Security Archives - Online Pitstop

Third-Party Attacks Drive Major Financial Losses in 2024

admin — Sat, 01 Mar 2025 01:03:56 +0000

Third-party attacks emerged as a significant driver of material financial losses from cyber incidents in 2024, according to cyber risk management firm Resilience.

Third-party risks made up 31% of all client insurance claims and 23% of material losses last year. This marks a significant change from 2023, when no third-party claims led to material losses for Resilience clients.

“This shift underscores the growing vulnerabilities created by interconnected systems and reliance on external vendors in 2023,” the firm wrote in a report dated February 27.

Ransomware the Biggest Cause of Losses

Ransomware attacks targeting vendors made up 42% of the third-party claims, with losses from these incidents rising four-fold compared to 2023. The attack on automotive software firm CDK, which impacted thousands of car dealerships across the US and Canada, is an example of a ransomware attack on a vendor that financially impacts customers.

Vendor security failings, including the CrowdStrike global outage in July 2024, made up 4% of all material claims. Not all the claims arising from this incident have been fully developed, Resilience noted.

The company said that this trend is driving insurance companies to adjust their underwriting practices regarding third-party risk.

Overall, ransomware held its position as the top cause of material losses for businesses from 2023 to 2024. First-party ransomware incidents made up 44% of client ‘s material claims, while ransomware targeting vendors contributed to 18% of such claims.

Altogether, 62% of claims with losses were related to ransomware.

Despite these figures, the researchers noted that there are indications that ransomware frequency may be declining in broader markets.

“This is likely due to threat actors focusing on larger, high-profile organizations that yield bigger payouts, as opposed to the previous “spray and prey” approach,” they said.

Phishing Claims Fall Significantly

Phishing-related cyber incidents made up 9% of incurred claims in 2024, representing a 55% fall compared to 2023.

The researchers believe this trend is a reflection of improvements in phishing defenses and the shift towards third-party attacks.

There was a marked increase in transfer fraud claims, making up 18% of claims in 2024 compared to 14% in 2023.

Transfer fraud is where a scammer tricks a person into transferring them money using psychological manipulation. Resilience said it has observed scammers’ use of AI to scale such social engineering campaigns, resulting in increased susceptibility and higher success rates.

“As transfer fraud continues to grow, organizations must strengthen internal controls, educate employees on fraud prevention, and implement more robust verification processes for financial transactions,” the firm commented.

The post Third-Party Attacks Drive Major Financial Losses in 2024 appeared first on Online Pitstop.

DragonForce Ransomware Hits Saudi Firm, 6TB Data Stolen

admin — Fri, 28 Feb 2025 01:02:48 +0000

A new ransomware attack by DragonForce has targeted organizations in Saudi Arabia.

The attack, which affected a prominent Riyadh-based real estate and construction firm, resulted in the exfiltration of over 6TB of sensitive data.

According to a new advisory by Resecurity, threat actors first announced the breach on February 14, 2025, demanding ransom before publishing the stolen information. The deadline was set for February 27, one day before the start of Ramadan.

Advanced Data Leak Strategies

Following the expiration of the ransom deadline, DragonForce published the stolen data through a dedicated leak site (DLS), separate from its primary platform.

The ransomware group, which operates on a Ransomware-as-a-Service (RaaS) model, continues to expand its affiliate network, providing tools and resources to cyber-criminals in exchange for a share of ransom payments. Notably, its DLS features advanced CAPTCHA mechanisms to prevent automated tracking by cybersecurity firms.

DragonForce has been active since December 2023, with its first known victim being the Heart of Texas Region MHMR Center. The group has since evolved, leveraging sophisticated encryption techniques, TOR-based communications and secure payment methods, including Bitcoin wallets and private chat systems.

Ransom Payment Collection and Affiliate Network

The group recruits affiliates through the RAMP underground forum, offering one of the highest commission rates in the cybercrime market—up to 80% of ransom proceeds.

Affiliates communicate via TOR-based instant messaging (TOX) and must prove their capability by demonstrating access to victim networks. To enhance security, DragonForce has tightened its vetting process after a previous leak exposed affiliate URLs.

Affiliates also receive support services, such as:

‘Call services’ for direct victim intimidation
NTLM/Kerberos hash decryption to aid post-compromise operations
A highly flexible ransomware builder allowing customization of encryption settings

Tools, Tactics and Exploited Vulnerabilities

DragonForce employs phishing attacks and exploits vulnerabilities in Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) services to gain initial access.

