By Waqas
This article delves into the significance of Insider Threat Awareness Month and explores effective strategies that organizations can employ to detect and mitigate these often elusive threats.
This is a post from HackRead.com Read the original post: Insider Threat Awareness Month: Protecting Your Business from Within

As September dawns upon us, so does the annual Insider Threat Awareness Month in the United States. This dedicated month serves as a crucial reminder for organizations to remain vigilant against a potential danger that often lurks within their own ranks – insider threats.

While we’d like to believe that our employees and colleagues are always on the same page when it comes to the security of our organization, reality often paints a different picture. This article delves into the significance of Insider Threat Awareness Month and explores effective strategies that organizations can employ to detect and mitigate these often elusive threats.

**Understanding the Insider Threat**

An insider threat is essentially any potential risk posed to an organization’s security and data integrity by individuals who have access to internal systems, data, and information. These individuals can be employees, contractors, or business partners.

Unlike external threats that are more visible and easier to anticipate, insider threats often go unnoticed until damage has already been done. The motives behind such threats can range from financial gain to personal grudges, and their actions can include data theft, fraud, or unauthorized data access.

Recent years have seen several examples of insider threats that resulted in data breaches and financial damages, including the following:

*   Shopify Suffered Data Breach Because of “Rogue” Employees
*   Insider hack Marriott hotel reservation system; slash rate up to 95%
*   Ex-employee stole secrets of Israeli spyware firm for dark web deals
*   Inside job: Bithumb crypto exchange hacked again; loses $20 million
*   Cola-Cola breach: ex-employee stole hard drive with 8k workers’ data
*   Pervert Yahoo employee hacked 6,000 accounts using internal system
*   HackerOne Fires Employee for Stealing Reports, Collecting Bug Bounties
*   Banker jailed for helping criminals who stole millions using Dridex malware

_The list goes on…_

**Importance of Awareness**

Insider Threat Awareness Month underscores the importance of educating employees and stakeholders about the existence and potential consequences of insider threats. Many individuals within organizations may not even be aware of the risks posed by insiders. Raising awareness through training programs, workshops, and informational campaigns is the first step in preventing insider threats.

**Effective Detection Strategies**

1.  **Behaviour** **Analytics**: Implementing behavioural analytics tools can help organizations detect unusual patterns of behaviour among employees. These tools can monitor activities such as file access, data transfers, and login times to identify anomalies that may indicate a potential threat.
2.  **Access Controls and Least Privilege Principle**: Limiting access rights to only what is necessary for an employee’s role, as per the least privilege principle, can help minimize the potential for insider threats. Regularly reviewing and updating access controls is essential.
3.  **Employee Training**: Conduct regular training sessions that highlight the importance of security protocols and the consequences of insider threats. Employees should be aware of the signs and risks associated with malicious behaviour.
4.  **Incident Response Plans**: Organizations should have well-defined incident response plans in place. These plans should outline steps to be taken in the event of a security breach, including actions specific to insider threats.
5.  **Monitoring and Auditing**: Regularly monitoring and auditing internal systems and data access can help detect suspicious activities early. Automated monitoring tools can alert security teams to potential threats in real-time.
6.  **Employee Assistance Programs (EAPs)**: EAPs can provide employees with a confidential avenue to report concerns or grievances, reducing the likelihood of disgruntled employees resorting to insider threats.

To highlight the importance of Insider Threat Awareness Month, Michael Orozco, Managing Director of SECOPS, Infrastructure, and Innovation at MorganFranklin Consulting, told Hackread.com that,

> _“Many organizations have the tools to prepare for insider threats but often overlook them. Employee agreements typically grant the company rights to monitor activity on company-owned equipment, which can reveal suspicious behaviour like unauthorized data access or unusual web activity. Additionally, AI is increasingly efficient in identifying insider threats by tracking employee behaviour, including typing patterns and keystrokes.”_
> 
> Michael Orozco – MorganFranklin Consulting

To gain a deeper understanding of the grave dangers presented by insider threats and to be able to identify and report suspicious activities promptly, consider exploring the National Insider Threat Awareness Month website hosted by the US government. Additionally, valuable resources can also be found on the web page of the National Insider Threat Task Force.

**Conclusion**

Insider Threat Awareness Month serves as a timely reminder for organizations to take proactive measures against the often underestimated danger of insider threats. By raising awareness, educating employees, and implementing robust detection strategies, organizations can significantly reduce their vulnerability to these internal risks. The key to mitigating insider threats lies in a combination of technology, education, and a culture of security that permeates every level of the organization.

Insider Threat Awareness Month: Protecting Your Business from Within

By Waqas
Another day, another data security incident at Microsoft.
This is a post from HackRead.com Read the original post: Microsoft AI Researchers Expose 38TB of Top Sensitive Data

**KEY FINDINGS**

*   **Microsoft AI researchers accidentally exposed 38 terabytes of private data, including a disk backup of two employees’ workstations, while publishing a bucket of open-source training data on GitHub.**

*   **The backup includes secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.**

*   **The data was exposed due to a misconfigured Shared Access Signature (SAS) token.**

*   **SAS tokens can be a security risk if not used properly, as they can grant high levels of access to Azure Storage data.**

*   **Organizations should carefully consider their security needs before using SAS tokens.**

As part of their ongoing work on accidental exposure of cloud-hosted data, the Wiz Research Team scanned the internet for misconfigured storage containers. In this process, they found a GitHub repository under the Microsoft organization named robust-models-transfer. The repository belonged to Microsoft’s AI research division, whose purpose is to provide open-source code and AI models for image recognition.

After further digging, it was revealed that Microsoft AI researchers accidentally exposed 38 terabytes of private data, including a disk backup of two employees’ workstations, while publishing a bucket of open-source training data on GitHub. The backup included secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.

However, the URL for the repository allowed access to more than just open-source models. It was configured to grant permissions on the entire storage account, exposing additional private data by mistake.

The Wiz scan showed that this account contained 38 terabytes of additional data, including Microsoft employees’ personal computer backups. The backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages from 359 Microsoft employees.

In the hands of threat actors, this data could have been devastating for the technology giant, especially considering the current circumstances. Microsoft has **recently revealed** how malicious elements are eager to exploit Microsoft Teams to facilitate ransomware attacks.

