One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8436534 |
| Date de publication | 2024-01-08 11:00:00 (vue: 2024-01-08 11:07:41) |
| Titre | Le siège de botnet: comment votre grille-pain pourrait renverser une société The Botnet siege: How your toaster could topple a corporation |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In addition to the overt signs of cyber threats we\'ve become conditioned to recognize, like ransomware emails and strange login requests, malicious actors are now utilizing another way to achieve their nefarious purposes — by using your everyday devices. These hidden dangers are known as botnets. Unbeknownst to most, our everyday devices, from toasters to smart fridges, can unwittingly be enlisted as footsoldiers in a digital army with the potential to bring down even corporate giants. This insidious force operates in silence, escaping the notice of even the most vigilant users. A recent report by Nokia shows that criminals are now using these devices more to orchestrate their attacks. In fact, cyber attacks targeting IoT devices are expected to double by 2025, further muddying the already murky waters. Let us go to the battlements of this siege, and we’ll tackle the topic in more depth. What is a botnet? Derived from the words “robot” and "network.", a botnet refers to a group of devices that have been infected with malicious software. Once infected, these devices are controlled remotely by a central server and are often used to carry out malicious activities such as cyber attacks, espionage, financial fraud, spam email campaigns, stealing sensitive information, or simply the further propagation of malware. How does a botnet attack work? A botnet attack begins with the infection of individual devices. Cybercriminals use various tactics to compromise these devices, such as sending malicious emails, exploiting software vulnerabilities, or tricking users into downloading malware. Everyday tech is notoriously prone to intrusion. The initial stages of building a botnet are often achieved with deceptively simple yet elegant tactics. Recently, a major US energy company fell prey to one such attack, owing to hundreds of phishing emails. By using QR code generators, the attacks combined two seemingly benign elements into a campaign that hit manufacturing, insurance, technology, and financial services companies, apart from the aforementioned energy companies. This new attack vector is now being referred to as Quishing — and unfortunately, it’s only going to become more prevalent. Once a device has been compromised, it becomes part of the botnet. The cybercriminal gains control over these infected devices, which are then ready to follow the attacker\'s commands. The attacker is then able to operate the botnet from a central command-and-control server to launch various types of attacks. Common ones include: Distributed denial-of-service (DDoS). The botnet floods a target website or server with overwhelming traffic, causing it to become inaccessible to legitimate users. Spam emails. Bots can be used to send out massive volumes of spam emails, often containing phishing scams or malware. Data theft. Botnets can steal sensitive information, such as login credentials or personal data, from the infected devices. Propagation. S |
| Envoyé | Oui |
| Condensat | 000 2025 ability able about access accounts achieve achieved action activities actors addition additional additionally adopt affected aforementioned against agriculture aim airbnb all already also although always amass amazon another answer any apart apparent are arena army article aside aspect assisting at&t attachments attack attacked attacker attacks author automatic average aware bandwidth battlements bears because become becomes been before begins being benefits benign best beyond blending blissfully botnet botnets bots brand breach breaches break bring budgets building business businesses but camera campaign campaigns can car cards carry cause causing caution cautious central change choose clicking clue coalesce code collective combined comes command commands common companies company compromise compromised computational computer computers concerning conclusion conditioned conjunction consider containing content control controlled corporate corporation could couple course covert credentials criminals critical cyber cyberattacks cybercriminal cybercriminals cybersecurity damage dangerous dangers data date ddos dealership’s dealerships debit deceptively delay denial depth derived deserves designed destructive detect device devices difficult digit digital direct discussed distributed does domain don don’t double down downloading drastically dropped dyn dynamics each ears easier easily easy effectively either elegant element elements eligible email emails enable encryption endorse energy enlisted enough ensure escaping especially espionage even everyday evolution exercise exhaustive expected exploit exploiting extensively extremely facilities facility fact factors far fell financial find first fix floods foil follow footsoldiers force forces forms fraud fridge fridges from funded further gains generators get giants goes going good goods grids ground group hacker hackers hard hardware has have healthcare heavily heightened here hidden high hit hospitals hours how however human hundreds identify identity ignore imagine immune impact implement improbable inaccessible incident include include: including increasingly individual individuals infect infected infecting infection info information infrastructure initial insidious install insurance internet intrusion investments iot it’s join keep ken known lack large launch layperson legitimacy legitimate let life like link links location login long look lost lot major make makes malicious malware management manufacturing massive may message method might minimizing mirai mobilizing monitoring more most much muddying multiple multitude murky name nature nefarious network new next nokia not notice notorious notoriously now often oftentimes old once one ones online only opening operate operates operation orchestrate organizations other out outdated over overt overwhelming owing own paradigm part particularly patches pathway paypal people perform personal phenomenon phishing play positions possible post potential power practices present prevalent prevent prey programs prominent prone propagation protect provide provided provider proxies purposes put quantifying question quishing radar ransomware rarely ready real realize recent recently recognize recruit recruiting recruitment referred refers regular relatively reliable reliant rely remain remotely remove repeating report requests requiring resolved responsibility result retreading risk rtls run same saying scams scans second sectors security see seek seem seemingly seems segment segmenting sellable send sender sending sensitive separate serious server service services set seven should shows siege siege: significant signs silence simple simply single small smart smartphones smooth software solely some source spam spotify spread stages start stay staying steal stealing stealthily stem steps stolen strange strength successfully such sure suspicious system systems tackle tactics take taken taking target targeting targets task tech techniques technology terabytes theft then thereby these things threat threats time ti |
| Tags | Ransomware Spam Malware Vulnerability Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.