News Items

Using mathematical principles to understand the behavior of code, a team of Virginia Tech researchers discovered that the source code in popular reverse engineering tools such as Ghidra may not be as secure as its creators intended. Through their mathematical proofs, software programmers can ensure their code does not experience unintended behaviors that hackers find appealing. Security professionals typically assess a program by testing its machine code. This machine code, which consists of a series of zeros and ones, is what a computer executes. However, the code can be difficult for humans to understand, particularly in the absence of the original source code used to develop the machine code. Using reverse engineering tools, these long and difficult-to-decipher numerical lines of information can be translated into source code much closer to spoken language, thus enabling security professionals to see what is actually happening in the binary code. Unfortunately, these tools may overlook important machine code behaviors, especially those that were not intended by the original programmers who wrote the source code, allowing hackers to find vulnerabilities. This article continues to discuss the team's discovery of vulnerabilities in the code of popular reverse engineering tools.

Virginia Tech reports "Virginia Tech Researchers Find Vulnerabilities in Code of Popular Reverse Engineering Tools"

Carnegie Mellon University's (CMU) picoCTF has introduced students of all ages to the field of cybersecurity through its annual Capture-the-Flag competition and year-round educational platform for more than a decade. Recent outreach efforts by picoCTF included bringing together high school teachers from across the US for the first-ever National Security Agency (NSA) GenCyber Teachers' Program. During the five-day in-person camp, attendees were introduced to new tools, resources, and best practices in cybersecurity education. Teachers left the experience with lesson plans that are ready to be implemented in the upcoming school year. David Brumley, professor in CMU's Electrical and Computer Engineering Department and co-founder of picoCTF, emphasized that training teachers is the only way to expand cybersecurity education. This article continues to discuss picoCTF and how it helps to close the cybersecurity talent gap.

CyLab reports "picoCTF Empowers Teachers to Bring Cybersecurity Education Into Their Classrooms"

Organized criminal groups exploited a vulnerability in Revolut's payment systems and stole more than $20 million, according to the Financial Times, which cited sources knowledgeable about the situation. Over 30 million customers worldwide are served by Revolut, a privately held financial technology firm. It is licensed and managed by the Bank of Lithuania and has its headquarters in London. In September 2022, the business experienced a data breach that affected 50,150 customers globally. The attackers stole the names, addresses, email addresses, phone numbers, a portion of the payment card data, and account information of these customers. A few days later, some Revolut users complained online that they began receiving SMS phishing messages designed to take financial and personal information. According to unidentified sources cited by the Financial Times, the newly disclosed cash grab occurred in early 2022. This article continues to discuss the exploitation of a vulnerability in Revolut's payment systems by criminal groups.

Help Net Security reports "Flaw in Revolut Payment Systems Exploited to Steal $20 Million"

The threat actors responsible for the RomCom Remote Access Trojan (RAT) are suspected of launching phishing attacks against the NATO summit in Vilnius and a known organization supporting Ukraine abroad. The BlackBerry Threat Research and Intelligence team discovered two malicious documents submitted on July 4, 2023, from a Hungarian IP address. RomCom, also known as Tropical Scorpius, UNC2596, and Void Rabisu, was recently observed launching cyberattacks against Ukrainian politicians working closely with Western nations and a US healthcare organization aiding refugees fleeing the war-torn nation. The group has used spear-phishing emails to direct victims to cloned websites harboring trojanized versions of popular software as part of geopolitically motivated attack chains. Militaries, food supply chains, and Information Technology (IT) companies have been targeted. This article continues to discuss the threat actors behind the RomCom RAT targeting NATO and Ukraine support groups.

THN reports "RomCom RAT Targeting NATO and Ukraine Support Groups"

Gaming gear company Razer has recently reacted to rumors of a massive data breach with a short statement on Twitter, letting users know that they started investigating the matter. Razer is a popular American-Singaporean tech firm focusing on gaming hardware, selling high-quality peripherals, powerful laptops, and apparel. Information about a potential data breach at the company emerged on Saturday when someone posted on a hacker forum that they had stolen the source code, database, encryption keys, and backend access logins for Razer[.]com, the company's main website. The user offered to sell that data for $100,000 worth of Monero (XMR) cryptocurrency and urged interested individuals to contact him directly to close the deal. The publisher of the post has not set any limitations or exclusivity, meaning anyone willing to pay the requested amount would get the entire data set. The hacker posted screenshots as proof of the breach. The screenshots show file lists and trees, email addresses, source code allegedly for anti-cheat and reward systems, API details, Razer Gold balances, and more. Cybersecurity analysts at FalconFeedsio spotted the announcement on the hacker forum and shared it with the public.

