Search results for cyber attack | Breaking Cybersecurity News | The Hacker News

Ransomware: contemporary threats, how to prevent them and how the FBI can help In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the internet's most severe security crisis. The Ransomware Landscape Ransomware has existed for more than 30 years, but it became a lucrative source of income for cyber actors and gangs in the past decade. Since 2015, ransomware gangs have been targeting organizations instead of individuals. Consequently, ransom sums have increased significantly, reaching millions of dollars. Ransomware is effective because it pressures victims in two, complementary ways. First, by threatening victims to destroy their data. Second, by threatening to publicize the attack. The s...

China has something very impressive that we are not aware of. The country has a powerful and previously unknown weapon that its government is using to bolster their cyber attack capabilities: Dubbed " The Great Cannon. " INTERNET CENSORSHIP IN CHINA When I talk about Internet censorship, it is incomplete if I don't mention China. China is famous for its Great Wall of China and Great Firewall of China . The censoring of Internet access and blocking an individual website in China by its government, known as the Great Firewall of China. But, why the Chinese government does that? The answer is very simple: The Chinese government restricts those contents it deems sensitive for its country's so-called democracy. It illegalize certain online speech and activities, block selected websites, and filter keywords out of searches initiated from computers located in Mainland China. The worse: Those Chinese citizens who offend authorities against Int...

Just Imaging — What if, you enter into your home from a chilling weather outside, and the heating system fails to work because of a cyber attack, leaving you in the sense of panic? The same happened late last month when an attack knocks heating system offline in Finland. Last week, a Distributed Denial of Service (DDoS) attack led to the disruption of the heating systems for at least two housing blocks in the city of Lappeenranta, literally leaving their residents in subzero weather. Both the apartments are managed by a company called Valtia, a facilities services company headquartered in Lappeenranta. Valtia CEO Simo Rounela confirmed to English language news outlet Metropolitan.fi that the central heating system and hot water system in both buildings had become a target of DDoS attacks. In an attempt to fight back the cyber attacks, which lived for a short time, the automated systems rebooted — and unfortunately got stuck in an endless loop, which restarted repeatedly a...

The infamous hacking group Anonymous that vowed an ' Electronic Holocaust ' against Israel and promised to 'erase Israel from cyberspace' on 7th April, managed to launch a cyber attack, beginning Tuesday morning. In a spooky video " message to Israel " posted on YouTube March 4 , Anonymous declared cyber attack against Israel on April 7 in response to what the group calls ' crimes in the Palestinian territories. ' Today we noticed a number of hacking incidents against Israeli cyberspace under #OpIsrael . Anonymous conduct #OpIsrael attack against Israel every year on 7th April and this is the fourth annual cyber attack on Israel in order to protest against Israeli bombing on the Palestinian territory. CYBER ATTACKS AGAINST ISRAEL Today, Anonymous and Pro-Palestinian hackers targeted dozens of Israeli Government websites , including the Knesset portal (parliament), as well as websites related to the Israeli court system and the ...

Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers move through their environment. This is where attack graphs come in. By mapping potential attack paths, they offer a more strategic way to identify and mitigate risk. In this article, we'll explore the benefits, types, and practical applications of attack graphs. Understanding Attack Graphs An attack graph is a visual representation of potential attack paths within a system or network. It maps how an attacker could move through different security weaknesses - misconfigurations, vulnerabilities, and credential exposures, etc. - to reach critical assets. Attack graphs can incorporate data from various sources, continuously update as environments change, and model real-world attack scenarios. ...

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and active security controls.  However, the evolving cyber threat landscape can challenge even the most fortified defenses. Despite the widespread adoption of the Defense-in-Depth strategy, cyber threats persist. Fortunately, the Defense-in-Depth strategy can be augmented using Breach and Attack Simulation (BAS), an automated tool that assesses and improves every security control in each layer. Defense-in-Depth: False Sense of Security with Layers Also known as multi-layered defense, the defense-in-depth strategy has been widely adopted by organizations since the early 2000s. It's based on the assumption th...

A story has been making the rounds on the Internet since yesterday about a cyber attack on an Indian nuclear power plant. Due to some experts commentary on social media even after lack of information about the event and overreactions by many, the incident received factually incorrect coverage widely suggesting a piece of malware has compromised "mission-critical systems" at the Kudankulam Nuclear Power Plant . Relax! That's not what happened. The attack merely infected a system that was not connected to any critical controls in the nuclear facility. Here we have shared a timeline of the events with brief information on everything we know so far about the cyberattack at Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu. From where this news came? The story started when Indian security researcher Pukhraj Singh tweeted that he informed Indian authorities a few months ago about an information-stealing malware, dubbed Dtrack, which successfully hit "extre...

