The Armoury – February 2025

Welcome to The Armoury?

Cyber threats are getting sophisticated, and the number and style of threats are on the rise. We understand that your schedule is packed, but staying informed about cybersecurity is a top priority. With The Armoury, we've curated the most relevant and important content from trusted sources. Our team handpicks articles, news items, and tips that you need to know, saving you time and effort while ensuring you have the knowledge to protect yourself and your organisation.?

If you ever decide that The Armoury no longer aligns with your needs, you can easily unsubscribe at any time.?

Stay safe.?

Latest Cybersecurity News?

• Rise in Cybercriminals Exploiting Trusted Applications. A recent report by Sophos, "The Bite from Inside: The Sophos Active Adversary Report," reveals a 51% surge in the misuse of "living off the land" binaries (LOLBins) by cybercriminals in the first half of 2024 compared to 2023. Analysis of nearly 200 incident response cases indicates that Remote Desktop Protocol (RDP) was exploited in 89% of incidents. Despite disruptions to its infrastructure, LockBit ransomware accounted for approximately 21% of infections during this period. The report underscores a shift towards stealthier attack methods, with adversaries leveraging legitimate Windows tools to evade detection. Source: CISO?

• DDoS Attacks Surge by 82%, Driven by AI and IoT. A report by Zayo Group reveals an 82% rise in DDoS attacks from 2023 to 2024, escalating from 90,000 to 165,000 incidents. Cybercriminals leverage AI and IoT devices for larger, more sophisticated attacks. The telecom sector remains the top target (42%), while finance, healthcare, and manufacturing face rising threats. With average attack costs reaching $234,000 per incident, businesses must invest in DDoS mitigation to combat evolving cyber risks. Source: IT Brief Australia?

• Microsoft Patches 56 Vulnerabilities in February 2025 Update. Microsoft has addressed 56 vulnerabilities in its February 2025 Patch Tuesday release, including two actively exploited flaws. Notably, CVE-2025-21418, a heap-based buffer overflow in the Windows Ancillary Function Driver, grants SYSTEM privileges upon exploitation. Another vulnerability, CVE-2025-21391, allows attackers to delete files without user interaction. Three critical remote code execution flaws impact Windows LDAP, DHCP, and Excel. Updates are available via Windows Update. Source: IT Brief Australia?

Cybersecurity Tips & Best Practices?

• Use a Burner Email for Sign-Ups: Create a disposable email for newsletters, competitions, and websites you don’t fully trust. This reduces spam and phishing risks.?

• Limit Permissions for Apps on Your Phone: Don’t grant unnecessary access to location, microphone, or contacts—especially for apps that don’t require them.?

• Block USB Ports When Not in Use: Disable USB ports on your computer to prevent malware injection via rogue USB devices.?

Cybersecurity Awareness & Education?

Did you know??

The term ‘Firewall’ comes from real fires. In network security, a firewall is a system that filters traffic to prevent unauthorised access. The term comes from physical firewalls, which are barriers used in buildings to stop the spread of fires. Just like a network firewall acts as a barrier to stop the spread of malicious traffic on a computer network.???

Cybersecurity FAQ?

Cybersecurity FAQ?

Virus, Worm, and Trojan: What’s the Difference??

Cyber threats come in many forms, but viruses, worms, and trojans are among the most common types of malware. While they may seem similar, they behave differently in how they spread and cause damage.?

?

1. Virus: A virus is a type of malware that attaches itself to files or programs and requires human action to spread. When an infected file is opened, the virus executes and can corrupt files, slow down systems, or even delete data.?

Example: The ILOVEYOU virus (2000), which spread through email attachments and caused widespread damage.?

?

2. Worm: A worm is a self-replicating malware that spreads across networks without needing a host file or user action. It can exploit system vulnerabilities, overload networks, and install additional malware.?

Example: The WannaCry worm (2017), which spread ransomware to thousands of computers worldwide.?

3. Trojan: A trojan disguises itself as legitimate software but contains hidden malware. It does not self-replicate but can be used to steal data, spy on users, or give hackers remote access to a system.?

Example: The Zeus Trojan, which targeted banking credentials and financial information.?

?

Cybersecurity Event?

?

Australian Cyber Conference?

Date: 17-19 March, 2025?

Location: National Convention Centre, Canberra?

Register Here?

?

Cybersecurity & Breach Response Bootcamp?

Date: 27 March, 2025?

Location: Sydney CBD?

Register Here?

Cybersecurity Trivia of the Month?

In 2008, a malware called Agent.BTZ infiltrated U.S. military networks through an infected USB drive plugged into a laptop in the Middle East. The malware spread undetected, creating a backdoor that could allow cyber espionage.?

This attack led to the U.S. Department of Defense banning USB drives and launching Operation Buckshot Yankee, a major cybersecurity initiative to strengthen military defences.?

Recent Ransomware Attack?

Akira Ransomware Gang Claims Attack on Defunct Australian Media Firm?

The Akira ransomware gang claims to have stolen 16GB of sensitive data from the now-defunct Australian media company Regency Media, including NDAs, financial records, and personal details of employees and customers. However, verifying these claims is difficult as the company dissolved in 2023.?

Experts warn that cyber attacks on closed businesses highlight a major security risk, as legacy data often remains unprotected on abandoned servers. Rapid7’s Christiaan Beek emphasises the need for businesses to securely wipe or encrypt data before shutting down to prevent exploitation.?

This incident follows a November 2024 attack on Brisbane law firm Nicholsons Solicitors by the INC Ransom group, which allegedly exfiltrated 250GB of sensitive documents. These cases underscore the need for stronger post-closure data security frameworks to prevent cybercriminals from targeting unmanaged data.?

Source: Cyberdaily AU?

?

Cybersecurity Meme of the Month?

?

Sign up for The Armoury?

Sign up for our The Armoury to get the latest updates on Cybersecurity first-hand via email.?

#itbusiness #technology #cybersecurity #cybersecuritytips #cybersecurityupdates #innovation?