The exposed URL, MS Team Chats and more (Credit: WIZ)

According to Wiz’s **blog post**, in addition to the overly permissive access scope, the token was also misconfigured to allow “full control” permissions instead of read-only. This means that not only could an attacker view all the files in the storage account, but they could delete and overwrite existing files as well.

This is particularly interesting considering the repository’s original purpose: providing AI models for use in training code. The repository instructs users to download a model data file from the SAS link and feed it into a script.

The file’s format was ckpt, a format produced by the TensorFlow library. It’s formatted using Python’s pickle formatter, which is prone to arbitrary code execution by design. This means that an attacker could have injected malicious code into all the AI models in this storage account, and every user who trusts Microsoft’s GitHub repository would’ve been infected by it.

In response to the news, **Andrew Whaley**, Senior Technical Director at the Norwegian cybersecurity firm **Promon** said: “Microsoft may be one of the frontrunners in the AI race, but it’s hard to believe this is the case when it comes to cybersecurity. The tech titan has taken great technological strides in recent years; however, this incident serves as a reminder that even the best-intentioned projects can inadvertently expose sensitive information.”

“Shared Access Signatures (SAS) are a significant cybersecurity risk if not managed with the utmost care. Although they’re undeniably a valuable tool for collaboration and sharing data, they can also become a double-edged sword when misconfigured or mishandled. When overly permissive SAS tokens are issued or when they are exposed unintentionally, it’s like willingly handing over the keys to your front door to a burglar,” Andrew warned.

He emphasised that “Microsoft may well have been able to prevent this breach if they implemented stricter access controls, regularly audited and revoked unused tokens, and thoroughly educated their employees on the importance of safeguarding these credentials. Additionally, continuous monitoring and automated tools to detect overly permissive SAS tokens could have also averted this blunder.”

This is not the first instance of Microsoft exposing such sensitive data. **In July 2020**, the Microsoft Bing server inadvertently exposed user search queries and location data, including distressing search terms related to murder and child abuse content.”

Nevertheless, Wiz researchers informed Microsoft about the data leak on June 22, 2023, and the tech giant secured it by August 16, 2023. The researchers published their report earlier today, once they were assured that all security aspects of the exposed servers had been addressed.

**RELATED ARTICLES**

1.  Leaky database exposes fake Amazon product reviews scam
2.  250 million Microsoft customer support records leaked in plain text
3.  Microsoft investigating Windows XP, Server 2003 source code leak
4.  38 million records exposed in Microsoft Power apps misconfiguration
5.  Sensitive source codes exposed in Microsoft Azure Blob account leak

Microsoft AI Researchers Expose 38TB of Top Sensitive Data

By Deeba Ahmed
The gang used satellite technology to get sports feed and predict match results before bookmakers.
This is a post from HackRead.com Read the original post: Crooks Exploited Satellite Live Feed Delay for Betting Advantage

INTERPOL, Europol, with the help of the Spanish Police, have dismantled a highly sophisticated and organized crime group that was using satellite technology for an unfair betting advantage.

**KEY FINDINGS**

*   **An international operation has dismantled an organized illegal betting and match-fixing syndicate.**

*   **The syndicate exploited satellite technology to obtain an unfair advantage over others while placing bets.**

*   **The gang used its knowledge of the time delay caused when HD feeds were transmitted from stadiums to television screens worldwide.**

*   **Investigators searched four houses and seized two properties, two large satellite dishes and signal receives, three luxury vehicles, 47 bank accounts, 80 cellphones, cash, and counterfeit banknotes worth around €13,000.**

*   **The syndicate bribed the athletes, including players from Romanian football teams, and fixed matches based on their deals.**

A large-scale international operation recently concluded with the dismantling of an organized illegal betting and match-fixing syndicate for exploiting satellite technology to obtain an unfair advantage over others while placing bets. At least 23 individuals have been arrested, including its masterminds and a person involved in manipulating international table tennis events.

The operation was launched in 2020 with the support of Europol, Interpol, Romanian and Spanish national police, and the Spanish tax agency. According to Europol, this criminal network exploited video signals from high-profile sporting events, such as the World Cup 2022, to get an edge in high-speed betting.

The gang used its knowledge of the time delay caused when HD feeds were transmitted from stadiums to television screens worldwide. This 20 to 30-second delay was enough to make monetary gains by making informed bets.

Interpol’s secretary-general, Jurgen Stock, said this was a crafty criminal gang as they benefitted from such a brief time delay.

> “Organized crime groups will exploit the tiniest of gaps given the opportunity. In this case, we’re talking about a 20 or 30-second advantage that led to significant gains.”
> 
> Jurgen Stock – INTERPOL

During the operation, investigators searched four houses and seized two properties, two large satellite dishes and signal receives, three luxury vehicles, 47 bank accounts, 80 cellphones, cash, and counterfeit banknotes worth around €13,000.  

Investigation began in 2020 when Spanish law enforcement agencies detected a gang, operating from Romania and Bulgaria, involved in deceptive betting activities. At that time, they believed the group targeted international table tennis events. They bribed the athletes, including players from Romanian football teams, and fixed matches based on their deals.

Later, investigators detected that the gang used satellite technology to get match results. They received live feeds from games before the information reached legit bookmakers and placed bets knowing what was going to happen next beforehand. 

The group exploited this knowledge and placed bets on almost every prominent sporting event, including South American and Asian football leagues, the UEFA Nations League, Bundesliga games, the 2022 Qatar World Cup, and ITF and ATP tennis tournaments. 

They avoided suspicions by hiring people who placed bets on their behalf and collected winnings for the gang. They also bribed a trader from one of the leading betting firms to ensure bets got validated every time without raising an alarm.

“Successful operations such as the one led by Spain only reaffirm our engagement in ensuring our entire suite of notices, databases and expert networks fully support the police in closing these gaps,” Stock stated.