BleepingComputer reports: "Razer Investigates Data Breach Claims, Resets User Sessions"

According to new research by Object First, 40% of consumers harbor skepticism regarding organizations' data protection capabilities, and 75% would shift to alternate companies following a ransomware attack. The company noted that consumers are requesting increased data protection from vendors, with 55% favoring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies. During the survey, the company found that 81% of consumers report feeling "very scared or worried" about their data being held by organizations lacking robust resilience against ransomware. After an attack, 1 in 3 consumers demand evidence of resilient backup and recovery strategies, and 30% lose all confidence in the company's data protection plan. 75% of consumers are ready to shift to a competitor should a company suffer a ransomware attack. Moreover, a second ransomware attack causes 61% of consumers to reassess their negative perception of data protection and recovery practices. The company noted that ransomware attacks impact generations differently. While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

Help Net Security reports: "75% of Consumers Prepared to Ditch Brands Hit by Ransomware"

Confidential information, including unreleased TV shows, scripts, and materials, belonging to the popular children's television channel Nickelodeon have recently been reportedly compromised in a significant data leak. According to social media reports, an individual allegedly dumped approximately 500GB of animation files. The authenticity of the leaked content is yet to be confirmed by Nickelodeon. A spokesperson at Nickelodeon stated that the material in question appears to be related to production files and possibly dates back several decades. They further clarified that there is no indication of long-form content, employee data, or user data involved in the leak. The leak came to public attention when a Twitter user, operating under the handle GhostyTongue, began disclosing sensitive information related to the alleged breach on June 29. According to vx-underground, the compromise originated from an authentication issue within Nickelodeon's "consumer products and experience" portal, potentially allowing unauthorized individuals to access sensitive data from the animation department. Nickelodeon is currently investigating the incident.

Infosecurity reports: "Twitter User Exposes Nickelodeon Data Leak"

Several malicious npm packages on the open-source repository have been used in supply chain attacks and phishing campaigns, according to researchers at ReversingLabs. The researchers noted that the packages pose a dual threat, affecting application end users while also supporting email-based phishing attacks, mainly targeting Microsoft 365 users. The researchers discovered more than a dozen malicious npm packages posted between May 11 and June 13. These packages imitated legitimate modules, such as jquery, which has millions of weekly downloads. The researchers stated that although the malicious packages were downloaded roughly 1000 times, they were swiftly removed from npm after detection. ReversingLabs has named this campaign "Operation Brainleeches" due to the malicious infrastructure used to facilitate the theft of victim data. In the first part of the campaign, the researchers identified six packages used exclusively in phishing attacks. These packages were linked to phishing campaigns that harvested user data through deceptive Microsoft[.]com login forms delivered via malicious email attachments. The second tranche comprised seven packages targeting email phishing campaigns and software supply chain attacks. The researchers noted that these packages aimed to implant credential harvesting scripts into applications that unwittingly incorporated the malicious npm packages. During the analysis, the researchers revealed that the malicious npm packages played a role in active phishing attacks, likely conducted by low-skilled actors. While the full extent of the supply chain attack is unclear, using obfuscated code and invocating popular package names like jquery raise concerns about potential compromises.

