By Owais Sultan
As technology continues to evolve, the need for businesses to focus more on cybersecurity is becoming increasingly important…
This is a post from HackRead.com Read the original post: Why do Businesses Need to Focus More on Cybersecurity

As technology continues to evolve, the need for businesses to focus more on cybersecurity is becoming increasingly important and more people are starting to look into **cyber security bootcamps** to learn and be safer online. The reality is that cyber-attacks are no longer a rarity and can have devastating consequences for any business. 

The fact of the matter is that businesses do not have their own data that needs to be safeguarded. That said, most companies today process a lot of consumers’ data and sensitive information on a daily basis. Therefore, not just business data is at potential risk. Moreover, it’s no secret that cyber attacks are more frequent and more sophisticated than ever before. Hackers are no longer targeting big corporations **but small businesses** and startups as well. 

Pretty much anyone is fair game, especially companies that don’t have proper security measures in place and are vulnerable to data breaches. And as you may already know, any type of data is valuable to hackers as it can be sold to interested parties on the open market somewhere online. With that in mind, let’s have a look at why businesses need to focus more on cybersecurity. 

**The risks of not prioritizing cybersecurity for businesses**

Cybersecurity is an essential part of any business, regardless of its size or industry. Unfortunately, many businesses fail to **prioritize cybersecurity** and this can have serious consequences. For starters, a data breach can lead to the loss of sensitive customer information, which can result in financial losses and reputational damage. 

Not only that but cybercriminals may be able to access confidential company information such as trade secrets, intellectual property and consumer-sensitive information. This could not only ruin a company’s reputation but also put it out of business entirely. Furthermore, if a hacker gains access to a company’s network they may be able to install malicious software that could cause disruption or even **shut down operations completely**. 

Not to mention that this leaves businesses vulnerable to ransomware attacks where hackers demand payment in exchange for restoring access to their systems. All these risks demonstrate why it is so important for businesses to take cybersecurity seriously and invest in measures that will protect their networks from potential threats.

**The value of investing in proactive cybersecurity measures**

Investing in proactive cybersecurity measures is vital for any business, regardless of size or industry. As mentioned before, cybersecurity threats are **constantly evolving** and becoming more sophisticated, so it’s important to stay ahead of the curve by investing in the latest technologies and solutions. 

That said, many people are deciding to opt for cyber security bootcamps so they can get proper education and skills that can help them with future employment. So there’s no shortage of experts in the market, companies just have to hire them. Also, proactive measures can help protect your data from malicious actors, as well as reduce the risk of a data breach or other cyber attack. 

A good example of this is penetration testing where a data breach is simulated to identify potential risks and weaknesses in the company’s network or security measures. A data breach may happen sooner or later so it’s better to prepare for it than to sit idly by and hope that hackers will avoid your company for some reason. 

**Types of cyberattacks and Impact on businesses**

Cyber attacks come in many different forms, and each type of attack can have a unique impact on businesses. The most common types of cyberattacks are malware, phishing, ransomware, distributed denial-of-service **(DDoS) attacks**, and SQL injection. 

Hackers use different methods and different types of attacks to gain access to company data or at least, leave a backroom open for future breaches. That said, the most common type of attack is phishing scams. It’s much easier for hackers to try and fool unwary employees than it is for them to launch a full-scale attack on a company’s defences directly. 

Phishing and social engineering scams are much more effective and subtle ways of breaching a network as many companies neglect to invest in employee education regarding cybersecurity. This way, hackers gain access to company files and networks without anyone noticing they did so. After that, they will either leech information or prepare something much worse depending on their motives. 

Businesses need to prioritize cybersecurity to protect their data and systems from malicious online threats. Investing in the right security measures is essential for any business that wants to stay safe and secure in the digital world so modern businesses must focus on cybersecurity more. 

1.  **How to use AI in cybersecurity?**
2.  **5 Top Cybersecurity Threats to Businesses**
3.  **Benefits of video surveillance in your business**
4.  **Cybersecurity firms need real-time collaboration tool**
5.  **Cybersecurity automation: How can businesses benefit**

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Why do Businesses Need to Focus More on Cybersecurity

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact.

Ghost is committed to developing secure, reliable products utilising all modern security best practices and processes.

The Ghost security team is made up of full time staff employed by the Ghost Foundation as well as volunteer open source contributors and security experts. We do both consultation and penetration testing of our software and infrastructure with external security researchers and agencies.

We take security very seriously at Ghost and welcome any peer review of our completely open source codebase to help ensure that it remains completely secure.

**Security features****Automatic SSL**

Ghost’s CLI tool attempts to automatically configure SSL certificates for all new Ghost installs with Let’s Encrypt by default. In 2019 we intend to make SSL mandatory for all new installs.

