Following our discussion on NIST cloud definitions, Office 365, a major SaaS provider has added an additional layer of email security. MTA-STS’s authentication and encryption will help protect users against phishing and man-in-the-middle attacks by standardizing email encryption and reputation. The roll-out of MTA-STS was a partnered initiative with other mail providers like Google. The Snowden email leaks directly impacted this push from Microsoft to roll out MTA-STS. Over 300 million Microsoft customers and 1.5 million mailboxes still use TLS1.0, which remains vulnerable to attacks. MTA-STS seeks to bolster the security of these customers while reducing the impact to legacy systems.
I came across the article that details how many people divulge PII on social media platforms, and how this information can be used by attackers.
Whether it be birthday celebration posts, location information, tagging your friends, there is an abundance of information about ourselves that we willingly put out not knowing about the potential consequences. https://www.infosecurity-magazine.com/news/fake-influencer-hacking-tactics/
Following the case study on the Titan incident, this article puts into perspective what an attack by a (relatively) large cluster looks like and is also an update on the cyber tensions between Russia and Ukraine. Although it is not a high performance computing environment, the latest attack by Russian state-sponsored APT, Gamaredon, was performed by 215 IP addresses. Palo Alto Networks’ threat intelligence team, Unit 42, has discovered much of the infrastructure of this APT, and identified over 100 different malware samples. The latest strategy seems to be uploading malware downloaders with C2 server communications through embedded Microsoft Word documents. The threat group utilized a government job search site to upload “resumes” with the embedded malware downloaders, intending to attack the “unnamed Western government organization.”
According to the survey by Cloudflare, the DDoS attacks are being increased by 29% every year. The DDoS attack has been increased by 175% in between Q3 and Q4 of 2021. One out of every three Cloudflare clients who replied to the survey in December 2021 said they had been subject of a DDoS attack. In Q4 of 2021, the manufacturing industry was targeted the most through an application-layer DDoS attack. There was a new botnet called Meris botnet emerged in Mid-2021. Which was used the most to launch a DDoS attack via an application-layer.
Airline services company Swissport International has been hit by a ransomware attack that has affected its operations. The ransomware attack affected a limited portion of its global IT infrastructure, and a company spokesperson confirmed that the security breach occurred at 6 a.m. Thursday. The system problem at Swissport, the airport’s partner, caused 3 to 20 minutes on 22 flights. a Swissport spokeswoman said the attack is now under control. We are making every effort to resolve the issue and limit the impact on flight operations as soon as possible.
A cyber-attack on a Tennessee community college may have exposed the personal data of students, faculty, and staff. Attackers struck Pelissippi State Community College (PSCC) with ransomware on Dec. 5, 2021. The digital attack shut down online network connections to all five campuses during finals week, disrupting online exams. The college launched an investigation into the cyberattack to assess its impact. On Feb. 1, PSCC began notifying an unknown number of individuals that their sensitive information may have been compromised in the attack. the college added that cyber-criminals may have also been able to access “other personal data in our system.”
“FBI: Watch Out for LockBit 2.0 Ransomware, Here’s How to Reduce the Risk to Your Network.”
As the FBI warns us about the LockBit 2.0 ransomware, they are also warning us to utilize MFA and strong passwords for all admin and high-value accounts. It is mentioned in the article, Microsoft has found that 78% of organizations using Azure Active Directory does not have MFA enabled. If this is keeping an organization safe, why aren’t they using it?
LockBit2.0 targets Windows PCs and Linux servers via bugs in VMWare’s virtual machine.
LockBit’s operators use any method available to compromise a network, as long as it is successful. For example, the operators are buying access to already compromised network from “access brokers,” exploiting unpatched software bugs, and even paying for insider access, as well as using exploits for previously unknown zero-day flaws. Lockbit 2.0 identifies and collects an infected device’s hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices. It then attempts to encrypt the data saved to any local or remote device but skips flies associated with core system functions. Afterwards, it deletes itself from the disk and creates persistence at a startup. The FBI additionally recommends companies segment their networks, investigate any abnormal activity, implement time-based access for accounts set at the admin level and higher, disable command-line and scripting activities and permissions, and maintain offline backups of data.
On February 5th 2022 A lone American computer hacker, P4x, has been disrupting the internet of North Korea, paralyzing the government-run websites. Aside from that, the hacker’s activities brought email traffic to a stop in a bid to avenge an earlier cyber attack by the Communist state against US security researchers. these outages were spearheaded by one American hacker, who goes by the name P4x. Interestingly, he ran several programs to disrupt North Korea’s internet, Much to North Korea’s chagrin, the hacker claims he has discovered a myriad of unpatched vulnerabilities in the country’s systems. Furthermore, he claims that these vulnerabilities played a vital role in enabling him to single handedly launch “denial-of-service” attacks on North Korea’s servers and routers. Some of the country’s internet-connected networks rely heavily on these servers and routers. However, he did not publicly reveal the aforesaid vulnerabilities, which he claims can enable the North Korean government to avoid his attacks.
