Migration to cloud platforms, reliance on managed service providers, software and infrastructure as a service have all changed how organizations must think about and secure the perimeter,” explains Claire Tills.
Although threat actors have monetized DDoS threats and attacks in the past, we believe that popularization of cryptocurrency, willingness of some organizations to meet extortion demands (as was seen in the ransomware attack on Colonial Pipeline), and affordability of DDoS as a service (DDoSaaS) have encouraged threat actors to pursue these kinds of activities.
Godzilla is a functionality-rich webshell that parses inbound HTTP POST requests, decrypts the data with a secret key, executes decrypted content to carry out additional functionality and returns the result via a HTTP response.
The survey has found out that ‘Shadow IT’ (non-IT department deploying software beyond the purview of IT) is increasing, and hence security threats also. Phishing has become more successful.
HP discovered exploits of the zero-day CVE-2021-40444 – a remote code execution vulnerability that allows for the exploitation of MSHTML browser engine utilizing Microsoft Office documents – a week before the fix was released on September 14.