**Standardised permissions**

Ghost-CLI does not run as root and automatically configures all server directory permissions correctly according to OWASP Standards.

**Brute force protection**

User login attempts and password reset requests are all limited to 5 per hour per IP.

**Data validation and serialisation**

Ghost performs strong serialisation and validation on all data that goes into the database, as well as automated symlink protection on all uploaded files.

**Encoded tokens everywhere**

All user invitation and password reset tokens are base64 encoded with serverside secret. All tokens are always single use and always expire.

**Password hashing**

Ghost follows OWASP authentication standards with all passwords hashed and salted properly using bcrypt to ensure password integrity.

**SQLi prevention**

Ghost uses Bookshelf ORM + Knex query builder and does not generate _any_ of its own raw SQL queries. Ghost has no interpolation of variables directly to SQL strings.

**XSS prevention**

Ghost uses safe/escaped strings used everywhere, including and especially in all custom Handlebars helpers used in Ghost Themes

**Dependency management**

All Ghost dependencies are continually scanned using a combination of automated GitHub tooling and yarn audit to ensure their integrity.

**Reporting vulnerabilities**

Potential security vulnerabilities can be reported directly to us at security@ghost.org. The Ghost Security Team communicates privately and works in a secured, isolated repository for tracking, testing, and resolving security-related issues.

**Responsible disclosure**

The Ghost Security team is committed to working with security researchers to verify, reproduce and respond to legitimate reported vulnerabilities.

*   Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept
*   Make a good faith effort to avoid privacy violations, destruction and modification of data on live sites
*   Give reasonable time to correct the issue before making any information public

Security issues always take precedence over bug fixes and feature work. We can and do mark releases as “urgent” if they contain serious security fixes.

We will publicly acknowledge any report that results in a security commit to https://github.com/TryGhost/Ghost

**Issue triage**

We’re always interested in hearing about any reproducible vulnerability that affects the security of Ghost users, including…

*   Remote Code Execution (RCE)
*   SQL Injection (SQLi)
*   Server Side Request Forgery (SSRF)
*   Cross Site Request Forgery (CSRF)
*   Cross Site Scripting (XSS) but please read on before reporting XSS…

**However, we’re generally _not_ interested in…**

*   Privilege escalation as result of trusted users publishing arbitrary JavaScript1
*   HTTP sniffing or HTTP tampering exploits
*   Open API endpoints serving public data
*   Ghost version number disclosure
*   Brute force, DoS, DDoS, phishing, text injection, or social engineering attacks.
*   Output from automated scans
*   Clickjacking with minimal security implications
*   Missing DMARC records

**Privilege escalation attacks**

Ghost is a content management system and all users are considered to be privileged/trusted. A user can only obtain an account and start creating content after they have been invited by the site owner or similar administrator-level user.

A basic feature of Ghost as a CMS is to allow content creators to make use of scripts, SVGs, embedded content & other file uploads that are required for the content to display as intended. Because of this there will always be the possibility of “XSS” attacks, albeit only from users that have been trusted to build the site’s content.

Ghost’s admin application does a lot to ensure that unknown scripts are not run within the the admin application itself, however that only protects one side of a Ghost site. If the front-end (the rendered site that anonymous visitors see) shares the same domain as the admin application then browsers do not offer sufficient protections to prevent successful XSS attacks by trusted users.

If you are concerned that trusted users you invite to create your site will act maliciously the best advice is to split your front-end and admin area onto different domains (e.g. https://mysite.com and https://admin.mysite.com/ghost/). This way browsers offer greater built-in protection because credentials cannot be read across domains. Even in this case it should be understood that you are giving invited users completely free reign in content creation so absolute security guarantees do not exist.

Anyone concerned about the security of their Ghost install should read our hardening guide.

We take any attack vector where an untrusted user is able to inject malicious content very seriously and welcome any and all reports.

**How reports are handled**

If you report a vulnerability to us through the security@ghost.org mailing list, we will:

*   Acknowledge your email within a week
*   Investigate and let you know our findings within two weeks
*   Ensure any critical issues are resolved within a month
*   Ensure any low-priority issues are resolved within three months
*   Credit any open source commits to you
*   Let you know when we have released fixes for issues you report

**Privacy**

Ghost as an organisation is self-funded, wholly independent, and only makes revenue directly from its customers. It has zero business interests of any kind predicated on selling private user data.

In addition the Ghost software itself contains a plainly written summary of every privacy-affecting feature within Ghost, along with detailed configuration options allowing any and all of them to be disabled at will. We take user privacy seriously.

