North Korean Internet Knocked Out by Likely DDoS Attacks Amid Increased Missile Activity
Meta insiders disciplined for account takeovers, Twitter still faces scrutiny over national security concerns, Google wins Glupteba botnet lawsuit, MI schools re-open after ransom attacks, more
I’m happy to announce I will be teaching a live course on Cybersecurity Risk Management With the NIST Framework as part of the O’Reilly online learning series on January 18. I plan to bring the NIST Framework down to earth with practical applications that should be useful to all organizations.
Junade Ali, a British cybersecurity researcher who monitors a range of different North Korean web and email servers, said that North Korea's internet was hit by likely DDoS attacks, causing the most significant outages in months after similar service interruptions in January were blamed on suspected cyber attacks.
"The network stress is so great their Domain Name System (DNS) servers have been taken offline and eventually the key routers allowing traffic in and out of the country entirely,” he said. North Korea’s Ministry of Foreign Affairs website and Naenara, the official portal for the North Korean government, appeared to take the brunt of the suspected attacks before they became so great that the entire internet was taken offline.
The latest outages come amid increased missile launches and other military activity by the North, which has drawn condemnation from the United States and its allies. (Josh Smith / Reuters)
Sources say that Meta Platforms has fired or disciplined more than two dozen employees and contractors over the last year whom it accused of improperly taking over user accounts, in some cases allegedly for bribes.
Some of those fired were contractors who worked as security guards stationed at Meta facilities. They were given access to the Facebook parent’s internal mechanism, known internally as “Oops,” for employees to help users having trouble with their accounts. In some cases, workers accepted thousands of dollars in bribes from outside hackers to access user accounts, the people and documents say.
Because the Oops system is off-limits to the vast majority of Facebook users, a cottage industry of intermediaries has developed that charges users money to regain control of their accounts. In interviews with the Journal, some third parties claim to have access to Meta employees to help reset accounts. Meta is also investigating some former employees for remaining in contact with other workers, allegedly to hijack user accounts. (Kirsten Grind and Robert McMillan / Wall Street Journal)
After firing most of its privacy and security teams, Twitter informed its lead data protection regulator in the European Union that it has appointed existing employee Renato Monteiro as an “acting” replacement for one of those positions: The critical role of data protection officer (DPO).
Monteiro has been employed at Twitter for two years and nine months. It’s unclear why Monteiro has only been named “acting” DPO or whether his appointment is intended only as a stop-gap while a full replacement is sought. (Natasha Lomas / TechCrunch)
Sources say that Elon Musk’s $44 billion takeover of Twitter is still facing US government scrutiny over national-security concerns that his foreign partners may be able to access user data despite Treasury Secretary Janet Yellen’s statement that she sees “no basis” for investigating Musk’s deal to take over Twitter.
One source says that the US government continues to seek information on confidential agreements that Musk made with foreign investors who hold stakes in Twitter after he bought it and whether those deals allow them to access users’ personal data. (Daniel Flatley, Jennifer Jacobs, and Saleha Mohsin / Bloomberg)
Google won its lawsuit against the operators of the Glupteba botnet after a federal district court in Manhattan granted the company’s motion for default judgment and monetary sanctions.
Judge Denise L. Cote said the defendants, Dmitry Starovikov and Alexander Filippov, along with their lawyer, Igor Litvak, intentionally deceived the court to thwart discovery and disadvantage Google.
Google sued Starovikov and Filippov under the Racketeer Influenced and Corrupt Organizations Act and other laws in December 2021, alleging they used a network of computers infected with Glupteba malware to steal and exploit Google users’ personal information. Google’s lawsuit was announced at the same time it took action to disrupt the botnet’s C&C infrastructure. (Holly Barker / Bloomberg Law)
Related: Security Week
The Justice Department announced charges against two Russian nationals, Anton Napolsky and Valeriia Ermakova, accused of running a popular pirated e-book site used by thousands of students, professors, and more worldwide.
DOJ said the two were arrested in Cordoba, Argentina, on November 3 and are now facing copyright infringement, wire fraud, and money laundering charges related to their operation of Z-Library.
