The list of MOVEit hack victims continues to grow. Nickelodeon says breach contained decades old data. What nonprofits need to know about world privacy protections. Read More
The CyberWire
The all in one place for non-profit security aid.
The list of MOVEit hack victims continues to grow. Nickelodeon says breach contained decades old data. What nonprofits need to know about world privacy protections. Read More
The CyberWire
The Rise of DDoS Attacks in Q3, 2023: Are You Prepared?
The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries.
Over 41% of websites have shown signs of DDoS attacks in the last quarter.
The increased reliance on digital platforms, services, and remote work has provided more opportunities for attackers and led to a surge in DDoS attacks worldwide.
The impact of DDoS attacks extends beyond geographical boundaries. A significant number of these attacks originate from India. Subsequently, the United States, Germany, the UK, and Singapore experienced heightened activity, becoming key battlegrounds for these disruptive attacks.
Here’s a compilation of the Top 10 countries from which DDoS attacks were observed:
DDoS attacks can cause severe and lasting problems for businesses. First, these attacks can make a company’s website and services stop working for a long time. This downtime not only means the company loses money but also makes customers lose trust and damages its reputation.
DDoS attacks also make it harder for the IT team to do their regular job. They have to stop what they’re doing to deal with the attack, which slows down the company’s work and makes it less efficient.
Stopping and preventing DDoS attacks costs a lot of money. Companies must spend more on cybersecurity to ensure it doesn’t happen again. These problems can hurt a company’s reputation and how well it works.
Finally, DDoS attacks are often used as cloaking attacks to run more complex attacks and exfiltrate data or install malware as the IT team tries to mitigate the DDoS threats.
The surge in new techniques, the rise of DDoS as a service, the expansion of attack vectors, and access to more potent botnets have resulted in unprecedented DDoS attacks.
A recent attack on Microsoft is a stark reminder of the threat DDoS poses to organizations, irrespective of their size and resources. Microsoft confirmed widespread disruptions to services like Microsoft 365 and Azure resulted from DDoS attacks orchestrated by a threat actor known as “Storm-1359” or Anonymous Sudan. This group employed advanced techniques to overcome previous mitigation strategies, including Slowloris and cache bypass attacks.
Anonymous Sudan, a hacktivist group from Sudan, has been conducting politically and religiously motivated denial-of-service attacks since January 2023. The group, which claims responsibility for DDoS attacks against Asian and European targets, is associated with the tags #OpSweden and #OpDenmark.
Anonymous Sudan is involved in data theft and sales, claiming unauthorized access to the Air France website on March 19, 2023. The group’s attacks are characterized by Web DDoS attacks, combining alternating waves of UDP and SYN floods.
Leveraging tens of thousands of unique source IP addresses, they generate UDP traffic of up to 600Gbps and HTTPS request floods of several million RPS. Anonymous Sudan employs public cloud server infrastructure for attack generation and accessible, open proxy infrastructures to conceal and randomize their source.
A DDoS attack utilizing the HTTP/2 Rapid Reset flaw reached 100 million RPS, exploiting vulnerability CVE-2023-44487. Primary cloud services, including AWS, Cloudflare, Google Cloud, and Fastly, faced an attack peaking at 250 million RPS for three minutes.
Cloud-based botnets leveraging this flaw could amplify attacks 5,000 times per node, significantly impacting gaming, IT, cryptocurrency, software, and telecom industries.
OpenAI experienced intermittent disruptions in its API and ChatGPT services due to DDoS attacks, leading to user errors. The outages, including a significant ChatGPT outage and increased errors in DALL-E, were unofficially attributed to Anonymous Sudan.
To mitigate the potential downtime linked to DDoS incidents and stay one step ahead of malicious actors, consider implementing the following DDoS mitigation best practices:
Implement a robust cloud-based DDoS protection service for real-time, automated, and accurate defense against web DDoS attacks.
Opt for a DDoS protection solution that employs behavioral analysis instead of relying solely on predefined rules or signatures.
The solution should be able to detect and mitigate attacks without causing disruptions, maintaining a secure online environment for users.
Avoiding false positives is a primary challenge in DDoS mitigation, as mistakenly blocking legitimate user traffic can adversely affect user experience. To counter this, numerous businesses operate their DDoS protection in detection mode (log only), preventing inadvertent blocks of legitimate traffic.
AppTrana’s DDoS protection stands out by basing decisions on behavioral analysis, moving beyond reliance on predefined rules or signatures. This approach significantly ensures zero false positives.
Minimize the surface area exposed to potential attackers by implementing security measures such as network segmentation, firewall rules, and access controls. Reducing the attack surface limits the options for attackers to orchestrate DDoS attacks.