The author of the article opined that distributed Denial of Service (DDoS) have been with us for many years, but recent attacks are increasing in severity, complexity, and frequency and have therefore become a pivot of concern for businesses and private customers alike. The author went on by saying that many DDoS attacks have been seen to hijack connected devices such as webcams, routers, vacuum robots, etc. to launch their attacks. The number of devices remotely controllable via apps is increasing rapidly and the Internet of Things (IoT) is expected to easily surpass 20 billion connected devices by the end of 2020. One of the associated problems is that several of the connected devices are ill-equipped with an appropriate security measure to fend off any malevolent and improper usage, and therefore seem to be the perfect, unsuspecting resources to be recruited into a botnet. The article further explains that the lack of adequate security features for connected IoT devices is primarily being driven by lack of adequate prioritization because the potential for
disruption has been underestimated in the past, and manufacturing costs and profit potential dictate feature selection. https://www2.deloitte.com/de/de/pages/technology-media-and-telecommunications/articles/cyber-security-prevention-of-ddos-
In late January, a DDoS attack hit the country of Andorra’s only internet provider, causing the internet to shut down for the entire country in hour-long stretches over the next four days. This attack was to prevent over a dozen participants from Andorra in engaging in an online gaming tournament. The tournament offered a $100,000 prize. This was a 5 day tournament and the DDoS attack was launched on the 2nd – 5th days.
This DDoS attack was linked to a known DDoS-for-hire service, indicating the individuals or entity that purchased the service didn’t have DDoS capabilities themselves.
Microsoft Azure’s DDOS team said they saw unprecedented levels of attacks in the second half of 2021, and they believe they were able to stop what would have been the largest DDOS attack in history. The attack was sending 340 million packets per second targeting an Azure customer. Microsoft’s team says they see no signs of these DDOS attacks slowing down if anything they are ramping up. From their data, they are seeing most of the attacks occurring in the gaming industry from July – December.
According to the UK’s National Crime Agency’s National Cyber Crime Unit (NCCU), there was a 107% increase between 2019 and 2020 in reports of students deploying DDoS attacks against school network and websites. This increase in attacks has been attributed to the COVID-19 pandemic, with these students presumably causing disruption to online learning activities. As a result, the National Crime Agency and a group called Schools Broadband have launched a program to educate students researching information on how to conduct these attacks, along with providing resources if a DDoS attack does occur. Instead of reaching an ‘access denied’ page, users will instead see a warning message and suggested redirection to the Cyber Choices, which aims to educate children about the Computer Misuse Act, cyber crime and its consequences.
The article I am choosing to summarize this week discussed the very recent cyberattack on News Corporation, the parent company of the Wall Street Journal and several other large media outlets. After some investigation by Mandiant, which is still ongoing, it was discovered that the attackers had access to some google documents and emails since February of 2020. The specific attack vector has not yet been made public, but what is known is that it was an attack on a third-party related to cloud services that News Corp. uses (I was thinking maybe google, due to the access to google docs and emails). The cloud based system that was breached was the target of persistent threats, which Mandiant believes to have originated in China. Several journalists related to News Corp. were also expelled from China right after this time.
Equifax finalizes data breach settlement with US regulators.
I came across this article dated February 7, 2022, and believe it is a good read. Having been initially aware of the Equifax breach of 2017 that affected more than 147 million US citizens and 15 million British and Canadians, I have always wondered how the issue was resolved based on the magnitude of data loss.
The breach involved compromising names, Social Security numbers, birth dates, addresses, and driver’s license details of more than 10 million individuals. However, the most exciting aspect of the story is that the breach occurred due to compromising an existing and unpatched known vulnerability to break into Equifax’s databases.
Kelly Sharadin says
Following our discussion on NIST cloud definitions, Office 365, a major SaaS provider has added an additional layer of email security. MTA-STS’s authentication and encryption will help protect users against phishing and man-in-the-middle attacks by standardizing email encryption and reputation. The roll-out of MTA-STS was a partnered initiative with other mail providers like Google. The Snowden email leaks directly impacted this push from Microsoft to roll out MTA-STS. Over 300 million Microsoft customers and 1.5 million mailboxes still use TLS1.0, which remains vulnerable to attacks. MTA-STS seeks to bolster the security of these customers while reducing the impact to legacy systems.
https://www.bleepingcomputer.com/news/microsoft/office-365-boosts-email-security-against-mitm-downgrade-attacks/
Andrew Nguyen says
I came across the article that details how many people divulge PII on social media platforms, and how this information can be used by attackers.
