Friday Five: 7/31 Edition
The FBI warns of new DDoS attack vectors, iOS14 allows unexpected prying behavior on Instagram, and NCSC research reveals the cybersecurity sector needs improvement in inclusion - catch up on all the week's news with the Friday Five.
1. FBI Warns of New DDoS Attack Vectors: CoAP, WS-DD, ARMS, and Jenkins by Catalin Cimpanu
The FBI has issued a warning following a new trend: network protocols that have been abused by attackers to launch large-scale distributed denial of service (DDoS) attacks. The alert lists four recently used DDoS attack vectors, three of which are network protocols, CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), and ARMS (Apple Remote Management Service), and one that is a web application, the Jenkins web-based automation software. The FBI has stated that the three network protocols have already been abused in the real world to launch massive DDoS attacks. The FBI urges US companies to invest in DDoS mitigation systems and to create partnerships with their internet service providers in order to react quickly to attacks from the new vectors. Although the four DDoS attack vectors have been used sporadically, industry experts believe they will become widely abused by DDoS-for-hire services.
2. Source Code from Dozens of Companies Leaked Online by Ionut Ilascu
A public repository leaked source code from dozens of companies across various field of activity, including big names like Microsoft, Adobe, Nintendo, and more. A developer and reverse engineer, Tillie Kottmann, has collected the leaks from various sources. A large number of the leaks go by the name “exconfidential” or “Confidential & Proprietary” and are available in a public repository on GitLab. The server shows code from more than 50 fintech companies, banks, developers of identity and access management, and games. According to the researcher, not all folders are populated but credentials are present in some cases. Kottmann told BleepingComputer that they tried to remove the hardcoded credentials found in the easily-accessible code repository as best they can to prevent direct harm and to avoid contributing in any way to a larger breach. They don’t always contact the affected companies before releasing the code, but they do try to make an effort to minimize the negative impact resulting from publishing.
3. iOS14 Shows Instagram Opens Camera Even When Users Scroll Photo Feed by Zara Khan
One of iOS14’s new privacy features, which alerts users when an app accesses the camera, microphone, or pastes text from the clipboard, has inadvertently caught some of Instagram’s unexpected prying behavior. The in-app camera is only supposed to be accessed by Instagram when a user opts for it by swiping or using the story creator mode, but as many users have shared on social media, their notification panel showed that the app accessed the camera even if they were just casually scrolling through photos in their feed. Instagram claims this is a bug and said that the system sometimes confuses the swiping motion as a user accesses the creator/stories mode in the app, but that it does not access users’ cameras in those instances and that no content is recorded. An Instagram spokesperson told The Verge that they “found and are fixing a bug in iOS14 Beta” as soon as possible.
4. Garmin’s Four-Day Service Meltdown was Caused by Ransomware by Dan Goodin
The worldwide outage of GPS device and services provider Garmin, which resulted in a shutdown of the majority of its offerings for a period of five days, was confirmed to be a ransomware attack on Monday. The company released a statement on Monday morning that said Gartmin Ltd. was the victim of a cyber attack on July 23rd which encrypted some of their systems and disabled many of their online services including website functions, customer support, customer facing applications, and company communications. Screenshots and other data posted by employees suggest the attack was the result of a new strain of ransomware called WastedLocker, and a person with direct knowledge of Garmin’s response also confirmed WastedLocker was the ransomware used. Late Wednesday and early Thursday, Garmin’s customers began reporting failure to connect to their smartwatches, fitness trackers, and other devices to servers that provide location-based data required to make them work. The company immediately began to assess the nature of the attack and started remediation. At this point in the investigation, the company does not believe any personal information of users was taken.
5. Diversity in Cyber Improving but Inclusion Needs Work, Says NCSC by Clare McDonald
The National Cyber Security Centre (NCSC) conducted research in partnership with KPMG and found that while the cybersecurity sector is in line with the national average when it comes to representation of certain minority groups, it is falling behind on inclusion. A lack of inclusive culture means that many people feel like they can’t be themselves at work, and if an industry or workplace makes people feel uncomfortable, they will likely avoid it. Over 20% of the survey respondents said they didn’t feel like they could be themselves in the cybersecurity industry. The need for increased diversity in the cybersecurity industry has been a longstanding topic of discussion, and although the sector has made strides of improvement, there is still a long way to go. The NCSC report highlights that diversity and inclusion in the cybersecurity sector is not only the right thing to do, but that a diverse workforce can also bring benefits for businesses. The NCSC made a number of recommendations in the report and simply stated that “without inclusivity, the cybersecurity industry will not benefit from improving levels of diversity.”