Cyber Security Headlines: Google blocks DDoS, Moore leaves Cyber Command, BlackByte’s ransomware options

Google blocks largest HTTPS DDoS attack ‘reported to date’

A 69-minute long distributed denial-of-service (DDoS) attack hit a Google Cloud Armor customer on June 1. Traveling over the HTTPS protocol it reached 46 million requests per second (RPS), making it the largest ever recorded of its kind. Google said that it was “the equivalent of getting all the daily requests to Wikipedia in just 10 seconds.” The malware behind the attack is suspected to be part of the Mēris botnet. Google researchers say that the attack traffic came from just 5,256 IP addresses in 132 countries and used encrypted HTTPS requests indicating that the devices sending the requests had strong computing resources.

(Bleeping Computer)

Cyber Command’s rotation problem exacerbates talent shortage during growing digital threat

Lt. Gen. Charles “Tuna” Moore, second in command behind Gen. Paul Nakasone, has retired after serving almost five years at Cyber Command. He had completed the Harvard Kennedy School cybersecurity program in 2019 and helped oversee the military’s primary digital warfare unit. According to White House officials, Pentagon leaders and lawmakers Cyber Command remains understaffed, with longstanding policies and a military staffing system that makes it difficult for seasoned military leaders to remain.

(Cyberscoop)

Upgraded BlackByte ransomware uses LockBit techniques

Along with the release of Version 2.0, the BlackByte ransomware gang is offering some novelties to its extortion service. These include allowing victims to pay $5,000 to postpone the leaking of their data by 24 hours, download the data for $200,000, or destroy all the data by paying a $300,000 ransom. The prices are not fixed and could vary depending on the importance of the victim. BlackByte is has had success in the US, having breached at least three organizations from US critical infrastructure sectors.

(Security Affairs)

Winnti hackers split Cobalt Strike into 154 pieces to evade detection

According to Bleeping Computer, the Chinese Winnti hacking group, AKA APT41 and Wicked Spider, targeted at least 80 organizations last year and successfully breached the networks of at least thirteen. As part of these campaigns, the group used numerous methods including phishing, watering holes, supply chain attacks, and numerous SQL injections. They also use a technique that obfuscates the payload on the host to evade detection. According to a Group-IB report, the hackers encode the payload in base64 and break it into a large number of smaller pieces consisting of 775 characters, which are then echoed to a text file named dns.txt.

(Bleeping Computer)

Thanks to today’s episode sponsor, 6clicks

With 6clicks, organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle. For more information visit 6clicks.com/cisoseries.

Google Patches Chrome’s fifth zero-day of the year

Google has patched a fifth actively exploited zero-day vulnerability in Chrome – this is one in a series of fixes included in a stable channel update released Wednesday. Tracked as CVE-2022-2856 and rated as high on the CVSS score, the vulnerability is associated with “insufficient validation of untrusted input in Intents,” according to an advisory posted by Google. Google credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for the June 19 reporting of the zero-day bug. The advisory also unveiled 10 other patches for various other Chrome issues.

(Threatpost)

Cybersecurity workforce diversity efforts lag in the C-suite

According to an article in Security Magazine, despite the fact that the cybersecurity field has attempted to make strides in diversity, equity and inclusion initiatives in recent years, 82% of cybersecurity executives leading the industry today are white men. This comes from a 2022 Global Chief Information Security Officer (CISO) Survey from Heidrick & Struggles, which that 18% of C-level leaders surveyed identified as diverse candidates, which the survey defined as people of color and/or women. “In the United States cybersecurity workforce, the percentage of diverse executives decreased slightly compared to the global rate, with 14% of U.S. cyber leaders surveyed identifying as women and/or people of color.” These numbers reflect less gender diversity in high-level cybersecurity leadership roles than in the industry as a whole. According to an ISC2 workforce study, women make up 24% of the cybersecurity field.

(Security Magazine)

Crypto.com lays off 260 employees — then quietly lets go of hundreds more

The 260-person layoff represents five percent of its workforce, and are blamed on the widespread downturn in the crypto market. However, sources in and outside the firm tell The Verge that the company has quietly let go of hundreds more employees since the initial layoffs. These new layoffs have not been publicized and it’s difficult to estimate their exact number. Crypto.com has been trying to limit knowledge of the extent of these departures even within the company. All this suggests that Crypto.com — one of the most visible players in the crypto market, with a Super Bowl ad starring LeBron James and its own named stadium, formerly LA’s Staples Center — might be under greater financial stress than is publicly known.

(The Verge)

Janet Jackson music video declared a cybersecurity exploit

According to The Register, “the music video for Janet Jackson’s 1989 pop hit Rhythm Nation has been recognized as an exploit for a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers.” In fact multiple manufacturers’ machines would crash when playing the tune, and there is also the possibility of it crashing nearby laptops. Investigations show that laptops that crashed all shared the same model 5400 RPM hard disk drive, which was affected by resonant frequencies contained within the recording. Few modern machines have rotating hard disk drives. 

(The Register)

Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.