Microsoft Teams outage also takes down Microsoft 365 services
What initially started like a minor Microsoft Teams outage has also taken down multiple Microsoft 365 services with Teams integration, including Exchange Online, Windows 365, and Office Online. Late Wednesday night the company revealed on Twitter that it had received reports of users being unable to access Microsoft Teams or leverage any features.” Two hours later it said the issue causing the connection problems was a recent deployment that featured a broken connection to an internal storage service.
Heatwave forced Google and Oracle to shut down in London
As record temperatures hit much of the UK on Tuesday, tech giants Google and Oracle suffered outages as cooling systems failed at London data centers. Oracle reported overheating problems just before 4:00 BST. The company pointed out how the unseasonably high temperatures in the London forced the data center units to operate “above their design limits,” the company wrote on a status page first spotted by The Register. Overheating also hit a Google Cloud data center in London at 6:00 p.m. Only a “small set of customers” were affected.
Hackers for hire: adversaries employ “cyber mercenaries”
A cybergang dubbed Atlas Intelligence Group is recruiting independent black-hat hackers to execute specific aspects of its own campaigns. Also known as Atlantis Cyber-Army, it functions as a cyber-threats-as-a-service criminal enterprise, offering services that include data leaks, distributed denial of service (DDoS), remote desktop protocol (RDP) hijacking and additional network penetration services, according to a Thursday report by threat intelligence firm Cyberint. Whereas organized threat groups tend to recruit individuals with certain capabilities that they can reuse and incent them with profit sharing, A.I.G. uniquely outsources specific aspects of an attack to mercenaries who have no further involvement in an attack. The report’s author said only A.I.G. administrators and the group’s leader—dubbed Mr. Eagle—know fully what the campaign will be.
TikTok is fastest growing news source for UK
The social video platform is the fastest growing news source for UK adults, according to a survey conducted by the UK Government’s Office of Communications. Nearly half of people using it for current affairs turn to fellow TikTokers rather than conventional news organizations for their updates. TikTok is used by 7% of adults for news, according to the UK’s communications watchdog, up from 1% in 2020. The growth is primarily driven by young users, with half of its news followers aged 16 to 24. A quarter of US adults say they always use TikTok to get the news, with nearly half of US millennial and Gen Z adults – under-41s and under-25s respectively – indicating the same, according to the analysis firm Forrester Research.
Thanks to today’s episode sponsor, 6clicks
The growth in targeted, sophisticated cyberattacks troubles top FBI cyber official
The FBI is deeply worried that cybercriminals and nation-state adversaries are developing more precision in their attacks and taking advantage of innovations in artificial intelligence that will compound the digital threat in the years to come, FBI Assistant Director for Cyber, Bryan Vorndran said Wednesday. “When we think about software as a service or even supply chain attacks, what happens when the adversary understands that there is perhaps one software factory that services the entire community,” said Vorndran, who oversees 1,000 FBI agents focused on cybercrimes nationwide, during a speech Wednesday at a Fordham University cybersecurity conference. In the same address he pointed to the growing problem of “blended threats,” in which nation states and criminal enterprises work together, as well as the growing sophistication of deepfake technology.
8220 Gang cloud botnet infected 30,000 host globally
Researchers from SentinelOne reported that low-skill crimeware 8220 Gang has expanded their cloud botnet over the last month to roughly 30,000 hosts globally. The gang focuses on infecting cloud hosts to deploy cryptocurrency miners by exploiting known vulnerabilities and conducting brute-force attacks. The 8220 group has been active since at least 2017, the threat actors are Chinese-speaking and the name of the group come from the port number 8220 used by the miner to communicate with the C2 servers. In a recent campaign, the group targeted Linux systems and used RCE exploits for Atlassian Confluence and WebLogic for initial access.
Outlook email users alerted to suspicious activity from Microsoft-owned IP address
Strange things are afoot in the world of Microsoft email with multiple users reporting unusual sign-in notifications for their Outlook accounts. The twist here is that the IP address at the root of the issue appears to originate within Microsoft itself. The messages, according to users, also appear in the unusual activity section of the company’s email website, ruling out a phishing attack. The Register reports that explanations from Microsoft are slow in coming, and quotes an independent IT specialist who suggests that other than something being severely wrong in the single sign-on department, perhaps miscreants were reusing passwords from various disclosure lists.
New Linux malware framework lets attackers install rootkit on targeted systems
A never-before-seen Linux malware has been dubbed a “Swiss Army Knife” for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, which security firm Intezer has dubbed Lightning Framework, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems. “The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration.” Intezer researcher Ryan Robinson said in a new report published yesterday, “the Lightning Framework is an interesting malware as it is not common to see such a large framework developed for targeting Linux,” Robinson pointed out. The discovery of Lightning Framework makes it the fifth Linux malware strain to be unearthed in a short period of three months.