Whether it be birthday celebration posts, location information, tagging your friends, there is an abundance of information about ourselves that we willingly put out not knowing about the potential consequences.
https://www.infosecurity-magazine.com/news/fake-influencer-hacking-tactics/
Antonio Cozza says
Following the case study on the Titan incident, this article puts into perspective what an attack by a (relatively) large cluster looks like and is also an update on the cyber tensions between Russia and Ukraine. Although it is not a high performance computing environment, the latest attack by Russian state-sponsored APT, Gamaredon, was performed by 215 IP addresses. Palo Alto Networks’ threat intelligence team, Unit 42, has discovered much of the infrastructure of this APT, and identified over 100 different malware samples. The latest strategy seems to be uploading malware downloaders with C2 server communications through embedded Microsoft Word documents. The threat group utilized a government job search site to upload “resumes” with the embedded malware downloaders, intending to attack the “unnamed Western government organization.”
https://thehackernews.com/2022/02/russian-gamaredon-hackers-targeted.html
Vraj Patel says
According to the survey by Cloudflare, the DDoS attacks are being increased by 29% every year. The DDoS attack has been increased by 175% in between Q3 and Q4 of 2021. One out of every three Cloudflare clients who replied to the survey in December 2021 said they had been subject of a DDoS attack. In Q4 of 2021, the manufacturing industry was targeted the most through an application-layer DDoS attack. There was a new botnet called Meris botnet emerged in Mid-2021. Which was used the most to launch a DDoS attack via an application-layer.
Reference:
https://portswigger.net/daily-swig/report-ddos-attacks-increasing-year-on-year-as-cybercriminals-demand-extortionate-payouts
zijian ou says
Airline services company Swissport International has been hit by a ransomware attack that has affected its operations. The ransomware attack affected a limited portion of its global IT infrastructure, and a company spokesperson confirmed that the security breach occurred at 6 a.m. Thursday. The system problem at Swissport, the airport’s partner, caused 3 to 20 minutes on 22 flights. a Swissport spokeswoman said the attack is now under control. We are making every effort to resolve the issue and limit the impact on flight operations as soon as possible.
https://securityaffairs.co/wordpress/127655/cyber-crime/swissport-international-ransomware-attack.html?web_view=true
Dan Xu says
A cyber-attack on a Tennessee community college may have exposed the personal data of students, faculty, and staff. Attackers struck Pelissippi State Community College (PSCC) with ransomware on Dec. 5, 2021. The digital attack shut down online network connections to all five campuses during finals week, disrupting online exams. The college launched an investigation into the cyberattack to assess its impact. On Feb. 1, PSCC began notifying an unknown number of individuals that their sensitive information may have been compromised in the attack. the college added that cyber-criminals may have also been able to access “other personal data in our system.”
https://www.infosecurity-magazine.com/news/tennessee-college-hit-ransomware/
Victoria Zak says
“FBI: Watch Out for LockBit 2.0 Ransomware, Here’s How to Reduce the Risk to Your Network.”
As the FBI warns us about the LockBit 2.0 ransomware, they are also warning us to utilize MFA and strong passwords for all admin and high-value accounts. It is mentioned in the article, Microsoft has found that 78% of organizations using Azure Active Directory does not have MFA enabled. If this is keeping an organization safe, why aren’t they using it?
LockBit2.0 targets Windows PCs and Linux servers via bugs in VMWare’s virtual machine.
LockBit’s operators use any method available to compromise a network, as long as it is successful. For example, the operators are buying access to already compromised network from “access brokers,” exploiting unpatched software bugs, and even paying for insider access, as well as using exploits for previously unknown zero-day flaws. Lockbit 2.0 identifies and collects an infected device’s hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices. It then attempts to encrypt the data saved to any local or remote device but skips flies associated with core system functions. Afterwards, it deletes itself from the disk and creates persistence at a startup. The FBI additionally recommends companies segment their networks, investigate any abnormal activity, implement time-based access for accounts set at the admin level and higher, disable command-line and scripting activities and permissions, and maintain offline backups of data.
Reference:
https://www.zdnet.com/article/fbi-watch-out-for-lockbit-2-0-ransomware-heres-how-to-reduce-the-risk-to-your-network/
Kyuande Johnson says
On February 5th 2022 A lone American computer hacker, P4x, has been disrupting the internet of North Korea, paralyzing the government-run websites. Aside from that, the hacker’s activities brought email traffic to a stop in a bid to avenge an earlier cyber attack by the Communist state against US security researchers. these outages were spearheaded by one American hacker, who goes by the name P4x. Interestingly, he ran several programs to disrupt North Korea’s internet, Much to North Korea’s chagrin, the hacker claims he has discovered a myriad of unpatched vulnerabilities in the country’s systems. Furthermore, he claims that these vulnerabilities played a vital role in enabling him to single handedly launch “denial-of-service” attacks on North Korea’s servers and routers. Some of the country’s internet-connected networks rely heavily on these servers and routers. However, he did not publicly reveal the aforesaid vulnerabilities, which he claims can enable the North Korean government to avoid his attacks.
