Cyber Security Headlines: Glupteba botnet returns, the future of ransomware, and Epic Games’ privacy fine

Botnet shrugs off Google

In December 2021, Google caused significant disruption in the operations of the Glupteba botnet. This included technical mitigations and legal actions against two Russian nationals suspected of operating it. However the group resurfaced in June, launched so-called “upscaled” attacks that saw” a tenfold increase in TOR hidden services being used as C2 servers” compared to its previous efforts. The botnet spreads using vulnerabilities in  MikroTik and Netgear devices, and uses a blockchain for command-and-control infrastructure, making it extremely resistant to disruption. 

(Hacker News)

The future of ransomware

TrendMicro published a report titled “The Near and Far Future of Ransomware Business Models.” It predicts that ransomware organizations will increasingly shift strategy to develop their own vulnerability research, rather than using pen test teams or purchasing access credentials. Given that these skills are scarce, it believes some groups will offer researchers “first to refuse” agreements, paying them for a first look at new exploits. The report also believes that ransomware groups will better optimize operations to focus on targeting cloud infrastructure. This could include development of cloud-specific ransomware families, designed for unique cloud services. 

(InfoSecurity Magazine)

Epic Games receives record privacy fines

Epic Games agreed to pay $520 million to the US Federal Trade Commission to resolve allegations that it violated online privacy protections in Fortnite. The FTC filed two civil suits. One that Epic had collected personal information of players younger than 13 without notifying parents. It also enabled voice and text chat for those users by default. Epic will pay a $275 million civil penalty for alleged violations of the Child Online Protection Act related to that suit. This represents the largest penalty ever obtained for violating FTC rules. It will pay a further $245 million in consumer refunds to resolve a second suit that Epic used banned methods called “dark patterns” to get customers to pay for in-game items and create obstacles to canceling payments. This represents the FTC’s largest administrative order. Epic also agreed to make further changes to Fortnite to protect users. 

(The Record)

How LinkedIn reduced time to find security threats

ZDNet’s Danny Palmer profiled how LinkedIn revitalized its cybersecurity operations through its Moonbase program. In March 2022, the platform rebuilt its threat-detection, monitoring, and security operations center over the course of six months. It based this on how potential threats were detected initially, targeting data around intellectual property, customer information , and regulatory information for priority analysis. The new SOC shifted to use automation for initial threat detection, flagging threats for investigators. Moonbase also increased user awareness of suspicious activity, providing additional content and explanations why behavior got flagged and asking for feedback.


And now a word from our sponsor, Tines 

If you’re like most security teams, you’re juggling multiple mission-critical priorities. But what if there was a way to break the silos in your environment? A way to focus on meaningful tasks? A way to reduce errors and achieve faster response times? Check out to start experiencing the true benefits of proactive security operations powered by no-code automation. 

Musk polls himself out of a job

Shortly after reversing a policy decision to block posts from rival social networks, Twitter CEO Elon Musk said that all major policy decisions on Twitter would be decided through user polls. After that, he posted a poll asking if he should step down as the head of the company. At close, 57.5% of respondents said Yes. Musk says he will abide by the decision but said that, “there is no successor” at this time. In previous court testimony and investor notes, Musk stated he would eventually reduce his time and step back from his current role at Twitter. 

(The Guardian)

US Consumers concerned about personal data

It was a big day for polls! According to a report from the accounting firm KPMG, 92% of poll respondents said they were concerned about how personal data would be handled by private companies. Almost 90% of respondents also said companies should provide more detail about how they handle this data. Meanwhile 97% of business leaders reported being highly confident in plans for collecting and using consumer data over the next three years. 49% of business leader said they provide clear information about how consumer data is used, and just 45% produce timely breach reports. 

(CSO Online)

Meta’s work against influence operations

Meta revealed that since 2017, it took down over 200 covert influence operations across its various platforms. These networks originated from 68 countries, operating in 42 languages. Most focused on domestic users, while roughly a third of operations focused on foreign countries. Russia, Iran, and Mexico were the most common locations for influence networks. Russia’s operation targeted Ukraine the most, to the surprise of no one. As far as tactics, these ranges from making spam comments to operating cross-platform media organizations that hired real journalists. These networks combined most commonly targeted the US. The report also highlighted Meta’s investigations into spyware vendors, including suspending almost 400 accounts linked to two Israeli spyware operators. 

(InfoSecurity Magazine)

‘Tis the season… for phishing

A new report from the Bitdefender Antispam Lab found that Chrimas-themed spam increased consistently from November 27th through December 9th. In terms of spoofing, common targets include Netflix and Lowes, tempting victims with unsolicited offers for cash giveaways and other prizes in efforts to get credit card numbers. The report noted that this incurs risks for both consumers and businesses. Many businesses freeze IT and site changes to focus on increased customer volume. This can make organizations change how they view risk during this time, potentially more likely to pay ransoms or deal drastically with security issues in the hopes of staying online. 

(Dark Reading)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.