Chapters
Shownotes Transcript
More than 300,000 systems are vulnerable to a new DOS loop attack. Russia sanctions the Washington Post's cyber reporters. Trend Micro links another Chinese APT to the I Soon leak. And Fujitsu discloses a data breach. This is Risky Business News, prepared by Katalin Kimpanu and read by me, Claire Aird. Today is the 20th of March, and this podcast episode is brought to you by Kroll. Find them at kroll.com slash cyber.
A team of academics from German research centre CISPA has discovered a new attack that can overwhelm and crash internet servers. The new attack is named Loop DOS.
The attack works by sending a message with a spoofed source address between pairs of UDP servers, causing them to reply to each other forever. It affects at least nine UDP-based protocols, such as DNS, NTP and TFTP. Researchers estimate the number of vulnerable systems at around 300,000, with most running NTP software.
The team disclosed the new DOS attack to network operators and major software vendors in December of last year. Microsoft and five other vendors have confirmed they have vulnerable products. Efforts to identify affected software are still underway. CISPA says it has not detected any loop DOS attacks in the wild, but described exploitation as easy.
In other news, six new countries have joined a US-led anti-spyware coalition. Finland, Germany, Ireland, Japan, Poland and South Korea join a list of 11 countries that promise to fight the proliferation and misuse of commercial spyware. The six new members joined the coalition at the third Summit for Democracy held this week in Seoul, South Korea.
The Russian government imposed new sanctions last week on more than 200 Americans. The majority of sanctions target academics and defence contractors, but also several US journalists.
Among the sanctions are four of The Washington Post's current and former cybersecurity reporters. They include Joseph Mann, Joseph Marks, Tim Starks and Ellen Nakashima. Sadly, Team Risky Biz didn't make the grade. Maybe next time. Though Katalin Kimpanu tells me not to give them any ideas.
Microsoft has suspended additional cloud services in Russia following the latest round of EU sanctions. The company suspended access to its business intelligence and CRM products on 20 March. The suspension impacts Microsoft, Power BI, Dynamics 365 and other platforms. Russian IT group Softline says Amazon and Google are also preparing similar moves.
Japanese IT giant Fujitsu has disclosed a security breach after discovering malware on its internal network. The company says the breached systems contained customer personal information. Fujitsu has disconnected the impacted systems while it investigates if any data was taken from its systems.
Documentation building service Mintlify says that a threat actor used an undocumented API vulnerability to gain access to internal systems. The company says the intruder stole GitHub tokens for 91 customers. At least one token was used to access a customer's GitHub repositories. Mintlify says it received a bug report on the API vulnerability after discovering the intrusion. The company has not accused the researcher of the breach and the subsequent chaos.
Two professional Apex Legends players were hacked in the middle of a major tournament over the weekend. Hackers appear to have exploited a bug in the Apex Legends game to remotely install and activate cheats on the two players' PCs. Early rumors claim the hackers exploited a bug in the game's anti-cheat system.
The anti-cheat maker says it investigated the reports and found no evidence of any remote code execution bug in its software. EA Games has since postponed the Apex Legends North American finals while it investigates the incident.
The Federal Trade Commission has launched an investigation into Reddit's plans to license user-generated content to AI companies. The company came under heavy criticism last year for selling its content without users' approval. Reddit disclosed the FTC investigation in an SEC filing last week. The company is scheduled to go public and sell shares later this week.
The Philippine National Police have freed hundreds of people who were forced to work against their will in a cybercrime compound in the city of Bamban. Officials say they freed 875 and detained eight individuals suspected of running the operation. Victims had their passports taken away and were forced to carry out romance and cryptocurrency scams. Police acted on a tip from a Vietnamese national who managed to escape the facility at the end of February.
The former administrator of a major hacking forum has asked UK authorities to deny his extradition to the US. Portuguese national Diogo Santos Coelho was arrested in the UK in early 2022 for allegedly running Raid Forum, an infamous cybercrime marketplace where hackers leaked and traded stolen data. US officials claimed Coelho was the site's chief administrator and went by the hacker name of Omnipotent.
According to The Guardian, Coelho was diagnosed with autism after his arrest and is now trying to block his extradition to the US, claiming he'll receive inadequate care. Coelho also claims that he was groomed and exploited by adults from the age of 14 into committing the alleged crimes.
Trend Micro has linked Chinese cyber contractor iSoon to a second Chinese APT group. The security firm says iSoon operates two penetration teams that carry out offensive operations. It previously linked the first team to a Chinese APT named Earth Lusca and has now linked the second to a group named Earth Krahan. Trend Micro says Earth Krahan has been active since early 2022 and has primarily targeted government organisations across Southeast Asia.
Data from iSoon's internal network was leaked on GitHub in February. Sentinel-1 researchers have spotted a new variant of the Acid Rain wiper. Russian military hackers used Acid Rain during the 2022 Viasat hack to wipe satellite modems before the Ukraine invasion. Sentinel-1 has named the new version AcidPore and says it's more dangerous than the original. The main change allows AcidPore to run on Linux X
86 platforms. Sentinel-1 and Ukraine's CERT team say the malware has been used in the wild but have not disclosed the names of any victims.
A team of academics from US universities has discovered a way to fingerprint open VPN connections. The team says it identified three fingerprint types that can be used to block the protocol. The three methods use details such as byte patterns, packet size and server responses. Researchers say their methods have an accuracy rate of 85% with negligible false positives.
And finally, Google estimates that quantum computers will become a threat to cryptographic protocols within the next 10 to 15 years. The company expects to see significant improvements in the quantum computing field by 2030. Google urges the adoption of post-quantum cryptography to safeguard against store-now-decrypt-later scenarios.
And that is all for this podcast edition. Today's show was brought to you by our sponsor, Kroll. Find them at kroll.com slash cyber. Thanks for your company.