“As alleged, the defendants profited illegally off work they stole, often uploading works within mere hours of publication, and in the process victimized authors, publishers, and booksellers,” said Breon Peace, United States Attorney for the Eastern District of New York. Michael Driscoll, Assistant Director-in-Charge at the FBI, added that the two ran Z-Library for over a decade. (Jonathan Greig / The Record)
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
In a joint advisory with the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS), the Federal Bureau of Investigation (FBI) said today that the notorious Hive ransomware gang has successfully extorted roughly $100 million from over a thousand companies since June 2021.
The Bureau says that the Hive gang will also deploy additional ransomware payloads on the networks of victims who refuse to pay the ransom. The list of victims includes organizations from a wide range of industries and critical infrastructure sectors such as government facilities, communications, and information technology, focusing on Healthcare and Public Health (HPH) entities. (Sergiu Gatlan / Bleeping Computer)
Cybersecurity firm Unit 221B has discovered multiple vulnerabilities in the Zeppelin crimeware’s encryption routines that allowed him to brute-force the decryption keys in hours, using nearly 100 cloud computer servers.
However, the company is wary of advertising its ability to crack Zeppelin ransomware keys because it doesn’t want to tip its hand to Zeppelin’s creators, who would likely modify their file encryption approach if they detected it was somehow being bypassed. But the Zeppelin group appears to have stopped spreading their ransomware code gradually over the past year, possibly because Unit 221B’s referrals from the FBI let them quietly help nearly two dozen victim organizations recover without paying their extortionists. (Brian Krebs / Krebs on Security)
Related: Unit 221B
In a report, FY 2021 National Defense Authorization Act Section 9002(b) Report, the Cybersecurity, and Infrastructure Security Agency said that leading cybersecurity and sector risk management officials should consider establishing space and bioeconomy as two new sectors of critical infrastructure.
“Findings highlight an opportunity to designate a space sector and bioeconomy sector, depending on a review process described,” CISA wrote, recommending criteria such as the potential for disruption within various sectors of the U.S. economy to cause debilitating impacts on society in making critical infrastructure. Regarding the portion of the economy that relies on biological resources such as plants and microorganisms, securing the bioeconomy would involve addressing issues like climate change and food production determinations. (Mariam Baksh / NextGov)
A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween.
One of the most interesting features of the kit, which preys on online shoppers looking for holiday specials, is a token-based system that ensures each victim is redirected to a unique phishing page URL. The links in the email don't raise any alarms as they lead to the phishing site after a series of redirections, while URL shorteners conceal most URLs. Among the impersonated brands are sporting goods firm Dick's, high-end luggage maker Tumi, Delta Airlines, and the wholesale clubs Sam's Club and Costco. (Bill Toulas / Bleeping Computer)
Public schools in Jackson and Hillsdale counties in Michigan reopened after a ransomware attack crippled their ability to function and closed doors to students for three days.
While no group has come forward to claim credit for the ransomware attack, the Vice Society gang has attacked dozens of schools across the country, including a headline-grabbing attack on the largest school district in Los Angeles in September. (Jonathan Greig / The Record)
Researchers at Checkmarx say an ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date.
The findings from Checkmarx build on recent reports from Phylum and Check Point, which flagged 30 different modules published on the Python Package Index (PyPI) designed to propagate malicious code under the guise of benign-looking packages. However, what makes this latest supply chain attack on software notable is the use of steganography to extract a polymorphic malware payload hidden within an image file hosted on Imgur.
Checkmarx's analysis further tracked down the attacker's Discord server, managed by a lone user named "Alpha.#0001," and the various fake profiles created on GitHub to lure unwitting developers into downloading the malware. (Ravie Lakshmanan / The Hacker News)
The Cybersecurity and Infrastructure Security Agency tapped NASA's Elizabeth Kolmstetter as the first "chief people officer" for the agency.
Kolmstetter, an industrial and organizational psychologist, is currently the director of the workforce engagement division at NASA, according to CISA. The new CISA role is meant to help the agency align its recruitment efforts with operational priorities and coordinate with the private sector about the cyber workforce shortage. (Natalie Alms / FCW)
Cybersecurity giant Palo Alto Networks is acquiring Israeli AppSec operating system startup Cider Security in a deal worth $300 million.
The deal will include $200 million in cash and $100 million worth of Palo Alto stock. (Meir Orbach / Calcalist)