CVE-2023-26510: Ghost Security & Privacy

Attackers have already targeted electric vehicle (EV) charging stations, and experts are calling for cybersecurity standards to protect this necessary component of the electrified future.

As electric vehicle (EV) charging infrastructure rushes to keep pace with the dramatic rise in sales of electric vehicles in the United States, cyberattackers and security researchers alike have already started focusing on security weaknesses in the infrastructure.

In February, researchers with energy-network cybersecurity firm Saiflow discovered two vulnerabilities in the Open Charge Point Protocol (OCPP) that could be used in a distributed denial-of-service (DDoS) attack and to steal sensitive information. And the Idaho National Laboratory recently found that every charger it examined — more formally known as Electric Vehicle Supply Equipment (EVSE) — was running outdated versions of Linux, had unnecessary services, and allowed many services to run as root, according to a survey of EV charging vulnerability research in the journal Energies. Other potential attacks include adversary-in-the-middle (AitM) and services exposed to the public Internet, according to the paper.

The risks are not just theoretical: A year ago, after Russia invaded Ukraine, hacktivists compromised charging stations near Moscow to disable them and display their support for Ukraine and their contempt for Russian President Vladamir Putin.

The cybersecurity concerns come as electric vehicle sales have taken off in the United States, accounting for 5.8% of all vehicles sold 2022, up from 3.2% the previous year, according to JD Power. Currently, less than 51,000 Level 2 and DC Fast charging stations are available in the US, representing the capability to charge 130,000 vehicles simultaneously, according to the US Department of Energy. With more than 1.5 million electric vehicles registered as of June 2022, that means there are 11 vehicles for every public charging port.

To keep up with demand, the major players in the EV charging sector all have significant expansion plans, and the Biden administration aims to increase the number of vehicle chargers to 500,000 by 2030.

While cybersecurity experts worry that the rush to create a comprehensive charging infrastructure could come at the expense of cybersecurity, the question of its cybersecurity preparedness is especially piquant given the connectedness of the infrastructure and the ability to potentially cause damage using access to the high voltage available, says Phil Tonkin, senior director of strategy at Dragos, a provider of industrial cybersecurity.

"Most EV chargers can be considered an Internet of Things (IoT) technology, but they are one of the first that has control over such a significant amount of electrical load," he says. He adds, "The aggregated risk of so many devices, often connected to a small number of single systems, means that devices of this type need to be implemented with care."

**EV Chargers: IoT, OT & Critical Infrastructure**

In many ways, EV charging infrastructure represents a perfect storm of technologies. The devices are connected via mobile applications and carry the same risks as other IoT devices, but they're also set to become a critical part of transportation network in the United States, like other operational technology (OT). And because EV charging stations must be connected to public networks, ensuring that their communications are encrypted will be critical to maintaining the security of the devices, says Dragos' Tonkin.

"Hacktivists will always be looking for poorly secured devices on public networks, it's important that the owners of EV put in place controls to ensure they are not easy targets," he says. "The crown jewels of the operators of EV chargers have to be their central platforms, the chargers themselves intrinsically trust the instructions pushed down from the center."

Consumer devices are also a problem. About 80% of charging takes place in the home, according to ChargePoint session data. But unfortunately, those devices may be easier to disrupt because consumers are not focused, nor should they need to be focused, on cybersecurity, Tonkin says.

"It's not practical for the average domestic customer to have to put in place the right security, therefore making sure the device itself and the methods it uses to communicate with cloud-based services should always be on the vendor," he says.

**Government's Role in EV Cybersecurity**

The US government should make standards and best practices available to companies to prevent cybersecurity weaknesses, some say. Sandia National Laboratories, for instance, has recommended a number of initiatives to strengthen cybersecurity, including improving EV owner authentication and authorization, adding more security to the cloud component of the charging infrastructure, and hardening the actual charging units against physical tampering.

"The government can say 'produce secure electric vehicle chargers,' but budget-oriented companies don't always choose the most cyber-secure implementations," Brian Wright, a Sandia cybersecurity expert working on the vulnerability project, said in a statement. "Instead, the government can directly support the industry by providing fixes, advisories, standards, and best practices."

EV Charging Infrastructure Offers an Electric Cyberattack Opportunity

Innocently or not, residential proxy networks can obscure the actual geolocation of an access point. Here's why that's not great and what you can do about it.

With so much of the world’s wealth, assets, and trade secrets existing in the cloud, fraudsters and nefarious players have ample motivation to look for new ways to break into networks. Increased VPN usage provides opportunities for threat actors to operate with nearly total anonymity, and we are seeing an uptick in breaches stemming from the widespread use of commercial or anonymous VPNs.

