Cyber Security Headlines – January 28, 2022

US says national water supply ‘absolutely’ vulnerable to hackers

Cyber defenses for US drinking water supplies are “absolutely inadequate” and vulnerable to large-scale disruption by hackers, a senior official said Thursday. “There’s inadequate resilience to even a criminal sector,” the official said. “The threshold of resilience is not what it needs to be.” President Joe Biden has attempted to address infrastructure cybersecurity but is limited by the fact that the vast majority of services are provided by private, not government, companies. US officials who spoke to reporters on condition of anonymity unrolled a plan to get the 150,000 systems that serve 300 million Americans to cooperate with the government by sharing information and hardening defenses.


Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users

This attack targeted an Azure customer from Asia in November and was followed by two more large size attacks in December, also targeting Asian Azure customers. “At 340 million packets per second, we believe this to be the largest attack ever reported in history,” said Alethea Toh, an Azure Networking Product Manager. Toh described this as having originated from approximately 10,000 sources and from multiple countries across the globe, including the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan.”

(Bleeping Computer)

BotenaGo Mirai botnet code leaked to GitHub

Millions of routers and internet-of-things (IoT) devices are at risk, researchers from AT&T Alien Labs said on Wednesday and they expect that the ready availability of the source code to malware authors will widen the number of attacks especially given the opportunity for new malware variants. Theses attacks are expected to target routers and IoT devices globally. AV detection for BotenaGo is still bumping along near the bottom with even the earliest samples discovered back in November still slipping past most AV software in order to infect systems with one of the most popular botnets of all: Mirai.


105 million Android users targeted by subscription fraud campaign

A premium services subscription scam for Android has been operating for close to two years. Called ‘Dark Herring’, the operation used Google Play Store apps and affected over 100 million users worldwide, potentially causing hundreds of millions of dollars in total losses. ‘Dark Herring’ was present in 470 applications on the Google Play Store, Android’s official and most trustworthy source of apps, with the earliest submission dating to March 2020. Dark Herring relied on AV anti-detection capabilities, propagation through a large number of apps, code obfuscation, and the use of proxies as first-stage URLs. While none of the above is new or groundbreaking, seeing them combined into a single piece of software is rare for Android fraud.

(Bleeping Computer)

Thanks to our episode sponsor, deepwatch

Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit to see how we help to prevent breaches for our customers, by working together.

This NFT on OpenSea will steal your IP address

Some new NFTs are being used to harvest viewers’ IP addresses. NFT marketplaces like OpenSea allow vendors or attackers to load custom code when someone simply views an NFT listing. This according to Nick Bax, head of research at NFT organization Convex Labs, who says the technique leverages cross-site scripting. Although it is common for websites in general to collect and store visitors’ IP addresses the difference here, Bax says, is that an outside third party—the NFT seller—is able to gather information on the people viewing the NFT, potentially without them knowing.


Targeted ransomware takes aim at QNAP NAS drives, vendor recommend immediate updates

QNAP has urged NAS users to act “immediately” to install its latest updates and enable security protections after warning that product-specific ransomware called Deadbolt is targeting users. “DeadBolt has been widely targeting all NAS exposed to the internet without any protection and encrypting users’ data for Bitcoin ransom,” warned the Taiwanese company in a statement late yesterday. The ransomware leaves a note demanding payment of 0.03 Bitcoins. Security advice from QNAP includes disabling port-forwarding and UPnP port forwarding if your NAS is internet-facing.

(The Register)

DeepDotWeb operator sentenced to eight years behind bars

Following up on a story we brought you last April, this week, the US Department of Justice (DoJ) sentenced the operator of the DeepDotWeb platform, Tal Prihar, to 97 months in prison on charges of conspiracy to commit money laundering, which Prihar had pleaded guilty to in March last year. DeepDotWeb was owned by Prihar and co-defendant Michael Phan, provided a platform for Dark Web news and links to marketplaces, receiving commissions worth more than $8 million for their referrals. Michael Phan is currently in Israel and extradition proceedings are underway. 


Mac webcam hijack flaw wins $100,500 from Apple

An independent security researcher has received a $100,500 bug bounty from Apple after discovering a security hole in the Safari browser for macOS that could allow a malicious website to hijack accounts and seize control of users’ webcams. Ryan Pickren from the Georgia Institute of Technology uncovered a universal cross-site scripting (UXSS) flaw that could lead to security problems such as turning on the camera. He describes that the attack begins by tricking a potential victim into opening what they believe to be an innocent-looking .PNG image file. Pickren responsibly disclosed the problems to Apple in mid-July 2021.He is no stranger to bug bounty success, having found another Apple webcam vulnerability for which he was paid $75,000, as well as 15 million air miles through the United airlines’ bug bounty program, in which he donated half to Georgia Tech and a further 2.5 million to Make-A-Wish America.