DDoS, Macros and APIs – Cyber ​​Security Today for August 5th, 2022

0

DDoS, macros and APIs – three once-popular means of infiltration and attack have been reimagined in a way that brings them back in new and even more dangerous forms.

Welcome to Cyber ​​Security Today, for Friday 5th August I’m Jim Love, CIO of ITWC – IT World Canada, representing vacationer Howard Solomon.

A long, detailed, and fascinating look at Distributed Denial of Service (DDos) attacks has been published on security company Kaspersky’s blog Secure List.

With so much attention being paid to ransomware and other security breaches, DDoS rarely makes the headlines. But it’s still a strong threat.

A disturbing revelation is that hackers are finding ways to circumvent geo-blocking, a technique companies rely heavily on to thwart DDoS attacks. Attackers use VPN, proxy servers, and increasingly infected devices in the same region, making blocking the attack with geolocation almost useless. Not only does the US remain the most targeted territory, it is also home to almost half of the botnets used worldwide.

Kaspersky reports that its DDoS Protection Group blocked two and a half times more attacks than last year. It’s a huge number, but it was only half as many attacks as in the first quarter of 2022. But if attacker activity slows down, the overall DDoS situation “may have gotten worse,” the researchers say.

The number of possible devices that can be infected is constantly growing, ranging from corporate servers to consumer devices.

But it’s the sophistication and power of the attacks that draw the most attention. In the past, DDoS attacks were often carried out by hacktivists and lasted for a relatively short time. According to Kaspersky, these lasted for days and even weeks in the last quarter. One attack lasted 29 days. The level of sophistication required to create and sustain this type of effort is monumental.

The report cites numerous examples of attacks on government services and infrastructure – many of which appear to be related to the conflict between Russia and Ukraine. They list a series of attacks on Russian and Ukrainian sites and infrastructure.

But the attacks have spread across Europe. For example, the pro-Russian hacktivist Killnet, which first emerged in January 2022, allegedly claimed responsibility for DDoS attacks on the websites of various European organizations from April to June. They attacked the Czech government and public transport sites, including the railway authority and airports. The hackers targeted Romanian government agencies, including the border police and the National Railway Transport Company, in May. They attacked German websites, including the German Bundestag, the Bundestag and the federal police. In Italy, the websites of the Senate, the National Health Institute and the Automobile Club d’Italia were also attacked in May.

_______

Another proven hacking technique is also being reworked to bypass security safeguards that vendors have put in place. In the past, macros in documents were a popular way to launch an attack. As you probably know, macros are used to automate commands in a variety of programs. When a user opens an attachment, it triggered the macro code that delivered the malicious payload.

In response, Microsoft has started blocking macros by default in its Office suite.

According to a blog from Proofpoint, a major international security company, using macros with macros enabled has decreased by nearly 66%.

But now threat actors are finding creative ways to bypass Microsoft’s default macro blocking in its Office suite. They use alternative approaches.

To circumvent macro blocking, attackers are increasingly using file formats such as ISO (.iso), RAR (.rar), ZIP (.zip) and IMG (.img) files to send macro-enabled documents, researchers said . The researchers also point out that the user must still grant permission to run the macro.

Alternatively, according to researchers, hackers use container files as a means of distribution by adding additional content such as LNKs. DLL’s or executable files (.exe) that run a malicious payload.

According to a contribution from researchers at the Proofpoint Threat Research Team, this represents “one of the biggest shifts in the email threat landscape in recent history.”

_____________

Finally, Researchers have uncovered a list of 3,207 mobile apps that expose Twitter API keys, some of which can be used to gain unauthorized access to Twitter accounts linked to them, according to a report in Hacker News.

The Twitter API is accessed via Generate secrets and access tokens that serve as usernames and passwords for the apps and for the users on whose behalf the API requests are made

A Leakage of legitimate consumer key and consumer secret information made it possible to obtain full authentication data from at least 230 of the identified apps.

According to researchers, this could allow an attacker to take control of another person’s Twitter account and take actions ranging “from reading direct messages to taking arbitrary actions like retweeting, liking, and deleting tweets, following any account.” , removing followers and accessing account settings , and even changing the account profile picture.”

It would even allow a malicious attacker to use a TTwitter “bot army” that could be used to hijack communications or spread disinformation on the platform.

__________

This is Cyber ​​Security Today for Friday 5th August.

Follow Cyber ​​Security Today wherever you get your podcasts – Apple, Google or other sources. You can also have it delivered to you through your Google or Alexa smart speaker.

Links from today’s podcast will be published in an article on itworldcanada.com on our podcast page.

I’m Jim Love, CIO of ITWC, Editor of IT World Canada and Creator of the ITWC Podcasting Network. I’m also the moderator of Hashtag Trending, the weekend edition where I give an in-depth interview on topics related to information technology, security, data analytics, and a host of other topics. If you have some extra time after listening to Howard’s amazing weekend interview, visit us at itworldcanada.com Podcasts or wherever you get your podcasts.

Thank you for sharing your week with me – it was a pleasure sitting on Howard – he has a great interview for this weekend and he will be back on Monday with the morning edition of Cyber ​​Security Today. Until then, stay safe.

Share.

About Author

Comments are closed.