SAN MATEO, CA, August 22, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.
- Largest DDoS attack ever blocked by Google
- Businesses still not taking cybersecurity seriously enough
- UK water company suffers ransomware attack
- Ring Android app had flaw that allowed access to recordings
- Lazarus targeting engineers who use macOS
- Ukranian nuclear operator sustains Russian cyberattack
- Vishing attacks increased by 625% in Q2 of 2022
- Zeppelin ransomware has resurgence
- SOVA malware gets ransomware feature
Largest DDoS attack ever blocked by Google
Google has blocked a DDoS attack on a customer that was 76% larger than any other attack recorded with a peak of 46 million requests per second. The attackers did not spend long before giving up, as the customer’s use of Google’s defenses left their operations unaffected by their efforts. Experts note that the size and frequency of DDoS attacks are growing at an exponential rate. Read more.
Businesses still not taking cybersecurity seriously enough
A report from the UK’s Department for Culture, Media and Sport (DCMS) declares that most businesses neglect cybersecurity until they have been attacked. The report does show that most companies that had been attacked made great strides to fortify their security, but not until after they had already been targeted. Small business still remain the least protected, usually due to budget constraints. Read more.
UK water company suffers ransomware attack
South Staffordshire PLC, a UK water supplier, has been attacked with Clop ransomware. The company’s corporate IT operations were disrupted, but they did not experience any issues in continuing to supply clean water. The company credits the attack’s containment to the “robust systems and controls” they have in place with regard to protecting their water. The Clop ransomware gang claimed that they had hacked a different, larger company but the data leaked proves otherwise. Read more.
Ring Android app had flaw that allowed access to recordings
Amazon has just fixed an issue within Android’s version of the Ring app that allowed hackers to potentially download users’ recordings. The videos could be sent through Amazon’s Rekognition machine learning service to analyze the footage in search of people of interest or text that includes passwords. Read more.
Lazarus targeting engineers who use macOS
North Korean hacking collective Lazarus has been targeting engineers with fraudulent job postings that purport to be in search of an engineering manager for Coinbase. Malware is introduced to the victim’s computers after opening a Mac executable that is disguised as a job description. Lazarus continues to diversify its cybercrime and espionage efforts as it rakes in cash and crypto on behalf of the North Korean government. Read more.
Ukranian nuclear operator sustains Russian cyberattack
Energoatom, Ukraine’s nuclear energy operator, has reported that it has suffered an “unprecedented” cyberattack launched against its website. In spite of their efforts, the Russia-based hackers were not able to cause heavy disruption to the company’s website, nor were any operations affected by the incident. After using bots to attack the site for three hours, the hackers turned their attention to the Ukrainian Institute of National Remembrance’s website, which only suffered from sluggish functionality as a result. Read more.
Vishing attacks increased by 625% in Q2 of 2022
Vishing, a term used to describe phishing attacks that seek to convince victims to disclose critical information over the phone, has experienced a major increase in frequency surging by 625% in the second quarter of 2022. The increase signals that social engineering tactics are still effective in spite of a greater awareness of cyber threats and security issues. Read more.
Zeppelin ransomware has resurgence
A ransomware variant known as Zeppelin that has been off the radar for some time has resurfaced using new methods to compromise targeted systems. Multi-encryption tactics are now built into Zeppelin, allowing it to create different IDs and file extensions that result in multiple instances of the malware. This means a victim needs more than one encryption key to restore their system. The malware is currently being used to target tech and healthcare companies in the US and Europe. Read more.
SOVA malware gets ransomware feature
The SOVA Trojan has received an upgrade in the form of a feature that allows it to encrypt Android devices in order to launch ransomware attacks. SOVA’s development team has been steadily modifying and updating their malware, which is designed to steal user data, cookies and credentials to pull money from bank accounts and crypto wallets. Read more.