Data extortion is not a new tactic for threat actors. Big Game Hunting (BGH) is where actors steal and leak data to force ransom payments.  However, if this threat does not work and the victim does not pay this can result in an additional threat of releasing the data to someone else, usually a competitor – double ransomware extortion.

more →

XSS – Cross-site scripting

XSS is a common form of injection attack on public facing web servers. Any web server can be vulnerable to attack, and websites now are feature-rich with multiple embedded databases, comments sections, and media… all of which increase the vector types that can be attempted by cyber criminals for various reasons.

more →

In the previous article in this series, we looked at the business case for DDoS (Distributed Denial of Service) testing. If you read this last post, you will probably agree that there are a number of features of DDoS attacks and DDoS mitigation systems that make DDoS attack testing particularly important.

more →

Why conduct a DDoS Test?

Historically, security specialists have never placed DDoS testing high on the IT agenda, relying mainly on vulnerability assessment and penetration testing as a means of security validation. However, things are changing. DDoS attacks are no longer simply a risk to the availability of an IT system or service.

more →

The IT Industry is full of terms and acronyms (see our DDoS Dictionary) and one that I have seen a lot of recently is DDoS Pen Testing, usually where Pen Testers are looking to include DDoS Testing as well.  I wrote an article a while back on Penetration Testing and DDoS Testing and how these work together. 

more →

Distributed Denial of Service or DDoS is an attack where there is an attempt to render an online service unavailable by overwhelming it with traffic from multiple distributed sources.

The National Cyber Security Centre (NCSC) is a pivotal organization in cyber security advice and supports the most critical organizations in the UK, the wider public sector, industry, SMEs and the general public.

more →

What’s the best first step for CISOs when they have just started at a business? If you follow the NIST cybersecurity framework, and many other recommended processes, that step is to IDENTIFY.

According to Gene Abramov, CEO of US-based Depth Security “A new CISO needs to understand what the real-world security posture of the organization is.

more →

We recently looked at the many types of hackers, but now we take a closer look at which of hacker tends to perpetrate DDoS attacks and why they use this method.

DDoS attacks are one of the oldest types of cyberattacks, but they have still seen a massive growth recently.

more →