Global security spending set to hit $198bn by 2025
According to a report from GlobalData, worldwide cybersecurity spending will grow by nearly 58% over the next few years to $198bn by 2025. The reasons for the climb include increased geopolitical uncertainty and knock-on effects from the COVID-19 pandemic, which have created an uneven playing field which favors threat actors. The report suggests software spending will be greatest over this period, followed by services and then hardware. Other issues that will see increased spending include the hybrid workplace, ransomware, mitigating supply chain risk and adopting zero trust approaches.
New malware loader Bumblebee adopted by known ransomware access brokers
This new first-stage malware loader is being used by threat groups who are believed to be initial access facilitators for larger ransomware gangs. Bumblebee deploys known penetration testing implants like Cobalt Strike, Sliver and Meterpreter. Researchers at Proofpoint state, “Bumblebee is a sophisticated downloader containing anti-virtualization checks and a unique implementation of common downloader capabilities. The increase of Bumblebee in the threat landscape coincides with BazaLoader — a popular payload that facilitates follow-on compromises — disappearing recently from Proofpoint threat data.”
Cloudflare thwarts record DDoS attack
The attack peaked at 15.3 million requests per second (RPS), which Cloudflare called it “one of the largest HTTPS DDoS attacks on record.” This volumetric DDoS attack lasted less than 15 seconds and “targeted an unnamed Cloudflare customer operating a crypto launchpad.” Cloudflare said it was launched through a botnet consisting of roughly 6,000 unique compromised devices, “with 15% of the attack traffic emanating from Indonesia, followed by Russia, Brazil, India, Colombia, and the U.S.”
French fiber optic cable attacks accentuate critical infrastructure vulnerabilities
According to Cyberscoop, “a day after what French telecom companies are calling a large-scale coordinated attack which destroyed a large number of fiber optic cables powering the French internet, authorities there are investigating the attacks as a criminal act. The incident, which occurred on Wednesday, disrupted Internet service throughout France, and” those responsible seem to have known how to do as much damage as possible.” Their report quotes a technician, speaking to the news outlet Le Parisien, who said the cables had been cut on both sides to complicate the repairs. “The immediate need is to “re-solder tens of thousands of small, fiber-optic cables.”
Thanks to our episode sponsor, Feroot
BreastCancer.org suffers data breach
According to the research team at SafetyDetectives, Breastcancer.org, a world-renowned breast cancer charity, has suffered a data exposure affecting users of the organization’s website. “The SafetyDetectives cybersecurity team found an Amazon S3 bucket owned by Breastcancer.org that was misconfigured, left publicly available without any authentication controls in place.” This consequently exposed hundreds of thousands of files containing sensitive images belonging to the website’s users. “In particular, a portion of these images contained detailed EXIF data, which could potentially be used to locate and harass users.” The report can be located at SafetyDetectives.com.
Attacker breached ‘dozens’ of GitHub repos using stolen OAuth tokens
Following up on a story we brought you last week, GitHub has revealed further details regarding an incident that occurred last week in which hackers using stolen OAuth tokens downloaded data from private repositories. “We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in their original, usable formats,” said Mike Hanley, chief security officer, GitHub. “GitHub analysis of the incident include that the attackers authenticated to the GitHub API using the stolen OAuth tokens issued to accounts Heroku and Travis CI.”
Onyx ransomware destroys files instead of encrypting them
According to MalwareHunterTeam, “a new Onyx ransomware operation is destroying files larger than 2MB instead of encrypting them, preventing those files from being decrypted even if a ransom is paid.” The threat actors involved do still remember to steal data from a network before encrypting devices. “This data is then used in double-extortion schemes where they threaten to publicly release the data if a ransom is not paid.” According to BleepingComputer, “since this is just randomly created data and not encrypted, there is no way to decrypt files larger than 2MB in size.” According to Jiří Vinopal, a forensic analyst at the Czech Republic CERT, “this ransomware is the based on Chaos ransomware, which includes the same damaging encryption routine.”
Elon Musk wants Twitter DMs to be end-to-end encrypted like Signal
The statement comes days after the Twitter officially announced that it had entered into an agreement to be acquired by an entity wholly owned by Elon Musk. The transaction is valued at approximately US$ 44 billion, or US$ 54.20 per share in cash, and is expected to be done over the next six months, this see it becoming a privately held company. Musk has also laid out other goals including, “making the algorithms open-source to increase trust, defeating spam bots, and authenticating all humans.”