TL;DR

TL;DR: From Director to Whistle-Blower (34th week)

Twitter’s former chief of cybersecurity has released a great deal of serious information about the state of the social network’s cybersecurity. Cybercriminals have found out what it’s like to be the target of a DDoS attack, being a crumb in its intensity compared to a new DDoS record successfully repelled by Google.

Extreme accusations

Twitter’s former cybersecurity chief has complained about how cybersecurity is being neglected on the social network. A very extensive complaint contains serious information. Allegedly, thousands of employees have complete copies of the source code and a third of them have automatic security updates blocked, firewalls turned off and unauthorized devices with RDP open. The company allegedly fails to monitor what was downloaded on employee’s devices and employees intentionally install spyware on their work computers upon requests of external organisations. In 2020, Twitter had more than 40 security incidents related to access control. Data from cancelled accounts is reportedly not reliably deleted by Twitter, some information is simply lost, and regulators are misled about whether it deletes the data as required.

The attacker blames the victim

Cybersecurity company Entrust became a victim of a LockBit ransomware attack. The cybercriminals demanded 6.8 million dollars (after a 15% discount) for decryption keys and deletion of stolen data. Entrust immediately offered them 1 million dollars, but the offer was not accepted. As soon as the cybercriminals started publishing stolen data, the LockBit 3.0 website received a DDoS attack with 400 requests per second and is unavailable. The cybercriminals blame Entrust for the attack.

Error in configuration

Due to a misconfiguration of the Meta Pixel script (to track advertising performance), US healthcare provider Novant Health was sending personal and healthcare data belonging to nearly 1.4 million people to Meta company within a 2-year period. Representatives of Novant Health tried to contact Meta in various ways. They have also sent several requests to delete the data in question, but Meta has not responded yet.

More than a million ransomware detections

Barracuda security researchers have published information on ransomware attacks. For example, an analysis of 106 publicized ransomware attacks showed that the most targeted sectors were education (15%), government (12%) and healthcare (12%). They recorded more than 1.2 million ransomware detections per month between January and June of this year.

SHORTS

  • French hospital Center Hospitalier Sud Francilien has become a target of a ransomware attack. Attackers disabled the hospital’s main system, including patient admissions and medical imaging. Patients were redirected to other hospitals. The attackers demand 10 million dollars for the decryption keys.
  • The Dominican Republic’s agricultural institute has suffered a Quantum ransomware attack. The cybercriminals managed to encrypt all servers resulting in a complete shutdown of used applications, databases and emails. They demand 600,000 dollars for the decryption keys.
  • The streaming media platform PLEX has become a target of a cyberattack leading to data theft. The attacker compromised the database and exposed emails, usernames and encrypted passwords of users. PLEX urged their users to reset their passwords promptly.
  • BleepingComputer security researchers published information about a Google Chrome extension spreading unwanted advertising (adware). The extension “Internet Download Manager” was installed by more than 200 thousand users.
  • Sucuri security researchers uncovered a phishing campaign using fake popups masquerading as Cloudflare DDoS protection. After clicking on popup, the victim downloads an installation file containing malware. Attackers exploit poorly protected WordPress websites for the attacks.
  • An unknown website protected by Google Cloud Armor service became a target of a record-breaking (and successfully blocked) DDoS attack with 46 million requests per second. This is the largest recorded DDoS attack in history and had the hallmarks of Meris botnet.

« Späť na zoznam
Current threats
all publications
Links