Following an analysis of the progression of ransomware and ongoing attacks on critical infrastructure, highlighted in the previous chapters, it becomes clear that cyberattacks will continue to expand in scope and volume over the coming year. However, we must not lose sight of the fact that these complex scenarios are just one aspect of cybercrime […]
Some of the most critical vulnerabilities in the Internet’s history have been discovered and resolved thanks to the efforts of hackers fueled by curiosity and altruism. Acalvio Technologies Chief Security Architect Chris Roberts puts it this way, “Hackers unfortunately are [often] portrayed as the bad guys, whereas I would argue that for the last 20 […]
A Denial of Service (DoS) attack is an attempt to make a system unavailable to the intended user(s), such as preventing access to a website. A successful DoS attack consumes all available network or system resources, usually resulting in a slowdown or server crash. Whenever multiple sources are coordinating in the DoS attack, it becomes […]
SQL injection was one of the primary attack vectors responsible for many of 2011’s high profile compromises including Sony Pictures, HBGary, and PBS. It was also responsible for the more recent Adobe data breach in which names, email addresses, and password hashes were stolen from one of their customer databases. SQL injection is a dangerous […]
On affected systems, meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer. We show that the KAISER defense mechanism for KASLR has the important (but inadvertent) side effect of impeding meltdown. […]
Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from […]
Ransomware continues to make organizations suffer, as evidenced by the persistence of Cerber and outbreaks of WannaCry and Petya (also known as NotPetya, since it was a variant of the original but with new behaviors). Looking at the raw numbers, WannaCry bested Cerber as the most prolific ransomware family, remaining active since its initial outbreak […]
Ninety percent of organizations feel vulnerable to insider attacks. The main enabling risk factors include too many users with excessive access privileges (37%), an increasing number of devices with access to sensitive data (36%), and the increasing complexity of information technology (35%). The resulting Insider Threat Report is the most comprehensive research on the topic […]
The data in this report provides insights on online threats in websites that were detected by Quttera automated tools and analysed by the malware research team. Read more about “Quttera Annual Website Report 2016” which can be downloaded via the TTCSIRT Website at https://ttcsirt.gov.tt/documents/website2016.pdf
Telstra Cyber Security Report 2017 provides insights into the current cyber security landscape to arm organisations with information on how to manage and mitigate their business risks. Read more about “Telstra Cyber Security Report 2017” which can be downloaded via the TTCSIRT Website at https://ttcsirt.gov.tt/documents/telstra2017.pdf
