Latest news with #DDoS
Techday NZ
10 hours ago
- Business
- Techday NZ
Quadruple extortion ransomware rises in Asia Pacific region
The Akamai State of the Internet (SOTI) report has identified a shift in ransomware tactics in the Asia Pacific region, with quadruple extortion methods emerging alongside sustained use of double extortion techniques. The report, titled "Ransomware Report 2025: Building Resilience Amid a Volatile Threat Landscape," details how cybercriminals are incorporating an increasingly complex mix of threats and pressure on their victims. While double extortion ransomware, which involves encrypting a victim's data and threatening public release unless ransoms are paid, remains prevalent, the new quadruple extortion methods now include Distributed Denial of Service (DDoS) attacks and pressure exerted on customers, partners or the media to intensify the coercion. Steve Winterfeld, Advisory CISO at Akamai, outlined the expanding risk landscape facing organisations. "Ransomware threats today are not just about encryption anymore. Attackers are using stolen data, public exposure, and service outages to increase the pressure on victims. These methods are turning cyberattacks into full-blown business crises, and are forcing companies to rethink how they prepare and respond." Ransomware accounted for a significant share of total data breaches in Asia Pacific in 2024, with the report warning that organisations must enhance cyberdefence strategies and test resilience capabilities in order to prevent major disruptions. Regional impacts According to the report, groups such as LockBit, BlackCat/ALPHV, and CL0P continue to pose major threats in the region, although newcomers Abyss Locker and Akira are growing in prevalence. These syndicates have prioritised critical sectors, with healthcare and legal services identified as primary targets. High-profile incidents in recent months include the Abyss Locker breach, which resulted in the theft of 1.5TB of sensitive data from Australia's Nursing Home Foundation, and a USD $1.9 million extortion payout by a Singapore-based law firm following an Akira ransomware incident. Emergence of hybrid actors The report notes the growing activity from hybrid ransomware activist groups, some of which leverage ransomware-as-a-service (RaaS) to expand operational reach. Groups such as RansomHub, Play, and Anubis have been implicated in attacks on small and medium-sized enterprises, healthcare organisations, and educational institutions across Asia Pacific. Targets include an Australian in vitro fertilisation clinic and several medical practices affected by these syndicates. Compliance complexity A key theme highlighted is the increasingly complicated compliance landscape facing affected businesses. In Asia Pacific, uneven regulatory maturity and fragmented data protection laws have enabled cybercriminals to exploit gaps and delays in incident response. The report outlines how non-compliance risks differ significantly, citing Singapore's Personal Data Protection Act (PDPA) – with fines up to 10% of annual revenue – compared to potential criminal penalties in India, and the lack of formal financial penalties in Japan. These variations create a patchwork of obligations that multinational firms must navigate whilst managing the onset of a ransomware crisis. Zero Trust and defence strategies The report urges organisations to focus on the adoption of Zero Trust architectures and microsegmentation in order to address the challenges of modern ransomware threats. Case studies include a regional consulting firm in Asia Pacific deploying software-defined microsegmentation, which facilitated restrictive access controls and limited the spread of an attack within its network. Reuben Koh, Director of Security Technology and Strategy, Asia-Pacific & Japan at Akamai, commented on the regional context and the growing expectations on security teams. "Asia-Pacific's digital economy is one of the fastest growing in the world, largely due to its rapid pace of innovation. However, security teams are being challenged to keep up with a frequently expanding attack surface, and Ransomware attacks tend to target those blind spots. Organisations need to re-assess their security posture and double-down in their efforts to be more cyber resilient. Adopting Zero Trust architectures that are centred around verified access and microsegmentation are a good way to minimise the impact of a ransomware attack. Together with regular recovery drills and incident response simulations, these will become core essentials in improving cyber resilience against attacks like ransomware." Global trends On a global scale, the report identifies that the rise of generative artificial intelligence (GenAI) and large language models (LLMs) is accelerating both the frequency and sophistication of ransomware attacks by lowering the technical barriers for attackers. The use of ransomware-as-a-service is also broadening the base of active threat actors, with many campaigns motivated by political or ideological factors as well as financial gain. The research highlights that almost half of the cryptomining attacks analysed targeted nonprofit and educational organisations, indicating resource constraints make these sectors a frequent target. Additionally, the Trickbot malware family, used extensively by ransomware operators, has enabled the extortion of USD $724 million in cryptocurrency from victims globally since 2016.
