Attacks

DDoS attacks are of varying lengths of time and can be identified by:• Unusually slow network performance (opening files or accessing websites).• Unavailability of a particular website or the inability to access any website.To mitigate a DDoS attack:• Enroll in a Denial-of-Service protection service that detects abnormal traffic flows and redirects traffic away from the network.• Create a partnership with the local internet service provider (ISP) prior to an event and work with the ISP…

Read More

To minimize the effect of ransomware attacks, organizations should regularly back up their data and keep secure copies offline. It is also important to keep systems up to date with patches and anti-virus software. A 24/7 monitoring solution like the one that is offered by Binary Defense and the Security Operations Center should be considered when determining a defense solution as well. Monitoring for network intrusions and reporting suspicious activity can greatly reduce the effects…

Read More

The investigation also discovered that misconfigured security products submit every link they receive via emails to urlscan.io as a public scan. A malicious actor may use the scan results to launch password reset links for the compromised email addresses, capture the URLs, and use those links to take control of the accounts. The adversary can look up the specific services registered using the target email addresses on data breach reporting websites, like Have I Been…

Read More

Standard phishing defense tactics apply in this situation. Users should always take a close look at the sender’s display name when checking the legitimacy of an email. Most companies use a single domain for their URLs and emails, so a message that originates from a different domain is a red flag. It is also important to check for mismatched URLs. While an embedded URL might seem perfectly valid, hovering above it might show a different…

Read More

BEC attacks account for a very small percentage of phishing emails that are targeting companies worldwide yet is still a multibillion-dollar issue. Organizations should adapt policies to prevent BEC scams from being executed, including a verification process for all business transactions or money transfers. Because it is so easy for a threat actor to set up a typo-squatted domain, this verification should take place in person or over the phone. Companies can work to prevent…

Read More

This campaign highlights the ever-growing threat of supply-chain attacks. Typically, when browsing a newspaper website, the end user feels as if the site is reputable and secure. Combining this with a fake update alert from SocGholish, many users may trust this alert and fall victim to the threat actor. This form of phishing, while it can be completed at a much smaller scale, is amplified by the undisclosed media company compromise, as it allows the…

Read More

Customers of Vodafone Italia should remain vigilant moving forward, as they could possibly become targets of phishing campaigns, digital financial fraud, or other forms of identity theft. The partner company, FourB, cut off access to the compromised servers and has indicated they will take steps to improve their security posture moving forward. https://www.bleepingcomputer.com/news/security/vodafone-italy-discloses-data-breach-after-reseller-hacked/?&web_view=true

Read More

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).• Install updates/patch operating…

Read More

It is highly recommended to avoid downloading executables from suspicious looking websites or running attachments received over email. These are the two of the most common methods of distributing malware, so avoiding these two actions can help prevent a user from being infected by most types of malware. It is also recommended to implement and maintain good security controls, such as an EDR, on all devices within an organization. Since Laplas appears to be distributed…

Read More