Google blocks largest HTTPS DDoS attack ‘reported to date’
A Google Cloud Armor customer was hit with a 69-minute long distributed denial-of-service (DDoS) attack over the HTTPS protocol that reached 46 million requests per second (RPS), making it the largest ever recorded of its kind. Google says that it was the equivalent of getting all the daily requests to Wikipedia in just 10 seconds. The malware behind the attack is suspected to be part of the Mēris botnet. Google researchers say that the attack traffic came from just 5,256 IP addresses in 132 countries and used encrypted HTTPS requests indicating that the devices sending the requests had strong computing resources.
Cyber Command’s rotation ‘problem’ exacerbates talent shortage amid growing digital threat
Lt. Gen. Charles “Tuna” Moore, second in command behind Gen. Paul Nakasone, retired after serving roughly five years at Cyber Command. He had completed the Harvard Kennedy School cybersecurity program in 2019 and helped oversee the military’s primary digital warfare unit. According to White House officials, Pentagon leaders and lawmakers Cyber Command remains understaffed, with longstanding policies and a military staffing system that makes it difficult for seasoned military leaders to remain.
A new version of BlackByte ransomware uses LockBit inspired extortion techniques
Along with the release of Version 2.0, the BlackByte ransomware gang is offering some novelties to its extortion service. These include allowing victims to pay $5,000 to postpone the leaking of their data by 24 hours, download the data for $200,000, or destroy all the data by paying a $300,000 ransom. The prices are not fixed and could vary depending on the importance of the victim. BlackByte is has had success in the US, having breached at least three organizations from US critical infrastructure sectors.
Winnti hackers split Cobalt Strike into 154 pieces to evade detection
The Chinese Winnti hacking group, also known as ‘APT41’ or ‘Wicked Spider,’ targeted at least 80 organizations last year and successfully breached the networks of at least thirteen. As part of these campaigns, Winnti used various methods in their malicious operations, including phishing, watering holes, supply chain attacks, and numerous SQL injections. One of Wintti’s unique deployment methods for the Cobalt Strike beacons involved obfuscating the payload on the host to evade detection by software. According to a Group-IB report, the hackers encode the payload in base64 and break it into a large number of smaller pieces consisting of 775 characters, which are then echoed to a text file named dns.txt.
Thanks to today’s episode sponsor, 6clicks
Google Patches Chrome’s fifth zero-day of the year
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the CVSS score, is associated with “insufficient validation of untrusted input in Intents,” according to the advisory posted by Google. Google credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19. The advisory also unveiled 10 other patches for various other Chrome issues.
Cybersecurity workforce diversity efforts lag in the C-suite
While the cybersecurity field has attempted to make strides in diversity, equity and inclusion initiatives in recent years, 82% of cybersecurity executives leading the industry today are white men. A recent study of global security executives found that 18% of C-level leaders surveyed identified as diverse candidates, which the survey defined as people of color and/or women. In the United States cybersecurity workforce, the percentage of diverse executives decreased slightly compared to the global rate, with 14% of U.S. cyber leaders surveyed identifying as women and/or people of color. The survey did not report an option for other gender minorities, and three percent of respondents preferred not to respond to the question categorizing their gender. These demographics in the C-suite reflect less gender diversity in high-level cybersecurity leadership roles than in the industry as a whole. Women make up 24% of the cybersecurity field, according to an (ISC)2 workforce study.
Crypto.com lays off 260 employees — then quietly lets go of hundreds more
The 260-person layoff represents five percent of its workforce, and are blamed on the widespread downturn in the crypto market. However, sources in and outside the firm tell The Verge that the company has quietly let go of hundreds more employees since the initial layoffs. These new layoffs have not been publicized and it’s difficult to estimate their exact number. Crypto.com has been trying to limit knowledge of the extent of these departures even within the company. All this suggests that Crypto.com — one of the most visible players in the crypto market, with a Super Bowl ad starring LeBron James and its own named stadium, formerly LA’s Staples Center — might be under greater financial stress than is publicly known.
Janet Jackson music video declared a cybersecurity exploit
The music video for Janet Jackson’s 1989 pop hit Rhythm Nation has been recognized as an exploit for a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers. Further investigation revealed that multiple manufacturers’ machines would crash and that playing the video on one laptop would crash another nearby laptop. This despite the fact the song isn’t actually that bad. Investigation revealed that all the crashing laptops shared the same 5400 RPM hard disk drive, and the song contained one of the natural resonant frequencies that affected this model. Few modern machines have hard disk drives, let alone drives that rotate at the unfashionably slow speed of 5400 revolutions per minute.