February 2023 Newsletter
Posted By: Mark Monday 13th March 2023 Tags: AI, Artificial Intelligence, cyber attacks, cyber aware, Cyber Safe, Cyber Security, DDoS, Hacking, malware, Newsletter, ransomwareThis month: a Cyber Security News update, we’re going to Tees Expo, Cloudflare blocks another large DDoS attack, Big Tech layoffs, Eurostar security fail, Google Bard takes on ChatGPT.
February Cyber Security News
It’s been another busy month in the world of cyber security, with a number of high profile cyber-attacks, ransomware attacks and other assorted data breaches to report. Here’s an overview of a few incidents that caught the eye.
GoDaddy Cyber Security Breach
GoDaddy recently discovered that a cyber-attack from a sophisticated threat group infected websites and servers with malware as part of a multi-year campaign against the company. After some customer complaints about website redirects, they were all found to be on the hosting company’s cPanel shared hosting services, which had been breached by the hackers.
GoDaddy issued a statement: “We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy. According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities”.
GoDaddy did not say how many potential customers are impacted nor what type of data might be compromised as a result of the latest breach.
DDoS Attacks Test German Airport Cyber Security
Hackers targeted the websites of several German airports, including Dusseldorf, Nuremberg, and Dortmund. Larger airports, such as Munich, Berlin, and Frankfurt were, apparently, unaffected.
In a statement, Ralph Beisel, chief executive of the ADV German airport association, said:
“Again today the airports fell victim to large-scale DDoS attacks […] As far as we know, other systems are not affected. It is unclear to what extent the situation will spread to other locations. The airport association ADV is currently preparing a situation report.”
The day before these airport attacks, a pro-Russian hacker group called Killnet claimed responsibility for a severe IT failure at German carrier Lufthansa, that left thousands of passengers stranded. The company attributed the problems to damaged fibre cables, however, the leader of Killnet posted: “We killed the Lufthansa employee corps network with 3 million requests per second of fat data packets. These were experiments on rats that were successful. Now we know how to stop any navigation and technical equipment of any airport in the world. Who else wants to supply weapons to Ukraine?”
ESXiArgs Ransomware Variant Breaks CISA Cyber Security Fix
Only a week after CISA and the FBI released a script to help victims recover from ESXiArgs ransomware attacks a new variant was released that rendered the fix useless for new encryptions. This new variant now encrypts more data than CISA’s recovery tool is designed to recover.
3,800 servers around the world were said to be infected by the original ESXiArgs ransomware, though researchers believed this could be higher. The second wave of attacks, using the variant malware, hit more than 3,000 systems.
Oakland Cyber Security Emergency After Ransomware Attack
A cyber-attack on the city of Oakland led to administrators declaring a state of emergency as IT systems were knocked offline. Although no emergency services were impacted, a number of important daily services were disrupted, creating delays and causing difficulties for residents trying to do basic administrative tasks.
The City Of Oakand twitter account tweeted: “The City is appreciative of the community for their patience as staff across the organization work collaboratively to minimize disruptions and implement workarounds to normal business processes that allow the City to continue delivering services”.
IONGroup Ransomware Attack
The LockBit ransomware group confirmed it was behind a cyber-attack on IONGroup, a UK-based software company, who provides products for financial institutions, banks, and corporations for trading, investment management, and market analytics, causing chaos in the City of London and leaving multiple clients locked out of critical applications.
The attack led to large customers in the United States and Europe being forced to switch to manual processing of the trades, causing significant delays. The effects on financial markets is still ongoing.
News outlets are reporting that the hackers said the ransom was paid, although Ion Trading representative declined to comment.
Namecheap Phishing Scams
An email hack at domain registrar, Namecheap, resulted in a flood of DHL and MetaMask phishing emails attempting to steal user personal information and target crypto wallets. The fake emails pretended to be verification emails from the company and included links to a fake site hoping to lure people into entering their information.
The company acknowledged the account compromise and blocked email through SendGrid while the issues were investigated.
A cyber intelligence report had revealed that API keys for Mailgun, MailChimp, and SendGrid were earlier made public in mobile apps, so there was a likely connection.
Florida Hospital Ransomware Attack
Services at the Tallahassee Memorial Hospital were taken offline when they fell victim to a suspected ransomware attack. As a precautionary measure, TMH took all of its systems offline and had to cancel and reschedule all upcoming non-emergency procedures for out-patients. The hospital could only accept Level 1 emergency trauma cases in the area. As a result of the cyber-attack, hospital staff were unable to access patient digital records and lab results.
It’s the second ransomware attack targeting US hospitals this year, after 25 were recorded last year.
Cyber Security Services
LaneSystems is an expert in cyber security, and can implement robust data recovery and backups services and even help get your team cyber secure. If you’re a company in the North-East of England, contact us for more information.
Teesside Expo 2023
LaneSystems are once again delighted to announce our attendance at Teesside Expo on Thursday, March 23rd.
Adam, Lisa and Michel will be there at The Grand Marquee, Wynyard Hall, between 10am-3pm, to greet you and answer any questions you may have about the world of Cyber Security, Cyber Essentials and keeping your business IT Systems protected.
Pop along and say hello!
Cloudflare Blocks Record-Breaking DDoS Attack
This month saw Cloudflare reporting on the successful mitigation of yet another record-breaking distributed denial-of-service attack on its customers. The company said it detected and mitigated a wave of dozens of hyper-volumetric DDoS attacks targeting its customers across the weekend.
The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 54% higher than the previous reported record of 46M rps in June 2022.
They originated from over 30,000 IP addresses. Some of the attacked websites included a popular gaming provider, cryptocurrency companies, hosting providers, and cloud computing platforms. The attacks originated from numerous cloud providers, and we have been working with them to crack down on the botnet.
