US Treasury thwarts DDoS attack from Russian Killnet group
Killnet is a pro-Kremlin group that claimed responsibility for taking more than a dozen US airports’ websites offline on October 10 through similar network-traffic flooding incidents. The large-scale airport DDoS attack did not disrupt air travel or cause operational harm to the airports, but the following day, the group claimed to have attacked JPMorgan Chase. According to Reuters, the Killnet DDoS flood on the Treasury did not have any operational impact on the agency.Â
British government scanning all Internet devices hosted in UK
The National Cyber Security Centre, NCSC, which is the UK government’s chief cyber security agency, says it is “now scanning all Internet-exposed devices hosted in the UK for vulnerabilities.” This is being done to “assess [the] UK’s vulnerability to cyber-attacks and to help the owners of Internet-connected systems understand their security posture.” The agency is using tools hosted in a dedicated cloud-hosted environment. They state that “if any sensitive or personal data is inadvertently collected, it will take steps to remove the data and prevent it from being captured again in the future.” The agency announcement adds that British organizations can opt out of having their servers scanned by the government by emailing a list of IP addresses they want to be excluded at scanning@ncsc.gov.uk.
Denmark trains halted by cyberattack
Danish train operator DSB said on Thursday that the breakdown of the country’s network over the weekend of October 30 “was the result of a hacker attack on an IT subcontractor’s software testing environment.” In response, the DSB prompted subcontractor Supeo to shut down its servers, which in turn “affected locomotive drivers’ ability to operate the trains for several hours on Saturday,” according to Danish media.
(Reuters)
Microsoft sued for open-source piracy through GitHub Copilot
Matthew Butterick, a programmer and lawyer, has sued Microsoft, GitHub, and OpenAI, “alleging that GitHub’s Copilot violates the terms of open-source licenses and infringes on the rights of programmers.” According to Bleeping Computer, “GitHub Copilot is an AI-based programming aid that uses OpenAI Codex to generate real-time source code and function recommendations in Visual Studio.” It was trained with machine learning using billions of lines of code from public repositories and is able to transform natural language into code snippets across dozens of programming languages. Bleeping Computer adds, “while Copilot can speed up the process of writing code and ease software development, its use of public open-source code has caused experts to worry that it violates licensing attributions and limitations.”
Thanks to this week’s episode sponsor, AppOmni
Zero-days are being exploited on a massive scale in increasingly shorter timeframes
According to Microsoft’s Digital Defense Report, threat actors are “increasingly leveraging publicly-disclosed zero-day vulnerabilities to target organizations worldwide.” The researchers/report writers noticed a “reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability and remarked on the importance of the patch management process.” Microsoft stated that it takes 14 days on average for the exploitation of the flaw in the wild after its public disclosure, and it takes 60 days for the release of the exploit code on GitHub, and its experts added many nation-state actors have developed capabilities to create exploits from unknown vulnerabilities, with China-linked APT groups particularly proficient in this activity.
Pennsylvania school district uses AI-based gun detection
Penncrest School District, a mid-sized public school district located in Northwest Pennsylvania, has deployed an artificial intelligence (AI)-based gun detection video analytics platform to all campuses. It has been added to the school’s existing IP security camera system. The solution by ZeroEyes — which holds the U.S. Department of Homeland Security SAFETY Act Designation — “is designed to help PENNCREST identify brandished guns and alert school administrators, safety personnel, and local law enforcement.” According to Security Magazine, “former U.S. military and law enforcement specialists monitor from the in-house ZeroEyes Operations Center (ZOC) to deliver intelligence on active shooter incidents, including the gunman’s appearance, clothing, weapon, and real-time location.” The platform does not record, store, or share videos or images of students or others, ensuring that privacy is maintained.
Twitter 2.0: Musk’s first week as chief
In case you missed the numerous goings on at Twitter since Elon Musk took the helm, here is a summary from Reuters. Although being a social media platform, many of these changes have implications in a wide array of cybersecurity concerns: Musk fired top executives including CEO Parag Agrawal, CFO Ned Segal, legal affairs and policy chief Vijaya Gadde. Layoffs will apply to about half the workforce, or around 3,700 staff. There will be an $8 monthly charge for blue tick verification allows verification plus priority in replies, mentions and search, and the ability to post longer videos and audios. Numerous corporate advertisers including General Motors, General Mills, Audi of America, Mondelez International, Pfizer, and Ford have paused advertising. Musk plans to set up a content moderation council with “widely diverse viewpoints. There are plans for a feature to let people post videos and charge users to view them, with Twitter taking a cut, a homepage that directs visitors to an Explore page that shows trending tweets and news stories, and a possible year-end reboot of Vine.
(Reuters)
Last week in ransomware
Last week we reported on stories about a Cyber incident at Boeing subsidiary Jeppesen, causing flight planning disruptions, Deep Instinct’s 2022 Interim Cyber Threat Report showing that Lockbit accounts for 44% of all ransomware campaigns in the year so far, with to 23% of campaigns attributed to Conti and 21% to Hive, as well as threat actors turning away from the use of document files to spread malware to using LNK and other archive email attachments. We also reported on a recognition that Not enough people organizations are reporting ransomware attacks, and a multinational ransomware summit hosted by the White House.