Security Roundup - 2017-12-01

DDoS Attacks get more sophisticated. Cloudflare has an interesting blog post about a decrease in network level DDoS attacks. Instead, they are seeing an increase in application layer attacks, trying to force servers to do expensive actions repeatedly to knock them offline, rather than overwhelming them with raw traffic. Cloudflare discusses the options of caching and rate limiting as methodologies by which to mitigate some of this attack vector.

Google In a Tizi over spyware. Google has found another set of spyware apps in their appstore. The backdoor, which they named Tizi, has apparently been around since 2015 but only infecting 1300 devices. They provide a transparent post about how they identified, and what steps were taken to mitigate this malicious app.

Malware Goes Encrypted. Researchers following the Terror Exploit Kit report that it has started encrypting all traffic, leveraging free certificates. This is an attempt to hide their random URLs, only ips will be available to monitoring software.

Two Unfortunate Breaches. Two breaches this week with different reaction profiles. The first was Uber, who was hacked last year, had 57 million driver and rider accounts stolen, and then proceeded to pay off the hackers and not disclose the breach. This may have violated several laws for not disclosing, as well as destruction of the data. On the other side, Imgur notified users of a breach impacting 1.7 million users. Despite being notified over the Thanksgiving weekend, Imgur managed to review the data, reset user accounts, and publically disclose in 25 hours and 10 minutes.

Expensify leaks sensitive information. In terms of leaking sensitive information, Expensify collected a lot of flack this week when it was made apparent that they were outsourcing transcription of receipts to Amazon’s Mechanical Turk. In some cases, this included full names and addresses of individuals.

Mirai makes waves again. An exploit for another modem resulted in a brief resurgence in Mirai activity, as attackers quickly moved to leverage the exploit, taking over up to 100K devices in under 60 hours. The particular variant has currently been stopped, but the modem in question still remains vulnerable.

Firefox to team up with HaveIBeenPwned. Firefox has announced their intent to integrate HaveIBeenPwned warnings into the browser. This means that when users visit a site that is part of a breach of user data they will receive notifications right in the browser, rather than have to sign up for a service, or be aware of news.

Deep Dive into MuddyWater APT. And for those that love deep dives into malware, Reaqta provides an in depth look into MuddyWater, an APT that was targeted at individuals in the middle east.

Written on December 1, 2017