The Week In Review 22/02-26/02

The Week In Review 22/02 – 26/02

Recently, there has been a large increase in targeting vital organisations or governmental structures, using recent news events to deceive the targets.

Critical National infrastructures are, as always, the target of state-sponsored attacks. One of the recent examples is ThreatNeedle malware, from the Lazarus Group (North Korean) that targets Defense Firms using the COVID pandemic as a theme in their emails containing a malicious attachment.

Last week you might have seen news about a small town in Florida that had their drinking water turned into poisoned after a hacker accessed the server of the water company, increasing the dosage of Sodium hydroxide. Meanwhile, Austin Energy customers, already hit by a ferocious storm a few days ago fearing an electricity cut, were targeted by a scam. The imposters were threatening to cut the power to the users.

Unsurprisingly, cryptocurrencies are, as always, the target of tremendous crypto-mining botnets. One of the latest big news is around Watchdog. This malware has been stealthily running for more than two years and is now hard to stop. The target of its malicious actions is, for now, cryptojacking but researchers have shown that there is a risk to have a larger impact in the future for hackers to find identity and access management (IAM) data. This would be the results of the installation of Watchdog on compromised cloud systems.

We have seen a change in the web attacks throughout 2020 and some reports show a changing top 10 hacking techniques. SQL injection and XXE vulnerabilities are slowly becoming obsolete, and we might see them less in the future. Conversely, we see more and more variation of previously known vulnerabilities being re-used as new exploits. This is for example the case of H2C Smuggling becoming number one of this new top 10. This HTTP2 Cleartext smuggling purpose is to create a tunnel from the front-end side to the back-end side, allowing attackers to bypass the front-end protocols. As a result, hackers could perform actions as if they were in the back-end side of the application.

Read about all of this and more below:

Hackers try to poison Florida citizens through Cyber Attack.

(cybersecurity-insiders.com)

Texas electric company warns of scammers threatening to cut power.

(bleepingcomputer.com)

Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign. 

(threatpost.com)

H2C smuggling named top web hacking technique of 2020.

(portswigger.net)

Top 10 web hacking techniques of 2020.

(portswigger.net)

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

(thehackernews.com)

Find out how we can help with your cyber challenge

Please enter your contact details using the form below for a free, no obligation, quote and we will get back to you as soon as possible. Alternatively, you can email us directly at [email protected]

Related Posts

AdobeStock_186430869

Dionach Achieves JOSCAR Registration

A Milestone in Aerospace, Defence, and Security Compliance We are thrilled to announce that Dionach is now a registered supplier on the defence portal JOSCAR, managed by Hellios. This significant achievement underscores our commitment to excellence and compliance in the aerospace, defence, and security sectors. Being JOSCAR registered not only reflects our dedication to maintaining […]
AdobeStock_211643639

Dionach Joins the ADS Group

A New Chapter in Aerospace, Defence, and Space Innovation We are thrilled to announce that Dionach has been officially approved as a member of ADS, the UK’s premier Aerospace, Defence, and Space industry trade association! This prestigious certification underscores our commitment to excellence and innovation within these critical sectors. As an ADS member, we look […]
cyber-security

Dynamic Cybersecurity: Latest Trends and Updates

In today’s interconnected digital world, the field of cybersecurity is constantly evolving to keep up with emerging threats and vulnerabilities. Staying updated with the latest developments is crucial for individuals and organisations alike to protect their sensitive information from malicious actors. In this blog post, we will explore some of the most significant updates and […]
Contact Us

Contact Us React out to one of our cyber experts and we will arrange a call