**RELATED ARTICLES**

1.  Satellite Hacking: Star Wars Could be a Reality in the Near Future
2.  Satellite Internet connections can easily be intercepted by hackers
3.  Military Satellite Access Sold on Russian Hacker Forum for $15,000
4.  ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee
5.  Researchers hack SpaceX Starlink satellite signal for GPS alternative

Crooks Exploited Satellite Live Feed Delay for Betting Advantage

By Waqas
KEY FINDINGS Organizations should take steps to protect themselves from this campaign by keeping software up to date,…
This is a post from HackRead.com Read the original post: Rust Implant Used in New Malware Campaign Against Azerbaijan

**KEY FINDINGS**

*   **A new malware campaign targeting Azerbaijani targets has been discovered.**

*   **The campaign uses a novel malware implant written in the Rust programming language.**

*   **The implant is difficult to detect by security solutions and reverse engineering.**

*   **The attackers used a decoy image file of the Azerbaijani MOD symbol in the campaign.**

Organizations should take steps to protect themselves from this campaign by keeping software up to date, educating employees about cybersecurity best practices, and using a comprehensive security solution.

A new malware campaign targeting Azeri infrastructure has been discovered by the Deep Instinct Threat Lab. The campaign is notable for its use of a novel malware implant written in the Rust programming language.

The campaign has at least two different initial access vectors. The first is a malicious LNK file with the filename “1.KARABAKH.jpg.lnk.” This file has a double extension to lure the victim into clicking on it, as it appears to be an image file related to the recent military conflict in Nagorno-Karabakh.

The LNK file downloads and executes an MSI installer hosted on Dropbox. This installer then drops an implant written in Rust, an XML file for a scheduled task to execute the implant, and a decoy image file. The image file includes watermarks of the symbol of the Azerbaijani Ministry of Defense (MOD).

Decoy image file and the invoice (Credit: Deep Instinct Threat Lab)

The second initial access vector is a modified version of a document that was previously used by the Storm-0978 group. This document exploits CVE-2017-11882 in Microsoft Equation Editor to download and install a malicious MSI file. This MSI file also drops a variant of the same Rust implant, as well as a decoy PDF invoice.

Once the Rust implant is executed, it goes to sleep for 12 minutes. This is a known method to avoid detection by security researchers and sandboxes. The implant is then expected to gather information and send it to the attacker’s server.

According to Deep Instinct Threat Lab’s blog post, could not attribute these attacks to any known threat actor. However, the fact that both Rust implants had zero detections when first uploaded to VirusTotal shows that writing malware in esoteric languages can bypass many security solutions.

The campaign attack flow (Credit: Deep Instinct Threat Lab)

**Implications of the Campaign**

The use of a Rust implant in this campaign is significant for several reasons. First, Rust is a relatively new programming language, and it is not yet widely used by malware authors. This makes it more difficult for security products to detect Rust malware.

Second, Rust is a compiled language, which means that the malware is converted into machine code before it is executed. This makes it more difficult to reverse engineer the malware.

Azerbaijan and Armenia have been engaged in several conflicts, which have witnessed a significant number of cyber attacks. However, it’s essential not to overlook or dismiss recent tensions between Azerbaijan and Iran as a potential cause of this malware campaign.

**Recommendations for Organizations**

Organizations should take the following steps to protect themselves from this campaign and other similar attacks:

*   Keep software up to date, including operating systems and security solutions.
*   Be careful about clicking on links in emails and messages, even if they appear to be from known senders.
*   Educate employees about cybersecurity best practices, such as phishing awareness and password security.
*   Use a security solution that can detect and block malware written in esoteric languages.

**Conclusion**

This new malware campaign targeting Azerbaijani targets serves as a reminder that attackers are continuously developing new techniques to bypass security solutions. Organizations must take the necessary steps to safeguard themselves from these threats.

While common sense is a valuable defence against such attacks, organizations should also contemplate transitioning their infrastructure from Windows to Linux as an additional security measure.

Rust Implant Used in New Malware Campaign Against Azerbaijan

By Waqas
A DDoS attack can cripple your servers. Here's a list of DDoS mitigation companies in 2023, along with a brief overview of the DDoS attacks they have effectively mitigated.
This is a post from HackRead.com Read the original post: 10 Top DDoS Attack Protection and Mitigation Companies in 2023

DDoS attack (Distributed Denial of Service attack) is a major threat to businesses of all sizes. They can overwhelm a company’s servers and infrastructure, causing downtime, and making it unavailable to legitimate users. A DDoS attack can also cost a company millions of dollars in lost revenue and productivity.

DDoS mitigation companies offer a variety of solutions to help businesses protect themselves from DDoS attacks. These solutions can include network layer protection, transport layer protection, and application layer protection.

Here is a list of the top 10 DDoS mitigation companies in 2023, along with a brief overview of their services and examples of DDoS attacks they have mitigated:

**1\. Cloudflare**

Cloudflare‘s DDoS mitigation and protection services are designed to protect websites and applications from a wide range of DDoS attacks, including network layer attacks, transport layer attacks, and application layer attacks.

Its services are powered by Cloudflare’s global network, which consists of over 275 data centers in over 100 countries. This allows Cloudflare to filter out malicious traffic before it reaches your website or application.

Cloudflare’s DDoS protection services are also highly scalable. Cloudflare can mitigate even the largest DDoS attacks, without impacting the performance of your website or application.

The company’s services are available in a variety of plans, to meet the needs of businesses of all sizes. Cloudflare also offers a free plan, which includes basic DDoS protection.

Cloudflare has mitigated some of the largest DDoS attacks in history, including a 15.3 million rps (request-per-second) DDoS attack earlier in April 2022 and a 1.3 Tbps attack on GitHub in 2018.

****2\.** Radware**

Radware‘s DDoS protection services are designed to protect networks, data centers, and applications from a wide range of DDoS attacks, including network layer attacks, transport layer attacks, and application layer attacks.

Radware’s DDoS mitigation services are based on a combination of hardware and software solutions. Radware’s hardware appliances are deployed on-premises, while its software solutions can be deployed in the cloud or on-premises.

The company offers a number of key features, including:

*   **Comprehensive protection:** Radware’s DDoS protection services protect against a wide range of DDoS attacks, including new and emerging threats.
*   **High performance:** Radware’s DDoS protection services offer high performance, with minimal impact on legitimate traffic.
*   **Scalability:** Radware’s DDoS protection services can be scaled to meet the needs of businesses of all sizes.
*   **Flexibility:** Radware’s DDoS protection services can be deployed in a variety of environments, including on-premises, cloud, and hybrid environments.

