Researchers have discovered a cryptojacking campaign exploits an old vulnerability in Cacti’s Network Weathermap plug-in, an open source tool which is used by network administrators to visualize network activity. The vulnerability was disclosed in April 2013 and the patch has been available for almost five years, but attackers are still using it to help mine cryptocurrency in 2018. Patrick Bedwell, VP at Lastline commented below. Patrick Bedwell, VP at Lastline: “Threat actors target old vulnerabilities because patch deployment is a difficult and not very sexy aspect of security. Vendors issue patches, but they can’t force users to deploy them. Consequently, attacks target those old vulnerabilities…
ISBuzz Team
Does a life of cybercrime really pay, as per Armor’s Black Market Report (released yesterday), exposing the hacker underground and detailing popular tools and services cybercriminals are peddling, as well as what types of data hold the most value. For three months, Armor’s Threat Resistance Unit (TRU) research team compiled and analyzed data from the black market to shed light on the type of activity threat actors are participating in and how underground forums operate in the burgeoning industry. Ilia Kolochenko, CEO at High-Tech Bridge commented below. Ilia Kolochenko, CEO at High-Tech Bridge: “Unfortunately, there nothing substantially new in the report.…
The IoT explosion: what can network operators learn from SMS when implementing IoT The Internet of Things market is growing at an exponential rate. It’s set to quadruple in size, growing from $900 billion in 2014 to $4.3 trillion by 2024[i], with more than 30 billion connected devices in use. But the huge number of devices and subscribers accessing the network will have consequences for operators. Operators will need to prioritise traffic – can you imagine if the smart grid were to stop working to prioritise advertising boards? If you think back 20+ years, this could be likened to the advent…
Recent ransomware attacks are raising the need for organisations to be more compliant. With EU’s General Data Protection Regulations (GDPR) due to come into effect in May 2018, now is the time to ensure your operation is a secure environment. According to the Gowling WLG Digital Risk Calculator, three quarters of surveyed European business leaders now consider security breach as a high risk to their business. Europol recently reported that global ransomware attacks soared by over 11 percent in the 12 months to March 2017. Ransomware preys on emotion, directly extracting money from individual victims or entire organisations. Cybercriminals infect…
Responding to the disclosure by Orbitz that hackers may have gained access to 880,000 payment card numbers stored on a legacy system and used by members to used to book travel through the site and Orbitz partners, a STEALTHbits cybersecurity expert commented below. Jonathan Sander, CTO at STEALTHbits Technologies: “Orbitz and Expedia are companies born on the internet, but they are clearly not immune to the oldest IT flaws in security fundamentals. IT has been building new systems without ever killing off the old ones since the beginning of technology. Sometimes this is because those systems are business critical (looking at you mainframes). Sometimes it’s simple inertia…
New research released today has illustrated the fact that Infosec executives view ransomware and DDoS attacks as the biggest security threat to their organisations. Eyal Benishti, CEO & Founder at IRONSCALES commented below. Eyal Benishti, CEO & Founder at IRONSCALES: “It is surprising to see infosec executives seemingly discount phishing as one of, if not the biggest, security threats an organisation can face. Phishing attacks remain the most popular attack vectors for cybercriminals, and the proof of their success really is in the pudding with 90-95% of all successful cyberattacks in 2017 can be traced back to a phishing email. The reality is…
New Research From Balabit Reveals More Than A Quarter Of Companies Expect To Be Breached In The Next Six Months Less than half of businesses are fully confident that they would know if a breach had happened or how, according to Balabit’s global research report Nearly four in five companies (79%) were hit by a breach in the last year, according to new research from Balabit, a leading provider of Privileged Access Management and Log Management solutions. The report, titled The Known Unknowns of Cyber Security, also revealed that seven out of ten (68%) businesses expect to be impacted by…
Security Operation Centers face a flood of excessive alerts and are working with outdated metrics that are leading to alert fatigue for many security operation centers (SOC) according to a new study released by Fidelis Cybersecurity.* Bob Noel, Director of Strategic Relationships and Marketing at Plixer commented below. Bob Noel, Director of Strategic Relationships and Marketing at Plixer: “High volumes of false positives create significant risk to organizations. Analysts who are constantly investigating false alarms become desensitized to the urgency of each effort, losing focus and potentially missing real events. There are a few important directions the industry must take…
Following Google’s announcement today of new security features for the Google Cloud Platform, with the intent of giving businesses more control over their security environment, IT security experts commented below. Anthony James, Chief Marketing Officer at CipherCloud: “Cloud adoption is ramping rapidly and the adoption of cloud-based applications has entered the mainstream. Each cloud vendor has a variety of cloud controls, but this gets very complicated as enterprises scale their applications across multiple clouds. As we saw very recently with the Amazon cloud breaches involving Walmart and then subsequently with Federal Express, your data may be exposed due to human error or other unforeseen…
Legacy Cybersecurity Defenses Won’t Keep Pace with New Ransomware and Cryptojacking Threats Findings from the 2018 Webroot Threat Report Reveal the Increasing Sophistication of Phishing, Malware, and Cryptojacking Webroot, the Smarter Cybersecurity® company, revealed the results from the 2018 edition of its annual threat report, which demonstrated attackers are constantly trying new ways to get around established defenses. The data, collected throughout 2017 by Webroot, illustrates that attacks such as ransomware are becoming a worldwide threat and are seamlessly bypassing legacy security solutions because organizations are neglecting to patch, update, or replace their current products. The findings showcase a dangerous,…
