••• All important news related to new attacks and see the solutions we can offer you •••
Web Application Attacks Grow Reliant on Automated ToolsRead the original article here
Cybercriminals targeting Web applications have grown more reliant on automated tools in their attacks, report Barracuda Networks researchers who analyzed two months of attack data.
The top five threat types were dominated by attacks deployed using automated tools, they found. Fuzzing attacks (19.46%) were most prevalent, followed by injection attacks (12.07%), fake bots (12.02%), application distributed denial-of-service (9.29%), and blocked bots (1.2%).
Automated attacks rely on bots to exploit vulnerabilities in Web applications, and there are two classes of attackers who use them. The larger amount of traffic comes from attackers who don't try to target a specific website but deploy automated attacks at scale. Another, smaller group uses automated tools to target e-commerce websites and other sites to generate a profit.
These threats may take the form of fake bots posing as Google bots to avoid detection, or they could manifest as app DDoS attacks trying to crash a website by quietly overloading a Web app. Most attack traffic came from fuzzing, or reconnaissance, tools used to probe apps for bugs.
Do you want to counter the attackers with state of the art automated solutions? Cert2Connect offers various solutions that will enable you Blue team to think and work offensive !
Successful Malware Incidents Rise as Attackers Shift TacticsRead the original article here
Companies relaxed security controls to help employees to be productive during the coronavirus pandemic, leading attackers to shift their tactics and take advantage of the chaos caused by remote work, according to a report published by cloud security firm Wandera on Jan. 15.
Compared with pre-pandemic times, employees were twice as likely to connect to inappropriate content during work hours and more likely to continue accessing email after being compromised with mobile malware, the company states in its "Cloud Security Report 2021." As a result, attackers shifted attacks to the weekends, and 41% more organizations experienced a malware infection on an employee's remote device.
MuddyWater Offensive Attack Against Israel
MuddyWater keeps their offensive behavior and continue to create campaigns against israeli organizations.
The MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including targets in India and the USA. MuddyWater attacks are characterized by the use of a slowly evolving PowerShell-based first stage backdoor we call “POWERSTATS”. Despite broad scrutiny and reports on MuddyWater attacks, the activity continues with only incremental changes to the tools and techniques.
Do you want to make sure your organization is hardened against Muddywater? Ask for a test with Cymulate Breach and Attack Simulation. With this solution you can fully simulate and mimic the attackers behaviour!