CYBER ADVISORY IDENTIFIES A ‘TREND OF SYSTEMIC WEAKNESSES’ IN DIGITAL CONFIGURATIONS BY ALEXANDRA KELLEY
A joint advisory by CISA and NSA highlights the top 10 software misconfigurations leaving networks vulnerable, which include default configurations of software and applications, inadequate user/administrator privilege separation, poor monitoring, and weak authentication. The advisory stresses the need for a secure-by-design approach, with security integrated into software development and lifecycle. This approach includes eliminating default passwords, employing multifactor authentication, and securing login schemes to prevent phishing attacks. The advisory underscores systemic weaknesses in many organizations and calls for software manufacturers to embrace such secure-by-design principles, aligning with the Biden administration's digital policies. Red and Blue teams from the agencies conducted offensive and defensive testing to identify these vulnerabilities.
ACTIVIST HACKERS ARE RACING INTO THE ISRAEL-HAMAS WAR—FOR BOTH SIDES BY LILY HAY NEWMAN & MATT BURGESS
After a Hamas attack on Israel led to an escalation of hostilities, hacktivists worldwide engaged in cyber warfare, reportedly launching DDoS attacks, defacements, and data theft on government and media sites on both sides of the conflict. Three subsets of hacktivist activity emerged: Islamic groups supporting Palestine, pro-Russian hacktivists sowing chaos, and new groups. Some targeted the Israeli Red Alert missile warning platform, intercepting data and possibly sending fake missile warnings. An internet service provider in Gaza was also affected. These digital attacks can fuel disinformation amid real conflict, causing unpredictability. International rules of engagement for civilian hackers were recently introduced, but hacktivist groups' responses vary, and their role in warfare remains complex.
GOOGLE CLOUD, AWS, AND CLOUDFLARE REPORT LARGEST DDOS ATTACKS EVER BY STEVEN VAUGHAN-NICHOLS
Google Cloud, along with other major cloud companies like Cloudflare and Amazon Web Services, experienced a recent surge in Distributed Denial of Service (DDoS) attacks. The largest DDoS attack in history hit Google Cloud in August, peaking at 398 million requests per second (RPS), dwarfing previous attacks at 46 million RPS in 2022. Cloudflare dealt with a 201 million RPS attack, and AWS faced a 155 million RPS assault. These attacks, exploiting a new "Rapid Reset" technique, continue to target major infrastructure providers. Organizations are urged to verify server security and apply patches for CVE-2023-44487 to defend against such attacks. Furthermore, robust network DDoS defense services like Amazon CloudFront, AWS Shield, Google Cloud Armor, or CloudFlare Magic Transit are essential to fend off these attacks.
EPA CALLS OFF CYBER REGULATIONS FOR WATER SECTOR BY CHRISTIAN VASQUEZ
The Environmental Protection Agency (EPA) will no longer require cybersecurity audits of U.S. water utilities through sanitary surveys, marking a setback to the Biden administration's cybersecurity initiatives for critical infrastructure. Litigation from Republican states and trade associations raised legal concerns about the initiative, leading to the withdrawal of the March memorandum that implemented the rule. This decision weakens the administration's efforts to enhance cyber mandates for critical infrastructure sectors, despite cybersecurity being a top priority. Owners and operators of critical infrastructure systems, especially water utilities, face increased cyber threats. The withdrawal may hinder future attempts to standardize regulations among various critical infrastructure sectors. Some industry groups favor a co-regulatory model with EPA oversight.
PHISHERS SPOOF USPS, 12 OTHER NATL’ POSTAL SERVICES BY BRIAN KREBS
Phishing scams targeting U.S. Postal Service (USPS) customers are on the rise, with SMS phishing efforts attempting to steal personal and financial data by mimicking USPS and postal services in over a dozen countries. A recent SMS phishing operation used the domain usps.informedtrck[.]com, asking recipients to update their address information. This phishing domain is linked to other USPS-themed phishing domains like usps.trckpackages[.]com and postreceive[.]com, and some domains have gone so far as to use Google Analytics codes associated with official USPS websites. Researchers also found a large number of postal phishing domains registered via Alibaba, targeting multiple countries' postal services. Such phishing scams can be prevalent during the holiday season, emphasizing the importance of caution when clicking on links and attachments in unsolicited messages.
