2025-12-12 Session hijacking is stealing an active session ID after login (often via XSS/malware) to impersonate a user. Session fixation is tricking a user into authenticating with a predetermined session ID. Both are risks from poor session management. Regenerating session IDs after login is key to prevention.
Continue reading2025-12-05 Ransomware attacks surged 47% through Q3 2025, reaching 6,330 cases. The US, SMBs, and the manufacturing sector remain the top targets. This rise is fueled by Ransomware-as-a-Service (RaaS) and led by groups like Qilin, emphasizing the need for stronger employee training and data backup.
Continue reading
This article provides an overview of dark web browsers, explaining what they are and why they are used. It clarifies the distinction between the “dark web” and the “deep web,” and describes how these specialized browsers enable users to access a hidden part of the internet with enhanced privacy and anonymity.
A dark web browser is a specific type of web browser designed to navigate the dark web. It provides anonymity by routing internet traffic through a series of random relays, or “nodes,” which hides a user’s IP address and location. The most well-known example of this is the Tor Browser, which stands for “The Onion Router.” The name “onion router” comes from the layered encryption process, where each layer of a user’s connection is peeled back like an onion as it passes through different nodes.
It is a common misconception that the dark web and the deep web are the same. The article clarifies this distinction:
The article highlights a few of the most popular dark web browsers:
For organizations, monitoring the dark web is a critical component of a proactive threat intelligence strategy. It allows security teams to identify if their company’s data, such as credentials or sensitive information, is being sold or discussed on illicit forums. Threat intelligence platforms, like NordStellar, can help automate this process, providing alerts and insights to protect against potential breaches.
NordStellar is a threat exposure management platform that enables enterprises to detect and respond to network threats before they escalate. As a platform and API provider, NordStellar can provide insight into threat actors’ activities and their handling of compromised data. Designed by Nord Security, the company renowned for its globally acclaimed digital privacy tool NordVPN.
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
研究:2025 上半年勒索軟件攻擊飆升 49%
2025 年上半年,勒索軟件攻擊出現了驚人的 49% 增長,網絡犯罪分子日益將美國企業和中小企業作為目標。我們的最新研究顯示,在 2025 年 1 月至 6 月期間,勒索軟件集團在暗網上揭露了 4,198 宗案件 —— 與 2024 年同期記錄的 2,809 宗相比,增幅巨大。
那麼,是什麼力量在推動這一驚人趨勢?誰是主要目標?企業又該如何防禦?
為何突然激增?勒索軟件攻擊熱潮的幕後推手
勒索軟件的獲利能力和有效性助長了網絡犯罪分子的氣焰,使其加大了攻擊力度。NordStellar 的網絡安全專家 Vakaris Noreika 指出了導致此增長的三個關鍵因素:
「導致勒索軟件攻擊增長的因素包括『勒索軟件即服務』(RaaS)的興起、遠端或混合工作模式擴大了攻擊面,以及經濟不確定性可能促使更多人轉向網絡犯罪以尋求非法收入。」
讓我們深入分析這些驅動因素:
在典型的現代攻擊中,犯罪分子不僅僅是加密文件;他們會竊取敏感資料,並威脅如果未支付贖金就將其公佈,從而增加公眾壓力。即使支付了贖金,也無法保證攻擊者會提供解密金鑰,他們甚至可能要求第二次付款,使受害者蒙受嚴重的財務、聲譽和法律損害。
2025 年第二季度的主要攻擊目標
我們對 2025 年 4 月至 6 月期間的 1,758 宗勒索軟件事件進行分析,揭示了清晰的攻擊目標模式。
美國仍是主要攻擊目標
在可追溯到特定國家的案件中,美國企業受創最重,佔所有攻擊的 49%(596 宗事件)。德國以 84 宗位居第二,其後是加拿大(74 宗)和英國(40 宗)。美國之所以成為主要目標,是因為其擁有大量高利潤企業,攻擊者認為這些企業更有可能支付贖金以避免聲譽損害和營運中斷。
製造業深陷困境
製造業是受影響最嚴重的行業,共錄得 229 宗案件。其次是建築業(97 宗)和資訊科技業(88 宗)。製造業公司通常很脆弱,因為他們難以在地理位置分散的據點間集中實施安全措施,並且經常依賴過時、未修補的操作技術系統。
中小企業:最脆弱的目標
中小型企業是主要的受害者。擁有 51-200 名員工、營收在 500 萬至 2,500 萬美元之間的企業遭受的攻擊最多。
Noreika 指出:「受害者輪廓與 2025 年第一季度的數據相符,中小企業和製造業公司仍然是主要目標。這是一個值得嚴重關切的問題,因為不法分子持續成功地利用了可預防的安全漏洞。」
與製造業公司類似,中小企業由於預算有限,通常缺乏全面的網絡安全措施並可能依賴第三方 IT 供應商,使其面臨更大的風險。
誰是這些攻擊的幕後黑手?
