Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

CISA, FBI, and MS-ISAC Release Update to Joint Guidance on Distributed Denial-of-Service Techniques

03/21/2024 10:00 AM EDT

Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, to address the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into three different types of DDoS techniques:

  • Volumetric, attacks aiming to consume available bandwidth.
  • Protocol, attacks which exploit vulnerabilities in network protocols.
  • Application, attacks targeting vulnerabilities in specific applications or running services.

CISA, FBI, and MS-ISAC urge network defenders and leaders of critical infrastructure organizations to read the guidance provided to defend against this threat. For more actionable recommendations, best practices, and operational insights designed to address common challenges, visit CISA’s Capacity Enhancement Guides for Federal Agencies page.

Thousands of phones and routers swept into proxy service, unbeknownst to users

Two new reports show criminals may be using your device to cover their online tracks.

Crooks are working overtime to anonymize their illicit online activities using thousands of devices of unsuspecting users, as evidenced by two unrelated reports published Tuesday.

The first, from security firm Lumen, reports that roughly 40,000 home and office routers have been drafted into a criminal enterprise that anonymizes illicit Internet activities, with another 1,000 new devices being added each day. The malware responsible is a variant of TheMoon, a malicious code family dating back to at least 2014. In its earliest days, TheMoon almost exclusively infected Linksys E1000 series routers. Over the years it branched out to targeting the Asus WRTs, Vivotek Network Cameras, and multiple D-Link models.

In the years following its debut, TheMoon’s self-propagating behavior and growing ability to compromise a broad base of architectures enabled a growth curve that captured attention in security circles. More recently, the visibility of the Internet of Things botnet trailed off, leading many to assume it was inert. To the surprise of researchers in Lumen’s Black Lotus Lab, during a single 72-hour stretch earlier this month, TheMoon added 6,000 ASUS routers to its ranks, an indication that the botnet is as strong as it’s ever been.

More stunning than the discovery of more than 40,000 infected small office and home office routers located in 88 countries is the revelation that TheMoon is enrolling the vast majority of the infected devices into Faceless, a service sold on online crime forums for anonymizing illicit activities. The proxy service gained widespread attention last year following this profile by KrebsOnSecurity.  More…

[NEW FBI REPORT] Losses Due To Cybercrime Jump to $12.5 Billion as Phishing Continues To Dominate

The FBI’s Internet Crime Complaint Center (IC3) newly-released Internet Crimes Report provides an unbiased big picture of the cybercrimes that were the most used and most successful.

A few weeks ago, we covered the alarming trends on ransomware, and the FBI’s IC3 division took in over 880,000 complaints last year from individuals and businesses about every cybercrime being committed. Unfortunately, the details on overall cybercrime show things are not improving.

According to the report, over the last five years the data has been collected, the number of complaints and annual losses have continued to increase every year. This year’s complaints were about 10% more than the previous year, and the total losses grew just over 20% in 2023 to reach $12.5 billion.

The top five crimes (in descending order) according to the FBI were:

  • Phishing (with just under 300K crimes)
  • Personal Data Breach (55K)
  • Non-Payment/Non-Delivery (50K)
  • Extortion (48K)
  • Tech Support (37K)

On a macro scale, phishing is the overwhelming attack type at nearly six to one over the next top crime. Last year’s top five crimes were in the exact same order. So, why are we not stopping attacks? The answer lies in the data – phishing is the number one attack vector and continues to grow because it continues to be an effective means of tricking recipients.

In other words, the recipients themselves are not trained to spot malicious emails. And for organizations, given that security awareness training is readily available is just unacceptable.

It is simple: trained users are equipped to stop attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links and screenshot:

Trash from the International Space Station may have hit a house in Florida

A few weeks ago, something from the heavens came crashing through the roof of Alejandro Otero’s home, and NASA is on the case.

In all likelihood, this nearly 2-pound object came from the International Space Station. Otero said it tore through the roof and both floors of his two-story house in Naples, Florida.

Otero wasn’t home at the time, but his son was there. A Nest home security camera captured the sound of the crash at 2:34 pm local time (19:34 UTC) on March 8. That’s an important piece of information because it is a close match for the time—2:29 pm EST (19:29 UTC)—that US Space Command recorded the reentry of a piece of space debris from the space station. At that time, the object was on a path over the Gulf of Mexico, heading toward southwest Florida.

This space junk consisted of depleted batteries from the ISS, attached to a cargo pallet that was originally supposed to come back to Earth in a controlled manner. But a series of delays meant this cargo pallet missed its ride back to Earth, so NASA jettisoned the batteries from the space station in 2021 to head for an unguided reentry.

Otero’s likely encounter with space debris was first reported by WINK News, the CBS affiliate for southwest Florida. Since then, NASA has recovered the debris from the homeowner, according to Josh Finch, an agency spokesperson.  More…

Related Stories

How to safely secure one’s crypto (12 minute read)

This article provides a comprehensive guide on the most secure methods for storing cryptocurrencies. The author discusses the importance of considering one’s threat model and offers insights into the advantages and potential vulnerabilities of each storage method (hardware wallet, brain wallet, and paper wallet) and ultimately emphasizes the significance of using cryptography and natural entropy for protection.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.