We are back again with another edition of NewsScam, our monthly cybersecurity news round up.
February might be the month of love, but some organizations are feeling far from romantic as hackers continue to cause disruption. Royal Mail continues to be one of the biggest, ongoing stories this month, but there was a close shave for Toyota, the education sector finds itself the bullseye again along with NATO. But on the flip side of all that, governments around the world have just about had it, and are focusing on taking down as many gangs as possible. To that end, a massive effort between the U.S., Germany and the Netherlands ended up in the take down of the Hive ransomware.
Read on to discover more about the headlines from the last few weeks.
CloudFlare Handles Record-Breaking DDoS Attacks Like a Pro
Like Han Solo and the Millenium Falcon zooming out of harm's way, Cloudflare successfully managed to detect and mitigate more than a dozen massive hyper-volumetric Distributed Denial of Service (DDoS) attacks, averaging 50 million to 70 million requests per second (RPS). The attacks, which are the largest reported HTTP DDoS attacks on record, utilized a network of botnets to make requests from over 30,000 IP addresses. A previous attack on Cloudflare's systems occurred last June with a reported record of 46M rps, utilizing more than 5,000 IP addresses from 132 countries.
Royal Mail Attack Data Not Released (Yet Anyway)
Britain's Royal Mail is slowly recovering from last month's ransomware attack which has had an impact on millions. And we know now who is responsible: the infamous LockBit group. The cybercrime gang initially denied it had any involvement, but now it is asking for ransom (“I am so surprised,” said no one.)
According to The Register, LockBit threatened to publish the stolen data on February 9 if Royal Mail failed to pay a ransom – but the deadline came and went, and earlier this week it was revealed that Royal Mail would “under no circumstances” pay the ransom.
Royal Mail first confirmed the breach on January 12. The incident put a stop on international mail for several weeks, impacting businesses of all sizes.
Hive Takedown – Could LockBit Be Next?
LockBit is certainly one of the most active cyber gangs in the world. Newly released research says the group was the most active among all hackers in 2022, and was responsible for as many as 846 attacks. But they may not always be invincible. Case in point, another leading cybergang, Hive, was recently taken down by the FBI and law enforcement partners from the Netherlands and Germany. All of which makes Cyberscoop's AJ Vincen wonder, could LockBit be next??
Ethical Hacker Gains Control of Toyota's Global Supply Chain
A near-disaster for Toyota has been averted after an ethical hacker found a backdoor in a web app used by Toyota employees and suppliers. Security researcher Eaton Zveare was able to compromise the auto giant's supplier management network, allowing him to access sensitive data associated with about 3,000 suppliers and 14,000 users worldwide. Some of the partners and suppliers in Toyota's supply chain include Michelin and Stanley Black & Decker. Once notified Toyota quickly patched up the hole. Had a bad actor discovered the backdoor, critical information could have been used maliciously. Zveare has described the backdoor as “one of the most severe vulnerabilities” he has ever found.
Hackers Giving Universities an “education” in Ransomware
In the last several weeks, bad actors have been affecting universities worldwide, most recently in Ireland and Israel.
In Cork, Ireland, Munster Technological University (MTU) was attacked earlier this month possibly by the BlackCat (ALPHV) or Norebus cybergangs. The incident is ongoing, and it is now believed a segment of the school's data has indeed been accessed and is on the dark web. The university so far refuses to pay a ransom.
Then, Technion - Israel's Insitute of Technology - was hit with a cyber-attack over the weekend. The party responsible is apparently a new addition to the world of cyber criminals, DarkBit. The group has posted a ransom demand of 80 bitcoin - that's $1.7 million to you and me - in return for releasing a decryptor. In addition, the cyber criminals have added a 30% penalty and a threat to release data if the university does not pay. Technion has proactively blocked all communication networks to prevent damage to its systems.
There's even more havoc at universities including the Georgia Institute of Technology, Rice University and several schools in Hungary and Slovakia thanks to ESXiArgs ransomware. An article from Recorded Future further down the page has the details.
NATO Websites Temporarily Unavailable
Earlier this week, it was reported that NATO websites were targeted by a cyber-attack. It appears that the hacker attacked several websites at once. According to some information on social media, the Russian hack group KillNet could be behind the attack, although this has not been confirmed.
Not So Romantic
While Valentine's Day was a few days ago, we couldn't help but mention a U.S. Federal Trade Commission report that said Americans lost $1.3 billion to romance scams in 2022! According to Bleeping Computer, the most popular platforms among fraudsters to contact potential victims are Facebook (28%) and Instagram (29%), while the top payment methods are cryptocurrency (34%) and bank wire transfers/payments (27%).
Wait, there's more...
DHL, MetaMask phishing emails target Namecheap customers – HelpNetSecurity
CISA publishes recovery script for ESXiArgs ransomware as Florida courts, universities reel – The Record from Recorded Future
Tiny IoT devices are getting their own special encryption algorithms – ZDNet
The politics and power of Latin American hacktivists Guacamaya - CyberScoop