Cloud Hosting

Companies including Google and Amazon say they have fought off the worlds biggest distributed denial of service (DDoS) attack, but are warning internet users that these types of attacks could cause widespread disruption unless cybersecurity measures are stepped up.

Google mitigated a DDoS attack which peaked at 398 million requests per second

The scale of DDoS attacks is increasing.

Image: Google

All three companies said the attackers exploited a weakness in HTTP/2 a newer version of the HTTP network protocol. They are now urging other firms to update their web servers so they are less vulnerable to such attacks.

"Any enterprise or individual that is serving an HTTP-based workload to the internet may be at risk from this attack," Google says. "Organizations should verify that any servers they run that support HTTP/2 are not vulnerable, or apply vendor patches for CVE-2023-44487 to limit impact from this attack vector."

Cybersecurity risks are likely to increase because of generative AI, according to a new UK government report on frontier AI.

The technology will allow the creation of "faster-paced, more effective and larger-scale cyber-intrusion via tailored phishing methods or replicating malware", the Safety and Security Risks of Generative Artificial Intelligence to 2025 report says. But it does not see hacking becoming fully automated by 2025.

Digital risks such as cyberattacks, online fraud and impersonation are the most likely security threats to emerge because of AI, and will have a bigger impact than other threats, the document says. Overall, it sees generative AI as more likely to exacerbate existing risks rather than create completely new threats in the coming years.

However, the report also says that generative AI will improve the defences available against cyberthreats.

The Global Security Outlook 2023 revealed that 43% of leaders polled believe that a cyberattack will materially affect their organization in the next two years.

The World Economic Forums Centre for Cybersecurity drives global action to address systemic cybersecurity challenges. It is an independent and impartial platform fostering collaboration on cybersecurity in the public and private sectors.

Learn more about our impact:

Want to know more about our centres impact or get involved? Contact us.

The UK report follows efforts by several international organizations to advance inclusive AI governing frameworks.

In June, for instance, the World Economic Forum launched the AI Governance Alliance to provide guidance on the responsible design, development and deployment of artificial intelligence systems. The UN also set up a global advisory panel to report on the international governance of AI earlier this month.

European countries should store sensitive data on government-controlled cloud services rather than on systems run by private companies, according to the chief executive of Italian defence and electronics firm Leonardo. "A safe country needs a government cloud, at least for financial, health and defence data," Roberto Cingolani told the Italian lower house of parliament.

The Octo Tempest cybercrime collective has evolved into one of the world's "most dangerous financial criminal groups", according to Microsoft. Its broad "social engineering campaigns" have targeted companies in a wide range of sectors since early 2022, to extort money for the return of stolen data. The group uses impersonation to trick technical administrators into carrying out resets of passwords multifactor authentication methods, Microsoft says.

Octo Tempest has become one of the world's 'most dangerous financial criminal groups'.

Image: Microsoft

Cisco Systems is buying cybersecurity firm Splunk in what will be its biggest-ever acquisition. The $28 billion deal will see Cisco absorb a company with a reputation for its work on "data observability", which helps companies spot potential cybersecurity threats.

The US Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services have released a cybersecurity tool kit that includes resources tailored for the healthcare and public health sector. Cybercriminals see healthcare organizations as "high-value yet relatively easy targets" because of the vast range of identity and financial information they hold, the CISA says

A security error on a CIA social media account has been exploited by a cyber-security researcher to draw attention to the issue. A glitch related to how web links sometimes appear on X, formerly known as Twitter, allowed the expert to redirect informants trying to contact the CIA to his own Telegram channel.

The increasing adoption of digital technologies in manufacturing processes has opened up new avenues for cybercriminals to exploit. The Forum's Cyber Resilience in Manufacturing initiative gathers more than 30 members across the manufacturing ecosystem to develop collective approaches and tools to make the manufacturing sector cyber resilient. These five principles can help manufacturers develop organisational cyber resilience.

Quantum computers could allow malicious actors to break the security algorithms that currently protect most information and communication systems. The "Y2Q" problem bears similarities to the Y2K or millennium bug, but the differences are more serious, from the source of the threat to how to solve the problem.

The expansion of the online world has led to people having larger and larger digital footprints sometimes including details they would rather the internet forgot. This has led to the implementation of right to be forgotten rules in some regions, allowing people to ask for data about them to be removed from the internet. Here's how it works.

Continued here:
Biggest-ever DDoS attack threatens companies worldwide, and ... - World Economic Forum