2020, Penetration Testing and Social Engineering

Recent Cyber Attacks: Trends, Tactics, and Countermeasures

Hacker's King

DECEMBER 16, 2024

The SolarWinds attack in 2020 is a prime example of cybercriminals infiltrating a software company and compromising its products, allowing them to access hundreds of organizations, including government agencies and Fortune 500 companies. As the digital landscape evolves, so too do the tactics of cybercriminals.

Cyber Attacks

Cyber Attacks Phishing Artificial Intelligence Penetration Testing

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. In early 2020, several cybercriminals groups followed suit.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Details of SANS Holiday Hack Challenge 2021

CyberSecurity Insiders

DECEMBER 14, 2021

SANS Holiday Hack Challenge 2020 witnessed the participation of over 19,000 players and this year it’s expected to double up, as the event is being held online. Entertainment quotient will be high as players can enjoy their favorite music tracks while they are busy in solving the virtual challenges at the north pole.

Hacking

Hacking Penetration Testing Social Engineering Mobile

Creating a Vulnerability Management Program – Penetration Testing: Valuable and Complicated

NopSec

AUGUST 9, 2022

Once you’ve started a vulnerability scanning system , you may want to take the next step in identifying vulnerabilities: penetration testing, commonly referred to as pentesting. The Basics of Penetration Testing Pentesting can be as broad or narrow as the client wishes. This more closely simulates an actual cyber attack.

Penetration Testing

Penetration Testing Wireless Risk Social Engineering

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

What are the results of the provider’s most recent penetration tests? The fourth biggest threat to public cloud security identified in CloudPassage’s report is unauthorized access (and growing – 53 percent, up from 42 percent in 2020). Conduct audits and penetration testing. Enable security logs.

Penetration Testing

Penetration Testing Encryption Risk Technology

From a tech explosion to accidental cyberattacks, researchers offer a glimpse into 2030

SC Magazine

MAY 17, 2021

Attendees and workers chat beneath a ‘5G’ logo at the Quectel booth at CES 2020, January 8, 2020. The project is based on work Baines did for Europol’s Cyber Crimes Center, Project 2020, which made a similar series of predictions in 2013 targeting last year. AI could impact more than just social engineering.

Manufacturing

Manufacturing IoT Technology Artificial Intelligence

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

This is the type of incident that could have been identified as a risk by a properly scoped penetration test and detected with the use of internal network monitoring tools. I’m going to speculate that the sudden shift to work-from-home in 2020 has led to quick decisions to meet immediate needs.

Mobile

Mobile Data breaches Authentication Accountability

Crimeware and financial cyberthreats in 2023

SecureList

NOVEMBER 22, 2022

In the scramble for cryptocurrency investment opportunities, we believe that cybercriminals will take advantage of fabricating and selling rogue devices with backdoors, followed by social engineering campaigns and other methods to steal victims’ financial assets. Mobile banking Trojans on the rise.

Cryptocurrency

Cryptocurrency Mobile Ransomware Banking

Top Breach and Attack Simulation (BAS) Vendors

eSecurity Planet

MAY 5, 2021

Breach and attack simulation (BAS) is a relatively new IT security technology that can automatically spot vulnerabilities in an organization’s cyber defenses, akin to continuous, automated penetration testing. Penetration Testing. CyCognito is committed to exposing shadow risk and bringing advanced threats into view.

Penetration Testing

Penetration Testing Risk Technology Marketing

CISA updates ransomware guidance

Malwarebytes

MAY 23, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its #StopRansomware guide to account for the fact that ransomware actors have accelerated their tactics and techniques since the original guide was released in September of 2020. Cobalt Strike is a commercial penetration testing software suite. Malvertising.

Ransomware

Ransomware Backups Social Engineering Accountability

APT annual review 2021

SecureList

NOVEMBER 30, 2021

While investigating the artefacts of a supply-chain attack on an Asian government Certification Authority’s website, we discovered a Trojanized package that dates back to June 2020. Further analysis revealed that this escalation of privilege (EoP) exploit had potentially been used in the wild since at least November 2020.

Malware

Malware Mobile Spyware Surveillance

AI in Cybersecurity: How to Cut Through the Overhype and Maximize the Potential

CyberSecurity Insiders

DECEMBER 4, 2021

Phishing attack prevention : There are bots and automated call centers that pretend to be human; ML solutions such as natural language processing (NLP) and Completely Automated Public Turing tests to tell Computers and Humans Apart (CAPTCHAs) help prove whether users are human or a machine, in turn detecting potential phishing attacks.

Cybersecurity

Cybersecurity Education Artificial Intelligence Marketing

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

ForAllSecure

APRIL 26, 2023

Common Types of Cyber Attacks Common techniques that criminal hackers use to penetrate systems include social engineering, password attacks, malware, and exploitation of software vulnerabilities. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.”