As a cybersecurity practitioner, I continually stress the importance of examining the context of VPN-driven data. Let's look at the top three trends I see emerging, as well as the role that IP address data will continue to play in the world of cybersecurity and ad fraud.

**1\. Residential Proxy Networks Will Keep Security and Marketing Teams Up at Night**

I am amazed by the growing number of entities offering residential proxy networks and promising a world of possibilities in scraping — search engine results pages, e-commerce sites, and webpages. Residential proxy networks use the IP addresses of consumers who sign up for any number of apps that pay them to share their bandwidth. The website or service will see requests coming from what they think are residential IP addresses and allow access to content that would have been blocked had the site been able to see the original IP address.

If I wanted to, I could access or scrape any site that restricts hosted or bot traffic by disguising myself using a legitimate residential IP address from whatever location I wanted.

Many of these apps are upfront with the users who opt to share their bandwidth, but some are more nefarious players, offering users access to a VPN without telling them that their IP addresses will be shared. In such cases, those IP addresses can be used to scrape websites, commit fraud, or launch distributed denial-of-service (DDoS) attacks.

The existence of residential proxy networks is quite troubling for organizations. Marketing teams may be paying for traffic they believe to be legitimate but is actually fraudulent.

Let's say an ad farm sets up a website for the sole purpose of selling ad space via the open-market exchanges. Your company may be led to believe it's a legitimate website that receives lots of consumer traffic in your target markets and which you verify by checking the IP address type and location. But how do you actually distinguish between real users and hosted or bot traffic hiding behind and proxy residential IDs? Without additional context around residential IPs, you can't make that distinction.

**2\. Security Teams Will Realize That WAFs Have Blind Spots**

Every organization has multiple layers of security, including Web application firewalls (WAFs).

A WAF protects your Web applications by monitoring, filtering, and blocking malicious HTTP/S traffic traveling to a Web application, preventing unauthorized data from leaving the application. It does this by adhering to a set of policies, including context around the IP address, that helps determine which traffic is malicious and which is safe. If, for instance, corporate security policy mandates that all non-residential IP addresses and addresses from a specific geolocation should be blocked, the firewall will block all traffic that matches those criteria.

Unfortunately, the proliferation of residential proxy networks means WAFs have a significant blind spot: Knowing the traffic is residential and has a geolocation that is permissible is no longer sufficient. While organizations deploy WAFs to protect against things like scraping and DDoS attacks, these tools can also be tricked into providing access when they shouldn't. Security teams need a lot more context around IP addresses to understand their incoming traffic.

**3\. Security Teams Will Find Ways to Detect Residential Proxy IPs**

In the face of these networks, context is your best defense. Security teams should ask critical questions about incoming traffic, such as:

*   Is this traffic proxied or VPN?
*   How many devices are connected to that IP address? (If you see hundreds of devices connected to an IP address, it’s probably not an individual person.)
*   Is the IP address stable? Has it been in the same location for 20 weeks?
*   Is the IP address part of a known residential proxy network that’s being used for other things?

All of this VPN-driven data and context provides vital clues that can protect marketing budgets as well as corporate networks.

IP address intelligence data isn’t the panacea for securing a network, but it can go a long way in providing the context security teams to identify when unusual activities are occurring and to investigate further. It can also help them enforce digital access rights, ensuring that users in prohibited or embargoed areas are restricted from accessing certain digital assets.

3 Ways Security Teams Can Use IP Data Context

Misconfigured Redis database servers are the target of a novel cryptojacking campaign that leverages a legitimate and open source command-line file transfer service to implement its attack.
"Underpinning this campaign was the use of transfer[.]sh," Cado Security said in a report shared with The Hacker News. "It's possible that it's an attempt at evading detections based on other common code

Data Security / Cryptojacking

Misconfigured Redis database servers are the target of a novel cryptojacking campaign that leverages a legitimate and open source command-line file transfer service to implement its attack.

"Underpinning this campaign was the use of transfer\[.\]sh," Cado Security said in a report shared with The Hacker News. "It's possible that it's an attempt at evading detections based on other common code hosting domains (such as pastebin\[.\]com)."

The cloud cybersecurity firm said the command line interactivity associated with transfer\[.\]sh has made it an ideal tool for hosting and delivering malicious payloads.

The attack chain commences with targeting insecure Redis deployments, followed by registering a cron job that leads to arbitrary code execution when parsed by the scheduler. The job is designed to retrieve a payload hosted at transfer\[.\]sh.

It's worth noting that similar attack mechanisms have been employed by other threat actors like TeamTNT and WatchDog in their cryptojacking operations.

