Cyber Security Headlines: Exposed Israeli influence group, a record DDoS attack, Cut cables knocks out airline

Israeli influence group exposed

The Guardian published a report looking at an Israeli hacking group known as Team Jorge, which purports to have manipulated over 30 elections over the last two decades. The unit is apparently run by Tal Hanan, a former Israeli special forces operative, who operated a private service to influence elections across Africa, South and Central America, the US and Europe. Part of this operation used a software suite called Advanced Impact Media Solutions, which controlled thousands of fake social media profiles across different platforms. The group’s tactics also included planting material for news outlets, and hacking into Gmail and Telegram accounts. A group of journalists recorded meetings with Hanan to get information on the group, posing as potential clients. 

(The Guardian)

Another day, another record DDoS

Cloudflare reports it saw a massive DDoS attack over the weekend, achieving 71 million requests-per-second at its peak. This saw 54% more requests than the previous record DDoS Google blocked back in June. The attack originated from over 30,000 IP addresses, and came as part of a flood of DDoS attempts over the weekend, targeting a variety of organizations. This marks a continued trend of DDoS attacks coming from cloud providers. Traditionally these attacks came from residential ISPs, using botnet-infected machines. According to Cloudflare, the number of HTTP-based DDoS attacks increased 79% on the year in Q4. 

(The Register)

Cut cables lead to Lufthansa outage

The German airline Lufthansa grounded all flights early on February 15th, after damage to four Deutsche Telecom fiber broadband cables at a rail location in northern Frankfurt disrupted its IT operations at its global flight operations center. Some flights resumed later in the day, but it didn’t expect flights in Frankfurt to resume until the early evening. The broadband cables were damaged by concrete drills working in the area. As of this recording, Deutsche Telecom repaired two of the cables but couldn’t comment when all would be fixed. 

(Bloomberg)

Anonymous Sudan ruins Sweden’s Valentines Day

A cyberattack on Scandinavian Airlines knocked its website offline and caused its mobile app to leak user data. Some customers attempting to log in to the SAS app saw another customer’s account, including contact info and itineraries, but did not include passport information. Sweden’s national public broadcaster SVT, as well as some universities, telcos, and private companies also reported cyberattacks. The group “Anonymous Sudan” took credit for the attacks. This supposedly occurred in response to the burning of a Quran during January protests in Stockholm. The Russian-backed UserSec group said on Telegram it assisted Anonymous Sydan in the airline attack. 

(The Record)

And now a word from our sponsor, US, yes, CISO Series

“Every week, one of the stories from Cyber Security Headlines comes up in our team meetings,” said Brett Conlon, CISO for American Century Investments who admits he starts his day with this very show. And did you know that Cyber Security Headlines has longevity? It’s a daily news show but we see significant downloads for four months after episodes air. That means your ad campaign will continue to live long after the premier airing. To learn more about pricing and audience, email us at info@cisoseries.com.

ASML employee stole chip data

In the world of chipmaking, the Dutch firm ASML remains a key supplier, providing lithography equipment required for cutting edge chip processes. The company disclosed that a China-based employee stole confidential information. Bloomberg’s sources say the theft included technical information, but not hardware. No other specifics, although ASML said it wasn’t material to its business. It informed the Dutch trade ministry as that could constitute a violation of export controls. Last year it also accused a China-based firm of stealing trade secrets. Japan and the Netherlands recently agreed to further technology exports on chip making equipment to China. 

(Bloomberg)

City of Oakland declared state of emergency after ransomware

The Californian city first experienced the ransomware attack on February 8th. In the update announcing the state of emergency, the city said it continues to struggle with the fallout, with “several non-emergency systems including phone lines within the City of Oakland impacted or offline.” The state of emergency will allow officials to speed obtaining equipment, deploying personnel, and issuing orders to help bring services back online. No word on if the attacks obtained any data or what ransom they demanded. 

(Security Week)

Copilot stops narcing on secrets

GitHub updated its Copilot AI-powered code suggestion system to now filter out autocompleting secrets like keys, credentials, and passwords. Its training set includes these on novel strings. GitHub says these suggestions were already entirely fictitious, but that now it will block them entirely. The update will also block Copilot from suggesting other security faux pas, like hardcoded credentials, path injections, or SQL injections. The tool also added a new “Fill-In-the-Middle” mode, which allows developers to leave a gap for the AI to fill using a library of known code suffixes. 

(Bleeping Computer)

El Salvador plans “bitcoin embassy”

The country’s ambassador to the US said it plans to open a “bitcoin embassy” in Texas, claiming it could help “expansion of commercial and economic exchange projects.”. It began talks with Texas Deputy Secretary of State Joe Esparza about the project. This isn’t the first time El Savador planned a foreign location to advocate for the cryptocurrency. It also signed a memo of understanding with the Swiss city Lugano last year to create a “bitcoin office.” In June 2021, El Salvador became the first country to recognize bitcoin as legal tender.  A March 2022 study found that only 14% of business completed at least one transaction in bitcoin in the country.

(Gizmodo)

Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.