British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency (NCA) said . The teenager, who's from Walsall, is said to have been arrested on September 5, 2024, following an investigation that was launched in the incident's aftermath. The law enforcement agency said the unnamed individual was questioned and subsequently let go on bail. "Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems," Deputy Director Paul Foster, head of the NCA's National Cyber Crime Unit, said. "The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co...

In the last two weeks, Florida has paid more than $1.1 million in bitcoin to cybercriminals to recover encrypted files from two separate ransomware attacks—one against Riviera Beach and the other against Lake City . Lake City, a city in northern Florida, agreed on Monday to pay hackers 42 Bitcoin (equivalent to $573,300 at the current value) to unlock phone and email systems following a ransomware attack that crippled its computer systems for two weeks. The ransomware attack, dubbed "Triple Threat" since it combines three different methods of attack to target network systems, infected Lake City systems on June 10 after an employee in city hall opened a malicious email. Though the IT staff disconnected computers within just 10 minutes of the cyber attack starting, it was too late. The attack locked down the city workers' email accounts and servers. Since the police and fire departments operate on a different server, they were the only ones not impacted by the a...

No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia. "As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down," Oleg Nikolenko, MFA spokesperson,  tweeted . The Security Service of Ukraine, the country's law-enforcement authority,  alluded  to a possible Russian involvement, pointing fingers at the hacker groups associated with the Russian secret services while branding the intrusions as a supply chain attack that involved hacking the "infrastructure of a commercial company that had access to the rights to administer the web resources affected by the attack." Prior to the update from the SSU, the Ukrainian CERT claimed that the attacks may have exploited a security vulnerability in Laravel-based October CMS ( CVE-2021-32648 ), which cou...

Not all security teams are born equal. Each organization has a different objective. In cybersecurity, adopting a proactive approach is not just a buzzword. It actually is what makes the difference between staying behind attackers and getting ahead of them. And the solutions to do that do exist! Most attacks succeed by taking advantage of common failures in their target's systems. Whether new or not, known, unknown, or even unknown, attacks leverage security gaps such as  unpatched or uncharted vulnerabilities, misconfigurations, out-of-date systems, expired certificates, human errors, etc. As attackers rely on a range of automated offensive testing tools to scan their targets' attack surfaces and propagate inside their network, a purely reactive defensive stance based on detection and response is increasingly likely to be overwhelmed by an attack. The logical tactical move is to emulate attackers' TTPs and behaviors beforehand by integrating attack simulation tools to...

Microsoft has become the latest victim of to Cyber attack and confirm that small number of its computers, including some in its Mac software business unit, were infected with malware . Microsoft added , malicious software used in a cyber attack is very similar to those experienced by Facebook and Apple recently. Microsoft gave few other details about the break-in, " We have no evidence of customer data being affected and our investigation is ongoing. " " During our investigation, we found a small number of computers, including some in our Mac business unit that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing, " Microsoft said. " This type of cyber attack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries ," the company said. Last week, Apple said its...

The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some  Akin Gump Strauss Hauer & Feld LLP's  law firm clients, for example, reported a three-fold increase in insurance rates, and carriers are making "a huge pullback" on coverage limits in the past two years. Their cybersecurity practice co-head, Michelle Reed, adds, "The reduced coverage amount can no longer shield policyholders from cyber losses. A $10 million policy can end up with a $150,000 limit on cyber frauds." The cyber-insurance situation is so concerning that the U.S. Treasury Department recently issued a  request for public input  on a potential federal cyber-insurance response program. This request is in addition to the assessment led conjointly by the Federal Insura...

Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected security gaps, attackers can establish a foothold, leveraging these weaknesses to penetrate the primary business partners' network. From there, they move laterally through critical systems, ultimately gaining access to sensitive data, financial assets, intellectual property, or even operational controls. Recent high-profile breaches like the 2024 ransomware attack that hit Change Healthcare, one of the world's largest health payment processing companies, demonstrate how attackers disrupted supply chain operations stealing up to 6TB of millions of patients' protected health information (PHI)....