A recent Cloudflare DDoS threat report paints a picture of an ever-growing threat. It reports that the amount of HTTP DDoS attacks has increased by 79% year-over-year, that the number of volumetric attacks exceeding 100 Gbps grew by 67% quarter-over-quarter (QoQ), and that the number of attacks lasting more than three hours increased by 87% QoQ
The size, sophistication, and frequency of attacks is increasing and these types of attack are relatively simple, and cheap, for cybercriminals to launch. It’s always something to be aware of as part of your cyber security protocols, especially if you rely on your website for important business dealings in which downtime could be costly.
‘Big Tech’ Layoffs Continue
Though technology companies began announcing layoffs last year, 2023 is looking like a worse situation. Tech giants like Amazon, Microsoft, Alphabet (Google), IBM, SAP, Salesforce, Twitter, and, Facebook parent company, Meta, announced major jobs cuts in various sectors of their businesses.
When Elon Musk acquired Twitter, around half of the workforce was immediately deemed surplus to requirements. Further layoffs have been made over recent months, taking employee numbers from around 7,500 down to 2,000. As of writing, and in spite of Musk declaring that there would be no more layoffs, the company announced a further 200 job losses to “stabilize the company”. With site maintenance staff reportedly down to handfuls of people, it’s probably a huge coincidence that so many users are reporting platform glitches.
Amazon
Big tech retail giant, Amazon announced 18,000 job cuts at the start of the year. These are mostly in the retail and recruiting teams, and are said to stem from “an uncertain economy”. Amazon benefitted greatly from the surge in online shopping during the pandemic, and while levels are still high, the return to ‘normal’ has seen a slowing of the growth.
Meta/Facebook
Mark Zuckerberg’s Meta announced plans to reduce its workforce by 11,000 which is around 13% of its employees. Many of these losses are in the recruitment areas as the company announced a hiring freeze along with cuts to certain areas of spending.
SalesForce
CRM software giant, Salesforce, announced 8,000 losses (10%) and a number of office closures as part of restructuring plans. CEO, Marc Benioff, announced that the company had over-hired during the pandemic.
Google/Alphabet
Alphabet has laid of approximately 12,000 workers in its own company, along with huge numbers from subsidiaries such as Verily and Intrinsic.
This month alone has seen Dell announce 6,500 job losses (5% of workforce), Paypal 2,000 (7%) Yahoo announce cuts to 20% of its workforce; Github are losing 10%, Zoom 15% & DocuSign (10%). More is, no doubt, yet to come.
Although this appears to paint a grim picture in big tech, many layoffs involve non-technical staff. It seems that the people hired to cater for changes to working patterns during the pandemic are now in reverse. While other companies are changing their priorities for the type of tech work they are involved in. There is, in general, a shortage of experienced tech talent, so companies are fighting over a smaller pool of specific types of skills.
Eurostar Password Fail
Bleeping Computer reported, this month, that International high-speed rail operator, Eurostar, is emailing customers to notify them that they need to reset their account passwords as part of an overall account security upgrade.
However, a problem cropped up where users trying to reset passwords were caught in an endless loop with a message popping up to say: “Sorry, we’re having a few technical problems so we can’t send the email at the moment. Please try again a little later”. This led to users being unable to reset passwords, some even being locked out of their accounts altogether, while Club Eurostar members complained of disappearing bookings.
Unsurprisingly, this led to a few testy posts on social media about the debacle.
Eurostar suggested users clear cookies from their devices before resetting their password.
If you are unable to access your account, clear the cookies from your device and reset the password. If you are not receiving the reset password link, re-register using the same email address used for your account.
If the problem persists, the users should register again with the same email address for their account. Unfortunately, some customers said that all of the solutions did not work on their part.
This didn’t work for everyone, though, prompting a reponse from the company to Bleeping Computer’s questioning:
“Our customers were contacted to reset their password following an update to our customer authentication system. The sudden volume of customers who attempted to do this caused some technical difficulties and we are working to resolve this as soon as possible. We apologise for any inconvenience this has caused.”
Problems like this cause worry for users. Is a data breach? Is it a phishing scam by a cybercriminal? Whatever the cause, you don’t want users losing confidence in your company.
Bard: Google’s ChatGPT Rival
After the recent launch of Microsoft’s ChatGPT AI chatbot, Google owners, Alphabet, have entered the arena with their own conversational AI service, called Bard. The Microsoft offering – which they funded through a multi-billion dollar investment in the startup venture, OpenAI – has been hugely popular since its launch, and Alphabet will hope it loses no ground to its big tech rival.
With Microsoft rumoured to be soon adding ChatGPT integration within their Bing search engine, Alphabet will be hoping that Bard can maintain Google’s dominance in the world of web searches. The Bard artificial intelligence tool is built upon their large language LaMDA AI model that currently powers the Google Search facility. The difference with these next generations of AI systems being that they can learn and develop their answers from human interaction and additional information they are given access to.
Google has said it will initially give Bard access to a group of trusted partners, but that it will be rolling out the system to the public “in the coming weeks”.
Alphabet Chief Executive, Sundar Pichai, wrote in a blog: “It’s a really exciting time to be working on these technologies as we translate deep research and breakthroughs into products that truly help people.
“That’s the journey we’ve been on with large language models.
“Bard can be an outlet for creativity, and a launchpad for curiosity, helping you to explain new discoveries from NASA’s James Webb Space Telescope to a nine-year-old, or learn more about the best strikers in football right now, and then get drills to build your skills.”
With these AI offerings from Microsoft and Alphabet, along with other models in development by Facebook owner, Meta, and Chinese tech giant, Baidu, we look to be at the beginning of the AI chatbot wars.