勒索軟件領域由少數幾個以 RaaS 模式運作的高度活躍團體主導。
建立能抵禦勒索軟件的企業
隨著勒索軟件攻擊的持續,制定積極的防禦策略至關重要。
Noreika 建議:「除了提升網絡安全意識,公司還應建立全面的網絡安全策略,以便在威脅升級前偵測到它們。這包括實施端點保護、監控暗網以防範潛在的資料外洩,並密切關注公司攻擊面上未修補的安全漏洞。」
關鍵的防禦措施包括:
關於研究方法
我們持續監控超過 200 個由勒索軟件集團運營的暗網部落格,以收集有關受害企業的數據。一旦確定一家公司,我們會使用公開的商業數據源來收集其行業、規模和地點等公司統計資訊。攻擊總數是準確的,但由於在可獲得完整公司統計數據的樣本較小,各分類細項中的數字可能略高。
NordStellar 是一款威脅暴露管理平台,讓企業能在威脅升級前檢測並應對網絡威脅。作為平台和API 提供,NordStellar可洞察威脅行為者的活動及其對受損數據的處置方式。NordStellar 由Nord Security 設計,該公司以其全球知名的數碼私隱工具 NordVPN 而聞名。
Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區,客戶來自各行各業,包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。
Summary: Omnisend, a leading provider of marketing automation technology, now leverages NordStellar to proactively monitor and mitigate external threats before they escalate.
As a provider of a marketing automation platform used by over 150,000 online stores worldwide, Omnisend must stay ahead of cyber threats at all times. To achieve this, the company relies on solutions like NordStellar.
Industry: Marketing technology
Challenge: Limited visibility into external cyber threats and dark web exposure
Solution: NordStellar threat exposure management platform
Results:
Omnisend provides a cutting-edge marketing automation platform for e-commerce brands, dedicated primarily to email and SMS marketing. The company’s solution is used by over 150,000 online shops worldwide. In 2022, Omnisend was ranked #77 in the Financial Times ranking of Europe’s 1000 fastest-growing companies, and earned the #44 spot in the Deloitte UKFast50 for the third consecutive year.
While Omnisend already had several protective measures in place to ensure strong protection of its data and infrastructure, some threats remained under the radar. This was due to the company’s limited visibility into areas such as the dark web. As a result, Omnisend didn’t have the means to monitor leaked company credentials or data compromised by malware.
The company decided to address this after its team attended a live demo of NordStellar, where the platform was used to assess their threat exposure using actual company data. The results were eye-opening. Once they saw what kind of information NordStellar was able to uncover about their business on the dark web, they decided to take appropriate action. In their own words: “Like any professional security team with high standards, we couldn’t just walk away from such findings.”
Shortly after the demo, Omnisend decided to move forward with the NordStellar platform. The decision was based on three factors:
The company was most impressed with NordStellar’s ability to detect leaks involving employee credentials, a threat vector that often goes unnoticed. Omnisend also praised the platform for providing clear, practical feedback that the team could act on right away, rather than just basic notifications.
To gain insights into external threats targeting the company, Omnisend is making full use of all NordStellar’s features, including:
NordStellar delivers findings that include risk levels and contextual information about security events to help Omnisend better understand the specific circumstances surrounding each incident. As a result, it significantly improves the company’s cybersecurity posture and threat response.
The findings provided by NordStellar help Omnisend’s security team prioritize their tasks and dedicate more attention to other urgent issues. As Žygimantas Stauga, Director of Information Security at Omnisend, said, “There is always an issue to address, but resources are limited. That’s why it’s crucial to prioritize tasks when planning security activities. Insights from NordStellar help us do exactly that.”
NordStellar has also helped the company uncover the root cause of a past security incident. Although the issue had already been handled, the team wasn’t sure exactly what had caused it. Thanks to NordStellar, they discovered it was malware. This revelation had a big impact on the company’s processes and led to important changes in its threat response strategy.
Today, instead of guessing if there’s any trouble, NordStellar immediately notifies Omnisend whenever external threats require their attention. With this information, the company can mitigate risks before they escalate.
“NordStellar is the missing puzzle piece in most organizations’ cybersecurity, catching threats that slip past other defenses.”
Žygimantas Stauga, Director of Information Security at Omnisend
Curious what hackers might know about your business? See NordStellar in action—book a demo with us and learn about the risks you’re probably unaware of.
NordStellar is a threat exposure management platform that enables enterprises to detect and respond to network threats before they escalate. As a platform and API provider, NordStellar can provide insight into threat actors’ activities and their handling of compromised data. Designed by Nord Security, the company renowned for its globally acclaimed digital privacy tool NordVPN.
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
Click one of our contacts below to chat on WhatsApp
