Sicurezza

Ransomware: To Pay or Not To Pay?

Pubblicato il

Ransomware is a type of malware that restricts access to user data by encrypting an infected computer’s files in exchange for payment to decrypt. The attacker often distributes a large-scale phishing campaign in the hope that someone will open the malicious attachment or link. Once infected, the device is unusable and the victim is faced […]

Sicurezza

Behind the Disguise of Trojans

Pubblicato il

A Trojan horse is a malicious computer program masquerading as a useful or otherwise non-malicious, legitimate piece of software. Generally spread via social engineering and web attacks, Trojan horses often install a backdoor for remote access and unauthorized access of the infected machine. An attacker can perform various criminal tasks, including, but not limited to, […]

Sicurezza

What You Need to Know About Exploit Kits

Pubblicato il

Exploit kits are prepackaged tool kits containing specific exploits and payloads used to drop malicious payloads onto a victim’s machine. Once a popular avenue for attacks, they are now barely used due to the popularity of other attack vectors, such as cryptomining. However, they are still utilized to deploy ransomware and mining malware. These tools […]

Sicurezza

Can You Crack the Hack?

Pubblicato il

Let’s play a game. Below are clues describing a specific type of cyberattack; can you guess what it is? This cyberattack is an automated bot-based attack It uses automation tools such as cURL and PhantomJS It leverages breached usernames and passwords Its primary goal is to hijack accounts to access sensitive data, but denial of […]

Sicurezza

Anatomy of a Cloud-Native Data Breach

Pubblicato il

Migrating computing resources to cloud environments opens up new attack surfaces previously unknown in the world of premise-based data centers. As a result, cloud-native data breaches frequently have different characteristics and follow a different progression than physical data breaches. Here is a real-life example of a cloud-native data breach, how it evolved and how it […]

Sicurezza

Are Connected Cows a Hacker’s Dream?

Pubblicato il

Humans aren’t the only ones consumed with connected devices these days. Cows have joined our ranks. Believe it or not, farmers are increasingly relying on IoT devices to keep their cattle connected. No, not so that they can moo-nitor (see what I did there?) Instagram, but to improve efficiency and productivity. For example, in the […]

Sicurezza

What is a Zero-Day Attack?

Pubblicato il

Zero-day attacks are the latest, never-before-seen generation of attacks. They are not volumetric or detectable from a known application signature. Security systems and experts must react instantly to solve the new issues, that is, they have zero days to react. Advanced application-level attacks typically fit into this category. Two Distinct Phases Probe and Learn: Hackers […]

Sicurezza

CISOs, Know Your Enemy: An Industry-Wise Look At Major Bot Threats

Pubblicato il

According to a study by the Ponemon Institute in December 2018, bots comprised over 52% of all Internet traffic. While ‘good’ bots discreetly index websites, fetch information and content, and perform useful tasks for consumers and businesses, ‘bad’ bots have become a primary and growing concern to CISOs, webmasters, and security professionals today. They carry […]

Sicurezza

Bots 101: This is Why We Can’t Have Nice Things

Pubblicato il

In our industry, the term bot applies to software applications designed to perform an automated task at a high rate of speed. Typically, I use bots at Radware to aggregate data for intelligence feeds or to automate a repetitive task. I also spend a vast majority of time researching and tracking emerging bots that were […]

Sicurezza

Adapting Application Security to the New World of Bots

Pubblicato il

In 2018, organizations reported a 10% increase in malware and bot attacks. Considering the pervasiveness (70%) of these types of attacks reported in 2017, this uptick is likely having a big impact on organizations globally. Compounding the issue is the fact that the majority of bots are actually leveraged for good intentions, not malicious ones. As a result, it is […]