< ciso
brief />
Tag Banner

All news with #ddos tag

133 articles · page 3 of 7

DDoS Disrupts Perm Parking Payments, Free Parking Issued

🚗 Local authorities in Perm, Russia, reported a large-scale cyberattack that knocked the city's automated parking payment systems offline, attributing the outage to a massive DDoS attack. The permparking.ru portal and associated payment channels were overwhelmed, prompting officials to waive parking fees from 10–13 March while recovery teams worked. Authorities aimed to have services restored by 16 March. DDoS campaigns typically use botnets to flood services and block legitimate transactions.
read more →

Law Enforcement Dismantles SocksEscort Proxy Network

🔒Operation Lightning dismantled the malicious proxy service SocksEscort, which investigators say compromised hundreds of thousands of routers and IoT devices globally. The service marketed thousands of proxy endpoints that enabled criminals to hide originating IPs and carry out bank and cryptocurrency account takeovers, fraudulent unemployment claims, ransomware operations, DDoS attacks and distribution of CSAM. Authorities seized domains and servers, froze cryptocurrency assets, and urged users and vendors to regularly update device firmware and apply security patches.
read more →

Authorities Disrupt SocksEscort Proxy Botnet Service

🚨 Authorities dismantled the criminal proxy service SocksEscort, which enslaved thousands of residential routers worldwide to operate a large-scale proxy botnet and sold anonymous access for fraud and other crimes. U.S. and European partners executed a court-authorized disruption, seizing domains and servers and freezing roughly $3.5 million in cryptocurrency. The service relied on AVrecon malware that exploited SOHO router vulnerabilities to persistently infect devices and route traffic for criminal customers.
read more →

Cyber fallout from Iran conflict: risks and defenses

🔒 The war in the Middle East has expanded cyber risk globally, from physical strikes on AWS data centers to waves of Iran-aligned cyber activity. Within hours of kinetic operations, hacktivists and state-aligned APTs mobilized, using DDoS, defacement, wipers and supply-chain compromises. Organizations should prioritize inventorying internet-facing assets, enforcing phishing-resistant MFA, auditing MSP and cloud dependencies, and preparing offline backups. The guidance focuses on pragmatic hardening where adversaries historically find weak spots.
read more →

149 Hacktivist DDoS Claims Target 110 Organizations

🚨 Cybersecurity firms reported 149 hacktivist DDoS claims from Feb 28–Mar 2 that targeted 110 organizations across 16 countries, with 107 attacks concentrated in the Middle East. Two groups, Keymous+ and DieNet, drove nearly 70% of activity while NoName057(16) and others composed most remaining operations. Government, finance, and telecom sectors were disproportionately targeted, and vendors including Radware, Orange Cyberdefense, and Unit 42 provided attribution and telemetry. Analysts warn allied nations and critical infrastructure to increase monitoring and harden defenses.
read more →

Iranian Cyberattacks Largely Absent So Far, Risks Remain

⚠️ Five days into the US-Israel–Iran conflict, widescale Iranian cyber retaliation has not yet materialized, but security agencies warn the danger is acute and ongoing. The UK NCSC and Canada CCCS issued broad advisories while CISA has not updated since October. Observed DDoS activity is limited, yet vendors highlight the greater risk from destructive wipers (e.g., Shamoon) and an arsenal of 15+ Iranian families. High‑profile APTs such as APT35/APT42 and APT33 remain concerning; organizations should harden OT, remove unmanaged RMM tools, implement phishing‑resistant MFA (FIDO2/WebAuthn), patch VPNs and monitor endpoints for wiper indicators.
read more →

Amazon GameLift Servers Adds UDP DDoS Protection Feature

🛡️ Amazon Web Services announced Amazon GameLift Servers DDoS Protection, a new capability that provides proactive UDP-based defense for session-based multiplayer games using GameLift Servers. The feature co-locates a relay network to authenticate client traffic with access tokens and enforce per-player traffic limits, helping prevent both targeted and volumetric DoS/DDoS disruptions while adding negligible latency. It is available at no additional cost to GameLift Servers customers and includes console and API integration with sample code for Unreal Engine and native C++.
read more →

2026 Cloudflare Threat Report: Rise of High-Trust Attacks

🔍 The 2026 Cloudflare Threat Report from Cloudforce One documents a shift from brute-force intrusion toward high-trust exploitation, introducing a new metric: the Measure of Effectiveness (MOE). The report identifies eight trends — including AI-driven attack automation, token theft that neutralizes MFA, weaponized cloud tooling, and record-setting hyper-volumetric DDoS — that favor speed and throughput over sophistication. It urges organizations to adopt autonomous, real-time defenses and previews an upgraded automated threat-events command center to help harden the connective tissue of modern networks.
read more →

Study Finds Hackers Disrupt Operations at Many Firms

🔒 A representative survey by the Centre for European Economic Research (ZEW) found that a notable share of German companies experienced cyberattacks in 2025. In the information economy about one in seven firms and in industry about one in eight reported damage. Larger firms (100+ employees) were more frequently affected. The most common consequence was operational downtime, alongside financial losses, ransom demands, and data exfiltration.
read more →

Talos: Monitoring Cyber Activity in the Middle East

🔍 Cisco Talos is actively monitoring the evolving conflict in the Middle East for cyber-related activity and currently reports no significant, state-sponsored cyber impacts. Incidents observed to date are limited — primarily website defacements, small distributed-denial-of-service (DDoS) campaigns, and opportunistic phishing using conflict-themed lures. Talos assesses that Iranian-aligned groups historically operate in espionage, destructive attacks, and hack-and-leak operations, which remain plausible avenues. Organizations should prioritize MFA, timely patching, robust monitoring, and targeted third-party risk controls to reduce collateral exposure.
read more →

