Global security spending set to hit $198bn by 2025
Worldwide cybersecurity spending is set to grow by nearly 58% over the next few years to reach $198bn by 2025, according to GlobalData.The market analyst claimed that increased geopolitical uncertainty, combined with the COVID-19 pandemic, has created an uneven playing field in favor of threat actors. Spending on software will be greatest over the period, followed by services and then hardware. Securing the new hybrid workplace, tackling the persistent ransomware challenge, mitigating supply chain risk and adopting zero trust approaches will all drive growth in spending from the $125.5bn recorded in 2020, the report claimed.
New malware loader Bumblebee adopted by known ransomware access brokers
Several threat groups believed to be initial access facilitators for some ransomware gangs are transitioning to a new first-stage malware downloader dubbed Bumblebee. The malware is used to deploy known penetration testing implants such as Cobalt Strike, Sliver and Meterpreter. Researchers at Proofpoint state, “Bumblebee is a sophisticated downloader containing anti-virtualization checks and a unique implementation of common downloader capabilities. The increase of Bumblebee in the threat landscape coincides with BazaLoader — a popular payload that facilitates follow-on compromises — disappearing recently from Proofpoint threat data.”
Cloudflare thwarts record DDoS attack
Cloudflare on Wednesday disclosed that it acted to mitigate a DDoS attack that peaked at 15.3 million requests per second (RPS). The company called it one of the “largest HTTPS DDoS attacks on record.” The volumetric DDoS attack is said to have lasted less than 15 seconds and targeted an unnamed Cloudflare customer operating a crypto launchpad. Cloudflare said the latest attack was launched from a botnet consisting of roughly 6,000 unique compromised devices, with 15% of the attack traffic emanating from Indonesia, followed by Russia, Brazil, India, Colombia, and the U.S.
French fiber optic cable attacks accentuate critical infrastructure vulnerabilities
A day after what French telecom companies are calling a large-scale coordinated attack which destroyed a large number of fiber optic cables powering the French internet, authorities there are investigating the attacks as a criminal act. The Wednesday incident disrupted Internet service throughout France, and those responsible seem to have known how to do as much damage as possible. “The cables were cut on both sides to complicate the repairs,” an ‘operator’ told newspaper Le Parisien. “The urgency is to re-solder everything, this represents tens of thousands of small, fiber-optic cables.”
Thanks to our episode sponsor, Feroot
BreastCancer.org suffers data breach
According to the research team at SafetyDetectives, Breastcancer.org, a world-renowned breast cancer charity, has suffered a data exposure affecting users of the organization’s website. The SafetyDetectives cybersecurity team found an Amazon S3 bucket owned by Breastcancer.org that was misconfigured, left publicly available without any authentication controls in place. Breastcancer.org’s misconfigured bucket has therefore exposed hundreds of thousands of files containing sensitive images belonging to the website’s users. In particular, a portion of these images contained detailed EXIF data, which could potentially be used to locate and harass users. The report can be located at SafetyDetectives.com.
Attacker breached ‘dozens’ of GitHub repos using stolen OAuth tokens
Following up on a story we brought you last week, GitHub revealed details tied to last week’s incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. “We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in their original, usable formats,” said Mike Hanley, chief security officer, GitHub. GitHub analysis of the incident include that the attackers authenticated to the GitHub API using the stolen OAuth tokens issued to accounts Heroku and Travis CI.
Onyx ransomware destroys files instead of encrypting them
A new Onyx ransomware operation is destroying files larger than 2MB instead of encrypting them, preventing those files from being decrypted even if a ransom is paid. According to MalwareHunterTeam Onyx threat actors steal data from a network before encrypting devices. This data is then used in double-extortion schemes where they threaten to publicly release the data if a ransom is not paid. As this is just randomly created data and not encrypted, there is no way to decrypt files larger than 2MB in size. According to Jiří Vinopal, a forensic analyst at the Czech Republic CERT, this ransomware is the based on Chaos ransomware, which includes the same damaging encryption routine.
Elon Musk wants Twitter DMs to be end-to-end encrypted like Signal
The statement comes days after the microblogging service announced it officially entered into an agreement to be acquired by an entity wholly owned by Elon Musk, with the transaction valued at approximately US$ 44 billion, or US$ 54.20 per share in cash. The deal, which is expected to be closed over the next six months, will see it becoming a privately held company. Musk has also laid out other goals including, “making the algorithms open-source to increase trust, defeating spam bots, and authenticating all humans.”