The payload is a script that paves the way for an XMRig cryptocurrency miner, but not before taking preparatory steps to free up memory, terminate competing miners, and install a network scanner utility called pnscan to find vulnerable Redis servers and propagate the infection.

"Although it is clear that the objective of this campaign is to hijack system resources for mining cryptocurrency, infection by this malware could have unintended effects," the company said. "Reckless configuration of Linux memory management systems could quite easily result in corruption of data or the loss of system availability."

The development makes it the latest threat to strike Redis servers after Redigo and HeadCrab in recent months.

The findings also come as Avertium disclosed a new set of attacks in which SSH servers are brute-forced to deploy the XorDdos botnet malware on compromised servers with the goal of launching distributed denial-of-service (DDoS) attacks against targets located in China and the U.S.

The cybersecurity company said it observed 1.2 million unauthorized SSH connection attempts across 18 honeypots between October 6, 2022, and December 7, 2022. It attributed the activity to a threat actor based in China.

42% of those attempts originated from 49 IP addresses assigned to ChinaNet Jiangsu Province Network, with the rest emanating from 8,000 IP addresses scattered all over the world.

"It was found that once the scanning identified an open port, it would be subject to a brute-force attack against the 'root' account using a list of approximately 17,000 passwords," Avertium said. "Once the brute-force attack was successful, a XorDDoS bot was installed."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers

**SAN FRANCISCO – March 1, 2023 –** Fastly, Inc. (NYSE: FSLY), the world’s fastest global edge cloud platform, today launched Fastly Managed Security Service, a premier 24/7 threat detection and response service dedicated to helping organizations significantly reduce the risk  of web application attacks and associated business costs due to lost transactions. Available to Fastly’s global Next-Gen WAF customers, Fastly Managed Security Service further demonstrates the company’s commitment to helping global marquee customers deliver innovative, secure digital experiences to their users.

Web applications continue to be popular targets for today’s attackers. In fact, according to the Verizon 2022 DBIR, web applications are the number one vector, and not surprisingly, they are also connected to the high number of Denial of Service attacks. This pairing, along with the growing use of stolen credentials (commonly targeting some form of web application) is consistent with what we’ve seen for the past few years. Existing security teams are spread thin and don’t always have the expertise or time to continuously monitor and detect these types of threats. Organizations can deploy Fastly Next-Gen WAF for accurate protection, and now they can further enhance this protection with Fastly’s Managed Security Service.

“Today’s defenders face an uphill battle against cyber adversaries due to an exploding attack surface and increasing volumetric attacks, particularly DDoS attacks. At the same time, security teams want to reduce complexity and prioritize their resources,”said Gino Lang, Vice President of Customer Security, Fastly. “By providing global 24/7 proactive protection, Fastly Managed Security Service delivers comprehensive visibility and the expert staff needed to quickly identify and mitigate potential threats. This frees up organizations to focus their security staff on other business priorities.” 

This latest announcement builds on the success of Fastly’s Response Security Service and other security offerings. “Fastly’s decision to extend its next-generation security capabilities to offer a managed security service is a natural evolution and reconfirms the company’s commitment to protecting organizations from today’s agile and persistent adversaries,” said Christopher Rodriguez, IDC Research Director, Security & Trust.

IDC recently recognized Fastly as a leader in the "IDC MarketScape: Worldwide Commercial CDN Services 2022 Vendor assessment", highlighting the company's ability to create fast, dynamic, and secure digital experiences.   

**About Fastly Managed Security Service**

Fastly Managed Security Service is a premium offering that provides Fastly Next-Gen WAF customers with continuous monitoring and proactive mitigation of web-application attacks, all backed by a 15-minute response time SLA for critical security incidents. We combine this with robust post-event reporting and regular, strategic security consultation in order to ensure the highest level of application protection to strengthen an organization’s overall security posture. 

Staffed 24/7 by Fastly’s global Customer Security Operations Center (CSOC), this service enables in-house teams to improve their overall security posture and focus on their core competencies, strategic initiatives, and high-impact projects.

Fastly’s Managed Security Service is now available to Fastly Next-Gen WAF customers. To learn more about how your organization can add this white glove experience to your security program, please contact \[email protected\]. For additional information about the new service, please visit here. 

**About Fastly**

Fastly’s powerful and programmable edge cloud platform helps the world’s top brands deliver the fastest online experiences possible, while improving site performance, enhancing security, and empowering innovation at global scale. With world-class support that achieves 95%+ average annual customer satisfaction ratings, Fastly’s beloved suite of edge compute, delivery, security and observability offerings has been recognized as a leader by industry analysts such as IDC, Forrester and Gartner. Compared to legacy providers, Fastly’s powerful and modern network architecture is the fastest on the planet, empowering developers to deliver secure websites and apps at global scale with rapid time-to-market and industry-leading cost savings. Thousands of the world’s most prominent organizations trust Fastly to help them upgrade the internet experience, including Reddit, Pinterest, Stripe, Neiman Marcus, The New York Times, Epic Games, and GitHub. Learn more about Fastly at https://www.fastly.com, and follow us @fastly.

