{"id":17542,"date":"2024-10-05T07:00:00","date_gmt":"2024-10-05T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/cybersecurity-highlights-ddos-attacks-fraudulent-apps-and-more\/"},"modified":"2024-10-05T07:00:00","modified_gmt":"2024-10-05T04:00:00","slug":"cybersecurity-highlights-ddos-attacks-fraudulent-apps-and-more","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/cybersecurity-highlights-ddos-attacks-fraudulent-apps-and-more\/","title":{"rendered":"Cybersecurity Highlights: DDoS Attacks, Fraudulent Apps, and More"},"content":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>Cloudflare thwarted the largest DDoS attack with a capacity of 3.8 Tbps.<\/li>\n<li>Thousands of users downloaded fraudulent cryptocurrency apps from Google Play and the App Store.<\/li>\n<li>A modification of Meta&#8217;s smart glasses revealed a person&#8217;s home address.<\/li>\n<li>The development of Outlast was delayed due to a cyberattack.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Cloudflare Thwarts Largest DDoS Attack at 3.8 Tbps<\/strong><\/h2>\n<p>Since early September, Cloudflare&#8217;s defense systems have been <a href=\"https:\/\/blog.cloudflare.com\/how-cloudflare-auto-mitigated-world-record-3-8-tbps-ddos-attack\/\">combating<\/a> a month-long campaign of hyper-volumetric <span data-descr=\"distributed denial of service\" class=\"old_tooltip\">DDoS<\/span> attacks targeting organizations in the financial services, internet, and telecommunications sectors.\u00a0<\/p>\n<p>The perpetrator used various types of compromised devices, including a large number of Asus home routers, Mikrotik systems, digital video recorders, and servers. These were primarily based in Russia, Vietnam, the USA, Brazil, and Spain.<\/p>\n<p>Many of the attacks aimed at the target&#8217;s network infrastructure exceeded 2 billion packets per second. The largest peaked at 3.8 Tbps, a record figure among those publicly disclosed so far.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXcHqqDXkLEWageJFwR4IYPEliFTbbPAOuVVbO_gHa2FiTSlNg-wR8QXFrxW7S5hvEb3ZBOyokmRkJzEB0TYFU3_F2Rsm_IluCoQLcPdN-r7COk2DY4lLBslHWkZfzpOPVxzjvdFp3tZFHKVHg47esM3fg5h?key=jFZxy_iEBiSOR-TCh5sNnA\" alt=\"Cybersecurity Highlights: DDoS Attacks, Fraudulent Apps, and More\"\/><figcaption class=\"wp-element-caption\">Data: Cloudflare.<\/figcaption><\/figure>\n<p>Previously, Microsoft held the record, having thwarted a massive DDoS attack with a capacity of 3.47 Tbps aimed at an Azure client in Asia.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Thousands Download Fraudulent Crypto Apps from Google Play and App Store<\/strong><\/h2>\n<p>Group-IB specialists discovered a family of malicious programs called UniShadowTrade in Google Play and the App Store, which mimic various legitimate cryptocurrency and trading platforms.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Beware of fraudulent trading apps! A recent <a href=\"https:\/\/twitter.com\/hashtag\/PigButchering?src=hash&#038;ref_src=twsrc%5Etfw\">#PigButchering<\/a> scam was discovered on the <a href=\"https:\/\/twitter.com\/hashtag\/AppleStore?src=hash&#038;ref_src=twsrc%5Etfw\">#AppleStore<\/a> &#038; <a href=\"https:\/\/twitter.com\/hashtag\/GooglePlay?src=hash&#038;ref_src=twsrc%5Etfw\">#GooglePlay<\/a>. <a href=\"https:\/\/twitter.com\/hashtag\/Cybercriminals?src=hash&#038;ref_src=twsrc%5Etfw\">#Cybercriminals<\/a> are exploiting trust in official platforms. <a href=\"https:\/\/t.co\/8R01MWkQ7I\">pic.twitter.com\/8R01MWkQ7I<\/a><\/p>\n<p>\u2014 Group-IB Threat Intelligence (@GroupIB_TI) <a href=\"https:\/\/twitter.com\/GroupIB_TI\/status\/1841357287664882141?ref_src=twsrc%5Etfw\">October 2, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The fake apps operate under a &#8220;pig butchering&#8221; scheme. Victims found through social networks and dating apps are lured with promises of large investment returns. All deposits go to the scammers&#8217; wallets. Additionally, they may request identity documents for theft purposes.\u00a0<\/p>\n<p>By the time the apps were removed from the stores, their downloads had exceeded several thousand. The perpetrators continue their activities on phishing sites.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Meta&#8217;s Smart Glasses Modification Reveals Personal Addresses<\/strong><\/h2>\n<p>Harvard students AnhPhu Nguyen and Caine Ardayfio combined Meta Ray Bans 2 smart glasses with facial recognition technology, enabling the identification of individuals and revealing their social media profiles, home addresses, phone numbers, and family member information. This was reported by <a href=\"https:\/\/www.404media.co\/someone-put-facial-recognition-tech-onto-metas-smart-glasses-to-instantly-dox-strangers\/\">404 Media<\/a>.