Infosecurity reports: "New Campaigns Use Malicious npm Packages to Support Phishing Kits"

Security researchers at security firm Pradeo have discovered two file management applications hosted on Google Play, with more than 1.5 million combined downloads, that are sending user data to servers in China. Published to Google Play by the same developer, the two applications, "File Recovery and Data Recovery" and "File Manager," were seen launching without user interaction and silently exfiltrating a trove of sensitive user information. According to the researchers, the two spyware apps would send out users' contact lists, media content, real-time location, network provider, country code, network code, operating system information, and device brand and model. Specifically, the researchers noted that each application performs more than a hundred transmissions of the collected data, an amount that is so large it is rarely observed. The collected information is sent to multiple servers in China, which have been identified as malicious. The researchers stated that in Google Play, both applications claim to collect no user data but also state that if any data is collected, users could not request the data to be deleted. The two applications have no reviews, suggesting their download counts might have been artificially inflated. The researchers believe that the hacker used an install farm or mobile device emulators to fake those numbers, hence making its applications better ranked in stores' category lists and increasing their apparent legitimacy. A look at the history of these applications shows that both were published in Google Play roughly a month ago and that both received updates at the end of June. Within a week of receiving the updates, their download counts went up by roughly 500,000 each. The researchers noted that the applications were also found to request advanced permissions that allow them to restart devices and then launch automatically, without user interaction, and to hide their icons, to make it difficult for users to remove them. Both applications appear to have been removed from Google Play.

SecurityWeek reports: "Two Apps Hosted on Google Play Caught Sending User Data to Chinese Servers"

Cisco recently discovered a critical security flaw in the Cisco Application Centric Infrastructure (ACI) Multi-Site CloudSec encryption feature, potentially allowing hackers to read or alter inter-site encrypted traffic. The vulnerability (CVE-2023-20185) affects Cisco Nexus 9000 Series Fabric Switches running releases 14.0 and later, specifically when they are part of a multi-site topology and have the CloudSec encryption feature enabled. Cisco noted that it attributed the vulnerability to an implementation issue with the ciphers used by the CloudSec encryption feature on the affected switches. Cisco stated that while CloudSec encryption is designed to protect data transmitted between sites, by exploiting the vulnerability, an unauthenticated attacker with a position between ACI sites could intercept and compromise the encrypted traffic. Currently, Cisco has not released any software updates to address this vulnerability, and no workarounds are available. Cisco stated that customers who are currently using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable it and to contact their support organization to evaluate alternative options.

Infosecurity reports: "Cisco Enterprise Switch Flaw Exposes Encrypted Traffic"

A data breach at independent bottling company Pepsi Bottling Ventures recently impacted more than 28,000 individuals. Discovered on January 10, the data breach occurred between December 23, 2022, and January 19, 2023, and resulted in the personal, financial, and health information of the company's employees being accessed by an unauthorized party. On February 10, Pepsi Bottling Ventures started informing the impacted individuals that the attackers gained access to certain systems containing their personal information but did not reveal how many individuals were affected. Pepsi Bottling Ventures recently informed the Maine Attorney General's Office that the attackers had access to the personal information of more than 28,000 individuals. According to the company, the compromised data includes names, addresses, email addresses, financial account information, ID numbers, driver's license numbers, Social Security numbers, digital signatures, medical history details, and health insurance information. The company says the stolen information belongs to current and former employees and contractors.

SecurityWeek reports: "28,000 Impacted by Data Breach at Pepsi Bottling Ventures"

Security researchers at VulnCheck have found that hundreds of energy organizations could be exposed to attacks due to an actively exploited vulnerability affecting a solar power monitoring product made by Contec. Contec specializes in custom embedded computing, industrial automation, and IoT communication technology. The company's SolarView solar power monitoring and visualization product is used at more than 30,000 power stations, according to its website. The vulnerability is tracked as CVE-2022-29303 and is described as a code injection issue affecting SolarView version 6.0. The vulnerability can be exploited remotely by unauthenticated attackers. The researchers noted that the security hole was only patched with the release of version 8.0, and versions dating back to at least 4.0 are impacted. A Shodan search shows more than 600 internet-exposed SolarView systems, including over 400 running vulnerable versions.

