Cyber Security Headlines – October 21, 2021

Russian firms see DDoS spike 

According to a report from Russia’s largest telco, Rostelecom, since the start of 2021 Russina firms have seen distributed denial of service attacks increase over 2.5 times compared to 2020, with September 2021 seeing the highest DDoS traffic in recent Russian history. In general these DDoS attacks are launched by botnet operators to get firms to pay to relent on the unmanageable traffic spike. In 2020 gaming companies were particularly targeted. This has shifted in 2021 to online trading, financial, and public sector entities. 2021 DDoS attacks also stand out as having 26% more traffic per attack, lasting 1.5 days longer than 2020’s average, and using much larger botnets. According to the report, networking devices from MikroTik were the most commonly recruited by botnets. 

(Bleeping Computer)

Sinclair hack linked to Russian organization

Bloomberg’s sources say the attack against Sinclar broadcast group has been tied back to the Russian cybergang Evil Corp. The group reportedly used a variant of the WastedLocker ransomware called Macaw in the attack. This strain was first spotted in early October and no previous victims have publically reported being hit with it. According to a statement from Sinclair, the company is working with law enforcement and forensic teams to determine what data was stolen off its network in the attack. 

(Bloomberg)

Microsoft expires old Windows updates

The company said it regularly evaluates Windows updates for expiration, in order to make the overall update process faster and more secure. In these instances security updates would have been superseded by subsequent ones. This is part of an effort to make updates smaller on Windows 11, which also includes a new Update Stack Package. This uses a small set of update-related Windows system files developed independently of the operating system, which can help ensure full updates are implemented without some of the breakages seen in Windows 10. Microsoft said some updates are considered non-reviewable for expiration, and others may never expire given their importance. Non-cumulative security-only update packages for older Windows releases are also not subject to expiration.   

(Bleeping Computer)

US to ban export of hacking tools

The US Commerce Department announced new rules that would require a special license from the Bureau of Industry and Security to export or resell any hacking software and hardware to China and Russia, as well as other countries of concern. According to Commerce Department officials, these rules are not intended to prevent American security researchers from working with colleagues overseas. The department already has similar rules in place on products containing encryption. Software to be used for cyberdefense purposes does not require a license. The new rules go into effect in 90 days. 

(WaPo)

Thanks to our episode sponsor, Tessian and the Human Layer Security Summit

Want to get the latest security insights from Cisco, Forrester, Intercontinental Exchange and Knowbe4? At Tessian’s Human Layer Security Summit you’ll get fresh insights and actionable advice to help you build an effective, future proof security strategy. Hear from top CISOs and InfoSec Leaders who will speak on the HOTTEST topics in cyber today. Join thousands of your peers by registering now at tessian.com/summit

EU pushes back rules on Big Tech

The EU will further delay finalizing the Digital Markets Act and Digital Services Act. When the European Commission introduced the legislation last year, it set a goal of reaching a deal with EU member states and the European Parliament by 2021. This was then projected to be finalized by the spring of 2022, but now language has shifted to finalizing the legislation “as soon as possible.” The Digital Markets Act is designed to curb anti-competitive behavior, while the Digital Services Act would provide further regulations for online content. 

(Bloomberg)

China to allow foreign entities to invest in VPNs

According to new rules announced by Beijing, foreign entities can now invest in the ownership of VPN services in China, up to a 50% stake. Any foreign entities would still have to comply with state internet censorship rules, maintain local servers that authorities can access, and report users appearing to bypass censorship. This new policy would also allow foreign investment in educational organizations and telecommunications. 

(Bleeping Computer)

Alibaba designs server chip

The Chinese tech giant unveiled the Yitian 710, a new 5nm ARM server chip at its annual cloud summit in Hangzhou. The company plans to use it in its own data centers in the “near future” with no current plans to have it sold commercially. It’s unclear what specific applications the company will use the chip for. This is Alibaba’s third semiconductor design since 2019, following an AI chip and IoT SoC. 

(Bloomberg)

Russian phishing goes after YouTube

According to a blog post from Google’s Threat Analysis Group, Russian threat actors have targeted YouTube influencers with phishing campaigns, using fake collaboration offers to hijack accounts. Google said it blocked 1.6 million phishing messages since May and restored almost 4,000 hijacked accounts. These attacks seemingly originated from a group coordinating on an unnamed hacking forum. The attackers would either sell access to the channels or use them to push cryptocurrency schemes once they were taken over. Google said it was able to reduce Gmail messages with the schemes by 99.6% since May, and has alerted the FBI for further investigation. 

(Protocol)

Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.