Radware has mitigated DDoS attacks on a variety of high-profile customers, including an 809 Mpps (million packets-per-second) attack on a mainstream bank in Europe in 2020, Bank of America in 2013 and the New York Stock Exchange in 2016.

**3\. Akamai**

  
Akamai offers a range of DDoS protection services that can help businesses defend against sophisticated and well-orchestrated DDoS attacks. Their services are built on dedicated infrastructure and designed to protect internet-facing applications and systems while maintaining fast, highly secure, and always-available DNS.

Akamai’s DDoS protection solutions can be customized to the specifications of web apps and Internet-based services. They offer a holistic DDoS defence with products such as Prolexic, Web Application Protector, Kona Site Defender, and Edge DNS. These solutions provide end-to-end DDoS defence for organizations, ensuring the highest quality of DDoS mitigation to keep applications, data centers, and internet-facing infrastructure protected.

Akamai’s Prolexic is a cloud-based DDoS protection solution that defends data centers and hybrid infrastructures to ensure availability and uptime. It provides comprehensive port and protocol protection against a broad range of DDoS attacks, including high-bandwidth sustained attacks and complex multi-vector attacks.

Akamai has mitigated DDoS attacks on various high-profile customers, including a 2022 attack which peaked at 704.8 million packets per second, Netflix and Amazon. Most recently in March 2023, Akamai managed to mitigate a DDoS attack in Asia that reached 900Gbps.

**4\. AWS Shield**

AWS Shield is a managed DDoS protection service that safeguards applications running on AWS. The service was launched in December 2016. It provides dynamic detection and automatic inline mitigations that minimize application downtime and latency. With AWS Shield, you can automatically detect and mitigate sophisticated network-level distributed denial of service (DDoS) events.

You can also customize application protection against DDoS risks through integrations with Shield Response Team (SRT) protocol or AWS WAF. AWS Shield offers two different tiers: AWS Shield Standard and AWS Shield Advanced.

While AWS Shield Standard protects your application at the edge of the AWS network using Amazon CloudFront, AWS Global Accelerator, and Amazon Route, AWS Shield Advanced provides more powerful protection against DDoS attacks. It inspects traffic in real-time and automatically implements mitigation techniques to avoid negative impacts on performance.

AWS Shield has mitigated DDoS attacks on a variety of high-profile customers, including GitHub and Twitch. In June 2020, AWS Shield managed to mitigate a 2.3 TBPS attack, which was the largest ever DDoS attack at that time.

**5\. Azure DDoS Protection**

Azure DDoS Protection is a managed DDoS protection service offered by Microsoft Azure. It is designed to safeguard applications deployed in a virtual network against distributed denial-of-service (DDoS) attacks.

Azure DDoS Protection provides enhanced DDoS mitigation features that are automatically tuned to help protect your specific Azure resources. The service defends against DDoS attacks at layer 3 and layer 4 network layers. For web applications, protection at layer 7 can be added using a Web Application Firewall (WAF) offering.

Azure DDoS Protection offers two tiers: DDoS Network Protection and DDoS IP Protection. DDoS Network Protection provides enhanced DDoS mitigation features for protecting specific Azure resources in a virtual network. It can be enabled on any new or existing virtual network without requiring any application or resource changes.

On the other hand, DDoS IP Protection follows a pay-per-protected IP model and includes additional value-added services such as DDoS rapid response support, cost protection, and discounts on WAF.

Key features of Azure DDoS Protection include always-on traffic monitoring, adaptive real-time tuning, and DDoS protection analytics, metrics, and alerting. The service monitors your application traffic patterns 24/7 and mitigates detected DDoS attacks automatically. Intelligent traffic profiling learns your application’s traffic over time and adjusts the profile accordingly. Azure DDoS Protection also provides analytics, metrics, and alerting capabilities to help you stay informed about potential threats.

Azure DDoS Protection has mitigated DDoS attacks on various high-profile customers, including Microsoft and Sony. According to the company’s “Azure DDoS Protection—2021 Q3 and Q4 DDoS attack trends” report, it also managed to mitigate a 3.47 Tbps attack, and two more attacks above 2.5 Tbps. In October 2021, Microsoft reported on a 2.4 terabit per second (Tbps) DDoS attack in Azure that we successfully mitigated

**6\. Google Cloud Armor**

Google Cloud Armor is a network security service offered by Google Cloud that provides defences against DDoS and application attacks. It offers a rich set of Web Application Firewall (WAF) rules and helps protect workloads behind HTTP/S and TCP/SSL Proxy Load Balancers, Network Load Balancer, using protocol forwarding, or virtual machines (VM) with public IPs. Google Cloud Armor provides enterprise-grade DDoS protection against both Layer 3 and Layer 4 attacks.

It uses a variety of techniques such as rate limiting, scrubbing, and sinkholing to mitigate attacks. In conjunction with the Google Cloud global load balancing infrastructure, Cloud Armor provides always-on DDoS protection from Layer 3 and Layer 4 volumetric and protocol-based attacks.

Google Cloud Armor has mitigated DDoS attacks on a variety of high-profile customers, including Google and Airbnb. In August 2022, the company revealed how it managed to block the largest Layer 7 DDoS attack at 46 million rps aimed at one of its customers.

**7\. Imperva**

Imperva offers a range of DDoS protection services that can help businesses defend against various types of DDoS attacks. Their services are designed to ensure uninterrupted operation and business continuity by securing all your assets at the edge. Imperva’s DDoS protection services provide maximum visibility and optimized performance, allowing you to focus on your core business activities. They offer different protection options for websites, networks, and individual IPs.

Imperva’s DDoS Protection for Websites is an always-on service that immediately mitigates any type or size of DDoS attack targeting web applications. It complements the Imperva cloud web application firewall (WAF), which blocks hacking attempts and attacks by malicious bots.

Imperva’s unique cloud-based DDoS protection services are rapidly deployed with no hardware or software installation or costly, ongoing maintenance. They protect against all types of DDoS attacks, absorbing even multi-gigabyte attacks. Imperva provides a 3-second mitigation SLA against any DDoS attack, ensuring fast response and minimal disruption to service.