https://www.independent.co.uk/tech/p4x-american-hacker-internet-north-korea-b2008744.html
kofi bonsu says
The author of the article opined that distributed Denial of Service (DDoS) have been with us for many years, but recent attacks are increasing in severity, complexity, and frequency and have therefore become a pivot of concern for businesses and private customers alike. The author went on by saying that many DDoS attacks have been seen to hijack connected devices such as webcams, routers, vacuum robots, etc. to launch their attacks. The number of devices remotely controllable via apps is increasing rapidly and the Internet of Things (IoT) is expected to easily surpass 20 billion connected devices by the end of 2020. One of the associated problems is that several of the connected devices are ill-equipped with an appropriate security measure to fend off any malevolent and improper usage, and therefore seem to be the perfect, unsuspecting resources to be recruited into a botnet. The article further explains that the lack of adequate security features for connected IoT devices is primarily being driven by lack of adequate prioritization because the potential for
disruption has been underestimated in the past, and manufacturing costs and profit potential dictate feature selection.
https://www2.deloitte.com/de/de/pages/technology-media-and-telecommunications/articles/cyber-security-prevention-of-ddos-
Madalyn Stiverson says
In late January, a DDoS attack hit the country of Andorra’s only internet provider, causing the internet to shut down for the entire country in hour-long stretches over the next four days. This attack was to prevent over a dozen participants from Andorra in engaging in an online gaming tournament. The tournament offered a $100,000 prize. This was a 5 day tournament and the DDoS attack was launched on the 2nd – 5th days.
This DDoS attack was linked to a known DDoS-for-hire service, indicating the individuals or entity that purchased the service didn’t have DDoS capabilities themselves.
https://therecord.media/ddos-attacks-on-andorras-internet-linked-to-squid-game-minecraft-tournament/
Dhaval Patel says
Microsoft Azure’s DDOS team said they saw unprecedented levels of attacks in the second half of 2021, and they believe they were able to stop what would have been the largest DDOS attack in history. The attack was sending 340 million packets per second targeting an Azure customer. Microsoft’s team says they see no signs of these DDOS attacks slowing down if anything they are ramping up. From their data, they are seeing most of the attacks occurring in the gaming industry from July – December.
https://www.channelfutures.com/mssp-insider/microsoft-ddos-attacks-reach-unprecedented-levels-in-2021s-second-half
Patrick Jurgelewicz says
According to the UK’s National Crime Agency’s National Cyber Crime Unit (NCCU), there was a 107% increase between 2019 and 2020 in reports of students deploying DDoS attacks against school network and websites. This increase in attacks has been attributed to the COVID-19 pandemic, with these students presumably causing disruption to online learning activities. As a result, the National Crime Agency and a group called Schools Broadband have launched a program to educate students researching information on how to conduct these attacks, along with providing resources if a DDoS attack does occur. Instead of reaching an ‘access denied’ page, users will instead see a warning message and suggested redirection to the Cyber Choices, which aims to educate children about the Computer Misuse Act, cyber crime and its consequences.
https://www.nationalcrimeagency.gov.uk/news/rise-in-school-cyber-crime-attacks-sparks-nca-education-drive
Michael Jordan says
The article I am choosing to summarize this week discussed the very recent cyberattack on News Corporation, the parent company of the Wall Street Journal and several other large media outlets. After some investigation by Mandiant, which is still ongoing, it was discovered that the attackers had access to some google documents and emails since February of 2020. The specific attack vector has not yet been made public, but what is known is that it was an attack on a third-party related to cloud services that News Corp. uses (I was thinking maybe google, due to the access to google docs and emails). The cloud based system that was breached was the target of persistent threats, which Mandiant believes to have originated in China. Several journalists related to News Corp. were also expelled from China right after this time.
Uberti, D. (2022, February 5). Hackers Targeted News Corp’s Tech Suppliers. Wall Street Journal. Retrieved from https://www.wsj.com/articles/news-corp-hackers-gained-access-through-tech-supplier-11644017070?tpl=cs
Olayinka Lucas says
Equifax finalizes data breach settlement with US regulators.
I came across this article dated February 7, 2022, and believe it is a good read. Having been initially aware of the Equifax breach of 2017 that affected more than 147 million US citizens and 15 million British and Canadians, I have always wondered how the issue was resolved based on the magnitude of data loss.
The breach involved compromising names, Social Security numbers, birth dates, addresses, and driver’s license details of more than 10 million individuals. However, the most exciting aspect of the story is that the breach occurred due to compromising an existing and unpatched known vulnerability to break into Equifax’s databases.
Source:
https://portswigger.net/daily-swig/equifax-finalizes-data-breach-settlement-with-us-regulators