Friday Five: DDoS and USB Attacks, Critical Infrastructure Concerns, & More
A rise in cyberattacks’ volume and sophistication, lawmakers cracking down on privacy, the rising threats to critical infrastructure, and more. Catch up on these stories and more in this week’s Friday Five!
CLOUDFLARE REPORTS ‘ALARMING SURGE’ IN DDOS SOPHISTICATION, ESCALATION IN RECENT MONTHS BY AJ VICENS
Cloudflare's second-quarter threat report revealed a significant rise in the sophistication of distributed denial-of-service (DDoS) attacks in 2023. The attacks have become more targeted and intricate, causing notable disruptions to websites and connected services. Pro-Russian hacktivist groups have launched thousands of attacks, while DDoS attacks on cryptocurrency websites have increased by 600%. New-generation botnets being used in the attacks, which use cloud-based virtual machines, are reportedly capable of delivering much larger traffic volumes. Attackers adeptly imitate browser behavior, introducing randomization to avoid detection. Notably, this level of sophistication was previously associated with state-level actors but is now available to cybercriminals. DNS laundering DDoS attacks were identified as the most common type during this period.
US POWER GRID FACES ESCALATING CYBER THREATS, INFRASTRUCTURE EXPERTS WARN BY CHRIS RIOTTA
The U.S. power grid faces increasing cybersecurity risks from foreign adversaries and domestic extremists during its critical modernization journey. Chinese cyber operations against the U.S. homeland pose a major national security threat, potentially disrupting critical infrastructure services nationwide, including the power grid. Energy infrastructure experts emphasize the need for collaboration between the public and private sectors to address cybersecurity and physical security threats. As the U.S. transitions to sustainable energy alternatives, the grid faces new challenges supporting increased demand for electric vehicle charging stations, for example. Initiatives such as the Energy Department's microgrid program aim to enhance cybersecurity and resilience in the power grid.
IT WORKER JAILED FOR IMPERSONATING RANSOMWARE GANG TO EXTORT EMPLOYER BY SERGIU GATLAN
Ashley Liles, a former IT employee, has been sentenced to over three years in prison for blackmailing his employer during a ransomware attack. As an IT security analyst, Liles intercepted the ransomware payment meant for his employer and impersonated the attackers, attempting to redirect the payment to his own cryptocurrency wallet. He also conducted a separate attack, accessing board members' private emails and altering the original blackmail message. Despite erasing evidence from his personal devices, law enforcement recovered the incriminating evidence. Liles initially denied involvement but later pleaded guilty in court. He was sentenced to three years and seven months for blackmail and unauthorized computer access with intent to commit other offenses.
LEGISLATION PREVENTING DATA BROKER SALES TO GOVERNMENT AGENCIES MOVES FORWARD BY TONYA RILEY
The House Judiciary Committee has advanced a bipartisan bill that aims to close loopholes allowing data brokers to sell consumer data to law enforcement and federal agencies without a warrant, a trend that has raised concerns about Fourth Amendment violations. The bill has sponsors from both parties and intends to restore Americans' Fourth Amendment rights and restrict government access to personal data obtained through data brokers; a consensus that is quickly gaining bipartisan support. The legislation coincides with a defense spending amendment to limit the Department of Defense's purchases from such data brokers as well. The bill, dubbed The Fourth Amendment is Not For Sale Act, now moves to the House floor for further consideration.
SOGU, SNOWYDRIVE MALWARE SPREADS, USB-BASED CYBERATTACKS SURGE BY JAI VIJAYAN
Security teams are being cautioned to restrict access to USB drives and external devices due to ongoing cyber-espionage campaigns targeting organizations across industries and regions. China-linked threat actors, TEMP.Hex and UNC4698, are using infected USB flash drives to deploy malware, enabling data theft and backdoor creation. Mandiant researchers report a threefold increase in USB drive attacks in 2023, though the specific cause remains unclear. The attacks have targeted various sectors, including engineering, construction, government, transportation, health, and business services. Organizations are urged to implement restrictions on external devices or scan them for malicious files before connecting to internal networks to mitigate these threats. Users' unwitting actions, such as inserting rogue USBs, enable the attacks.