supplied by a Chinese website, indicates a growing trend towards ‘password-stealer-as-a-service’.

Overall, the…

Source…

NSFOCUS reveals alarming surge in DDoS attacks in 2022 report

/in


NSFOCUS, has published its 2022 Global DDoS Attack Landscape Report. The report contains in-depth findings to aid organisations and users in defending against DDoS attacks.

The report reveals that the DDoS attack landscape is becoming increasingly difficult to navigate. The number of DDoS attacks has notably surged in 2022, with the frequency of terabit-level attacks increasing to approximately 40. Attacks greater than 100 Gbps also reached record levels, with such scale of attack being reported on an hourly basis. The research analysis shows that the incidence of recurring IP address attacks in 2022 was significantly higher than in 2021, meaning that once identified as a target, a victim is likely to experience repeated DDoS attacks. This continually evolving threat landscape poses fresh obstacles to DDoS protection.

According to the report, UDP-based DDoS attacks were the most prevalent tactic used by cybercriminals, accounting for about 60% of total DDoS threat incidents in 2022. Quite alarmingly, virtually all terabit-level DDoS attacks were found to be UDP-based, including two-thirds of non-reflective UDP attacks. These findings signal that contemporary threat actors have at their disposal an incredibly rich pool of attack resources and can initiate terabit attacks without needing UDP reflection to boost traffic. The rapidly reoccurring colossal DDoS attack trend is now surpassing the capability of on-premises solutions across industries.

The report also draws attention to the growing menace of application-layer DDoS attacks. These attacks are more challenging to identify and shield against as they establish reliable TCP connections, making the attack source IP addresses unforgeable. The report warns that if a large number of application-layer attack source IP addresses remain active in a particular region, it is a significant indication that botnets are operating there.

As has been the case in previous annual DDoS attack landscape reports, NSFOCUS continuously monitors the activity of botnet families. The 2022 report identifies Mirai as the most threatening botnet, accounting for over half of all botnet activities and having the greatest number of…

Source…

Barracuda report reveals half of all internet traffic is bot-generated

/in


A recent report by Barracuda, a trusted partner and provider of cloud-first security solutions, has unveiled some rather unsettling discoveries about internet traffic. The report indicates that approximately half (48%) of all internet traffic is now bot traffic, and a relatively significant portion of this- 30%- is attributed to harmful bots.

The findings are part of Barracuda’s latest Threat Spotlight report. It examines how bot traffic has changed over the years and the emerging threats to cybersecurity.

The bad news is that although the percentage of bot traffic has lessened from 39% in 2021 to 30% in 2023, the nature of these bot attacks has evolved and is taking a more dangerous shape.

The categorisation of bots is broadly classified into two types: good and bad. Good bots are search engine crawlers or content monitors which keep the internet functioning, while bad bots are programmed with ill intentions. These can range from basic scraping to advanced distributed denial-of-service attacks.

An analysis of bot traffic origins in the first six months of 2023 shows that the majority (72%) originated from the U.S., followed by the U.A.E (12%), Saudi Arabia (6%), Qatar (5%) and India (5%). Barracuda researchers, however, caution that these figures are skewed towards the U.S., with 67% of the traffic from bad bots hailing from public cloud data centres’ IP ranges.

The researchers further highlighted that the bulk of harmful bot traffic originates from two major public clouds, AWS and Azure. This could be because setting up an account with these service providers is free and relatively easy. Attackers use them to orchestrate bad bot attacks, the report suggests.

The study also discovered that a third of bad bot traffic is generated from residential IP addresses. This is typically a veil, with bot creators using these residential IPs through proxies in a bid to bypass IP blocks and remain undetected.

Reflecting on the findings, Mark Lukie, Director of Solution Architects at Barracuda, Asia-Pacific, says: “The findings show that bots are getting cleverer, and attacks against APIs are increasing. This is likely due to many organisations having weak authentication…

Source…

WatchGuard report reveals decline in malware despite more campaigns

/in


A recent Internet Security Report by WatchGuard Technologies, a global leader in unified cybersecurity, has unveiled some startling trends in the realm of cyber threats. The report, which analysed data from Q2 2023, highlights a decrease in endpoint malware volumes even as campaigns grow more expansive. It also points to a rise in double-extortion attacks and the continued exploitation of older software vulnerabilities by threat actors.

Corey Nachreiner, chief security officer at WatchGuard, emphasised the evolving nature of cyber threats. “The data analysed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively,” he said. Nachreiner added that there is “no single strategy that threat actors wield in their attacks” and organisations must employ a “unified security approach” for their best defence.

One of the most alarming findings is that 95% of malware now arrives over encrypted connections. This means that organisations not inspecting SSL/TLS traffic at their network perimeter are likely missing most malware. The report also found that zero-day malware dropped to an all-time low of 11% of total malware detections. However, the share of evasive detections increased to 66% when inspecting malware over encrypted connections.

In terms of endpoint malware, the volume has decreased by a slight 8% in Q2 compared to the previous quarter. Despite this, detections increased in volume by 22% and 21% when caught by 10 to 50 systems or 100 or more systems, respectively. “The increased detections among more machines indicate that widespread malware campaigns grew from Q1 to Q2 of 2023,” the report stated.

Double-extortion attacks have seen a significant rise, increasing 72% quarter over quarter. This comes even as ransomware detections on endpoints declined by 21% quarter over quarter and 72% year over year. The Threat Lab also noted the emergence of 13 new extortion groups.

The report also highlighted the resurgence of Glupteba, a multi-faceted loader, botnet, information stealer, and…

Source…