Using Splunk Attack Range to Test and Detect Data Destruction (ATT&CK 1485)

Data destruction is an aggressive attack technique observed in several nation-state campaigns. This technique under MITRE ATT&CK 1485, describes actions of adversaries that may “..destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives”.


Austria's Foreign Ministry Hit by 'Serious' Cyber Attack

The Austrian State Department's IT systems were hit by a cyberattack last Saturday and many believe that a "state actor" may be behind the attack. The attack, which was disclosed late Saturday night, is said to be "serious" and experts warn it could continue for several days, according to a joint statement from the Foreign Ministry (BMEIA) and the Ministry of the Interior (BMI).


Visa Reports PoS Attacks Targeting North American Gas Stations

According to Visa, cybercrime groups have targeted North American gas stations with point-of-sale (PoS) malware. In the summer of 2019, three separate attacks were detected, but only two of the attacks impacted the PoS systems of fuel dispenser merchants. Despite this, Visa believes that these businesses will become an increasingly attractive target for criminal groups.


Splunk's Attack Range Provides a Simple Framework for Generating Attack Data

Security has always been a sophisticated cat-and-mouse game and a creative one at that. Attackers' techniques constantly mutate and evolve, like biological viruses, forcing security professionals to continuously evolve their strategies to combat them. In an ideal world, companies could and would be able to devote a sufficient number of resources to ensure that they keep pace with the bad guys. But there is no such thing as an ideal world.


Major data center provider hit by ransomware attack, claims report

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware.


The "Great Cannon" Has Been Deployed Again

Summary The Great Cannon is a distributed denial of service tool (“DDoS”) that operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack the users’ connections to make multiple requests against the targeted site. These requests consume all the resources of the targeted site, making it unavailable.


American Gunmaker Smith & Wesson Hacked in Magecart Attack

The website of Smith & Wesson was targeted by digital skimmers last week as they planted malicious code designed to steal customer payment card information. According to Sanguine Security, the attackers planted a payment skimmer on the Smith & Wesson online store on Wednesday, November 27, during the busy Black Friday holiday shopping weekend. The firm claims that as of Monday, December 2 that the skimming code is still active.


Why businesses need to suit up against cyberattacks in 2020

Cyberattacks are never going away; in fact, things appear to be getting worse. The complexity of attacks has escalated, resulting in more sophisticated, targeted takedowns. Just look at the attacks in Baltimore, Atlanta, Florida, and Spain within the past few years. Organizations around the world have had their operations halted by ransomware, with some taking weeks to get back to normal.


Louisiana Declares State of Emergency Following Cyber Attack

Louisiana Governor John Del Edwards was forced to declare a state of emergency last Friday after suffering a cyberattack that left 10% of the state's computer network servers damaged. Louisiana's Deputy Chief Information Officer, Neal Underwood, claims that the ransomware attack left one in ten of Louisiana's 5,000 computer network servers that power operations across the state damaged in last week's attack.

Mitigating cyberthreats in 2020: A unified approach to endpoint security

Unsecured endpoints can cause catastrophic incidents that threaten an organization’s security and reputation. The ability to identify, preempt, and thwart breaches at the device level is critical to your organization’s security posture. In this webinar, you will learn about major attacks of the past, vulnerabilities that led to these attacks, and how to build a proactive shield against them.