Source: Fastly, Inc.

Fastly Launches Managed Security Service to Protect Enterprises From Rising Web Application Attacks

Upgrades boost Edgio's ability to mitigate sophisticated threats and safeguard applications and data.

**Singapore, 24 February 2023 –** Edgio, Inc. (Nasdaq: EGIO), the platform of choice for speed, security and simplicity at the edge, today announced significant enhancements to its Security platform, including a new DDoS scrubbing solution and improved Web Application and API Protection (WAAP) capabilities.

The new DDoS scrubbing solution provides dedicated DDoS mitigation capacity that protects all protocols and direct-to-origin attacks. It complements Edgio’s 250+ Tbps edge network to provide full spectrum DDoS protection. WAAP enhancements include advanced rule customizer, outbound data leak prevention, proxy detection, region code support and enhanced configurability. These new features provide customers with enhanced ability to detect and respond to emerging threats, ensuring confidentiality, integrity and availability of their data and applications.

"New security vulnerabilities are growing at an accelerated rate, and with this growth, it’s imperative that technology also evolve at a similarly exponential rate to stay ahead of the threats," said Ajay Kapur, Edgio’s Chief Technology Officer. "Edgio is doing just that with these product enhancements. Our security platform continues to provide a holistic solution for our customers that can not only mitigate the largest DDoS attacks, but also ensures the protection of critical web applications and APIs."

**Key Highlights/Facts**

*   DDoS attacks are on the rise.  In fact, according to **the 2022 Verizon DBIR (Data Breach Investigations Report)**, the number one security threat is a DDoS attack (46% of attacks) — and it’s growing every year. Therefore, it’s critical to have holistic protection from the full spectrum of DDoS attacks. With the addition of DDoS scrubbing solution, Edgio is able to protect all networks and applications, including direct-to-origin network attack against non-web applications via its dedicated scrubbing capacity utilizing standard protocol such as BGP and GRE tunnel. The combination of Edgio’s Layer 3-7 DDoS protection via its 250+ Tbps with the dedicated DDoS scrubbing provides businesses with a full spectrum protection to ensure maximum resiliency and uptime of their network and applications.

*   Outbound security rules make it easier for companies to prevent attackers from causing a data breach via exploiting known vulnerabilities. Traditionally, security rules only inspect inbound requests to mitigate application attacks from the outside in. Edgio is now adding the ability for security rules to scan outbound traffic as well, which prevents sensitive data and code leakage, providing an added layer of protection for confidential customer data and preventing the client from executing malicious code. Edgio is also adding the ability to detect and block requests originating from anonymous proxies, providing additional control on the access to customers’ applications.  The advanced rules customizer allows customers to control the sensitivity of individual security rules maximizing its accuracy while minimizing false positives. Enhanced configuration management enables developers to directly import and export configuration json via both API and UI to rapidly deploy protection for new applications.

*   Whether for compliance reasons or to prevent commerce to certain countries, Edgio enables clients to control access to their applications via advance access control rules. In the latest enhancements, Edgio is adding support for more granular regional control, down to the region or province level in its WAAP’s access rules and custom security rules, supporting ongoing compliance requirements in today’s changing geopolitical environment.

Edgio's mission is to help businesses protect their web applications and data through a holistic approach to security that also improves speed and reliability. Its advanced security solutions offer full-spectrum network and application DDoS protection, advanced web application and API protection (WAAP) with Dual WAAP Mode, and enterprise-grade bot management. For more information on Edgio's security offerings, click here.

**About Edgio**

Edgio (NASDAQ: EGIO)helps companies deliver online experiences and content faster, safer, and with more control. Our developer-friendly, globally scaled edge network, combined with our fully integrated application and media solutions, provide a single platform for the delivery of high-performing, secure web properties and streaming content. Through this fully integrated platform and end-to-end edge services, companies can deliver content quicker and more securely, thus boosting overall revenue and business value.To learn more, visit edg.io and follow us on Twitter, LinkedIn and Facebook.

Edgio Strengthens Security Offering With WAAP Enhancements and DDoS Scrubbing Solution

By Waqas
The suspects are allegedly involved in hacking, issuing threats, stealing data, laundering money, and extorting
This is a post from HackRead.com Read the original post: Ethical hacker among 3 arrested for blackmail and ransomware attacks

The ethical hacker reportedly works for the Dutch security organization, the Dutch Institute for Vulnerability Disclosure (DIVD).