Imperva has mitigated DDoS attacks on various high-profile customers, including Visa and MasterCard. According to Imperva’s blog post, the 3 biggest DDoS attacks Imperva mitigated include a Layer 7 Application DDoS Attack measuring over 2.5 million rps in February 2022, a Network DDoS attack with a throughput of 1.02 Tbps in July 2021 and one of the Largest Network DDoS attack of almost 1 Tbps in October 2020.

**8\. F5**

F5 provides a range of DDoS protection services that can help defend your business against application-layer and volumetric attacks. Their services are designed to be flexible and can be deployed in a variety of architectural and operational models, including cloud-based protection, hybrid on-premises defence with on-demand cloud scrubbing, and native application infrastructure form factors. 

F5’s DDoS mitigation solutions are multi-tiered and can defend against multi-vector denial-of-service attacks that target critical infrastructure protocols like DNS and TLS. F5’s DDoS protection services can detect and mitigate large-scale volumetric and targeted application attacks in real time, even defending against attacks that exceed hundreds of gigabits per second. 

F5’s DDoS protection services are backed by the F5 Global Network infrastructure, security tools, and the F5 Security Operations Center (SOC), which is staffed with experts that monitor and protect your business from attack 24/7, 365.

F5 has mitigated DDoS attacks on various high-profile customers, including PayPal and eBay. Although there are hardly any online resources listing the clients F5 has protected from DDoS attacks, in June 2023, MazeBolt named F5 as the preferred remediation vendor for RADAR non-disruptive DDoS testing.

**9\. Nexusguard**

Nexusguard offers a comprehensive DDoS protection platform that defends public-facing websites, applications, APIs, infrastructure, backends, and DNS servers against DDoS attacks of all types and complexities. Their platform is built on the right mix of people, processes, and technology to ensure maximum protection. Nexusguard’s one-stop DDoS protection platform consists of the following components:

1.  **InfraProtect**: Safeguards infrastructure against DDoS attacks.
2.  **Origin Protection (OP)**: Shields networks and systems from threats.
3.  **Application Protection (AP)**: Protects web applications from DDoS attacks.
4.  **Web Application Firewall (WAF)**: Blocks hacking attempts and attacks by malicious bots.
5.  **DNS Protection (DP)**: Ensures 100% availability and efficient resolution of DNS requests for protected domains.

Nexusguard’s DDoS protection services are designed to provide maximum visibility, optimized performance, and uninterrupted operation for businesses. They offer a range of services that can be tailored to meet the specific needs of websites, networks, and individual IPs Nexusguard’s cloud-based DDoS protection services are rapidly deployed without requiring any hardware or software installation or ongoing maintenance. They can absorb even multi-gigabyte attacks and provide a 3-second mitigation SLA to minimize disruption to service.

Nexusguard has mitigated DDoS attacks on a variety of high-profile customers, including the New York Stock Exchange and the Nasdaq. Nexusguard’s whitepaper (PDF) maintained that its services are available around the world, collectively loaded with 1.44Tbps of mitigation capacity.

**10\. Arbor Networks**

Arbor Networks provides a range of DDoS protection services that can help businesses defend against various types of DDoS attacks. Their services are designed to ensure uninterrupted operation and business continuity by securing all your assets at the edge. 

Arbor Networks’ DDoS protection services provide maximum visibility and optimized performance, allowing you to focus on your core business activities. They offer different protection options for websites, networks, and individual IPs.

Arbor Networks’ APS (Arbor Protection System) is an always-on, in-line, intelligently automated DDoS protection solution that provides comprehensive protection from the largest DDoS attacks. It uses hybrid, multi-layer defences to protect against all types of DDoS threats, including cloud-based protection to defend against large, high-volume attacks. 

Arbor Networks’ SP (Security Platform) provides pervasive network visibility and DDoS attack detection. Arbor Networks’ TMS (Threat Management System) provides out-of-path, stateless, surgical mitigation of DDoS attacks as large as 400Gbps.

Arbor Networks has mitigated DDoS attacks on various high-profile customers, including the US Department of Defense and the UK National Security Agency. Arbor is now part of NetScout Systems.

**Bottom Line**

Both big and small businesses should consider implementing a DDoS mitigation service as an integral part of their cybersecurity strategy. While larger enterprises often have dedicated IT resources, smaller businesses are not immune to these threats.

By investing in DDoS mitigation services, businesses of all sizes can proactively defend their digital infrastructure, ensuring uninterrupted online services, safeguarding customer trust, and minimizing potential financial losses in the face of cyberattacks.

Did we miss a company that deserves to be on this list? You can share it in the comment section!

**RELATED ARTICLES**

1.  6 of the Best Crypto Bug Bounty Programs
2.  What is an OSINT Tool – Best OSINT Tools 2023
3.  The 10 Best Cybersecurity Companies in the UK
4.  Cybersecurity for Startups: Best Tips and Strategies
5.  Antivirus Software: The Best Deals, Coupons and Discounts
6.  Best-performing cybersecurity firms and their recent developments

10 Top DDoS Attack Protection and Mitigation Companies in 2023

By Deeba Ahmed
Crypto experts suspect Cuban may have made a mistake to get his account hacked.
This is a post from HackRead.com Read the original post: Billionaire Mark Cuban Falls Victim to Crypto Hack Again, Loses $900K

**key findings**

*   **Mark Cuban’s crypto wallet was hacked on September 15, 2023.**

*   **The hacker drained around $900,000 worth of crypto from Cuban’s hot wallet.**

*   **Cuban claims he has no idea how the hacker accessed his wallet.**

*   **Crypto experts believe that Cuban must have made a mistake in getting his account hacked, such as signing a malicious transaction or somehow getting his private key compromised.**

*   **This isn’t the first time Cuban has become a victim of crypto hack.**

Mark Cuban is a renowned TV personality, investor, billionaire, and owner of the Dallas Mavericks. And, he is the latest victim of a planned hack attack. The news was first reported on September 15 at 8 p.m. UTC by independent blockchain investigator Wazz. He noticed unusual activity on Cuban’s wallet, named “mcuban” on OpenSea, which was inactive for five months, and soon all the funds were drained.

“Did Mark Cuban’s wallet just get drained? Wallet inactive for 160 days, and all assets just moved,” Wazz posted.