UK NCSC Issues Warning on Iranian Cyberattack Risks

⚠️The UK National Cyber Security Centre (NCSC) has issued an advisory warning British organisations of an elevated risk of Iranian cyberattacks amid the ongoing Middle East conflict. While the NCSC says there is not yet a significant change in the direct threat to the UK, state‑sponsored and Iran‑linked actors likely retain some capability despite Iran’s domestic Internet blackout. Organisations with operations or supply chains in the region are urged to follow guidance on DDoS, phishing, and ICS targeting, review external attack surfaces, and increase monitoring.
read more →

Hybrid Middle East Conflict Sparks Global Cyber Surge

🌐 A sharp escalation in the Middle East has entered a hybrid phase combining military strikes with large-scale cyber operations following joint Israeli–US strikes on Iran on 28 February 2026. CloudSek reported a sweeping cyber campaign that reduced Iran's internet to roughly 4% of normal capacity, disrupting government services, media and parts of energy and aviation. Security firm Halcyon warns of rising DDoS, hacktivist and ransomware activity and urges organisations to increase monitoring, enforce multi-factor authentication and maintain offline backups against supply-chain and regional spillover risks.
read more →

Iran's Cyber Capabilities: What Defenders Should Know

🔍 Iran’s cyber ecosystem combines state-aligned clusters, deniable operators, and hacktivists linked to IRGC and MOIS. These actors pursue espionage, disruption and destructive operations—DDoS, pseudo-ransomware, and wipers—often paired with information operations and coordinated amplification. Activity is intensifying amid the current crisis and is expected to broaden across the Middle East, the United States, and other regions.
read more →

Aeternum Botnet Shifts C2 to Polygon Blockchain Control

⛓️ A newly discovered loader named Aeternum relocates botnet command-and-control onto the Polygon blockchain, researchers at Qrator Research Lab report. Infected machines retrieve instructions written as on-chain transactions and poll more than 50 RPC endpoints instead of contacting centralized servers or domains. The seller offers native C++ builds and a web dashboard that writes commands to smart contracts, creating a low-cost, resilient C2 channel that complicates traditional takedowns and shifts defensive emphasis to edge filtering and proactive DDoS mitigation.
read more →

Smashing Security Podcast 456: DDoS, Ransomware Fails

🛡️ In episode 456 of Smashing Security, Graham Cluley and guest Paul Ducklin examine allegations that an internet archiving service operator weaponised its own CAPTCHA to DDoS a Finnish blogger, tampered with archive content to smear them, and issued bizarre threats about AI-generated pornography. The hosts also cover a ransomware crew that accidentally corrupted victims' decryption keys, rendering extortion efforts ineffective. The episode closes with a calm Pick of the Week and a furious rant about web forms.
read more →

Spain Arrests Suspected Anonymous Fénix Hacktivists

🔒 Spanish authorities arrested four alleged members of the hacktivist group Anonymous Fénix for a series of distributed denial-of-service (DDoS) attacks that targeted government ministries, political parties, and public institutions. The Spanish Civil Guard said the group first struck in April 2023 and intensified activity after severe floods in Valencia in late October 2024, using X and Telegram for recruitment and propaganda. Courts ordered seizure of the group's X and YouTube accounts and closure of its Telegram channel following the arrests.
read more →

Weekly Recap: Double-Tap Skimmers, AI Malware, 30Tbps DDoS

🛡️ This weekly recap highlights high‑impact incidents and emerging trends across devices, cloud services, and supply chains. Key items include a Dell RecoverPoint zero‑day (CVE‑2026‑22769) actively exploited to install web shells and backdoors and PromptSpy, an Android malware that leverages Google Gemini and accessibility services for persistence. The report also calls out a near‑30 Tbps DDoS surge, malicious Docker Hub images, and deceptive "double‑tap" skimmers targeting e‑commerce. Review the prioritized CVEs and advisories and map mitigations to your environment.
read more →

DDoS Attacks Surge in Frequency and Potency: 2025 Rise

⚠️ The Radware 2026 Global Threat Analysis Report warns of a dramatic escalation in DDoS activity during 2025, recording a 168% year-over-year increase. On average, a Radware customer faced more than 25,351 attempted attacks (about 139 per day). Technology, telecommunications and financial services were hardest hit, with the technology sector accounting for 45% of network-layer attacks. Researchers note attacks are faster, stronger and increasingly coordinated by hacktivist ecosystems, and advise organisations to adopt proactive, pre-emptive defence measures.
read more →

Cyberattack Disrupts Deutsche Bahn Information Systems

🚨 Deutsche Bahn reported that its information and booking services, including the DB Navigator app and the bahn.de website, were disrupted by a cyberattack. The operator characterized the incident as a DDoS attack that produced intermittent outages starting Tuesday afternoon and recurring on Wednesday morning. Services were restored to a "largely stable" state after defensive measures, though temporary restrictions persisted and the company provided no details about possible perpetrators or motives. Deutsche Bahn said the measures taken helped keep customer impact as low as possible.
read more →

UK Cyber Threat Shifts from Ransomware to Disruption

🔍 In 2025 the UK became the most targeted country in Europe, and the nature of attacks shifted dramatically. Where ransomware once dominated, attackers prioritized disruption over monetization, altering tactics and intent. Many organizations that hardened defenses for extortion found those assumptions outdated and exposures increased. Detection, response and business-continuity strategies must be reevaluated.
read more →