Social Engineering

Social Engineering Passwords Engineering Software

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

1970-1995 — Kevin Mitnick — Beginning in 1970, Kevin Mitnick penetrates some of the most highly-guarded networks in the world, including Nokia and Motorola, using elaborate social engineering schemes, tricking insiders into handing over codes and passwords, and using the codes to access internal computer systems.

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

Protecting your Customers and Brand in 2022: Are you doing enough?

Jane Frankland

APRIL 28, 2022

McKinsey & Company raised the alarm in 2020. Targeted attacks like these, plus social engineering, specifically phishing – where attackers pose as a trusted source, prey on human vulnerability, and use email or malicious websites to gain the information they want – are effective but they aren’t the only problem. Sadly, yes.

CISO

CISO Mobile Technology Risk

Probing restrictions may stilt Pentagon’s vulnerability disclosure program for contractors

SC Magazine

APRIL 5, 2021

Two men enter the booth of Lockheed Martin, the biggest defense company in the world, during the Singapore Airshow February 9, 2020 in Singapore.

Government

Government Media Penetration Testing Social Engineering

SCCM Site Takeover via Automatic Client Push Installation

Security Boulevard

JANUARY 12, 2023

Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation Password: [proxychains] Strict chain. Configure /etc/proxychains4.conf conf [proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4 4 [proxychains] DLL init: proxychains-ng 4.14 [proxychains] DLL init: proxychains-ng 4.14 [proxychains] DLL init: proxychains-ng 4.14

Authentication

Authentication Accountability Penetration Testing Software

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

— Dave Kennedy (@HackingDave) July 15, 2020. Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab. link] pic.twitter.com/cVIyB44o6q — Eugene Kaspersky (@e_kaspersky) June 22, 2020.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

FBI warns of ransomware gang – What you need to know about the OnePercent group

CyberSecurity Insiders

OCTOBER 14, 2021

The FBI recently published a warning stating that ransomware gang OnePercent Group has been attacking companies in the US since November 2020. This gang of cybercriminals targets individuals within an organization with social engineering tactics designed to fool them into opening a document from a ZIP file attached to an email.

Ransomware

Ransomware Social Engineering Phishing Engineering

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

ReconHellcat is a little-known threat actor that was spotted publicly in 2020. During 2020 and 2021, we detected a new ShadowPad loader module, dubbed ShadowShredder, used against critical infrastructure across multiple countries, including but not limited to India, China, Canada, Afghanistan and Ukraine.

Malware

Malware Government Surveillance Spyware

The Hacker Mind Podcast: The Internet As A Pen Test

ForAllSecure

MAY 17, 2023

Then 2020 2021 The first part of 2022 happened, ransomware went wild and so many of the cyber insurance companies they were reading were against the ropes and struggling because the payouts were written against what were initially rather loose policies. GRAY: The Internet is a penetration test. It started off pretty easy to get.

Internet

Internet Internet Insurance Cyber Insurance

Preparing for Ransomware: Are Backups Enough?

eSecurity Planet

SEPTEMBER 10, 2021

Coveware reported earlier this year the average downtime for ransomware victims jumped from 15 days in 2019 to 21 days in 2020. Like any malware, ransomware enters the network through attack vectors like phishing emails , social engineering , software and remote desktop protocol (RDP) vulnerabilities, and malicious websites.

Backups

Backups Ransomware Encryption Malware

APT trends report Q1 2024

SecureList

MAY 9, 2024

We additionally observed the threat actor behind this backdoor launching penetration testing tools, such as Ligolo-ng, Inveigh and Impacket. Analysis of this backdoor revealed that couldcollect reconnaissance data on the infected machine, perform file system operations and inject various payloads.

Malware

Malware Government DDOS Cryptocurrency

Cyber Security Informer

Recent Cyber Attacks: Trends, Tactics, and Countermeasures

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Trending Sources

Details of SANS Holiday Hack Challenge 2021

Creating a Vulnerability Management Program – Penetration Testing: Valuable and Complicated

Top 12 Cloud Security Best Practices for 2021

From a tech explosion to accidental cyberattacks, researchers offer a glimpse into 2030

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

Crimeware and financial cyberthreats in 2023

Top Breach and Attack Simulation (BAS) Vendors

CISA updates ransomware guidance

APT annual review 2021

AI in Cybersecurity: How to Cut Through the Overhype and Maximize the Potential

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Protecting your Customers and Brand in 2022: Are you doing enough?

Probing restrictions may stilt Pentagon’s vulnerability disclosure program for contractors

SCCM Site Takeover via Automatic Client Push Installation

Top Cybersecurity Accounts to Follow on Twitter

FBI warns of ransomware gang – What you need to know about the OnePercent group

APT trends report Q3 2021

The Hacker Mind Podcast: The Internet As A Pen Test

Preparing for Ransomware: Are Backups Enough?

APT trends report Q1 2024

Stay Connected