Cyberthreat News
Cyberthreat News is a weekly security briefing that covers emerging threats, best practices and new tools that are available to organizations.
The threat landscape is rapidly evolving and attackers are constantly finding ways to exploit vulnerabilities. Attackers target businesses for profit, stealing financial assets like bank accounts or cryptocurrency wallets for direct theft or resale and intellectual property such as customer data, product designs and proprietary research. They also seek to damage businesses by imposing ransomware attacks or leveraging Distributed Denial of Service (DDoS) to disrupt critical information systems and public services.
Some attacks are purely criminal, such as those conducted by disgruntled employees seeking revenge or to steal company trade secrets and blackmail them for payment. Others focus on political ambition, with nation-state actors conducting long-term cyber espionage campaigns to spy on sensitive infrastructure and government networks. These efforts are often complemented by hacktivists–individuals or loose collectives who infiltrate systems to spotlight a cause or embarrass an adversary.
Other attacks exploit human trust to steal or distribute malware. Social engineering attacks such as phishing target users with fake emails, text messages or social media posts that mimic legitimate requests to trick victims into clicking malicious links or opening infected attachments. Other methods of distributing malware include drive-by downloads that automatically install software without the user’s knowledge and malvertising, which injects malware into online advertising. Zero-day exploits, which take advantage of unpatched security vulnerabilities, are commonly used to deliver malware. For example, a recently disclosed vulnerability in the Spring CLI VSCode extension allows attackers to execute arbitrary commands on susceptible user machines.