Techday NZ
a day ago
- Politics
- Techday NZ
Cyberattacks reshape modern conflict & highlight resilience needs
Recent cyberattacks on infrastructure, government, and healthcare demonstrate the increasing integration of digital tactics in contemporary conflicts. The digital frontline Incidents over the past two years highlight a clear shift in the landscape of modern conflict, with the digital realm now playing a significant role. In October 2023, parts of Denmark's railway network were shut down following a coordinated cyberattack, causing train delays nationwide. The following month, hackers disrupted Poland's government document portal at a time of geopolitical tension with Belarus. Early in 2024, a ransomware campaign affected over 100 hospitals in the United States and Europe, resulting in postponed surgeries and diversion of emergency patients. These events underscore a trend where cyberattacks target both public infrastructure and critical services. Political and military responses to such attacks have so far been limited, partly due to challenges in attribution and the perceived impunity attached to digital operations. The press release notes, "The perceived impunity of the digital realm and challenges of timely attribution make digital warfare an active endeavour of many geopolitical adversaries." Government responses Governments worldwide are responding to the changing threat landscape. The United States, European Union, and NATO have increased spending on cyber defence and digital threat-response measures. The UK's National Cyber Force has broadened its recruitment initiatives, while the European Union has introduced new cyber resilience strategies. Even countries with neutral status, such as Switzerland, have begun investing more heavily in cyber intelligence. Types of attacks Analysis of recent incidents reveals five prominent categories of cyberattacks poised to have significant impacts in ongoing and future conflicts. Critical infrastructure attacks Critical infrastructure encompasses power grids, water systems, and transport networks. These environments often use operational technology (OT) networks that are separated from the internet but still have vulnerabilities. Attackers typically exploit mechanisms such as phishing, infected external drives, or unsecured remote access points to gain entry. In 2024, a group linked to Iran, called CyberAv3ngers, breached several US water utilities by targeting internet-connected control systems, raising risks of water contamination. The FBI confirmed a combination of credential theft and unpatched devices were used in these attacks. DDoS attacks Distributed Denial-of-Service (DDoS) attacks deploy networks of compromised devices to overwhelm targeted websites or services, making them inaccessible. Recently, DDoS campaigns caused outages across the Baltic region, affecting government services and private sector industries. An incident in early 2025 targeted multiple industries in Lithuania, illustrating the scale and political motivation behind such attacks. DNS poisoning DNS poisoning manipulates the Domain Name System to divert users from legitimate websites to malicious copies, potentially enabling espionage, service disruption, or data theft. A Google security report in March 2024 confirmed DNS cache poisoning remains a risk, even with advanced defences in place. DNS poisoning has broader implications, potentially disrupting access to critical information or services for entire populations during periods of heightened tension. Ransomware campaigns Ransomware attacks enable criminals to encrypt sensitive files and demand payments for decryption or to prevent the leak of stolen data. In May 2024, Ascension Health in the United States experienced such an attack, affecting 5.6 million patients, disrupting medical procedures, and forcing staff to use manual record-keeping processes. The event highlighted the risks to patient safety and service continuity in healthcare systems during digital attacks. Telecom infrastructure compromise Telecommunications providers are increasingly targeted due to the sensitive nature of the data they handle. In 2024, a group identified as Salt Typhoon, linked to China, exploited vulnerabilities in core networking equipment at major US and Canadian telecom providers. These breaches allowed the attackers to access metadata and unencrypted communications, particularly targeting political and law enforcement communications. The cyber war has arrived, long before there are boots on the ground there are keys on keyboards. The tactics that are shaping it are already here, unfolding across civilian systems, critical infrastructure, and the devices we rely on every day. These aren't hypothetical "future threats", they're warning shots, stress tests, and rehearsals. Strengthening resilience According to the press release, resilience at an individual level can help reduce exposure to these types of attacks. "Resilience for individuals starts with the basics: phishing awareness, strong password practices, regular software updates, and healthy scepticism online. These are simple but powerful habits that reduce exposure to the kinds of attacks already shaping the digital battleground." Organisations are advised against bespoke security models, with tried and tested frameworks such as NIST CSF, OWASP SAMM, and ISO standards cited as effective guides for structuring improvement. The statement continues, "Like any quality control system it is all about analysis of the situation and iterative improvements. Things evolve slowly until they happen all at once." "For cybersecurity professionals, policymakers, and everyday users alike, the takeaway is not panic, but preparation. Building digital resilience isn't just a job for governments or big tech. It affects all of us. It's also about awareness, good hygiene, and knowing how attacks work before they happen."
