Cryptologic Bytes Archives

Cybersecurity News Bytes for the Week Ending 4 March 2018

False Flag Cyber Attacks Muddy Attribution

False-flag operations are becoming more prevalent in politically motivated cyber attacks. The Russians, for example, created an alleged Romanian hacker, Guccifer 2.0, as the source of the 2016 hack of the Democratic National Committee that was committed by the Russians. Cybersecurity researchers are seeing more examples of such false-flag operations, most recently in the hack of the PyeongChang Olympics. Attributed to the Russians by U.S. Intelligence, the attack by the “Olympic Destroyer” malware on the Olympics website and media center computers was made to look like it came from North Korea. Digital “mask swapping” is becoming more common in cyber attacks as perpetrators increasingly disguise their true identities by inserting another country’s IP address in their signature, slowing down the attribution process and making it more difficult. Source: Wired, 27 Feb 2018

Israeli Company Hacks iPhones for U.S. Government

Cellebrite, an Israeli-based subsidiary of Japan’s Sun Corporation, has developed techniques to unlock almost any iPhone, according to a recent report in Forbes. The company has scored major deals with U.S. law enforcement agencies to include the FBI, Secret Service, and DHS’s Immigration and Customs Enforcement (ICE) organization. Source: Forbes, 26 Feb 2018

Largest DDoS Attack in History Hits GitHub

On Wednesday, 28 February, developer site GitHub was hit with a distributed denial of service (DDoS) attack measuring 1.35 terabits per second (Tbps), the most powerful DDoS attack ever recorded. It surpassed the 2016 DDoS against Internet service provider DYN which topped out at 1.2 Tbps. The attack was short, ending after only 8 minutes, and GitHub avoided a major outage by quickly rerouting its traffic to DDoS mitigation service Akamai Prolexic. In addition to the size of the attack, another unique feature was that the attack was launched in part from memcached servers. These servers are used by large organizations for caching websites and increasing network speed but are not intended to be exposed to the public Internet. Memcached-based DDoS attacks are becoming more common, according to researchers. Source: Wired, 1 March 2018

FBI Warns of W2 Phishing Attacks

The FBI issued a security warning about an increase in a tax scam focused on W2 information. The scam typically involves a spearphishing email to an organization’s HR department. The email appears to come from the CEO or other senior leader, and requests W2 information for one or more employees. Fraudsters then follow up with a request for a wire transfer before the company knows they’ve been scammed. The IRS issued a similar security report in January. Source: ThreatPost.com

German Government Experiencing Cyber Attacks

The IT network serving the German government has been hit with cyber attacks since December, according to multiple reports. The attacks continued through at least 1 March. While the Germans are not attributing the attack, German media believe the Russians are responsible. (Multiple sources)

Return to our HOME PAGE