Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Exploits

Google reports a rise in ransomware attacks

Paul Anderson by Paul Anderson
July 15, 2022
in Exploits
0
Google threat horizons google cybersecurity
8
SHARES
257
VIEWS
Share on FacebookShare on Twitter

In the 3rd issue of the recently released, Threat Horizons, Google’s Cybersecurity Action Team (GCAT) provides organizations with information about emerging risks and actionable mitigation.

You might also like

Plex media server seen exploited in the wild utilizing a 3 year old RCE

New TPM 2.0 exploit attackers to access or overwrite sensitive data

Cross-Site Scripting (XSS) attack method steals your browser’s auto-fill credentials

Bad actors have always looked for loopholes such as misconfigured cloud resources for the primary objective of crypto mining and ransomware. The latest report focussed on common attack vectors and countermeasures against the threats.

Most common attack vectors

Attackers continually focus attention on exploiting vulnerable cloud servers and weak passwords. In recent years, bad actors are leveraging the progressive increase in automation and computing power used by organizations to infiltrate cloud admin accounts and privileged users with brute-force attacks in a grand manner. The Google Cloud report shows brute force attacks targeting cloud services are the most common compromises in the first quarter of 2022.

Common threat trends, source: Google

Trailing behind brute-forcing is software vulnerabilities. Many organizations operate with unpatched and outdated systems, which provide an easy entry for cybercriminals. One such leveraged by hackers to target the corporate network is the Log4j zero-day vulnerability, a flaw putting many open-source software applications at risk. As reported by Google’s project zero, there has been an uptick in zero-day vulnerabilities detected in 2021. Despite the unprecedented detections recorded in 2021, limited exploitation was reported by vendors before patching vulnerabilities.

Third on the list of the most common vector attacks in crypto mining and ransomware is compromised credentials leaked from public repositories. Multiple employers with shared credentials and other human errors increase the chance of compromise.

The last attack vector in the report is weak firewalls. Though it plays a less significant role in overall compromises, the likelihood of brute force and other attacks increases considerably with a weak barrier.

Hackers shifting focus from Files to databases

In the past, ransomware threat actors have mainly targeted computer file systems with the aim of data hostage and extorting organizations. This recent issue of Threat Horizons noted a switch of targets away from file to a more critical extorting model – databases.

The attackers’ tactics aim to brute force SQL servers and gain administrative access to encrypt sensitive information for ransom sent to a crypto wallet with a threat to delete the data. Another technique is duplicating a table or replacing the original table to hijack a cloud project. These security breaches are common in proof of concept (POC) instances, where weaknesses in non-working environments are exploited before being patched.

How Google Cloud users mitigate the security risks

After assessing the ransomware risks, the report further recommended these counteracting practices employed by Google Cloud customers.

  • GCP’s security command center is handy for evaluating your cloud resources’ overall security health/risks. Defining Org policies also gives you fine-grained, centralized control.
  • Google Cloud customers employ an additional defense layer with the Virtual Machine Threat Detection (VMTD) accessible in the Security Command Center against the exploits of crypto mining and ransomware groups.
  • Detecting any authorized storage of secrets like credentials, tokens, and other sensitive information helps minimize compromise and infiltration.
  • Lastly, setting up a container and web security scanner available in the Security Command Center to find outdated libraries, improper configuration, and other vulnerabilities greatly minimizes potential entry points.
Tags: googleransomwareThreat HorizonsThreat Trends
Share8Tweet4
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Plex media server seen exploited in the wild utilizing a 3 year old RCE

by Kyle
March 11, 2023
0
Plex RCE responsible-for lastpass breach

CISA, the cybersecurity and infrastructure agency, has included a severe remote code execution (RCE) vulnerability in the Plex Media Server, which is nearly three years old, in its...

Read more

New TPM 2.0 exploit attackers to access or overwrite sensitive data

by Paul Anderson
March 5, 2023
0
New TPM 2.0 Exploit

Two buffer overflow vulnerabilities have been discovered in the Trusted Platform Module (TPM) 2.0 specification, which could give cybercriminals unauthorized access to or the ability to overwrite sensitive...

Read more

Cross-Site Scripting (XSS) attack method steals your browser’s auto-fill credentials

by Christi Rogalski
July 11, 2022 - Updated on February 23, 2023
0
Cross-Site Scripting (XSS) attack method steals your browser’s auto-fill credentials

Cross-site scripting, also known as XSS, attacks rank high on lists of common cybersecurity risks. It is the injection of malicious code into the web application to exploit...

Read more

Citrix exploit CWE-284 allows hackers to reset admin password

by Christi Rogalski
July 8, 2022
0
Citrix CWE-284 CVE-2022-27511 exploit

A critical bug has been identified in the Citrix Application Delivery Management console (ADM) that, if exploited, could lead to a serious security breach including allowing the attackers...

Read more

Follina Exploit Being Deployed by Chinese APT Group TA413

by Kyle
June 3, 2022
0
Chinese APT TA413

A Chinese state-sponsored hacking group, given the call sign "TA413", has been identified using the new Microsoft Office zero-day exploit, Follina, to launch attacks. Microsoft has tagged this...

Read more
Next Post
GIFs in messaging apps are tracking you

GIFs in messaging apps are tracking you

Related News

BreachForums Owner Arrested and Charged

BreachForums Owner Arrested and Charged

March 17, 2023
ChipMixer platform tied to crypto laundering scheme – seized by authorities

ChipMixer platform tied to crypto laundering scheme – seized by authorities

March 17, 2023
NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.