The transaction history on Etherscan showed multiple batches of assets, including Tether, Lido Staked Ether, and USD Coin withdrawn from the wallet. It all happened within merely ten minutes. Afterwards, another $2m worth of USDC was transferred from a wallet named Mark Cuban 2 to a different wallet.

Wazz thought Cuban was shuffling his assets to different wallets. But, after a few hours, the 65-year-old billionaire confirmed the news. The hacker also dumped ETH and MATIC after depositing funds on Coinbase. Here’s a breakdown of the transferred funds:

*   5.29 ETH ($8,730)
*   338,206 STETH ($557,680)
*   12,355 MATIC ($6,590)
*   7,020 RARI ($6,340)
*   4,860 USDT ($4,860)
*   4,338 ENS ($33,270)
*   175,040 USDC ($175,040)

Reportedly, the hacker drained around $900,000 worth of crypto from Cuban’s hot wallet. Cuban claimed he had no idea how the hacker accessed his wallet. He told DL News that he went to MetaMask for the first time after several months, and the hacker was probably waiting for this moment. Cuban suspected that he might have downloaded a fake version of MetaMask and fell victim to a phishing attack.

After realizing that funds were drained from his hot wallet, Cuban shifted his remaining assets to Coinbase Custody, which means he transferred the $2m worth of USDC. However, crypto experts believe that Cuban must have made a mistake in getting his account hacked, such as he might have signed a malicious transaction or somehow his private key got compromised. These suspicions are based on the fact that assets were directly withdrawn from his wallet.

This isn’t the first time Cuban has become a victim of crypto hack. In June 2021, he suffered a rug pull and lost an unspecified amount of funds after an algorithmic stablecoin project, Iron Finance, imploded due to a bank run. At that time, Cuban blamed himself for being lazy and not doing appropriate research.

“Even though I got rugged on this, it’s really on me for being lazy. The thing about DeFi plays like this is that it’s all about revenue and math and I was too lazy to do the math to determine what the key metrics were,” Cuban stated responding to the incident.

**RELATED ARTICLES**

1.  Hacker returns $17 million worth of stolen Ethereum
2.  ETH Founder Vitalik Buterin’s X (Twitter) Hacked, $700k Stolen
3.  World’s Largest Cryptocurrency Casino Stake Hacked for $41 Million
4.  Researcher Exposes Cryptocurrency Scam Network of 300 Domains
5.  Kroll SIM-Swapping Attack Causes Data Breach at 3 Top Crypto Firms

Billionaire Mark Cuban Falls Victim to Crypto Hack Again, Loses $900K

By Deeba Ahmed
The hacker enticed victims with a malicious link, promising free commemorative NFTs and stole all the funds once they connected their wallets.
This is a post from HackRead.com Read the original post: ETH Founder Vitalik Buterin’s X (Twitter) Hacked, $700k Stolen

**key findings**

*   **A hacker compromised Vitalik Buterin’s Twitter account and shared a post promoting a malicious NFT giveaway.**

*   **The post contained a URL that stole funds from users who connected their wallets.**

*   **Over $690,000 was stolen in the hack, including valuable NFTs.**

*   **Buterin blames Twitter’s lacklustre OTP authentication for the hack.**

*   **The hack serves as a reminder of the importance of security, especially for high-profile figures.**

A hacker managed to compromise the official X account of Vitalik Buterin, resulting in a loss of over $690,000, reported blockchain investigator ZachXBT.

Regarding how the hacking was successful, it is reported that the hacker compromised Buterin’s account and shared a post on his behalf, celebrating the arrival of Proto-Danksharding to the Ethereum platform.

In the now-infamous post, Buterin announces a series of commemorative NFTs (nonfungible tokens) from Consensys. This post also contained a malicious URL and was sent to Buterin’s 4.9 million followers, some of whom fell prey to this lure. 

The link promised free commemorative NFTs once the users connected their wallets. Later, the hacker stole all their funds. It was a classic giveaway scam where users were enticed to double their funds but lost all of their assets.

Vitalik’s father Dmitriy “Dima” Buterin confirmed the news, urging his followers to disregard it in a post on September 9. “Disregard this post, apparently Vitalik has been hacked. He is working on restoring access,” he said.

The news has shocked the blockchain and cryptocurrency fraternity because Buterin is known for his mastery over blockchain security, and his account getting hacked and claiming huge financial losses is devastating. The co-founder blames X’s (Twitter) lackluster OTP (one-time password) authentication procedure for this incident.

“I didn’t know Twitter had OTP. Always thought 2FA was good enough. Lesson learned,” Buterin stated in response to this incident.

Many users are also commenting on this hack. A user, Satosi 767, posted that Buterin probably didn’t properly secure his X account. But ZachXBT refuted such comments, stating that Buterin is a high-profile figure therefore, he is more susceptible to hacking attempts and probably became a victim of SIM swapping.

“You do not know yet whether it was a SIM swap. Vitalik is a big enough target to where an insider could have been paid off or panel was used,” ZachXBT noted.

The post was deleted soon but it caused sufficient losses. Ethereum developer Bok Khoo (Bokky Poobah on X) suffered heavy losses in his CryptoPunk NFT collection. Currently, a CryptoPunk NFT’s floor price is 46.99 Ether ($76,837). Reportedly, in one hour, the hacker made over $147,000, and collective losses amounted to $691,000. However, it is unclear how many users were affected by this hacking.

**RELATED ARTICLES**

1.  Hacker returns $17 million worth of stolen Ethereum
2.  Meet MEWKit, a tricky phishing attack draining Ethereum wallets
3.  World’s Largest Cryptocurrency Casino Stake Hacked for $41 Million
4.  Researcher Exposes Cryptocurrency Scam Network of 300 Domains
5.  Kroll SIM-Swapping Attack Causes Data Breach at 3 Top Crypto Firms

ETH Founder Vitalik Buterin’s X (Twitter) Hacked, $700k Stolen

By Owais Sultan
A Cloud VPS (Virtual Private Server) is a virtualized instance of a physical server hosted in the cloud, offering scalable computing resources and the ability to run applications and services independently, providing flexibility and cost-effectiveness.
This is a post from HackRead.com Read the original post: Advantages of a Cloud VPS Server

When it comes to web hosting, there are different alternatives that you can go for with the most common types being shared hosting, dedicated instances and virtual private servers. While each has its own benefits and drawbacks, VPS servers are slowly becoming the go-to option for all kinds of websites and projects. But what makes them the preferred cloud solution?

