Category Archives: cyberattack

Mass Ransomware Attack

Posted on by

A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack:

TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward.

However, while the number of victims of the mass-hack is widening, the known impact is murky at best.

Since the attack in late January or early February—the exact date is not known—Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere, a system that can be hosted in the cloud or on an organization’s network that allows companies to securely transfer huge sets of data and other large files…

Continue reading Mass Ransomware Attack

The One Place IT Budget Cuts Can’t Touch: Cybersecurity

Posted on by

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years. And the market is anticipated to reach $267.3 billion in 2026.  Many security professionals […]

The post The One Place IT Budget Cuts Can’t Touch: Cybersecurity appeared first on Security Intelligence.

Continue reading The One Place IT Budget Cuts Can’t Touch: Cybersecurity

Breaking Down a Cyberattack, One Kill Chain Step at a Time

Posted on by

In today’s wildly unpredictable threat landscape, the modern enterprise should be familiar with the cyber kill chain concept. A cyber kill chain describes the various stages of a cyberattack pertaining to network security. Lockheed Martin developed the cyber kill chain framework to help organizations identify and prevent cyber intrusions. The steps in a kill chain […]

The post Breaking Down a Cyberattack, One Kill Chain Step at a Time appeared first on Security Intelligence.

Continue reading Breaking Down a Cyberattack, One Kill Chain Step at a Time

Prompt Injection Attacks on Large Language Models

Posted on by

This is a good survey on prompt injection attacks on large language models (like ChatGPT).

Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs). They are already being adopted in practice and integrated into many systems, including integrated development environments (IDEs) and search engines. The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unassessable. This property, which makes them adaptable to even unseen tasks, might also make them susceptible to targeted adversarial prompting. Recently, several ways to misalign LLMs using Prompt Injection (PI) attacks have been introduced. In such attacks, an adversary can prompt the LLM to produce malicious content or override the original instructions and the employed filtering schemes. Recent work showed that these attacks are hard to mitigate, as state-of-the-art LLMs are instruction-following. So far, these attacks assumed that the adversary is directly prompting the LLM…

Continue reading Prompt Injection Attacks on Large Language Models

Moving target defense must keep cyber attackers guessing

Posted on by

A cybersecurity technique that shuffles network addresses like a blackjack dealer shuffles playing cards could effectively befuddle hackers gambling for control of a military jet, commercial airliner, or spacecraft, according to Sandia National Laborat… Continue reading Moving target defense must keep cyber attackers guessing

Covert cyberattacks on the rise as attackers shift tactics for maximum impact

Posted on by

2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall. “The past year reinforced the need for cybersecur… Continue reading Covert cyberattacks on the rise as attackers shift tactics for maximum impact

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

Posted on by

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly […]

The post Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space appeared first on Security Intelligence.

Continue reading Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

Cyberwar Lessons from the War in Ukraine

Posted on by

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “The Cyber Defense Assistance Imperative ­ Lessons from Ukraine.”

Its conclusion:

Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and achieved higher levels of resiliency due to the efforts of CDAC and many others. But this is not the end of the road—the ability to provide cyber defense assistance will be important in the future. As a result, it is timely to assess how to provide organized, effective cyber defense assistance to safeguard the post-war order from potential aggressors…

Continue reading Cyberwar Lessons from the War in Ukraine

What can we learn from the latest Coinbase cyberattack?

Posted on by

Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies last year. Leveraging smishing and vishing, the attackers tried to trick Coinbas… Continue reading What can we learn from the latest Coinbase cyberattack?