Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023
While 2023 was a difficult year for cybersecurity teams, 2024 is likely to be worse. In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators. By Flashpoint’s numbers, there were 6,077 recorded data breaches in 2023, with attackers accessing more than 17 billion personal records (up 34.5% on 2022’s figures). In the first two months of 2024, this increased by 429% over the first two months of 2023.
Majority of Americans now use ad blockers
More than half of Americans are using ad blocking software, and among advertising, programming, and security professionals that fraction is more like two-thirds to three-quarters. According to a survey of 2,000 Americans conducted by research firm Censuswide, on behalf of Ghostery, a maker of software to block ads and online tracking, 52 percent of Americans now use an ad blocker, up from 34 percent according to 2022 Statista data. More striking are the figures cited for technically savvy users who have worked at least five years in their respective fields – veteran advertisers, programmers, and cybersecurity experts.
Retail chain Hot Topic hit by new credential stuffing attacks
American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers’ personal information and partial payment data. The Hot Topic fast-fashion chain has over 10,000 employees in more than 630 store locations across the U.S. and Canada, the company’s headquarters, and two distribution centers. In credential stuffing attacks, cybercriminals use automated tools to trigger millions of login attempts using a list of username and password pairs. The technique is particularly effective when users reuse the same login information across multiple platforms.
JetBrains keeps mum on 26 ‘security problems’ fixed after Rapid7 spat
JetBrains TeamCity users are urged to apply the latest version upgrade this week after the vendor disclosed 26 new security issues in the CI/CD web application. However, JetBrains declined to release details. The release notes for version 2024.03 simply state “26 security problems have been fixed.” Typically, security advisories detail at least the CVE tracking ID for each vulnerability, as well as the estimated severity rating and a brief description of the location and nature of the vulnerability. JetBrains has remained staunch against pre-emptively disclosing security issues, though, following a brief disclosure drama involving Rapid7 earlier this month.
Bitcoin wallets drained as infostealer malware targets Call of Duty players
A group of unidentified cybercriminals has released an information stealer malware targeting gamers who cheat in Call of Duty, resulting in the theft of bitcoin (BTC) holdings from affected players. The malware has already compromised hundreds of thousands of accounts, with the numbers continuing to grow. According to vx-underground, an information security and malware market resource, the malware has impacted at least 561,000 Activision accounts, over 3.6 million Battlenet accounts, as well as over 117,000 accounts from Elite PVPers.