Author: David Gadnyx

The 8th Annual Bad Bot Report is now available from Imperva. Created using data from Imperva’s Threat Research Lab, it provides a comprehensive look at the bad bot landscape and the impact that this malicious traffic has across multiple industries. Bad bot traffic amounted to 25.6 percent of all website traffic in 2020. This means that a record-breaking quarter of all internet traffic originated from bad bots last year. Key findings from the 2021 Bad Bot Report: ☐ Bad bot traffic now accounts for a quarter of all internet traffic. Increasing by 6.2 percent from the previous year, bad bot traffic now represents…

Read More

Zero Trust promotes the concept that organizations should not trust any entity inside or outside their network perimeters in a predetermined fashion. Adoption of the Zero Trust security model is picking up steam at last. In February 2020 – before the pandemic swept the world – a survey of more than 400 IT security decision makers conducted by Cybersecurity Insiders and Pulse Secure revealed that 72% of organizations were planning to either assess or implement Zero Trust in their security strategy during the course of the year. Then, in May 2021, President Biden’s Executive Order on Improving the Nation’s Cybersecurity threw down the gauntlet…

Read More

25 years after the invention of VPN’s (PPTP was invented by an MSFT employee in 1996) we have finally found a revolutionary way of working remotely with increased security. In the new reality of instant lockdowns due to the pandemic, companies are forced to find ways to give access to cloud and on prem applications in a fast and secure manner. Zero Trust Network Access (ZTNA) coupled with adaptive Multi Factor Authentication (MFA) is now being widely adopted world-wide as the best architecture to use. Some questions that IT departments are being asked to solve: “Do I need to upgrade…

Read More

Vulnerability Scanning vs. Penetration Testing Penetration testing exploits a vulnerability in your system architecture while vulnerability scanning (or assessment) checks for known vulnerabilities and generates a report on risk exposure. Either penetration testing or vulnerability scanning depends mostly on three factors: Scope Risk and Criticality of assets Cost and Time Penetration Testing Penetration testing scope is targeted and there is always a human factor involved. There is no automated penetration testing – penetration testing requires the use of tools, sometimes a lot of tools. But it also requires an extremely experienced person to conduct penetration testing. A good penetration tester…

Read More

BRATISLAVA — August 10, 2021 — ESET, a global leader in cybersecurity, today published its latest research white paper, titled “RANSOMWARE: A look at the criminal art of malicious code, pressure, and manipulation.” The report examines how dangerous ransomware has become due to the criminals’ psychological and technical innovation and offers advice on how organizations can best protect themselves. It also reveals the most widespread techniques used by malicious actors, focusing on three specific attack vectors: Remote Desktop Protocol (RDP), email attachments, and supply chain. Ransomware gangs have misused the COVID-19 pandemic to expand their extortion and distribution toolkit, focusing…

Read More

Summary Major sporting events, like the World Cup or the Olympics, are usually targets of cybercriminals that take advantage of the event’s popularity. During the 2018 World Cup, for example, an infected document disguised as a “game prediction” delivered malware that stole sensitive data from its victims, including keystrokes and screenshots. A new malware threat emerged just before the 2020 Tokyo Olympics opening ceremony, able to damage an infected system by wiping its files. The malware disguises itself as a PDF document containing information about cyber attacks associated with the Tokyo Olympics. The wiper component deletes documents created using Ichitaro, a popular word processor…

Read More

Earlier this year, in a country populated with over 50 million people, a series of protests began due to higher taxes, corruption and a healthcare reform proposed by the government. Although the government authorities had anticipated the protests would be widespread, no one suspected that a massive cyberattack would be launched on multiple assets of the government’s networks with the intent of bringing it down. Shortly after the attack began, a notorious group of hackers came forward and claimed responsibility for the three-wave attack lasting two weeks. The first wave of the attack came as a surprise to the government. The wave…

Read More

2.1 million people over eleven counties in North Texas depend on Tarrant Regional Water District (TRWD) for their water supply and flood control measures. As a critical part of our national infrastructure, they are well aware of the rising risk of advanced persistent threats, but they also have a small network team with no dedicated in-house security staff. So how does a team like the one at TRWD take on security and regain the upper hand? Should they find themselves face-to-face against sophisticated cybercriminals, it would be a true underdog story—but this small, savvy team in North Texas turned to…

Read More