ddos attack | Breaking Cybersecurity News | The Hacker News

The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024. "The law, known as the  Product Security and Telecommunications Infrastructure act  (or PSTI act), will help consumers to choose smart devices that have been designed to provide ongoing protection against cyber attacks," the NCSC  said . To that end, manufacturers are required to not supply devices that use guessable default passwords, provide a point of contact to report security issues, and state the duration for which their devices are expected to receive important security updates. Default passwords can not only be easily found online, they also act as a vector for threat actors to log in to devices for follow-on exploitation. That said, a unique default password is permissible under the law. The law, which aims to enforce a set of minimum security standards across the b

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos  said . Successful attacks could pave the way for unauthorized network access, account lockouts, or denial-of-service conditions, the cybersecurity company added. The attacks, said to be broad and opportunistic, have been observed targeting the below devices - Cisco Secure Firewall VPN  Check Point VPN Fortinet VPN SonicWall VPN RD Web Services  MikroTik  Draytek  Ubiquiti  Cisco Talos described the brute-forcing attempts as using both generic and valid usernames for specific organizations, with the attacks indiscriminately targeting a wide range of sectors across geographies. The source IP addresses for

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency  attributed  the campaign to a threat actor it calls  UAC-0027 . DirtyMoe , active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks. In March 2022, cybersecurity firm Avast revealed the malware's ability to propagate in a worm-like fashion by taking advantage of known security flaws. The DDoS botnet is known to be delivered by means of another malware referred to as  Purple Fox  or via bogus MSI installer packages for popular software such as Telegram. Purple Fox is also  equipped with a rootkit  that allows the threat actors to  hide the malware  on the machine and make it difficult to detect and remove. The exact initial access vector used in the campaign targeting Ukraine is currently unknown. CERT-UA is recommending that organiza

The threat actor behind a peer-to-peer (P2P) botnet known as  FritzFrog  has made a return with a new variant that leverages the  Log4Shell vulnerability  to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security company Akamai said in a report shared with The Hacker News. FritzFrog,  first documented  by Guardicore (now part of Akamai) in August 2020, is a Golang-based malware that primarily targets internet-facing servers with weak SSH credentials. It's known to be active since January 2020. It has  since evolved  to strike healthcare, education, and government sectors as well as improved its capabilities to ultimately deploy cryptocurrency miners on infected hosts, claiming more than 1,500 victims over the years. What's novel about the latest version is the use of the Log4Shell vulnerability a

As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore's broad, internationally distributed network of scrubbing centers allows them to follow attack trends over time. Read on to learn about DDoS attack trends for Q3–Q4 of 2023, and what they mean for developing a robust protection strategy in 2024. Gcore's Key Findings DDoS attack trends for the second half of 2023 reveal alarming developments in the scale and sophistication of cyberthreats. Unprecedented Attack Power The past three years have brought about a >100% annual increase in DDoS peak (registered maximum) attack volume: In 2021, the peak capacity of DDoS attacks was  300 Gbps In 2022, it increased to  650 Gbps In Q1–Q2 of 2023, it increased again to  800 Gbps In Q3–Q4 of 2023, it surged to  1600 Gbps  (1.6 Tbps) Notably, the jump in H2 of 2023 means the cybersecurity industry is measuring DDoS a

The environmental services industry witnessed an "unprecedented surge" in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare said in its DDoS threat report for 2023 Q4 published last week. "This surge in cyber attacks coincided with  COP 28 , which ran from November 30th to December 12th, 2023," security researchers Omer Yoachimik and Jorge Pacheco  said , describing it as a "disturbing trend in the cyber threat landscape." The uptick in HTTP attacks targeting environmental services websites is part of a larger trend observed annually over the past few years, specifically during COP 26 and COP 27, as well as other United Nations environment-related resolutions or announcements. "This recurring pattern underscores the growing intersection between environmental issues and cyber security, a nexus that is increasingl