Amsterdam’s cybercrime police arrested three individuals suspected of **launching ransomware attacks** against businesses in the Netherlands and worldwide. The suspects are allegedly involved in hacking, issuing threats, stealing data, laundering money, and extorting. These criminals extorted small and large businesses worldwide after hacking into their networks, generating €2.5 million.

**Suspects Details**

The detainees are all young males aged between 18 and 21. They were arrested on January 23rd, 2023 and are accused of stealing the private information of tens of millions of users from their targeted networks and blackmailing the victims for ransom.

The 21-year-old hailed from Zandvoort and was in contact with an 18-year-old suspect from Rotterdam; the third, also 18, was arrested in Naaldwijk. One of the suspects is an **ethical hacker** who works for the Dutch security organization, the Dutch Institute for Vulnerability Disclosure (**DIVD**).

The accused are detained in restrictive custody and can only contact their lawyer. The accused arrested in Zandvoort had 45,000 euros in cash and 550,000 euros worth of Bitcoin. Reportedly, the accused used Bitcoin to launder €2.5 million.

**Stolen Data**

**According to** Dutch media, thousands of businesses were targeted, including online stores, social media networks, training and educational institutions, software firms, hotels, and critical infrastructure and services-related entities.

Moreover, the accused damaged property worth millions of euros. The stolen data includes names, addresses, dates of birth, phone numbers, credit card numbers, passwords, bank account details, license plate numbers, passport data, and citizen identification numbers. The victims paid large sums to the hackers, sometimes as much as €700,000. 

**Investigations**

The investigation was launched in March 2021 by the Amsterdam Police Cybercrime Division after receiving a report from a prominent Dutch firm. The firm reported that its computer systems had been hacked and a trove of data had been stolen.

Dutch police **noted** that private and sensitive data had been stolen, and national and international businesses had become victims of hacking and data theft.

One of the victim organizations is Ticketcounter, which sells amusement park and zoo tickets online. Troy Hunt of **HaveIbeenPwned** also tweeted about the Ticketcounter data breach on March 1st, 2021.

> I've spent a bunch of time talking to Ticketcounter over the last week, and this is a really tough situation for them. The exposed database was human error; one bad mistake made in August last year that's now come back to bite them nearly 7 months on. https://t.co/u4xrMZDpGZ
> 
> — Troy Hunt (@troyhunt) March 1, 2021

Other victims include a reputed educational institution and a meal-delivery service. Further probing revealed that the hackers had invaded the computer systems of their targets and sent a threatening email, asking the victims to pay a **ransom in Bitcoin**; otherwise, they would destroy the company’s digital infrastructure or leak the data online. Many victims paid the ransom.

“According to what we know so far, the demand ranges from more than €100,000 to €700,000 and, in addition, the stolen information has often already been sold online,” investigators revealed.

**Dutch Police Tackle Cybercrime**

Although cybercrime in the Netherlands, like any other country, has increased in recent years, Dutch authorities are known for playing a major role in tackling it locally and globally. In fact, Dutch police were behind the shutdown and seizure of the infamous and one of the **largest dark web marketplaces Hansa**.

**Back in April 2020**, Dutch authorities took down 15 DDoS-for-hire services. It took them merely one week to complete the operation. Most recently, **in October 2022**, Dutch police were even able to successfully trick the Deadbolt ransomware gang into sharing decryption keys.

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Ethical hacker among 3 arrested for blackmail and ransomware attacks

The Cybersecurity and Infrastructure Security Agency advises US and European nations to prepare for possible website attacks marking the Feb. 24 invasion of Ukraine by Russia.

The one-year anniversary of the start of the war in Ukraine could spur "disruptive and defacement attacks" on US and European websites, the US Cybersecurity and Infrastructure Security Agency (CISA) warned this week.

CISA said cyberattackers could use Feb. 24, which marks one year since the Russian invasion began, as an opportunity to wreak havoc and upheaval amid geopolitical tensions. The agency advised organizations to prepare accordingly and double down on their cybersecurity posture, referring to CISA's Shields Up cyber-defense recommendations, and its DDoS attack guidance.

"CISA urges organizations and individuals to increase their cyber vigilance in response to this potential threat," the agency said in its advisory this week.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

CISA: Beware of DDoS, Web Defacements on Anniversary of Russian Invasion of Ukraine

Preparation and cooperation helped to mitigate the worst of the digital damage, amid cyber sorties from all sides.