**What are virtual private servers?**

VPS servers are virtual machines that run on a physical server. They are virtualized copies of an actual server, but they can all run a different operating system, while also sharing the host server’s resources. This resource sharing is what makes it similar to shared hosting. However, there is one distinct difference. Each cloud VPS server has a set number of resources that it can use.

**Why shared hosting isn’t as good as VPS servers**

This means that a single VPS cannot utilize more SSD space, RAM or CPU power than what it has been assigned. For comparison, shared hosting plans usually give a set amount of resources, but a given website or application can begin consuming more than it should be. This could be due to traffic, a lot of user requests or a DDoS attack. Because of this, the entire server gets overloaded and this reflects on every other site or app that is hosted on that particular server.

As can be seen, this can be quite unfortunate as the entire server might end up going down, which will result in severe downtime periods and loss of potential customers. But this also shows why shared hosting is the least expensive alternative out of the bunch.

**Dedicated servers – exceptional performance at a high price**

On the other hand, there are also fully dedicated servers. Each server is reserved for one client, meaning a large number of available resources at all times. As you might have guessed, this makes it quite expensive, which is why only big businesses and corporations go for this particular hosting option. Such servers are also useful for hosting game servers as they have a lot of processing power and storage at their disposal.

**Why choose a cloud VPS server?**

As we have previously discussed, shared hosting isn’t that reliable and dedicated servers are quite pricy. This is where virtual private servers come in. They combine the best of both worlds, offering high performance at an affordable cost.

As we already mentioned, VPS servers share the physical server’s resources, but they cannot utilize more than what they are configured to use. This ensures high-quality hosting, constant uptime and a lot of different customizations.

There are also VDS instances, virtual dedicated servers, that are essentially virtual private servers with a dedicated resource. In most cases, this is the amount of CPU cores that can be assigned to the VPS. Hence they can also be found as dedicated CPU VPS servers.

One of the main advantages of choosing a VPS server is that they are easily scalable. This means that if your website or applications start seeing more traffic and potential users, you can upgrade your server without having to make changes to your service or hosting plan. This is also a very beneficial feature for seasonal businesses that have fluctuating traffic during the year. With a VPS, you can simply remove resources that you aren’t using and pay less.

Such servers are also quite customizable if you have some technical experience. You can manually install additional software that can help you manage your server and workflow. This is due to the full root access that they provide you with. This means that you can even configure your server so that you can boost your productivity and increase your efficiency.

Because of this, many providers have started to develop different additional features that even those without prior experience can take advantage of. Some examples of popular add-ons include automatic backups and server snapshots, which can be used to restore the VPS to a previous state. There are also various protection options such as the important DDoS protection that has become a staple in hosting over the last decade. Some providers offer it as an extra option and others include it in the price, which is why you need to make sure to check prior to purchasing a server.

Others offer software licenses and the ability to directly install a given software on your cloud VPS server so that you don’t have to manually go through the hassle of setting things up. This not only saves time but is also primarily aimed at those who don’t know how to fully install software on their server and would rather get it done for them instead.

Overall, VPS servers are becoming a more popular option amongst people looking for hosting due to their flexibility, scalability and customization options. They offer exceptional quality and performance at an affordable price, which is why their popularity has been increasing.

Advantages of a Cloud VPS Server

By Owais Sultan
Finding the Perfect IT Staff Augmentation and Staffing Services Company for Your Needs.
This is a post from HackRead.com Read the original post: Strategic IT Staff Augmentation: A Roadmap for C-Level Executives

As a C-level executive, your plate is filled to the brim with responsibilities. Among these, managing IT staffing can be an additional and very time-consuming burden. Wouldn’t it be great to have an ideal partner take those concerns and time expenditure off your plate? 

The time-consuming process of hiring new employees may take away from C-level core tasks, which is why many organizations opt for IT staff augmentation or staffing services. Through staff augmentation, high-level executives can quickly and efficiently scale in-house teams as per their company needs. But how does one sift through the plethora of options to find the right partner?

In this article, we’ll guide you through key considerations when choosing an outsourcing service provider that can actually meet all your tech requirements — from data security to HR compliance — and deliver stellar results without delay. If finding the right balance between affordability, talent quality, and speed feels like a high-wire act, keep reading!

**Understand the Need for IT Staff Augmentation and How It Can Benefit Your Organization**

In today’s business landscape, technology holds significant sway. Companies increasingly lean on their digital infrastructure to optimize operations and enhance customer service. This trend is demonstrated by a Statista report, stating that in 2022, enterprise software spending reached about $783 billion globally, underscoring the growing importance of IT in business strategies. 

To keep pace, it’s crucial to maintain a robust team of IT professionals. However, sustaining a full in-house IT department can be both costly and time-consuming.

Here’s where IT staff augmentation steps in. By bolstering your team with external experts, you can leverage their skill sets and experience to achieve your business goals more efficiently.

IT staff augmentation offers numerous advantages, including cost savings, increased productivity, and expedited project timelines. A survey conducted by Deloitte revealed that 57% of businesses leverage outsourcing to focus on core business functions. 

If your organization aims to stay ahead of the competition and maintain its competitive edge, adopting this strategy might be the answer for which you’ve been searching.

**5 Essential Steps to Leverage Staff Augmentation for Your Organization’s Success**

Here are five pivotal steps that can help you maximize the benefits of IT staff augmentation. From choosing the right staffing services company to determining attractive incentives, each step is integral to this journey. This guide will help you unlock the full potential of staff augmentation, setting your organization up for success.

1.  **Research Different Staffing Services Companies to Find the Right Fit for Your Needs**

The journey to finding the ideal staffing services company for your needs can seem challenging. Your goal is to find an efficient company that can supply the skilled professionals necessary to fulfil your business objectives. This quest demands diligent research and evaluation to identify the company that’s the perfect match for your organization.

Fortunately, the abundance of staffing services companies gives you a wide range of options. By dedicating time to research and get to know various companies, and evaluating their pros and cons, you can make a well-informed decision that will contribute positively to your business in the long run.

