Here are the most relevant headlines of the week, take note and keep informed of all the details:
The largest DDoS attack ever recorded has been reported by Google researchers.
Last 1 June, a Google Cloud Armor client received a series of HTTP DDoS attacks, which reached 46 million requests per second (RPS).
This layer 7 DDoS has become its largest attack, 76% larger than the largest known attack to date.
The attack, executed from 5,256 IP addresses was spread across 132 countries, taking advantage of encrypted (HTTPS) requests. Furthermore, 3 percent of the requests were executed from Tor exit nodes.
The researchers determined that the geographical distribution and the types of unsecured services leveraged to generate the attack match the Mēris botnet attack family.
Cloud Armor was able to block the attack and the victim could keep the services online.
More info: How Google Cloud blocked largest Layer 7 DDoS attack yet, 46 million rps | Google Cloud Blog
Researchers at the Microsoft Threat Intelligence Center (MSTIC) have issued an advisory warning of new phishing campaigns by the threat actor SEABORGIUM, also known as ColdRiver or TA446.
SEABORGIUM operators use social engineering to trick their victims with fraudulent social media profiles to carry out credential theft, which ultimately ends with the sending of phishing emails with malicious URLs or attachments where the victim enters their credentials.
These campaigns are mainly targeting NATO organizations and NATO members to obtain sensitive information, although Microsoft has detected attacks against countries in the Baltics, Nordic, and Eastern Europe.
A new ransomware family Security has been tracked down by security researchers:
GwisinLocker, targeting South Korean healthcare, industrial and pharmaceutical companies.
It can encrypt Windows and Linux servers, including ESXi servers and virtual machines. Operated by the threat actor Gwisin, which means “ghost” or “spirit” in Korean, it is believed, based on ransom note data, to be in the hands of an advanced persistent threat (APT) group linked to North Korea.
On Windows devices, the infection is initiated by the execution of an MSI installer that requires special parameters in the command console to execute the DLL file included in the MSI itself.
It also supports a function to encrypt files in safe mode. About the Linux version, the analyzed sample suggests that it is a sophisticated malware with features particularly designed to manage Linux servers, targeting VMware ESXi virtual machines.
More info: New GwisinLocker ransomware encrypts Windows and Linux ESXi servers (bleepingcomputer.com)
Cisco issued a statement confirming that it was the victim of a data compromise at the end of May, on the 24th.
The entry vector was the theft of an employee’s Google credentials stored in the browser. They used social engineering and phishing attacks to get the employee to accept malicious multi-factor notifications, thus gaining access to the corporate VPN and escalating privileges from it. The Yanluowang ransomware group has also claimed responsibility, confirming that the data breach involved 2.75GB of information in 3,100 files in an email sent to Bleeping Computer, claiming responsibility and providing evidence.
Google has released Stable Channel version 104.0.5112.101 for Mac and Linux, and version 104.0.5112.102/101 for Windows, which fixes a total of 11 vulnerabilities.
Among these vulnerabilities, the one cataloged as CVE-2022-2856 stands out, because its active exploitation has been detected. This vulnerability was discovered by Google Threat Analysis Group researchers Ashley Shen and Christian Resell and involves poor validation of untrusted inputs in Intents. On the other hand, vulnerability CVE-2022-2852 is also worth mentioning, as it has been classified as critical.
Here you have the full report of these attacks and vulnerabilities and all the links for more information.