Week of November 8th, 2024

Week of November 8th, 2024

Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.

Here are this week’s top takeaways:

Upcoming Webinars from Packetlabs: "The Illusion of Security" and "The Value of Recertification"

Due to the phenomenal turnout at BlackHat 's SecTor 2024 event, we are turning “The Illusion of Security: Why Cloud Audits Fail to Capture Real-World Threats” into a webinar for those who weren’t able to attend in person–or who want the opportunity to ask further questions.

This session is tailored for cybersecurity professionals who want to gain deeper insights into the limitations of traditional cloud audits and how to address the gaps they often overlook.

Cloud audits are critical in today’s digital landscape, yet many fail to address the complexities of modern threats. In this webinar, Packetlabs’ leading authority on cloud security, Arman Aryanpour, will explore:

  • The cloud security landscape
  • Seemingly compliant cloud audits
  • The solution to the illusion (of security) and why it works

Register today to secure your spot.

In the meantime, join Paul Griffin , Head of Customer Success at OffSec , and our very own Denis Kucinic , VP of Operations at Packetlabs, on November 13th at 12:00 pm ET to engage in a meaningful conversation about OSCP+ and the undeniable value of recertification in advancing your cybersecurity career.

Diwali, Halloween, and the United States Election: The Correlation Between Holidays (and Events) and Cyberattacks

The correlation between holidays (and events) and cyberattacks has been well-recorded.

Many organizations are overburdened during the holidays, and cyberattacks are the last thing on their minds. Cybercriminals exploit these flaws to gain access to systems, and vulnerabilities increase with less network supervision during the holidays. While different attackers use different techniques, social engineering, phishing, spearphishing, malware, and ransomware are the most frequent.

Key examples from this week's election include:

  • The day before the election, DNS traffic to Trump/Republican and Harris/Democrat websites peaked, with daily DNS traffic rising 59% and 4%, respectively
  • On election day, states in the midwest saw the highest traffic growth across the US, as compared to the previous week
  • Internet traffic in the US peaked after the first polling stations closed, with a 15% increase over the previous week
  • DNS traffic to news, polling, and election websites also saw large traffic jumps. Polling services were up 756% near poll closures, and news sites were up 325% by late evening

Likewise, last year's Diwali celebrations showcased:

  • Phishing attempts that targeted the e-commerce industry and sought to damage the image of reputable brands, with 828 distinct domains devoted to phishing activities found in the Facebook Ads Library
  • The increased utilization of typosquatting techniques to create phony-but-plausible domains that trick users into believing they are legitimate websites, by exploiting common typing errors or misspellings of popular domain names

To mitigate these spikes in cybercrime activity, our ethical hackers advise:

  • Conducting cybersecurity awareness training programs for staff: Because of the increased workload, especially over the holidays, your employees are more prone to phishing, social engineering, and even charity fraud. Ransomware attacks are profitable and are relatively simple to execute. Simple precautions can mitigate risk, such as not clicking URLs in emails from unknown senders and keeping operating systems and programs up to date. Employees must be aware that they must continually assess unusual or suspicious messages or documents and report them to IT and security departments
  • Having a contingency plan in place: While having a robust incident response plan in place is crucial all year, updating it and ensuring your staff are aware of it during the holidays may be advantageous in keeping you safe. Organizations should ensure that a solid contingency plan is in place and that responsibilities are acknowledged and understood across all departments to avoid delays and increased risks
  • Diversifying your systems to avoid a single point of failure: Having your assets spread across multiple accounts makes it more difficult for cybercriminals to access them and provides you more time to prepare a defense when your resources are stretched thin
  • Making sure your security systems are up to date: Employee training, firewall protection, anti-virus, anti-spam, wireless security, and online content filtration tools should all be part of your organization’s cybersecurity strategy

Recent Posts From Our Ethical Hackers

Every month, our ethical hackers work to provide free resources so that your team can continue improving your organization's security posture.

Here are just some of our recent posts:


To view or add a comment, sign in

More articles by Packetlabs

Explore topics