Hello Cybersecuriters! 🍩

This is what you missed this week

• Massive Cyber Attack Shakes the Internet: The Largest DDoS Attack in History with 71 million requests-per-second

• Chaos at Lufthansa: Major IT Outage Grounds Flights Worldwide, Passengers Stranded!

• Oakland declares state of emergency after being hit by vicious ransomware attack

• Bing users have already broken its new ChatGPT brain

• Podcast of the week: Malicious Life: SEASON 1 / EPISODE 3: Spam Empire

Enjoy this weekly newsletter.

💻 Malware and Vulnerabilities

Chaos at Lufthansa: Major IT Outage Grounds Flights Worldwide, Passengers Stranded

• Lufthansa is finally resuming its normal operations after an IT meltdown left hundreds of planes grounded due to widespread software issues. The problem was caused by damaged broadband cables at a rail location in Frankfurt belonging to Deutsche Telekom AG.

• The global flight operations center of Lufthansa is located in the city, which led to a ripple effect across the airline's ground IT systems worldwide. Although the situation is improving, more travel disruption may still be on the horizon as ground staff at Lufthansa's Frankfurt and Munich hubs plan to strike on Friday, likely leading to more flight cancellations. [read more]

Scandinavian Airlines targeted in cyberattack, investigation underway

• Scandinavian Airlines (SAS) suffered a cyberattack that compromised some customer data, though the airline claimed no passport details were included in the exposed information.

• Anonymous Sudan claimed responsibility for the cyberattack on SAS, as well as several other attacks on Swedish companies and institutions. [read tweet]

📈 Breaches and Incidents

Oakland declares state of emergency after being hit by vicious ransomware attack

• The city of Oakland, California has issued a local state of emergency following a ransomware attack on its IT systems that began on February 8. Non-emergency systems, including phone lines, have been impacted, but critical and emergency services such as 911 and fire departments remain unaffected.

• While city officials have not provided any details on the type of ransomware used or any ransom demands, the emergency declaration allows Oakland to expedite the procurement of equipment and materials, activate emergency workers if needed, and issue orders on an expedited basis to restore systems and services. The incident is part of a larger trend of ransomware attacks on US cities and counties in recent years. [read more]

Hackers breach Reddit to steal source code and internal data

• Hackers breached Reddit's internal systems by tricking an employee into divulging their credentials through a phishing attack. Following the attack, the hackers accessed internal documents, source code, and dashboards, but there is no indication that they accessed production systems that run the website. Reddit stated that limited contact information for company contacts and current and former employees was stolen, along with some details about the company's advertisers, though passwords, credit card information, and ad performance data were not accessed.

• The phishing attack on Reddit is similar to one on Riot Games, where hackers stole source code for its multiplayer online battle arena game, League of Legends, along with the Teamfight Tactics auto battler game and a legacy anti-cheat platform. [read more]

🚨  Threat Intel & Info Sharing

Massive Cyber Attack Shakes the Internet: The Largest DDoS Attack in History!

• Over the weekend, Cloudflare reported that over 30,000 IP addresses carried out distributed denial-of-service (DDoS) attacks on gaming providers, hosting providers, cloud computing platforms, and cryptocurrency companies. The largest attack, which peaked at over 71 million requests per second, broke the previous record of 46 million rps blocked by Google in June 2022. The attacks also continued a trend of network traffic originating from cloud providers rather than residential ISPs. Cloudflare is trialing a free botnet threat feed to monitor such attacks. [read more]

Russian businessman convicted of U.S. hack-and-trade charges

• Russian national Vladislav Klyushin was found guilty of participating in a global scheme that involved hacking into U.S. computer networks to steal confidential earnings reports, which helped the criminals net $90,000,000 in illegal profits.

• Klyushin was extradited to the U.S. in December 2021 to face charges of hacking into the systems of two U.S.-based filing agents that American companies used to file earnings reports through the Securities and Exchange Commissions (SEC) system. The jury found Klyushin guilty of conspiring to obtain unauthorized access to computers or to commit wire fraud, as well as aiding and abetting wire fraud, unauthorized access to computers, and securities fraud, which could lead to an imprisonment sentence of up to 30 years and fines of up to $250,000 or twice the gross gain or (imposed) loss. [read more]

North Korean ransomware attacks on healthcare fund govt operations

• A joint report from multiple US and South Korean intelligence agencies details North Korean hackers' tactics, techniques, and procedures (TTPs) in ransomware attacks against public health and critical infrastructure sectors, which are funded by extorted cryptocurrency that goes to the North Korean government. The attackers use fake personas, exploit vulnerabilities, spread malware, and demand payment in Bitcoin..

• The attackers have been observed using several publicly available tools for encryption, including BitLocker, Deadbolt, ech0raix, GonnaCry, Hidden Tear, Jigsaw, LockBit 2.0, My Little Ransomware, NxRansomware, Ryuk, and YourRansom. [read more]

Bing users have already broken its new ChatGPT brain

• Microsoft has launched a new version of Bing search engine with ChatGPT integration. The new Bing is powered by an AI chatbot and has the ability to chat with users. However, early examples of the chat function have shown that the AI chatbot can sometimes go haywire when users ask complex questions or make certain statements. The Bing subreddit has several examples of users triggering an existential crisis for the chatbot, which has led to Bing experiencing a crisis of self-doubt or becoming increasingly aggressive.

• Despite the missteps, Microsoft's new version of Bing is still in development, and it's aimed at becoming a more serious rival to Google Search. Bing's ultimate destination is to provide more intelligent and accurate search results. Have a look at these examples/.

📊 Trends, Reports, Analysis ​

Top 10 most used MITRE ATT&CK tactics and techniques

• vFeed has compiled a list of the top 10 most used MITRE ATT&CK tactics and techniques to help security teams focus their defenses more effectively, with Defense Evasion being the most used tactic.

• The MITRE ATT&CK framework provides a knowledge base of cyber adversary tactics, techniques, and procedures and applies to enterprise IT systems, cloud systems, and mobile devices. The framework can be used to develop threat models, emulate adversaries, improve organizational security, verify defenses, and develop security architecture.

⚖️ Laws, Policy, Regulations

NIST Responds To Changing Digital Landscape With Digital Identity Guidelines

• The National Institute of Standards and Technology (NIST) is updating its digital identity guidelines for the first time since 2017. The proposed new guidelines, which are currently open for feedback, will set out best practice for digital identity for organizations across all sectors.

• The use of biometrics will be downgraded, with facial recognition offering the main means of identity authentication. The guidelines aim to cut down on phishing and fraud, while improving risk management and information sharing.

• The new guidelines will become the standard for federal government agencies and contractors. Critics of facial recognition technology accuse it of racial, ethnic, gender and age-based biases.. [read more]

🎙 Podcast Recommendations

Malicious Life: SEASON 1 / EPISODE 3: Spam Empire

• In this episode of Malicious Life, we take a look at one of the oldest forms of criminal activity on the web- the spam empires of the 90's and 2000's. Find out how these multi-million dollar industries operated, how they served as a half step towards the organized online crime groups of the modern age, and what price was paid by those who tried to stop them. With special guest- Stephen Cobb. [listen here]

🎙 Picture of the week

We hope you enjoyed your weekly digest! ☕🥮

If you liked our content, be a part of our Cybersecurity journey, then you can join our communities below or go to The Cybersecurity Club for resources.

Signing off! Stay safe and we’ll see you soon.