Yahoo
6 days ago
- Business
- Yahoo
Cyberattacks disrupt operations of Russian restaurant chains
Recent cyberattacks have significantly affected the digital operations of several well-known Russian restaurant chains and food service providers, The Moscow Times has reported, citing business daily Vedomosti. Among the impacted establishments are Vkusno i Tochka - the fast food chain which has taken over since McDonald's exited the Russian market in 2022 - the coffee chain Cofix and Sushi Master. The attacks began on Friday, 18 July 2025, targeting networks managed by automation provider iiko and its hosting partner ESTT. The attackers used distributed denial-of-service (DDoS) techniques, inundating servers with traffic over a five-day period, which led to system overloads and made mobile applications and websites unavailable. On the first day of the attacks, Vkusno i Tochka informed customers of processing delays, attributing these issues to problems with its hosting provider. Although services were briefly restored, another major attack occurred the following Monday, 21 July. Iiko, which provides digital infrastructure for restaurants, confirmed that a 12-hour DDoS attack affected its data centres on 18 July, followed by another incident the next day. Customer data remained secure but the company acknowledges disruptions to internal communications. One of iiko's clients, the sushi chain Mnogo Lososya, reported being unable to process kitchen orders for almost three days. An iiko representative indicated that services had since been restored and that affected clients had received compensation. Nikita Tsaplin, CEO of Russian cloud provider RUVDS, has stated that as many as 3,500 ESTT clients might have been impacted. He observed a notable rise in digital attacks in 2025, with incidents increasing by one-third compared to the same timeframe in 2024, and peak attack volumes reaching 1.7 terabits per second. On 17 July, just before the restaurant chain attacks began, vodka producer Novabev Group, which owns the Beluga and Belenkaya brands, reported experiencing a large-scale DDoS attack that halted shipments for several days. Digital investigator Igor Bederov has suggested that the attacks could have been carried out by business competitors, noting the financial damage caused by lost revenue, disrupted payment systems and reduced customer loyalty. "Cyberattacks disrupt operations of Russian restaurant chains" was originally created and published by Verdict Food Service, a GlobalData owned brand.
Yahoo
6 days ago
- Business
- Yahoo
Nexusguard positioned as a Leader in the SPARK Matrix™: Distributed Denial of Service (DDoS) Mitigation, 2025 by QKS Group
Nexusguard, with its DDoS Mitigation solution, has received strong ratings across technology excellence and customer impact. Pune India, July 24, 2025 (GLOBE NEWSWIRE) -- QKS Group announced today that it has named Nexusguard as a leader in the SPARK Matrix™: Distributed Denial of Service (DDoS) Mitigation, 2025. Lokesh Biswal, Analyst at QKS Group, states, " Nexusguard offers AI-driven DDoS mitigation for CSPs, blending global scrubbing centers with on-prem Bastions. Its modular platform supports branded, multi-layered protection and real-time response for critical services. The QKS Group SPARK Matrix™ includes analysis of the global market dynamics, trends, vendor landscape, and competitive positioning. The study also provides a competitive analysis and ranking of the Distributed Denial of Service Mitigation providers in the form of the SPARK Matrix™. We're proud to be named a Leader in the SPARK Matrix™ for DDoS Mitigation. From our roots to now serving 100+ ISPs globally, our focus has remained on the evolving needs of Communications Service Providers. This recognition highlights both our innovation and the market's move toward telco-focused, scalable mitigation. As threats grow, we stay committed to helping CSPs deliver the protection and performance their customers expect. By Donny Chong, Product Director of Nexusguard. Additional Resources: For more information about Nexusguard, visit SPARK Matrix™ Distributed Denial of Service (DDoS) Mitigation, 2025 About Nexusguard: Established in 2008, Nexusguard operates globally with its headquarters in Singapore. Nexusguard is a trusted provider of DDoS protection solutions, dedicated to helping enterprises and CSPs safeguard their networks, web applications, and DNS from malicious attacks. Leveraging our proprietary Bastions DDoS defense technology and a global network of over 50 DDoS scrubbing centers, we deliver reliable, scalable solutions that ensure service availability and operational continuity. Trusted by more than 100 CSPs including some of the top 10 CSPs in the world, and protecting over 50,000 ASNs, Nexusguard secures organizations worldwide against evolving threats with comprehensive and proactive protection. Visit Media Contacts: Benjamin Yip Head of Marketing Media@ About QKS Group QKS Group is a global advisory and consulting firm that empowers organizations to achieve business transformation through strategic growth guidance. Our research-driven insights help clients navigate change, seize opportunities, and build resilient, forward-looking strategies. For more available research, please visit Research Media Contacts: QKS Group Shraddha Roy Email: shraddha.r@ Content Source: with us on LinkedIn- CONTACT: Media Contacts: QKS Group Shraddha Roy Email: shraddha.r@
Techday NZ
7 days ago
- Techday NZ
DDoS attacks hit new peak with over 250 billion requests in major June surge
