Updated: 2024-11-21 20:43:06 Pacfic
Cyberattacks Disrupt Israel's Critical Infrastructure - 10d
A series of cyberattacks have targeted Israel’s critical infrastructure, including gas stations and credit card systems. The most recent attack on Sunday caused credit card readers across Israeli gas stations and retail outlets to malfunction for an hour, raising concerns about the vulnerability of Israel’s digital payment systems. The attack, suspected to be a DDoS attack, targeted communication services used by many retailers and resulted in disruptions to credit card processing. While the issue was resolved relatively quickly, it highlights the vulnerability of key infrastructure points to cyberattacks, particularly in a region where cyber warfare is increasingly common.
Chinese APT Campaigns Targeting Critical Infrastructure and ISPs - 27d
Multiple Chinese Advanced Persistent Threat (APT) groups, including Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant, are engaging in sophisticated cyber espionage and disruptive campaigns. These groups employ various techniques, including “living off the land” (LOTL) methods, to compromise critical infrastructure, ISPs, and IoT devices. Volt Typhoon’s focus is on U.S. communication infrastructure, often leveraging compromised Fortinet devices for data exfiltration. Salt Typhoon targets U.S. Internet Service Providers (ISPs), seeking to compromise routers and network devices for data collection. Flax Typhoon utilizes compromised IoT devices to build botnets for command and control purposes, aiming at entities in Taiwan and expanding globally. Velvet Ant, a lesser-known group, targets software supply chains, aiming to indirectly infiltrate larger networks. These groups pose a serious threat to critical infrastructure and national security, requiring vigilant defense strategies to combat their stealthy operations.
Iranian Hackers Target Microsoft 365 and Citrix Systems with MFA Push Bombing - 2d
Iranian hackers are targeting organizations with a sophisticated multi-factor authentication (MFA) push-bombing attack, aiming to compromise their Microsoft 365, Azure, and Citrix Systems accounts. This attack involves sending a barrage of MFA push notifications to a victim’s device, overwhelming them with authentication requests and potentially tricking them into approving a malicious login.
The attackers exploit the user’s trust in MFA and their desire to quickly clear the notifications. This attack highlights the importance of implementing robust MFA strategies, including the use of advanced MFA solutions and security awareness training for employees. Organizations should also be wary of suspicious activity related to MFA notifications and promptly investigate any unusual behavior.