SecurityWeek reports: "Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks"

Microsoft has recently hit back at claims from Anonymous Sudan that it managed to breach the company and obtain account access for tens of millions of customers. Anonymous Sudan, which has been linked in the past to pro-Kremlin groups like Killnet, posted the details of its alleged raid on Telegram. In one of the posts, it said: "We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, emails, and passwords. We will begin selling this database, so if you're interested, contact us at our bot to negotiate." Anonymous Sudan said it would be selling the haul for $50,000. It attached what it claimed to be a "small sample" of compromised details as proof of its word. Microsoft, in a brief statement, stated that at this time, their analysis of the data shows that this is not a legitimate claim and an aggregation of data. Microsoft noted that they have seen no evidence that their customer data has been accessed or compromised. Anonymous Sudan has caused trouble for Microsoft in the past. The tech giant admitted in mid-June that the group, which it tracks as "Storm-1359," had been responsible for Layer 7 DDoS attacks against it earlier that month. In February, Anonymous Sudan claimed responsibility for a number of DDoS attacks against Swedish companies, which it said were retaliation for an incident of Quran burning near Turkey's embassy in Stockholm. However, experts at the time assessed the cyberattacks may have been a Russian false-flag campaign designed to continue whipping up hatred towards Sweden in Muslim countries like Turkey, which has a veto over the country's accession to NATO.

Infosecurity reports: "Microsoft Denies Major 30 Million Customer-Breach"

Mozilla recently announced the release of Firefox 115 to the stable channel with patches for a dozen vulnerabilities, including two high-severity use-after-free bugs. The first high-severity issue is tracked as CVE-2023-37201 and is described as a use-after-free flaw in WebRTC certificate generation. WebRTC is an open source project and enables real-time communication in web browsers and mobile applications via application programming interfaces (APIs). Mozilla noted that an attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. The second high-severity vulnerability, CVE-2023-37202, is described as a potential use-after-free issue from compartment mismatch in the open source JavaScript and WebAssembly engine SpiderMonkey. Mozilla stated that cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. Mozilla noted that the latest Firefox update also addresses high-severity memory safety bugs that might have led to the execution of arbitrary code. The flaws are collectively tracked as CVE-2023-37211 and CVE-2023-37212. Firefox 115 also includes patches for eight medium-severity vulnerabilities leading to malicious sites placing trackers without permissions, arbitrary code execution, spoofing attacks, URL spoofing, download of files containing malicious code, use-after-free conditions, and tricking users into submitting sensitive data to malicious sites. Recently, Mozilla also announced that Firefox ESR 102.13 and Thunderbird 102.13 were released with patches for five vulnerabilities, including the high-severity use-after-free and memory safety bugs that were addressed in Firefox 115.

SecurityWeek reports: "Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities"

In the Commonwealth Cyber Initiative (CCI) 2023 CyberArts Program, researchers from across Virginia will explore cybersecurity issues through an artistic lens. These issues include Artificial Intelligence (AI), privacy, fraud, misinformation, and more. In June, CCI funded six projects conducted by five Virginia universities and colleges, including Blue Ridge Community College, James Madison University, Old Dominion University, Virginia Commonwealth University, and Virginia Tech, in the second installment of its CyberArts Program. According to Luiz DaSilva, the CCI executive director, the CCI CyberArts Program makes cybersecurity more approachable by incorporating performances, interactive artworks, and visual arts. For one of the funded 2023 CyberArts projects, "Cyber Insecurity: Exploring Vulnerabilities of Artificial Intelligence Through Visual Art," researchers will create an exhibit comprised of interactive installations, photography, sculpture, and digital art to raise awareness of the cybersecurity vulnerabilities of Al systems and spark conversation about AI's ethical implications. This article continues to discuss the CCI CyberArts Program.

Virginia Tech reports "Commonwealth Cyber Initiative Funds New Round of CyberArts Projects"

New research indicates that remote employees take more security-related measures than their in-office counterparts. As organizations worry about the potential dangers of remote work, new research from the Farmer School of Business at Miami University suggests that the actual risks lie within the office, and it will inform future discussions. Researchers from the Farmer School of Business found that remote employees demonstrate a higher level of cybersecurity awareness and take more security-related precautions than their in-office counterparts. According to the author Joseph K. Nwankpa, when they surveyed remote workers, they expected the results to disclose cybersecurity complacency. However, the survey revealed remote cyber vigilance. This unexpected result can be attributed to the so-called "Peltzman Effect" and the complacency framework, which the study uses to explore how remote work may cause a moral hazard with respect to employee cybersecurity awareness and security-based precautions. Office workers often become complacent, trusting their employers to handle cyber threats on their behalf, whereas remote employees tend to experience a greater sense of responsibility for their own cybersecurity. This article continues to discuss key findings from the study on the roles of cyber awareness and cybersecurity policies among remote workers.

