Bot Attacks Expose UK Websites

Aug 11 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that treats cybercriminals like West Yorkshire Police treats autistic girls who call them names 😳😲😡

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!!!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! Check out these just freshly hatched patches!! 🩹🩹🩹

🛡️ Microsoft's Patch Tuesday – August 2023 🛡️

Microsoft's latest Patch Tuesday is here with 74 essential security fixes, a welcome drop from the 132 patched last month. This batch includes 6 Critical, 67 Important, and 1 Moderate vulnerabilities, addressing a range of potential issues.

They’re also enhancing Microsoft Office (ADV230003) and the Memory Integrity System Readiness Scan Tool (ADV230004). These additional layers of defence add an extra shield to your digital world.

Stay alert and ensure you grab these crucial updates to fortify your digital fortress and keep your systems safe from potential threats. Your cyber-safety matters! 🔒💻

Now, on to today’s hottest cybersecurity stories:

  • 🤖 Two-thirds of UK websites vulnerable to bad bots 😈

  • 📊 Data exfiltration is now the go-to cyber extortion strategy 💵

  • 👑 The top new cybersecurity products at Black Hat USA 2023 🎩

Bad Bots, Bad Bots 🎶

🔒 Bot Attacks Expose UK Websites! 🔒

A concerning discovery by DataDome reveals that a whopping 66% of UK websites can't fend off basic bot attacks, leaving them vulnerable to fraud and account breaches! 😱

🕵️ BotTester Tool at Work

DataDome, a security expert, put over 2400 major UK sites to the test using its BotTester tool, exploring sectors like banking, e-commerce, and more.

🛡️ The Results

  •  Only 8% could block all bot requests.

  • Over 69% allowed all nine bot types!!!

  • 23% managed to detect some bots.

📉 Problematic Sectors

E-commerce and classified ads were the weakest, allowing over 70% of bad bot traffic.

Gambling sites were the best with 29% bot blockage.

💼 The Big Risk

The most powerful bad bots were fake Chrome bots, bypassing defences on 90% of tested sites! 😨

🚨 The Call to Action

DataDome's research head, Antoine Vastel, warns that UK businesses are unprepared for the potential financial and reputational harm from bad bots. It's time to take action against this growing threat. 💪

Don't let your website be vulnerable—protect against bad bots now! 💻🛡️

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Ransomware scammers have #nofilter 💀

🔒 Rising Ransomware Threats: Stay Informed! 🔒

The menace of zero-day and one-day vulnerabilities has escalated, leading to a staggering 143% rise in victims when comparing Q1 2022 with Q1 2023, as per a report by Akamai. 😱

🛡️ Shifting Strategies

Ransomware groups have evolved, now focusing on exfiltrating sensitive files, making backup solutions inadequate. LockBit has dominated the ransomware scene, with 39% of total victims in recent quarters.

⚠️ Industry Impact

Manufacturing experienced a 42% increase in victims, highlighting the threat to global supply chains. Healthcare saw a 39% increase, targeted primarily by ALPHV and LockBit ransomware groups.

💰 Targets and Revenue

Smaller organisations (up to $50 million in revenue) were most vulnerable (65%), with larger ones (above $500 million) making up 12% of victims.

🏦 Financial Services Under Fire

The financial sector witnessed a 50% increase in impacted organisations, while retail ranked third in ransomware victims, with a 9% rise.

🔒 Protection is Key

Understanding adversary techniques is crucial to safeguard critical assets, maintain brand trust, and ensure business continuity, says Pavel Gurvich, SVP and GM, Enterprise Security at Akamai.

Stay vigilant and protect your digital fortress! 💻🛡️

🗞️ Extra, Extra! Read all about it! 🗞️

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

💰 Daily Dough: Bite-sized investing ideas, wisdom, news, and trends you need to grow your dough!

📈 ProductivityGlide: A bite-sized email for your most productive day yet!

🏫 AI Marketing School: The latest AI Marketing tools, techniques, and news delivered biweekly.

Let us know what you think!

Innovations in Cybersecurity: Black Hat 2023 Highlights 🔒💻

CrowdStrike: Counter Adversary Operations

  • Launch of Identity Threat Hunting service under the new program.

  • Includes Falcon Intelligence, Overwatch teams, telemetry.

  • Available with Falcon OverWatch Elite, offering 24/7 coverage.

Skyhawk Security: Shift-left CDR

  • Patent-pending cloud threat detection (CDR) with generative AI.

  • Detects threats early, reduces false alarms.

  • Available in Q3, integrates with Skyhawk’s threat detection platform.

Cado: Enhanced Timeline View

  • Unified view for incident response across cloud logs, disk, memory.

  • More intuitive navigation, faceted/saved searches.

  • Improved open-source volatile artefact collection (VARC) tool.

Cycode: Expanded ASPM, IDE plugin

  • Detects hard-coded secrets in Confluence, AWS S3, Azure.

  • New IDE plugin for VS Code integration.

  • Supports SLSA attestation with Azure DevOps pipelines.

Netrise: New SBOM Features, KEV Support

  • Supports SPDX and CycloneDX formats in XIoT security platform.

  • Enriches SBOMs with vulnerability info, overlays CISA KEV data.

  • Available from August 9 with current pricing, it simplifies exploit management.

ThreatConnect: Intelligence Requirement Capabilities

  • Enhanced TI Ops Platform for intelligence requirements.

  • Defines, manages, tracks IRs, PIRs, and RFIs.

  • Included in current pricing, available for existing/new customers.

Ironscales: Phishing Simulation Testing, ADE

  • Beta launch of GPT-powered phishing simulation testing (PST).

  • Accidental data exposure (ADE) alerts for sensitive info.

  • Available later this year, pricing based on feedback.

Bionic: ServiceNow Integration, Bionic Events

  • Integrates with Service Graph for real-time CMDB.

  • Bionic Events correlates app changes to security risk.

  • Available at no added cost, offers security investigation inventory.

ProtectAI: Huntr

  • Machine-learning based bug bounty platform for AI OSS.

  • Offers targeted bug bounties, collaboration, vulnerability reviews.

  • First contest with $50,000 reward focused on Hugging Face Transformers.

Cybersixgill: Enhancements to Cybersixgill IQ

  • AI-based threat intelligence platform with ASM module.

  • Custom report builder, improved threat entity navigator.

  • Credential module for consolidated stolen credentials.

eSentire: MDR

  • XDR SaaS offering adds MDR agent for SMEs.

  • Features expert onboarding, 24/7 security, in-house threat intel.

  • Waiting list for MDR, details on general availability pending.

Cado: New Timeline View

  • Unified view across cloud logs, disk, memory.

  • Intuitive navigation, faceted/saved searches.

  • Improved open-source VARC tool for faster incident investigation.

Stay ahead of the cybersecurity game with these exciting advancements! 🔐🌐 #BlackHat2023

Happy weekend! 😎

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles