DDOS attacks still increasing
This Wednesday Cloudflare released their DDOS threat report of the 3rd quarter in 2022 and showed that the number of attacks is still on the rise. Distributed Denial of Service (DDOS) is an attack method where the target is flooded with data or requests and thereby access to the target is blocked. Unlike a normal DOS attack, the attack happens from many different systems, in most cases Bot networks. The amount of HTTP DDOS attacks increased by 111% compared to last year and the amount of Ransom DDOS attacks by 67%.
The most targeted industry was the internet industry with an increase of 303% compared to last year. 2nd place was the telecommunication industry with an astounding 2,317% increase of attacks.
The fastest growing attack threats were the BitTorrent network (1,221%), which was abused by spoofing IP addresses to create attacks, and the Mira bot-network (405%), which led the biggest attack of the quarter with a peak of 2.5Tbps.
If you want to dig deeper into the findings, the entire report can be read here: Cloudflare DDoS threat report 2022 Q3.
Microsoft October Update
On Thursday, Microsoft released their October Update. This time, there are 52 different products or features affected by the update. They address 85 vulnerabilities of which 15 are rated “critical”. Under those was also one vulnerability with a CVSS score of 10/10. CVE-2022-37968 was a vulnerability which enabled an unauthorized attacker to execute code remotely and even gain administrative control over Azure Arc enabled Kubernetes cluster.
The vulnerabilities CVE-2022-41082 and CVE-2022-41040 – also known as ProxyNotShell, which affects Microsoft exchange server – were not yet fixed in this patch and are still open.
For more insights on the topic, feel free to check our sources below:
- Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched (darkreading.com)
- Sicherheitsupdates vom Oktober 2022. Updates in diesem Monat (Microsoft.com)
Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.
Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.