Fast Company reports "In-Office Work Is the Real Threat to Cybersecurity"

According to Imperva, poor data controls and the introduction of new generative Artificial Intelligence (AI) tools based on Large Language Models (LLMs) will cause an increase in insider data breaches in the coming year. As the effectiveness of chatbots driven by LLMs has grown, many organizations have implemented bans or limitations on the data that can be shared with them. However, because most organizations (82 percent) lack an insider risk management strategy, they remain unaware of instances of employees using generative AI to help them with tasks such as writing code or filling out requests for proposals (RFPs). Terry Ray, SVP, Data Security GTM and Field CTO at Imperva, argues that prohibiting employees from using generative AI is futile. Ray added that, as with other technologies, people will always find a way to bypass such restrictions, so prohibitions create an infinite game of whack-a-mole for security teams, without actually securing the enterprise. Malicious intent is not required to cause a data breach, Ray emphasized. Instead of relying on employees not to use unauthorized tools, Imperva suggests that businesses should focus on securing their data and ensuring they can answer important questions such as who is accessing it, what is being accessed, how, and from where. This article continues to discuss the expectation that AI will lead to a significant rise in insider data breaches and the steps organizations should take to protect themselves.

Continuity Central reports "A New Wave of Insider Threats Will Be Driven by 'Shadow AI'"

According to security researchers at ThreatX, IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months when more employees are often traveling or working remotely. The researchers surveyed 2,000 employees' across the US and UK to assess whether employees' behaviors during the summer are inadvertently increasing API and application risk. The researchers found that 55% of employees admit to relying solely on their mobile devices while working from vacation and holiday destinations in the summer. Further, 25% claim that they aren't concerned about ensuring network connections are secure when accessing company data, and only 12% use a VPN when traveling and working remotely. The researchers noted that the results show that employees increasingly rely on personal devices to access corporate data during the summer, which could open the door to cyber criminals seeking to penetrate corporate networks. The researchers stated that with 38% of respondents neglecting to notify their employers when working from new locations while traveling, it becomes harder for IT teams to monitor BYOD policies and application usage. The researchers stated that the summer months lead to increased cybersecurity risks as employees' behaviors shift and as cyber hygiene becomes laxer.

Help Net Security reports: "Employees Worry Less About Cybersecurity Best Practices in The Summer"

Wordfence researchers have found a vulnerability in miniOrange's WordPress Social Login and Register plugin that allows an unauthenticated attacker to gain access to any account on a website by knowing the associated email address. Instead of requiring visitors to spend time filling out a traditional registration form, the plugin enables them to register/login to a website using their social media profiles. More than 30,000 WordPress websites have actively installed the plugin. The vulnerability, tracked as CVE-2023-2982, with a CVSS Score of 9.8, affects versions up to 7.6.4. According to the researchers, the encryption key used to protect the information used during the login process via social media accounts is hardcoded and is not unique for each WordPress installation. This allows attackers to craft a valid request containing a properly encrypted email address, which vulnerable plugin versions use to determine the user during the login process. This article continues to discuss the critical authentication bypass flaw found in miniOrange's WordPress Social Login and Register plugin that can allow access to any account on a site.

Security Affairs reports "miniOrange's WordPress Social Login and Register Plugin Was Affected by a Critical Auth Bypass Bug"

Medtronic's heart monitor data management system contains a vulnerability of critical severity that, if exploited, could lead to Remote Code Execution (RCE) or a Denial-of-Service (DoS) condition. The deserialization of untrusted data flaw, tracked as CVE-2023-31222, for which patches are now available, exists on the Paceart Optima system. The software application collects, stores, and retrieves patient cardiac device data from remote heart monitors. It runs on healthcare organizations' Windows servers. The Paceart Messaging Service, which allows healthcare delivery organizations to send fax, email, and pager messages within the Paceart Optima system, is particularly vulnerable. The system's Paceart Messaging Service is optional, as opposed to being configured by default, but when it is enabled, the vulnerability is remotely exploitable and has a low attack complexity. The US Cybersecurity and Infrastructure Security Agency (CISA) warned that RCE could lead to the deletion, theft, or modification of the Paceart Optima system's cardiac device data, or the system's use for further network penetration. A DoS attack could render the Paceart Optima system unresponsive. This article continues to discuss the critical-severity vulnerability found in a heart monitor data management system.

