Table of Contents
It’s time for a cybersecurity news roundup! We’ve had two major ransomware attacks in the last few weeks (Petya and WannaCry), a lot of new research on existing cyber threats (like KRACK), and some major changes in the top dogs of security programs. All this and more below:
Cloudflare still managing DDoS attacks
This week’s cybersecurity news focuses on threats such as the DDoS attack handled by Cloudflare, which was able to handle approximately 400 Gbps of traffic while also preventing legitimate website requests from reaching other web servers in Europe.
A #DDoS attack of 4.20k rps on my website https://t.co/MOUR6cFYhM was automatically mitigated by Cloudflare.
— VoxVM (@voxvmglobal) January 27, 2022
Thank you @Cloudflare!
More recently, an unprecedented cyberattack took place against Dyn Inc, one of the largest internet management companies that provides domain name services to companies such as Twitter, Amazon, iTunes, and Reddit for much of Friday’s regular business.
Criminals exploited a known bug to inject malicious code into the platform, allowing them to launch an attack against Dyn, demonstrating how vulnerabilities continue to be exploited in cyberspace.
Security professionals and those familiar with such attacks were skeptical because the DDoS was reported to be massive at around 1Tbps per second; anything larger would have likely crippled the internet infrastructure globally. Law enforcement agencies raided a major criminal operation that managed CryptoWall 3.0, one of the most prevalent ransomware threats available right now, which is good news in the fight against ransomware.
Despite the fact that hackers continue to outperform anti-virus software and other solutions, security researchers are trying to develop a ransomware tool to disrupt CryptoWall 3.0 extortion attacks.
Google accused of sharing location data yet again
Google is facing a new wave of lawsuits after a slew of users filed complaints with state attorney generals across the country, alleging that they were misled about how Google shared their location data.
The lawsuits bring the total number of cases against Google to six. The fresh accusations claim that Google is violating users’ privacy rights by tracking their locations even when they have location services turned off, and of failing to provide “sufficient” disclosure about how it collects their data.
“Google’s representations were material to consumers because Google sold advertising services based on its knowledge of each individual consumer’s online activities,” according to a complaint filed this week in federal court in Washington, DC.
JUST IN: we won a major victory against Google.
— Mark Brnovich (@GeneralBrnovich) January 25, 2022
We appreciate the judge’s ruling, allowing our lawsuit against Google to move forward to trial.
For too long the company has used deceptive practices to obtain users’ location data to help fund its lucrative advertising business. pic.twitter.com/mWKEtyM2BG
Ukraine’s rail system hacked to stop Russian troops
Hackers in Belarus said on Monday that they had infected the country’s state-run railroad system’s network with ransomware and would provide the decryption key only if Belarus President Alexander Lukashenko announced to stop assisting Russian troops ahead of the possible invasion of Ukraine.
CyberBerkut, CyberHunta, and FalconsFlame are hacktivists who identify as militant nationalists. They are all pro-Ukrainian hacktivists from Ukraine. The first two groups primarily attack Russian government websites, while the third group attacks both Russian and Western organizations. All three organizations are pro-Ukraine and strongly oppose Russia.
To stop the invasion, the hacktivists considered shutting down the rail system. They were concerned, however, that more soldiers would be sent in to replace those who had died. They decided against shutting down the rail system because they believed it was necessary for Russian soldiers to move around quickly.
The attack on the railway network was significant, but not severe enough to completely halt all trains. Despite the fact that it delayed some shipments of supplies and troops, the train cars were still able to move despite the fact that the network had been hacked.
Cyber-Partisans announced the attack on Twitter:
We were challenged by the media to provide more proofs for hacking the Belarus Railway. For some internal assets and docs – read below
— Belarusian Cyber-Partisans (@cpartisans) January 25, 2022
However, it’s critical not to undermine this situation. The hacktivists are capable of far greater consequences, but they do not want to risk retaliation by going too far. There have been reports that CyberBerkut targeted NATO websites following Russia’s airstrikes on the Syrian city of Homs, but nothing has been confirmed.
Malicious ISO embedded in an HTML page
A malicious ISO was discovered embedded in an HTML Page. The attack’s target was Ukraine, where the same attackers also hacked government-issued computer systems.
Security researchers have confirmed that some of the malware used is the same as that used on the computer systems of some Ukrainian power companies in December 2016, indicating that the same attackers are behind both attacks.
The goal of this attack is to cause power outages by corrupting the firmware of SCADA (Supervisory Control and Data Acquisition) devices, which are used to control various types of industrial equipment.
Because the GreyEnergy malware has been exclusively used in attacks against critical infrastructure organizations worldwide since 2014-2015, it is believed that this attack was carried out by Russian state-sponsored hackers.
Companies must ensure that their SCADA devices are not connected to the internet or directly accessible from the internet in order to prevent computer systems from being hacked by this attack. They must also be vigilant in applying official patches and updates to their SCADA devices as soon as possible, as this malware typically targets unpatched vulnerabilities in these devices.
Sameed Ajax
June 20, 2023
10 months ago
