Tag Archive for: stay

Mumbai Police Issues Advisory On Email Bombing For Citizens To Stay Safe From Online Threat

/in


The Mumbai police on Friday issued an advisory for citizens on a lurking email bomb cyber attack. An email bomb is a form of net abuse that sends large volumes of email to an address, making the mailbox overflow and overwhelm the server. This smoke screen distracts the attention from important email messages, indicating a security breach.

Methods Of Email Bomb Attack

There are three ways of carrying out an email bomb attack, including mass mailing, linking lists, and zip bombing, according to the advisory.

‘‘Mass mailing consists of sending numerous duplicate emails to the same email address. These types of mail bombs are simple to design but their extreme simplicity means they can be easily detected by spam filters. Email-bombing using mass mailing is also commonly performed as a Distributed Denial-of-Service attack by employing the use of botnets, hierarchical networks of computers compromised by malware and under the attacker’s control,” the advisory states.

The advisory further reads, “As in spamming, the attacker instructs the botnet to send out millions of emails, but unlike normal botnet spamming, the emails are all addressed to only one or a few addresses the attacker wishes to flood,” it said.

“This type of attack is more difficult to defend against than a simple mass-mailing bomb because of the multiple source addresses and the possibility of each infected computer sending a different message or employing stealth techniques to defeat spam filters,” it said, adding that “a zip bomb is a variant of mail-bombing”.

Details On Email Cluster Bomb Attack

“List linking, also known as ‘email cluster bomb’, means signing a particular email address up to several email list subscriptions. The victim then has to unsubscribe from these unwanted services manually. The attack can be carried out automatically with simple scripts,” said the advisory.

“This is easy, almost impossible to trace back to the perpetrator, and potentially very destructive. To prevent this type of bombing, most email subscription services send a confirmation email to a person’s inbox,” it said.

“It is generally advisable not to click…

Source…

Hacking Attempts in the Education Sector Are On the Rise. Here’s How Schools Can Stay Safe from Cyberattacks.

/in


 

Educational institutions are facing a surge in cyberattacks targeting IoT (Internet of Things) devices like IP cameras, network video recorders, and routers, according to recent data published by Check Point Research. In fact, the cybersecurity solutions provider states that there has been a 34% increase in cyberattacks when compared to last year. How can schools and other organizations stay safe from hacking attempts in the education sector?

Experts believe that schools and universities need to focus on vulnerability management. Basically, this process involves the continuous identification and resolution of potential weaknesses or flaws, such as bugs and firewall misconfigurations. These give hackers a chance to steal data and cause harm. Even something as simple as regularly updating software and installing antivirus solutions can help prevent unauthorized access to confidential data like the addresses and medical records of students.

BlueSteel Cybersecurity CEO Ali Allage, who has two decades of experience in leading tech companies, tells us how schools can stay safe from cyberattacks and institute better strategies against hacking attempts in the education sector.

 

Ali’s Thoughts

“So, my thoughts on the topic of the education sector seeing an increase in attacks is not surprising just because of how much the education system had to transition [during] and after covid on technology use. There’s been a lot of quick adoption without necessarily having the right frameworks in order to support remote education or adopting some of the technologies needed for today’s educational world. So, part of that is not having a grasp on vulnerability management, and this is using these tiny devices, like I mentioned [IoT devices] like cameras, [some] of these hardware pieces that sometimes get overlooked on firmware. Making sure that the software that goes to run the hardware are up to date. And, so we’ll see a lot in terms of vulnerability management not necessarily getting the love or attention it needs, or you’ll see that they’re identifying some of the issues — It’s just that the breadth of items that need to be addressed are pretty large and it could be…

Source…

The Definitive Guide to Stay Safer

/in


Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis.

Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last few years, the average time to complete a ransomware attack dropped 94% (from 2019 to 2021). In 2019, the average ransomware attack took over two months from initial access to ransomware deployment. Today it takes less than four days to execute an attack.

The X-Force Definitive Guide to Ransomware can help.

Threat actors continue to adjust their tactics, techniques, and procedures to evade detection. To stay ahead, we refresh the Guide annually to include the latest ransomware research, trends, and attack types. Originally developed by my colleague Limor Kessem in 2017 — who pulled me in as a coauthor — the guide was intended to be a point-in-time document to address the surge in ransomware across geographies and industries.

A bit unexpectedly, the Guide rapidly became one of the hottest publications we do here at X-Force, garnering tens of thousands of downloads and generating a lot of conversation on social media (and several of you have asked how it got started — hence the history lesson!). With that, we’ve refreshed it annually with current data on the evolution of ransomware, types of ransomware attacks — including double-and-triple extortion, and details on each phase of incident response.

Download the Guide

What’s New in the 2023 Definitive Guide to Ransomware

This year, we’ve pulled a handful of other X-Force brainiacs into the author mix — including some of our industry-leading intelligence and research experts — to make the Guide an even more robust and powerful tool in the quest to stay safer from ransomware.

In this year’s edition you’ll find:

  • The X-Force exclusive 5-stage ransomware attack framework,…

Source…

Cyberweapon manufacturers plot to stay on the right side of US

/in


In the summer of 2019, as Paragon Solutions was building one the world’s most potent cyberweapons, the company made a prescient decision: before courting a single customer, best get the Americans on side.

The Israeli start-up had watched local rival NSO Group, makers of the controversial Pegasus spyware, fall foul of the Biden administration and be blacklisted in the US. So Paragon sought guidance from top American advisers, secured funding from US venture capital groups and eventually scored a marquee client that eludes its competition: the US government.

Interviews with half a dozen industry figures about the divergent paths of the two companies underline how the shadowy spyware industry is being reshaped around those friendly to American interests.

According to four of those people, the US Drug Enforcement and Administration Agency is among the top customers for Paragon’s signature product nicknamed Graphite.

The malware surreptitiously pierces the protections of modern smartphones and evades the encryption of messaging apps like Signal or WhatsApp, sometimes harvesting the data from cloud backups — much like Pegasus does.

Paragon was set up by Ehud Schneorson, the retired commander of Unit 8200, the Israeli army’s elite signals intelligence arm. According to people familiar with the company, which includes ex-Prime Minister Ehud Barak on its board, has secured investment from two US-based venture capital firms, Battery Ventures and Red Dot.

Paragon, Barak, Battery Ventures and Red Dot declined to comment.

In 2019, even before work on Graphite had been completed, on advice from a retired senior Mossad official, Paragon hired DC-based WestExec Advisors, the influential advisory group staffed by ex-Obama White House officials including Michele Flournoy, Avril Haines and Antony Blinken. Ex-US ambassador to Israel, Dan Shapiro, was also consulted, people with knowledge of the advisory effort said. Shapiro declined to comment.

WestExec said it “advised Paragon on its strategic approach to the US and European markets, as well as the formulation of its industry-leading ethical commitments designed to ensure the appropriate use of its technology,” adding it was “proud…

Source…