Decipher reports "Medtronic Fixes Critical Flaw in Cardiac Device Data System"

A researcher has identified what he deems to be several critical vulnerabilities impacting enterprise software solutions operating on ubiquitous SAP platforms. In a paper presented at a recent European cybersecurity conference, Fabian Hagg describes his work on testing the server-to-server communications bugs and design flaws found in SAP NetWeaver Application Server ABAP (AS ABAP) and ABAP Platform. He said that the laboratory analysis revealed alternate logon material, cryptographic failures, memory corruptions, and Advanced Business Application Programming (ABAP) programming pitfalls. The vulnerabilities are associated with SAP's long-standing proprietary interface protocol, Remote Function Call (RFC). Three are from 2021 and 2022, while the fourth was discovered in January this year. Two are rated 9.8 on the CVSS severity scale. Although patches have been developed for all four vulnerabilities, users with unpatched versions of SAP software remain vulnerable. This article continues to discuss the attack chain presented at a security conference that could impact all enterprise software solutions running on top of SAP AS ABAP platform technology.

SC Media reports "Researcher Outlines Known RFC Vulnerabilities in SAP Software That Lead to Unauthenticated Remote Code Execution"

The pro-Russia crowdsourced Distributed Denial-of-Service (DDoS) project called "DDoSia" has grown 2,400 percent in less than a year, with thousands of people participating in the launch of attacks against Western organizations. The project was initiated by a pro-Russian hacktivist group known as "NoName057(16)" in the summer of 2022, and it rapidly attracted 400 active members and 13,000 users on its Telegram channel. In a new report published by Sekoia, analysts note that the DDoSia platform has grown significantly over the year, with about 10,000 active members contributing to the project's DDoS attacks and 45,000 subscribers to its main Telegram channel. In addition to the increase in community size, which has resulted in more disruptive attacks, DDoSia has improved its toolset and added binaries for all main operating system platforms, expanding its reach to a larger audience. This article continues to discuss the DDoSia platform experiencing a significant membership increase.

Bleeping Computer reports "Pro-Russia DDoSia Hacktivist Project Sees 2,400% Membership Increase"

CyberSentry is a US Cybersecurity and Infrastructure Security Agency (CISA)-managed capability for threat detection and monitoring, governed by an agreement between CISA and voluntarily participating critical infrastructure partners that operate major systems supporting National Critical Functions (NCFs). CyberSentry looks for known and unknown malicious activity that impacts Information Technology (IT) and Operational Technology (OT) networks. CISA's CyberSentry program supports trusted partnerships between CISA and each participating organization. The program has had much success, such as discovering an infection on a partner's Human Machine Interface (HMI) equipment that had been improperly patched and secured. CISA analysts promptly alerted the partner to the issue and provided recommendations for preventative measures. CyberSentry data also helped quickly identify partners impacted by the SolarWinds supply chain breach. This article continues to discuss the mission and recent successes of CISA's CyberSentry program.

CISA reports "CyberSentry Program Launches Webpage"

According to Nexusguard, the total number of Distributed Denial-of-Service (DDoS) attacks increased by 115.1 percent in 2022 compared to 2021 globally. The data also revealed that attackers continued to change their threat vectors by focusing on Internet Service Provider (ISP) application platforms, online databases, and cloud storage systems. As organizations transfer more workloads to the cloud, this has resulted in a more significant global impact. Although the number of DDoS attacks more than doubled from 2021 to 2022, the maximum size decreased by 48.2 percent to 361.9 gigabits per second (Gbps). The average size of attacks decreased by 22.4 percent. In 2022, 85.6 percent of DDoS threats were single-vector attacks, which is nearly identical to the percentage observed in 2021. User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) based attacks were the most common, accounting for 72.5 percent and 23 percent of all attacks, respectively. This article continues to discuss key findings from Nexusguard's DDoS Statistical Report for 2022.

Help Net Security reports "Global Rise in DDoS Attacks Threatens Digital Infrastructure"