Attacks

DDoS attacks are of varying lengths of time and can be identified by:• Unusually slow network performance (opening files or accessing websites).• Unavailability of a particular website or the inability to access any website.To mitigate a DDoS attack:• Enroll in a Denial-of-Service protection service that detects abnormal traffic flows and redirects traffic away from the network.• Create a partnership with the local internet service provider (ISP) prior to an event and work with the ISP…

To minimize the effect of ransomware attacks, organizations should regularly back up their data and keep secure copies offline. It is also important to keep systems up to date with patches and anti-virus software. A 24/7 monitoring solution like the one that is offered by Binary Defense and the Security Operations Center should be considered when determining a defense solution as well. Monitoring for network intrusions and reporting suspicious activity can greatly reduce the effects…

The investigation also discovered that misconfigured security products submit every link they receive via emails to urlscan.io as a public scan. A malicious actor may use the scan results to launch password reset links for the compromised email addresses, capture the URLs, and use those links to take control of the accounts. The adversary can look up the specific services registered using the target email addresses on data breach reporting websites, like Have I Been…

Standard phishing defense tactics apply in this situation. Users should always take a close look at the sender’s display name when checking the legitimacy of an email. Most companies use a single domain for their URLs and emails, so a message that originates from a different domain is a red flag. It is also important to check for mismatched URLs. While an embedded URL might seem perfectly valid, hovering above it might show a different…

BEC attacks account for a very small percentage of phishing emails that are targeting companies worldwide yet is still a multibillion-dollar issue. Organizations should adapt policies to prevent BEC scams from being executed, including a verification process for all business transactions or money transfers. Because it is so easy for a threat actor to set up a typo-squatted domain, this verification should take place in person or over the phone. Companies can work to prevent…

This campaign highlights the ever-growing threat of supply-chain attacks. Typically, when browsing a newspaper website, the end user feels as if the site is reputable and secure. Combining this with a fake update alert from SocGholish, many users may trust this alert and fall victim to the threat actor. This form of phishing, while it can be completed at a much smaller scale, is amplified by the undisclosed media company compromise, as it allows the…

Customers of Vodafone Italia should remain vigilant moving forward, as they could possibly become targets of phishing campaigns, digital financial fraud, or other forms of identity theft. The partner company, FourB, cut off access to the compromised servers and has indicated they will take steps to improve their security posture moving forward. https://www.bleepingcomputer.com/news/security/vodafone-italy-discloses-data-breach-after-reseller-hacked/?&web_view=true