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called  GoTitan  as well as a .NET program known as  PrCtrl Rat  that's capable of remotely commandeering the infected hosts. The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0) that has been  weaponized  by various hacking crews, including the  Lazarus Group , in recent weeks. Following a successful breach, the threat actors have been observed to drop next-stage payloads from a remote server, one of which is GoTitan, a botnet designed for orchestrating distributed denial-of-service (DDoS) attacks via protocols such as HTTP, UDP, TCP, and TLS. "The attacker only provides binaries for x64 architectures, and the malware performs some checks before running," Fortinet Fortiguard Labs researcher Cara Lin  said  in a Tuesday analysis. "It also creates a file named &#

Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation of the country's energy sector were targeted in May 2023.  "22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace," Denmark's SektorCERT  said  [PDF]. "The attackers knew in advance who they were going to target and got it right every time. Not once did a shot miss the target." The agency said it found evidence connecting one or more attacks to Russia's GRU military intelligence agency, which is also tracked under the name  Sandworm  and has a track record of orchestrating disruptive cyber assaults on industrial control systems. This assessment is based on artifacts communicating with IP addresses that have been traced to the hacking crew. The unprecedented and coordinated cyber attacks took place on

Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The  layer 7 attacks  were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative susceptibility to this attack is being tracked as  CVE-2023-44487 , and carries a CVSS score of 7.5 out of a maximum of 10. While the attacks aimed at Google's cloud infrastructure peaked at  398 million requests per second  (RPS), the ones that struck AWS and Cloudflare exceeded a volume of 155 million and 201 million RPS, respectively. HTTP/2 Rapid Reset refers to a zero-day flaw in the HTTP/2 protocol that can be exploited to carry out DDoS attacks. A significant feature of HTTP/2 is multiplexing requests over a single TCP connection, which manifests in the form of concurrent streams. What's more, a client that wants to abort a request can

Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. "Attackers can utilize their own Cloudflare accounts to abuse the per-design trust-relationship between Cloudflare and the customers' websites, rendering the protection mechanism ineffective," Certitude researcher Stefan Proksch  said  in a report published last week. The problem, per the Austrian consulting firm, is the result of shared infrastructure available to all tenants within Cloudflare, regardless of whether they are legitimate or otherwise, thereby making it easy for malicious actors to abuse the implicit trust associated with the service and defeat the guardrails. The first issue stems from opting for a shared Cloudflare certificate to authenticate HTTP(S) requests between the service's reverse proxies and the customer's o

The  Internet of Things (IoT)  is transforming efficiency in various sectors like healthcare and logistics but has also introduced new security risks, particularly IoT-driven DDoS attacks. This article explores how these attacks work, why they're uniquely problematic, and how to mitigate them. What Is IoT? IoT (Internet of Things) refers to online, interconnected devices that collect and exchange data. This broad category of devices includes sensors, cameras, network routers, and advanced machinery, and their integration into everyday life and work processes results in an ecosystem that can automate operations, improve decision-making, and enhance user experience. IoT: A Breeding Ground for Botnets IoT's rapid adoption amplifies its vulnerability, as poorly secured devices become easy prey for attackers and may become part of a botnet. Controlled by attackers, botnets can scale and rapidly execute various attacks, including DDoS, data theft, ad fraud, cryptocurrency mining, spam a

There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in 2007, when Estonia was hit by hackers targeting its government and commercial sector, has evolved into cyber warfare that is being waged constantly worldwide. Today, cyberattacks have become the norm, transforming how we think about war and international conflict as a whole.  From the 2009 South Korea DDoS attacks to the 2010 attacks on Burma and the 2016 US election interference attacks on the Democratic National Committee, the list of historical cyberwarfare incidents continues to expand. The main players? Nation-state-supported cybercriminal groups and organizations linked to Russia, North Korea, China, and several countries in the Middle East. This report dives into three top cyberwarfare trends in an effort to understand their impact. Russia: The Cyber Invasion of Ukraine  On August 31, 2023, Five Eyes Agency — an intelligence alliance network composed of agencie