Fastly's latest DDoS Weather Report for June 2025 has detailed a surge in sophisticated attacks, including a coordinated event targeting a major high technology provider with over 250 billion malicious requests. The company's findings are based on telemetry from its global edge network, which handles up to 427 Terabits per second of traffic and 1.8 trillion requests each day. Fastly's systems detected trillions of attempted distributed denial-of-service (DDoS) attacks at network layers 3 and 4, but new trends point to more elusive and dangerous application-layer (layer 7) attacks. According to the June report, the scale and duration of attacks hit new highs, with Fastly observing nearly two attacks per minute on average throughout the month. The month's figures were heavily skewed by two days of unprecedented activity on 6 and 7 June, which saw attack volumes twenty times greater than any other day in 2025. Major incident details On these two days, attackers focused their efforts on a single large enterprise customer in the high technology sector. Fastly reports that "over the course of just two days, bad actors launched two separate attacks reaching a cumulative 250+ billion requests." The initial attack started at 10 pm local time and lasted for over four hours, peaking at 1.6 million requests per second. The attack originated from numerous countries, including Germany, China, the United States, India, and especially the Netherlands. Fastly's systems identified and contained the attack within seconds, using identifiers such as hostname and TLS details to differentiate malicious from legitimate traffic. The first wave concluded at around 2:15 am, but less than thirty minutes later, a second barrage began and persisted for 19 more hours, peaking even higher at 1.7 million requests per second. Describing the attack pattern, the report states, "Bringing data from both attacks together reveals that while the majority of the traffic came from the Netherlands, the United States, Germany, and Indonesia, each of the rules automatically created to mitigate the attack featured one additional country (France, China, or the United Kingdom). This appears to be a concerted effort by the attacker to hide their tracks." Despite the massive scale, Fastly confirmed that "the customer experienced no downtime or latency impacts and our proprietary Attribute Unmasking technology still honed in on their attack characteristics." Broader trends Overall, Fastly counted 77,451 individual DDoS "events" in June, which is just eight fewer than the previous month. The company notes that "if we were to evenly distribute events in June, we'd have seen almost two attacks every minute." The report also highlights that while enterprises accounted for the largest volume of attack traffic due to the major incident, the majority of attack "events" targeted small and medium businesses, particularly those in the media and entertainment sector. Fastly's analysis suggests this industry remains a frequent target, "possibly because this industry is the most likely to gain the unwanted attention of attackers who disagree with content published on their sites." Mitigation strategies Fastly reviewed how its DDoS Protection rules were triggered, noting consistent patterns in the use of IP address and geolocation across recent months – with geolocation included in 67% of rules in May. The June report shifted focus to the use of JA4 signatures, a type of TLS client fingerprint. "While it isn't uncommon for JA4s to be shared amongst completely legitimate requests, when combined with other parameters, they create an effective lens through which we can identify an attacker," the report explained. Notably, one JA4 signature featured in 17% of all rules for June. Analysis found this was linked to a botnet with significant distribution and a focus on customers in European news agencies and hyper-regional platforms. Based on its activity, Fastly referred to the likely perpetrator as the "Byline Banshee," explaining that "their attacks have been quite noisy, just as the wailing spirit the name comes from. We'll keep an eye on whether the Byline Banshee makes a resurgence in future months!" Actionable guidance "It's important to note that this report only represents one month of data and should be used with first-party insights from your observability tools and longer-term research to create a comprehensive view. However, from this data alone, there are a few key learnings you can integrate into your existing security efforts: Ensure your defence is robust enough to handle application DDoS attacks at the scale of 1 billion+ RPS. While in the past we've seen attacks of this size target the largest Enterprise customers on our platform, June's attack on an organisation of Commercial size makes it clear that just because those organisations make less revenue, they're no less likely to receive the unwanted attention of attackers. Consider leveraging signatures like JA4 to identify attackers (or leveraging products like Fastly DDoS Protection that automatically incorporate them in rules). While not a novel concept, this provides yet another lens to look at attacks through and accurately separate the traffic without impacting legitimate users. Be mindful of how you're leveraging geo-based decisioning if you're still manually creating rules or rate limits (or shift to automatic rule creation). As seen in the Byline Banshee's attacks this month, the vast majority of traffic came from countries that don't fit the nation-state definition. Automatically mitigate disruptive and distributed attacks."
