Cloudflare repels another record DDoS
Cloudflare mitigated a Distributed Denial-of-Service attack with a record peak traffic of 26 million requests per second. This attack proved 51% larger than its previous record set back in August. What makes this attack unique is its scale. Usually huge DDoS attacks use up to hundreds of thousands of low-power IoT devices. However this attack originated from seemingly hijacked servers of Cloud Service Providers, using a smaller botnet of just over 5000 devices. The DDoS attack targeted a customer of Cloudflare’s Free tier.
Africa’s largest supermarket chain hit with ransomware
Last week, Shoprite informed customers in Eswatini, Namibia, and Zambia that personal information may have been exposed in a cyber attack. The chain operates almost three thousands stores across twelve countries in Africa, with 149,000 workers. Shoprite maintains the attack exposed no financial information. This week, the ransomware gang RansomHouse took credit for the attack, posting a 600GB data dump sample to prove intent. RansomHouse said Shoprite kept customer data in plain text, making exfiltration even easier. The group typically attempts to sell stolen data to other cyber criminals if a ransom isn’t paid. If no one pays for it, they publish it for free. Shoprite does not appear to have operations impacted as a result of the attack.
Resurgence in travel not ignored by threat actors
The security firm Intel 471 notes that cybercrime groups and forums increasingly are targeting personally identifiable information tied to travel-related websites, as travel habits begin to return to pre-pandemic norms. Researchers found groups using travel-related information to carry out travel fraud schemes. They also found groups targeting individuals based on accrued travel rewards with targeted phishing. Intel 471 also notes that while much of this activity is targeted around phishing and fraud, ransomware-as-a-service have also recently posed threats to regional airlines just as travel is seeing an uptick, with the Indian airline SpiceJet and an unnamed Thai airline recently hit.
Microsoft send IE to a farm upstate
Microsoft ended support for one of the ur-security vulnerabilities, Internet Explorer, on June 15th, for most remaining versions of Windows that supported it. IE on the desktop is now disabled and replaced with Microsoft Edge. However, for those looking for some wreckless browser thrills, Windows 7 Extended Support, Windows 8.1 and all versions of Windows 10 Long Term Service Client, IoT and Server will continue to make Internet Explorer available for the time being. IE 11 will continue to get security patches for those platforms, as some legacy software likely will keep using it for some time.
Thanks to today’s episode sponsor, Datadog
Hacking campaign hits India
A new advisory from the security firm Radware notes that the hacktivist group DragonForce Malaysia kicked off OpsPatuk, a campaign of indiscriminate denial-of-service attacks against websites in India. On June 10th, DragonForce announced the campaign, citing a controversial remark regarding the Prophet Mohammed by a Hindu nationalist politician. Other hacktivist groups appear to have joined the campaign, resulting in defaced websites. The group also claims to have breached “government agencies, financial institutions, universities, service providers, and several other Indian databases.”
Report looks at the state of Google Play malware
Security researchers at Dr. Web released the report. They found that adware and data-stealing trojans were the most prominent Android threats in May 2022. The researchers discovered five relatively popular malicious apps still on the Play Store, amassing over two million downloads. The most popular was a camera and photo editing app. Bleeping Computer contacted Google about the apps to verify if they had been resubmitted without malicious code. A survey of recent user reviews shows this likely hasn’t occurred yet. This comes as researchers at Cyble also recently found the Hydra banking trojan on the Google Play Store. It’s unclear how the apps got past Google’s security screenings.
Senators propose Health and Location Protection Act
Senator Elizabeth Warren announced the bill, which would bar “data brokers from selling or transferring location data and health data ” and in its current form presents very few exemptions or limitations. The bill would allow the FTC, attorneys general, and individuals to sue data brokers that violated the law. It’s unclear what path the bill has to become law, as it currently lacks bipartisan support.
New exploits hits CPUs where it hertz
Researchers at the University of Texas at Austin, the University of Washington, and University of Illinois Urbana-Champaign identified a new side-channel CPU attack called Hertzbleed. This analyzes a CPU’s dynamic frequency scaling to determine execution time differences, letting an attacker target cryptographic software and obtain keys. Both AMD and Intel published security advisories on the issue, providing guidance on how to harden cryptographic libraries against exploitation, although no mitigations. Arm did not issue guidance and it’s unclear how widely its CPU designs are impacted. Potential hardware workarounds would likely impact performance.