US Treasury thwarts DDoS attack from Russian Killnet group
This is the same pro-Kremlin group that claimed responsibility for knocking more than a dozen US airports’ websites offline on October 10 in similar network-traffic flooding incidents. In that case, the large-scale DDoS attack didn’t disrupt air travel or cause any operational harm to the airports. A day later, the same group claimed they unleashed another bot army on JPMorgan Chase, but saw similarly feeble results. According to Reuters, which first reported on the US Treasury incident, the Killnet DDoS flood didn’t have any operational impact on the agency and it happened a couple days before the Russians turned their attention to JPMorgan Chase.
British government scanning all Internet devices hosted in UK
The National Cyber Security Centre, NCSC the government agency that leads the country’s cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. The goal is to assess UK’s vulnerability to cyber-attacks and to help the owners of Internet-connected systems understand their security posture. NCSC’s scans are performed using tools hosted in a dedicated cloud-hosted environment. If any sensitive or personal data is inadvertently collected, the NCSC says it will “take steps to remove the data and prevent it from being captured again in the future.” British organizations can also opt out of having their servers scanned by the government by emailing a list of IP addresses they want to be excluded at email@example.com.
Denmark trains halted by cyberattack
A major breakdown of Denmark’s train network during the weekend of October 30 was the result of a hacker attack on an IT subcontractor’s software testing environment, Danish train operator DSB said on on Thursday. While not a direct attack on DSB, the attack prompted subcontractor Supeo to shut down its servers, which in turn affected locomotive drivers’ ability to operate the trains for several hours on Saturday, according to Danish media.
Microsoft sued for open-source piracy through GitHub Copilot
Programmer and lawyer Matthew Butterick has sued Microsoft, GitHub, and OpenAI, alleging that GitHub’s Copilot violates the terms of open-source licenses and infringes on the rights of programmers. GitHub Copilot is an AI-based programming aid that uses OpenAI Codex to generate real-time source code and function recommendations in Visual Studio. The tool was trained with machine learning using billions of lines of code from public repositories and can transform natural language into code snippets across dozens of programming languages. While Copilot can speed up the process of writing code and ease software development, its use of public open-source code has caused experts to worry that it violates licensing attributions and limitations.
Thanks to this week’s episode sponsor, AppOmni
Zero-days are being exploited on a massive scale in increasingly shorter timeframes
According to Microsoft’s Digital Defense Report, threat actors are increasingly leveraging publicly-disclosed zero-day vulnerabilities to target organizations worldwide. The researchers noticed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability and remarked on the importance of the patch management process. Microsoft noted that it only takes 14 days on average for the exploitation of the flaw in the wild after its public disclosure, and it takes 60 days for the release of the exploit code on GitHub, and its experts added many nation-state actors have developed capabilities to create exploits from unknown vulnerabilities, with China-linked APT groups particularly proficient in this activity.
Pennsylvania school district uses AI-based gun detection
PENNCREST School District, a mid-sized public school district located in Northwest Pennsylvania, has deployed an artificial intelligence (AI)-based gun detection video analytics platform to all campuses. Layered on top of a school’s existing IP security cameras, the solution by ZeroEyes — which holds the U.S. Department of Homeland Security SAFETY Act Designation — is designed to help PENNCREST identify brandished guns and alert school administrators, safety personnel, and local law enforcement. Former U.S. military and law enforcement specialists monitor from the in-house ZeroEyes Operations Center (ZOC) to deliver intelligence on active shooter incidents, including the gunman’s appearance, clothing, weapon, and real-time location. The platform does not record, store, or share videos or images of students or others, ensuring that privacy is maintained.
Twitter 2.0: Musk’s first week as chief
In case you missed the numerous goings on at Twitter since Elon Musk took the helm, here is a summary from Reuters. Although being a social media platform, many of these changes have implications in a wide array of cybersecurity concerns:
- Musk fires top executives including CEO Parag Agrawal, CFO Ned Segal, legal affairs and policy chief Vijaya Gadde
- Layoffs are to apply to about half the workforce, or around 3,700 staff
- An $8 monthly charge for blue tick verification allows verification plus priority in replies, mentions and search, and the ability to post longer videos and audios
- Corporate advertisers including General Motors, General Mills, Audi of America, snack food company Mondelez International, Pfizer, and Ford have paused advertising
- Musk plans to set up a content moderation council with “widely diverse viewpoints”
- Plans for a feature to let people post videos and charge users to view them, with Twitter taking a cut
- A homepage that directs visitors to an Explore page that shows trending tweets and news stories
- A possible year-end reboot of Vine
Last week in ransomware
Last week we reported on stories about a Cyber incident at Boeing subsidiary Jeppesen, causing flight planning disruptions, Deep Instinct’s 2022 Interim Cyber Threat Report showing that Lockbit accounts for 44% of all ransomware campaigns in the year so far, with to 23% of campaigns attributed to Conti and 21% to Hive, as well as threat actors turning away from the use of document files to spread malware to using LNK and other archive email attachments. We also reported on a recognition that Not enough people organizations are reporting ransomware attacks, and a multinational ransomware summit hosted by the White House.