Talion is a finalist for Best SIEM Solution for the 4th year in a row

Talion is a finalist for Best SIEM Solution for the 4th year in a row

DDoS Attacks & Malware: Remediation Guidance Is Critical - Talion

From the Russia/Ukraine conflict to a father criminally reducing his children’s screen time, cyber threats are emerging from unexpected sources.

Whilst Russian soldiers cross over into Ukraine, cybercriminals must not be overlooked – the cyber border is just as critical. Companies must make important investments to ensure their security posture is under control.


Want to listen instead?

Head over to our Threat Set Radio – Episode 158.


Threats remain from DDoS attack

As the Russia/Ukraine crisis dramatically escalates, reports have emerged regarding the worst DDoS attack Ukraine has ever suffered earlier this year. Whilst its effect was relatively standard in the cyber world, it was the largest the country had observed against its specific targets and was attributed to the Russian GRU.

After technical analysis, the usage of Katana (a variant of the Mirai botnet which improved DDoS capabilities) was identified. This level of sophistication deemed the attack as being planned thoroughly in advance, with the aim to destabilise and undermine the Ukrainian government into chaos. However, Ukraine’s quick response to back up compromised sites meant this tactic failed.

Australia, UK, and a number of other countries are helping Ukraine with their cyber defences. This is a stark reminder that cyberwarfare tactics are substantially high and put many organisations across the globe at risk.



Recent security alert warns of new malware

This week, as mentioned on our Threat Set Radio, a joint security alert from NCSC, CISA, NSA & FBI warns of a new malware believed to be linked to the Sandworm group, which was also attributed to the Russian GRU from Ukraine’s previous DDoS attack. This malware strain has been dubbed Cyclops Blink – an advanced replacement framework for the group’s previous targeting of exposed VPNfiler malware.

Its sophisticated ability to beacon device information back to the attacker’s server to enable file download, as well as add new modules while the malware is running, allows Sandworm to implement additional capability as required.


Take note of remediation guidance

Due to these recent security alerts, remediation advice for companies infected (but also any company that may be caught in the crossfire) encourages employers to:

  • Not expose management interfaces of network devices to the internet
  • Keep devices and networks up to date for maximum protection
  • Utilise multi-factor authentication to reduce the impact of password compromises
  • Educate employees on the attacker tactics and how to report and respond on these incidents


Check out our Top 8 Mitigation Tactics for further insight.


When cyber crime hits home…

Cyber crime isn’t always at the forefront of the news – sometimes it’s next door.

This was certainly the case when a father in France illegally purchased a signal jammer in an attempt to limit his children’s internet usage, accidentally wiping out an entire town’s internet as a result. He currently faces a $30,000 fine and potentially 6 months in prison!



Interested in further insight? Our Threat Intelligence team host a weekly podcast that discusses the current threat landscape, emerging threats, and our take on cyber-news. Subscribe to our Threat Set Radio podcast to stay informed and updated.

Click here to subscribe


Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
24x7x365 UK-based Security Operations Centre
Service underpinned by market leading threat intelligence team
Continually developed threat relevant content, backed by SLAs
MDR service has featured in the Gartner Magic Quadrant for 6 consecutive years
Experts in SIEM and SOAR technology
UK-based Senior Leadership
Looking to maximise value and flexibility?
Learn how Talion and DEVO partner to achieve this.
Discuss your cyber security needs
Contact us below and one of our team will be in touch to answer your questions.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Get In Touch With Us

Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.

CISO Cyber Dinner – Register Your Interest!

Thought-provoking cyber security discussion at Michelin-star restaurants across the UK.