2.  **Ask Questions About Their Experience, Skill Set and Staff Qualifications** 

Hiring a company for a crucial project requires assurance that their staff is equipped for the challenge. Hence, it’s important to inquire about their experience, skills and qualifications. This will provide a clearer picture of their team’s capabilities. 

What kind of projects have they handled in the past? What are their specialty areas? What kind of training have they undergone? These are essential questions that can help ensure that the team working on your project possesses the knowledge and skills necessary to deliver desired results. So, don’t hesitate to ask.

A reputable company will welcome your curiosity and readily respond to any queries you may have about their team.

3.  **Identify Potential Red Flags When Vetting Potential Candidates or Vendors** 

In today’s competitive marketplace, hiring the right talent or partnering with a trustworthy vendor is critical to business success. However, certain red flags may hint at potential complications ahead.

A major red flag emerges when a candidate or vendor is evasive about their past work experience or provides ambiguous information. A lack of references or references that share negative feedback are cause for concern. 

By staying alert to these potential red flags, you can sidestep costly missteps and make informed decisions when choosing candidates or vendors.

4.  **Analyze the Cost-benefit of Working With a Staffing Services Company Compared to Hiring Directly**

When seeking qualified candidates for your business, you primarily have two options: partnering with a staffing services company or hiring directly. It might seem initially that direct hiring is more cost-effective, but a detailed analysis of the cost-benefit of each option is vital. According to a study by the Society for Human Resource Management, the average cost per hire for companies is $4,129, demonstrating the significant investment businesses make during the hiring process.

Engaging with a staffing services company can offset these costs by saving you time and resources spent on sourcing and screening candidates, not to mention the advantage of tapping into their vast industry network and expertise.

Moreover, if a candidate doesn’t meet expectations, the staffing company manages all necessary replacements or refunds, providing additional peace of mind. Conversely, while direct hiring might save some costs upfront, it can lead to expensive and time-consuming errors in the long run. 

By carefully balancing the advantages and drawbacks of each option, you can make an optimal decision for your business.

5.  **Determine the Incentives You Can Offer to Attract Top Talent and Maximize ROI From Leveraging Staff Augmentation**

Offering appealing incentives is vital to draw in the best in the field. However, maximizing the return on this investment is equally important. When considering incentives for potential candidates, don’t just focus on salary and benefits. A LinkedIn survey revealed that 94% of employees would stay at a company longer if it invested in their career development. Flexibility, growth opportunities, and challenging projects can all be potent motivators.

You might want to consider professional development opportunities or other unique perks that will make your team feel appreciated and invested in their work. For instance, according to a Glassdoor survey, nearly 80% of employees would prefer new or additional benefits to a pay increase. 

By identifying the right incentives, you can not only lure in the top talents but also ensure they are motivated and performing at their best.

**Bottom Line: Embracing Staff Augmentation For a Thriving Future**

In conclusion, staff augmentation is an excellent strategy to promptly fill roles with the precise skills and expertise your business needs right now. By leveraging a staffing services company, you can find the perfect fit, ensuring cost-effectiveness and long-term success. With thorough research and due diligence, you can maximize your ROI on staff augmentation, enabling growth that might otherwise be out of reach.

Understanding the benefits of staff augmentation, such as convenience, scalability, and quality of candidates, allows you to make an informed decision and attract top talent that will be advantageous to your organization.

Remember, don’t rush your decision – research thoroughly and bear these tips in mind when selecting a staffing services partner to cater to all your executive needs.

Strategic IT Staff Augmentation: A Roadmap for C-Level Executives

By Habiba Rashid
According to reports, a Google Account Sync vulnerability was exploited to carry out a voice phishing scam that led to the theft of $15 million from Fortress Trust.
This is a post from HackRead.com Read the original post: Google Account Sync Vulnerability Exploited to Steal $15M

*   **A sophisticated hacking group targeted cryptocurrency firms by exploiting a vulnerability in Google Authenticator.**

*   **The hackers targeted Retool, a software development platform that is used by a number of Fortune 500 companies.**

*   **The hackers used a combination of phishing, social engineering, and deepfakes to trick employees into giving up their credentials.**

*   **The messages instructed recipients to access a legitimate-looking link in order to address some payroll and open enrollment issues.**

*   **The attack resulted in the theft of $15 million worth of customer funds.**
*   **Google has since updated Google Authenticator to address the vulnerability.**

In a recent incident, cryptocurrency custodian Fortress Trust lost $15 million worth of customer funds **in a theft** that was traced back to a phishing attack on a third-party vendor, Retool.

Retool is a software development platform that is used by a number of Fortune 500 companies, including Amazon, DoorDash, Unity, NBC, Mercedes-Benz, Volvo, Lyft, and Peloton. 

The attackers targeted Retool employees with **SMS-based phishing messages** that appeared to come from a member of the company’s IT team. The messages instructed recipients to access a legitimate-looking link in order to address some payroll and open enrollment issues. One employee fell for the attack and handed over their credentials and multi-factor authentication (MFA) data.

What set this attack apart was the **hackers’ use of deepfake technology** to mimic an employee’s voice during a follow-up phone call. This convincing impersonation led to the employee inadvertently providing the attacker with an additional MFA code. Armed with this code, the hacker gained access to the employee’s Okta account, allowing them to add their own device to it.

The critical vulnerability exploited in this incident was related to Google Authenticator, a widely used tool for multi-factor authentication. A recent Google update has introduced a feature that syncs MFA codes to the cloud. If an attacker compromises a user’s Google account, they can obtain all MFA codes, essentially turning what was supposed to be multi-factor authentication into single-factor authentication.

Retool **expressed frustration** over the lack of a clear option to disable this feature and noted the novel attack vector it had become. While the identity of the hackers remains unclear, the attack shares similarities with previous activities attributed to the financially motivated threat group known as 0ktapus, Scattered Spider, and UNC3944.

Due to the growing threat of deepfakes for social engineering, U.S. agencies CISA, FBI, and NSA have **published** (PDF) a cybersecurity report highlighting the growing threat of deepfake technology in various malicious activities, including business email compromise attacks and cryptocurrency scams.

In order to mitigate these risks, cryptocurrency companies should implement strong security measures, such as multi-factor authentication and regular security audits. They should also be careful about which **third-party vendors** they use.

Source

HackRead