Set thresholds for the maximum allowable traffic rates to mitigate the impact of volumetric DDoS attacks. This strategy can help prevent network congestion and service degradation during an attack by capping the incoming traffic to a manageable level.
Utilize Anycast DNS to distribute incoming traffic across multiple servers in different locations. This helps distribute the load, making it difficult for attackers to overwhelm a single point and enhancing your online services’ resilience.
Keep all software, including DDoS protection solutions, updated with the latest patches and updates. Regularly updating systems ensures that vulnerabilities are addressed, reducing the likelihood of exploitation by attackers.
The post The Rise of DDoS Attacks in Q3, 2023: Are You Prepared? appeared first on Cyber Security News.
Cyber Security News
Texas Tech University System data breach impacts 1.4 million patients
The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. […] Read More
Malware Trends 2024: Lessons From 2023 – A Detailed Report
As the new year kicks off, it’s time to take a retrospective look at the past year’s malware landscape. Let’s see what the top malware families, Types, Tactics, Techniques, and Procedures (TTPs) used by attackers in 2023 can tell us about what to expect in 2024.
We utilized data from ANY to gain insights into the cybersecurity threats of 2023. ANY.RUN, a malware analysis sandbox. This service analyzes thousands of files and links users submit worldwide, providing valuable information on emerging and persistent threats.
In Q4 2023 alone, ANY.RUN analyzed over 748,000 files and links, identifying over 210 million indicators of compromise (IOCs).
Document
Analyse Shopisticated Malware with ANY.RUN
Try ANY.RUN Yourself with a 14-day Free Trial
More than 300,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior..
In 2023, ANY.RUN detected most malware as three different types, with loaders leading the way and stealers and RATs following.
Loaders, the gateway for more sophisticated malware, remained a significant threat throughout the year.
Their primary function is to download and install malicious payloads onto infected systems, often opening the door for further attacks. The increasing accessibility of loaders and the decreasing price tag will likely make them a persistent threat in 2024.
In a notable development, stealers, which focus on stealing financial information and personal data, became the second most prevalent malware type in 2023 despite significantly surging in Q4 with 6,662 detections.
They are poised to remain a major concern in 2024, particularly as cybercriminals seek to exploit the growing reliance on online banking and e-commerce.
RATs, which grant attackers remote access to and control of infected devices, remained the most versatile type of malware, capable of various malicious activities, from data theft to espionage.
Despite earning their spot as the most common malware type in Q2, they only became #3 in 2023. RATs are expected to become more prevalent in 2024 as attackers continue to exploit their effectiveness for various malicious purposes.
Four of the top five malware families in 2023 were remote access Trojans (RATs), largely dominating the malware family landscape.
Remcos (1,385 detections in Q1) and AgentTesla (1,769 detections in Q4) were the two most prevalent examples, closely followed by NjRAT and AsyncRAT.
The popularity of the first two can be attributed to several factors, including ongoing developer support, affordable pricing, and a diverse range of malicious capabilities.
Having been in operation for over 8 years, Remcos and AgentTesla are positioned to remain significant threats in 2024.
However, the title of most popular malicious software of the year went to the Redline stealer, with the largest number of instances detected by ANY.RUN in Q2.
Operable on a malware-as-a-service (MaaS) model, Redline’s ease of use and affordable subscription make it a preferred choice for cybercriminals worldwide.
Its extensive arsenal, including data theft, keylogging, file exfiltration, and loader functionalities, ensures its continued prominence in 2024.
In Q4, ANY.RUN discovered the use of T1036.005 in over 98,500 malicious samples.
Attackers frequently mimic legitimate file names to appear trustworthy and avoid detection. Due to its effectiveness and ease of use, it will likely remain prevalent in 2024.
T1218.011 is another popular TTP that exploits Rundll32, a legitimate Windows DLL, to execute malicious code, allowing attackers to bypass security measures that typically protect against unsigned code execution. Since it remains a reliable method for executing malicious code without triggering security alerts, it will retain popularity in 2024.
Ranking third with 20,097 detections in Q4, T1059.003 is based on the abuse of the Windows Command Shell to execute commands and scripts on compromised systems.
It is often used to install malware, steal data, and escalate privileges. Its versatility will likely help it sustain its position as a top TTP in 2024.
T1036.003 deserves special attention because, despite coming in sixth place overall, it became a crucial TTP that attackers used in Q3 and Q4 of 2023.
This technique allows attackers to bypass security solutions by renaming system utilities. Having gained traction for the past two quarters, T1036.003 stands a good chance of maintaining its popularity in the early stages of 2024.
More than 300,000 analysts use ANY.RUN, a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior.
Try all features of ANY.RUN at zero cost for 14 days with a free trial.
The post Malware Trends 2024: Lessons From 2023 – A Detailed Report appeared first on Cyber Security News.
Cyber Security News