When Russia invaded Ukraine on Feb. 24, 2022, much discussion ensued about how the war would be both cyber and kinetic. A year later, the consensus seems to be that while there was a lot of cyberattack activity, it wasn't as destructive as many had feared. That was partly due to various governments and security companies helping to identify and block attacks.

Between February 2022 and February 2023, an average of 10% of all online traffic to Ukraine was mitigations of potential attacks, Cloudflare said in its analysis of the Russian invasion's impact on theUkrainian Internet. Cloudflare protected Ukrainian Web applications by filtering and monitoring HTTP traffic to block malicious attacks, including distributed denial-of-service (DDoS) attacks.

On Oct. 29, DDoS attack traffic constituted 39% of total traffic to Cloudflare's Ukrainian customers.

The company shared a graph showing the daily percentage of application layer traffic to Ukraine that Cloudflare mitigated as potential attacks using its Web application firewall (WAF). In early March, 30% of all traffic was mitigated. After a fairly quiet summer, attack activity ticked back up in early September, during the Ukrainian counteroffensive in east and south Ukraine.

More specifically, 14% of total traffic from Ukraine was mitigated as potential attacks, while 10% of total traffic to Ukraine was mitigated as potential attacks in the past 12 months.

Mitigated application-layer threats blocked by Cloudflare's WAF were 105% higher on Monday, Feb. 28, 2022 — four days after the invasion — compared with the Monday before, Feb. 21, 2022. By March 8, that figure was 1,300%.

**What Came Out of 'Shields Up'**

In anticipation of Russian cyberattacks against Ukrainian targets and against organizations in countries allied with Ukraine, the US Cybersecurity and Infrastructure Security Agency (CISA) urged organizations to share information that could help mitigate threats. "Every organization — large and small — must be prepared to respond to disruptive cyber incidents," CISA said.

While sharing threat intelligence indubitably helped, the nature of the attacks were also less sophisticated or destructive than feared.

Cisco Talos researchers have been monitoring critical infrastructure customers to identify threats and remediate attacks. While there were a lot of concerns about destructive malware, what Talos is seeing — and blocking — a lot of is credentials harvesting, says Nick Biasini, Cisco Talos' head of outreach. Attackers are not resorting to highly sophisticated tactics but rather are employing mundane and recognizable methods to try to gain access to networks and accounts, he says.

**Impact on Critical Infrastructure**

Cloudflare's analysis of Ukraine's Internet traffic shows peaks and drops in usage corresponding with military activity. For example, the city of Chernihiv had a significant drop in traffic the first week of the war and residual traffic by mid-March, with traffic picking up after the Russian retreat in early April, Cloudflare noted. In the fall, Russian military units started targeting Ukrainian critical infrastructure, causing widespread power outages and Internet blackouts. Some of these strikes caused as much as a 50% decrease in Internet traffic, according to Cloudflare's analysis. The disruptions often lasted only a day or two, "further emphasizing the ongoing impact of the conflict on Ukraine's infrastructure," Cloudflare noted.

"Throughout the rest of the year and into 2023, Ukraine has continued to face intermittent Internet disruptions," Cloudflare also wrote.

**Ripple Effects Around the World**

Security leaders in East Asia are carefully watching how the war between Russia and Ukraine unfolds, as a lot of the geopolitical tensions and rhetoric are similar to the long-simmering situation between China and Taiwan. Organizations are "wondering what kind of disruptive attacks to expect" and how the war in Ukraine could affect the Taiwan situation, says Mihoko Matsubara, chief cybersecurity strategist at NTT. There has already been some activity, although it has been of the "cyber nuisance" variety, rather than destruction, Matsubara says. East Asian companies are already seeing DDoS attacks, defacements, and disinformation campaigns, she says.

Matsubara was careful not to downplay the seriousness of the attacks, as they are still disruptive to organizations. NTT has also seen some wiper attacks used to disrupt humanitarian aid efforts, which may be a harbinger of activities to come.

**Bad Actors Get Political**

Cybercriminals have been expressing their own opinions — and political allegiances — about the war. For example, Coalition's latest "Cyber Threat Index" report dug into attacks against databases exposed to the Internet. Coalition observed a total 264,408 IP addresses running MongoDB instances in 2022, and 68,423 of them — or 26% — were compromised. Coalition found a handful of compromised MongoDB servers where the attackers renamed the databases to SLAVA\_UKRAINI, or "Glory to Ukraine!"

"Threat actor activity is often shaped by fluctuations in economic conditions," noted the team from Kroll's Cyber Risk practice in the latest "Threat Landscape" report. "Due to the continued market volatility across the globe and the ongoing war on Ukraine, it is likely that the unstable circumstances in which attackers thrive will persist in 2023."

Tag

#ddos