The group also employs dual extortion tactics, encrypting victim data while threatening to publish stolen information if ransom demands are unmet. Additionally, DragonForce has been known to release audio recordings of ransom negotiations, increasing pressure on victims to comply.

“The combination of wealthy targets, cybersecurity gaps and geopolitical factors make the Middle East an attractive region for ransomware groups to exploit, making these attacks more profitable,” Resecurity wrote.

“The DragonForce ransomware targeting KSA and the associated data leak from the recent victim in KSA underscore the urgent need for enhanced cybersecurity measures to protect vital national assets and sensitive information.”

The post DragonForce Ransomware Hits Saudi Firm, 6TB Data Stolen appeared first on Online Pitstop.

99% of Organizations Report API-Related Security Issues

admin — Thu, 27 Feb 2025 00:56:32 +0000

A growing reliance on APIs has fueled security concerns, with nearly all organizations (99%) reporting API-related security issues in the past year.

According to the Q1 2025 State of API Security Report by Salt Security, the rapid expansion of API ecosystems—driven by cloud migration, platform integration and data monetization—is outpacing security measures and exposing organizations to increased risk.

API Growth and Security Gaps

The report, published on Febrary 26, highlights significant API growth, with 30% of organizations experiencing a 51-100% increase in APIs over the past year and 25% reporting growth exceeding 100%.

API Growth Over the Past 12 Months. Credit: Salt Security.

This expansion has created challenges in maintaining accurate API inventories, as 58% of organizations monitor their APIs less than daily and lack confidence in inventory accuracy. Only 20% have achieved real-time monitoring, leaving most vulnerable to security threats.

Key API security challenges include:

37% of security issues stem from vulnerabilities such as misconfigurations and broken object-level authorization
34% involve sensitive data exposure
29% relate to authentication failures, highlighting weak access controls

“Organizations are facing the challenge of properly cataloging all their APIs so they can be placed into the proper security testing and awareness program,” said Thomas Richards, principal consultant at Black Duck. “The technology can improve workflows and benefit organizations, but we can’t forget the basics of cybersecurity to document, test, and verify best practices in order to innovate securely and manage software risk.”

Security challenges in production APIs over the past year. Credit: Salt Security.

Despite increasing investments, security gaps persist. Over half of organizations have boosted API security budgets, yet 30% cite limited funds as a key challenge.

Additionally, 22% struggle with personnel shortages and 10% lack proper security tools.

Many organizations (55%) have delayed application rollouts due to API security concerns, while 14% find their API programs difficult to manage.

“Because API attacks most often result from unauthorized or inappropriate access credential use, modern security requires access control that goes well beyond traditional perimeter-based identity access and authentication strategies,” explained Piyush Pandey, CEO at Pathlock. “Dynamic, agile access controls that start with compliant provisioning, continue with high-risk access monitoring and finish with critical application infrastructure health maintenance [are essential].”

Attack Trends and Emerging Risks

An analysis of API attack patterns reveals that 95% of attacks originate from authenticated users, underscoring the risk of compromised accounts. External-facing APIs remain a primary attack vector, with 98% of attack attempts targeting these interfaces. Among the most exploited vulnerabilities:

Security misconfigurations (54%)
Broken object-level authorization (27%)
API authentication failures (1%)

Generative AI (GenAI) is also reshaping the security landscape, introducing new threats and concerns. One-third of respondents report a lack of confidence in detecting AI-driven attacks, while 31% worry about the security of AI-generated code. Organizations are responding by implementing governance frameworks (26%) and AI-specific security tools (37%).

Security problems found in production APIs over the past 12 months. Credit: Salt Security.

Strengthening API Security

The report urges organizations to adopt a proactive security strategy, emphasizing real-time monitoring, robust posture governance, and adherence to frameworks such as the OWASP API Security Top Ten. Stronger API inventory management and investment in AI-driven security tools are also critical to mitigating emerging risks.

“The main driver of API adoption is the need for loose coupling between complex systems,” explains Jason Soroko, senior fellow at Sectigo. “APIs are abstraction layers that decouple underlying complexities, enabling rapid integration and development, which fuels digital transformation. [However], as organizations increasingly rely on APIs, the rapid expansion often outpaces security measures.”

To stay ahead, Soroko recommends that “cloud platforms and other purveyors of APIs need to offer security diagnostics to make it easier to rapidly deploy and maintain APIs with secure configurations.”

With API usage continuing to surge, organizations must prioritize security strategies that evolve alongside their expanding ecosystems to safeguard sensitive data and infrastructure against emerging threats.

The post 99% of Organizations Report API-Related Security Issues appeared first on Online Pitstop.

