Cyber Security Headlines: Akamai disrupts massive DDoS, Australian faces spyware charges, Meta struggles with Kenyan hate speech

Akamai disrupts record DDoS in Europe

The CDN provider reports it thwarted the largest-ever DDoS attack on the continent. The attack lasted 30 days, peaking on July 21st with peaks of 853.7 gigabit per second over a 14-hour period. The attack targeted an unnamed Akamai customer in Eastern Europe and used UDP as the vector, rather than HTTPS-based. Based on analysis of the attack, Akamai believes it used “a highly-sophisticated, global botnet of compromised devices to orchestrate this campaign.” Back in April, Kaspersky reported that DDoS attacks hit a record in Q1, up 46% on Q4.

(The Register)

Australian man faces spyware charges

The Australian Federal Police arrested an unnamed 24-year old Australian man, charging him with six counts related to the creation of the Imminent Monitor remote access Trojan. The individual allegedly created the RAT when he was 15, ultimately selling it to over 14,500 individuals across 128 countries. The tool could commonly be found on hacking forums for about $25, letting customers log keystrokes, or turn on webcams and microphones. It’s estimated to have generated up to $400,000 in revenue through 2019, when it was taken down with a coordinated global law enforcement operation called Operation Cepheus. 

(The Record)

Meta accused of failing to tackle hate speech in Kenya

Last week, Kenya’s National Cohesion and Integration Commission accused Meta’s Facebook platform of failing to properly handle hate speech and incitement on its platform ahead of the country’s August 9th elections. The NCIC said it was consulting with the Communication Authority of Kenya to recommend suspending Facebook. While government officials voiced criticism of haphazard decisions with content moderation on the platform, several vowed that the platform will not be shut down in the country as a result. Several experts have blamed this content on a lack of training for Kenya-specific content for Facebook’s AI moderation tools, and a lack of human moderators with local context. 


Indonesia blocks sites not complying with registration rules

Indonesia’s Communications Ministry announced it blocked access to Yahoo, PayPal, and several gaming sites including Steam and Epic Games, citing failure to properly register with authorities. Under rules companies must register with the regulator, which has authority to compel platforms to disclose user data and take down unlawful content within 24 hours. Regulators announced the rules back in November 2020, and companies had to come into compliance by last week. Reuters reports that several companies scrambled to make the deadline, including Meta. Officials say the government may reopen access to PayPal for a short time to allow users to withdraw deposits, and will unblock sites once properly registered.


Thanks to today’s episode sponsor, HYAS

Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement.

Take your cybersecurity investigations further than you ever thought possible with HYAS Insight.


Researchers discover apps leaking Twitter keys

A new report from security researchers at CloudSEK documents 3,207 apps that leak legitimate Consumer Key and Consumer Secret information. Of these, 230 apps leaked all four authentication credentials needed for a full Twitter account takeover. These leaked credentials could automatically harvested by a malware operation to enroll impacted accounts into a larger coordinated bot army. The researchers noted that other apps in the past have been found to leak secret keys for GitHub, AWS, HubSpot, and Razorpay accounts. CloudSEK recommends organizations review code for directly hard-coded API keys, and periodically rotate keys to help reduce the blast radius incurred by a leak. 

(The Hacker News)

Data brokers sell access to profiles of “actively pregnant” users

An investigation by Gizmodo found 32 different data brokers across the US selling access to unique mobile IDS from 2.9 billion profiles of people labeled as either “actively pregnant” or “shopping for maternity products,” with another dataset of 478 million profiles labeled “interested in pregnancy.” It’s unclear how many of these datasets overlap. Pricing for access to these profiles is based on customers reached by an ad, ranging from $0.49 per user to $2.25. Brokers collected data from people who shared data through registering for promotional sites, while others collected based on internal data analysis to correlate purchase activity with these categories. Brokers obtained data through relationships with payment processors, through outright ownership of coupon sites, or through ad network partnerships with retailers. 


Samsung launches repair mode

The company introduced a new Repair Mode for its Galaxy S21 smartphone line in South Korea, under the Battery and Device Care settings. Once activated, this will hide personal information, photos, messages and linked account, only making pre-installed apps visible to repair technicians. No details on how this “hiding” of content and settings works. Whether it saves the state of the device in an encrypted partition and replaced with a stock device image, potentially making it a security measure, or if this information is simply hidden from view of a technician.The company plans to roll Repair Mode out to other models going forward, although no word if it will come to other markets.


And now your “Should Have Patched” Tuesday update

Researchers at Nozomi Networks discovered a flaw in Dahua IP cameras that could let attackers seize control of them through Open Network Video Interface Forum authentication. Dahua patched the flaw on June 28th. The GNU project patched the GnuTLS cryptographic library to fix a memory mismanagement error that could allow for malicious code to gain access to a double-assigned memory block. 

(Security Affairs, Naked Security)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.