61% of Hackers Use New Exploit Code Within 48 Hours of Attack

admin — Wed, 26 Feb 2025 00:53:56 +0000

In 2024, cyber-criminals have launched attacks within 48 hours of discovering a vulnerability, with 61% of hackers using new exploit code in this short timeframe.

Companies faced an average of 68 days of critical cyber-attacks, while ransomware remained the most significant threat. The healthcare industry was particularly affected, with ransomware responsible for 95% of all breaches and impacting more than 198 million US patients.

These figures come from SonicWall’s Annual Cyber Threat Report, which also suggested that attackers are leveraging AI-driven automation and advanced evasion techniques, making it increasingly difficult for SMBs to defend themselves.

Key Cyber Threat Trends

These were some of the key cyber threat identified by SonicWall in 2024:

Ransomware Surge: North America saw an 8% rise, while Latin America experienced a 259% spike
IoT Attacks: Increased 124% year-over-year, with hackers targeting unprotected devices
Business Email Compromise (BEC): Accounted for 33% of reported cyber insurance events, up from 9% in 2023
Malware Variants: SonicWall identified 210,258 never-before-seen malware variants, averaging 637 new threats daily
Living Off the Land Binaries (LOLBins): Attackers increasingly use native system tools to evade detection

Top 10 LOLBins by percentage. Credit: SonicWall.

AI-enabled and File-based Attacks

According to the report, AI-driven tools are making cyber-attacks more accessible and complex. Server-side request forgery (SSRF) attacks rose by 452% as AI enhances obfuscation techniques and automates exploit chaining.

Business Email Compromise (BEC) attacks are also evolving, with generative AI enabling cybercriminals to craft highly convincing phishing emails.

File-based attacks, particularly involving malicious PDFs and HTML phishing files, also experienced a significant increase.

According to SonicWall data, 38% of detected malicious files were HTML-based, while PDFs followed closely at 22%.

Breakdown of everyday files used by threat actors. Credit: SonicWall.

Strengthening Cyber Defenses

To counter these threats, businesses must adopt a multi-layered cybersecurity strategy.

Key recommendations from SonicWall include:

Real-Time Patch Management: Apply security patches within 48 hours of disclosure
Zero Trust Security Models: Restrict access and validate all network traffic
24/7 Threat Monitoring: Partner with MSSPs for continuous security oversight
Enhanced Ransomware Defenses: Implement network segmentation and endpoint detection & response (EDR)
IoT Security: Secure connected devices by changing default credentials and updating firmware

With cyber-criminals accelerating their tactics, SMBs must act promptly to strengthen their defenses and mitigate financial and reputational damage.

The post 61% of Hackers Use New Exploit Code Within 48 Hours of Attack appeared first on Online Pitstop.

Essential Addons for Elementor XSS Vulnerability Discovered

admin — Tue, 25 Feb 2025 00:53:20 +0000

A critical security vulnerability in Essential Addons for Elementor has been identified, potentially impacting over two million WordPress websites.

The flaw, a reflected cross-site scripting (XSS) vulnerability, was discovered due to insufficient validation of the popup-selector query argument, allowing malicious scripts to be executed.

The issue, tracked with CVE-2025-24752, was first uncovered by Patchstack Alliance researcher xssium on September 30, 2024. After notifying the plugin vendor, a fix was implemented in version 6.0.15.

Understanding the Vulnerability

Essential Addons for Elementor is the most popular extension for the Elementor page builder, counting over 2 million active installations.

It enhances Elementor’s functionality by providing additional creative elements that help users design more dynamic and visually appealing web pages.

The flaw originated from the src/js/view/general.js file, where the plugin failed to properly sanitize the popup-selector argument.

When triggered, this could allow attackers to execute malicious scripts by embedding harmful content into the page.

How the Patch Fixes the Issue

The WPDeveloper resolved the vulnerability by enforcing stricter validation, permitting only alphanumeric characters and a limited set of symbols in the popup-selector argument. This prevents common XSS attack methods from exploiting the flaw.

WordPress developers are reminded of the importance of properly validating and sanitizing user-provided data.

“When working with user-provided data, developers need to ensure this data is properly validated and sanitized against potential processes that could lead to XSS,” Patchstack warned.

“Additionally, when rendering user-provided data back onto the website, it is important to make sure the content is properly escaped to help ensure potential XSS vulnerability.”

Failure to do so can expose websites to significant security risks, including unauthorized access and data breaches.

The post Essential Addons for Elementor XSS Vulnerability Discovered appeared first on Online Pitstop.