<\/p>\n<p>The I-XRAY project code is closed, but in an accompanying <a href=\"https:\/\/docs.google.com\/document\/d\/1iWCqmaOUKhKjcKSktIwC3NNANoFP7vPsRvcbOIup_BA\/edit?ref=404media.co\">document<\/a>, developers state they use the Pimeyes service to search for faces with URLs of image sources. With this, the application can access yearbooks, profiles on employer websites, or sports clubs the person might belong to.\u00a0<\/p>\n<p>Once a name is determined, information gathering continues through data brokers holding a wide range of details. The search result using a <span data-descr=\"large language model\" class=\"old_tooltip\">LLM<\/span> is displayed on a smartphone screen.<\/p>\n<p>Real-world experiments showed dozens of successful identifications, though some data were inaccurate and contained incorrect names.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Are we ready for a world where our data is exposed at a glance? <a href=\"https:\/\/twitter.com\/CaineArdayfio?ref_src=twsrc%5Etfw\">@CaineArdayfio<\/a> and I offer an answer to protect yourself here:<a href=\"https:\/\/t.co\/LhxModhDpk\">https:\/\/t.co\/LhxModhDpk<\/a> <a href=\"https:\/\/t.co\/Oo35TxBNtD\">pic.twitter.com\/Oo35TxBNtD<\/a><\/p>\n<p>\u2014 AnhPhu Nguyen (@AnhPhuNguyen1) <a href=\"https:\/\/twitter.com\/AnhPhuNguyen1\/status\/1840786336992682409?ref_src=twsrc%5Etfw\">September 30, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>A Meta representative emphasized to the media that the smart glasses themselves do not provide such identification capabilities and reminded users to use <span data-descr=\"Facebook's companion app for the glasses\" class=\"old_tooltip\">Facebook View<\/span> in a &#8220;safe, legal, and respectful manner.&#8221;\u00a0<\/p>\n<p>Pimeyes stated they were &#8220;quite surprised&#8221; by the details provided to them.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Elusive Malware Infects Linux Servers with Crypto Miner for Three Years<\/strong><\/h2>\n<p>Researchers at Aqua Nautilus discovered and <a href=\"https:\/\/www.aquasec.com\/blog\/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers\/\">detailed<\/a> the malware perfctl, which for three years attacked millions of Linux servers and infected several thousand with a hidden Monero cryptocurrency miner.<\/p>\n<p>Attackers exploit misconfigurations or exposed login interfaces to breach servers. Due to its high level of evasion and use of rootkits, perfctl is difficult to detect in an infected system.<\/p>\n<p>The crypto miner interacts with specified pools via Tor, keeping network traffic hidden and profits untraceable.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Outlast Development Delayed Due to Cyberattack<\/strong><\/h2>\n<p>Canadian video game developer Red Barrels <a href=\"https:\/\/redbarrelsgames.com\/news\/an-important-message-from-the-red-barrels-team\/\">announced<\/a> a delay in the development of the Outlast series due to a recent cyberattack.<\/p>\n<p>The incident did not affect player data, but the compromise of internal IT systems significantly disrupted production timelines.\u00a0<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;We will do our best to follow our plan, but unfortunately, some things will have to be postponed. We will share a more detailed update on this issue as soon as we can,&#8221; the team stated.<\/p>\n<\/blockquote>\n<p>Red Barrels took measures to protect information and conducted an in-depth investigation of the breach with the help of external experts.\u00a0<\/p>\n<h2 class=\"wp-block-heading\"><strong>Four More Suspected LockBit Ransomware Gang Members Arrested<\/strong><\/h2>\n<p>Europol <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/lockbit-power-cut-four-new-arrests-and-financial-sanctions-against-affiliates\">arrested<\/a> four individuals suspected of links to the LockBit hacker group. The operation took place in August, but was only reported now.<\/p>\n<p>Among those detained, at the request of French authorities, was a suspected developer of the ransomware program, whose identity and location are undisclosed. It is highly likely that this refers to Russian <a href=\"https:\/\/u1f987.com\/en\/news\/identity-of-lockbit-ransomware-administrator-revealed\">Dmitry Khoroshev<\/a>, known by the aliases LockBitSupp and putinkrab.\u00a0<\/p>\n<p>The British authorities arrested two members of the LockBit affiliate, while Spain detained the administrator of the Bulletproof hosting service used by the hackers. Nine ransomware servers were seized.<\/p>\n<p>Additionally, the UK, US, and Australia <a href=\"https:\/\/www.gov.uk\/government\/news\/uk-sanctions-members-of-notorious-evil-corp-cyber-crime-gang-after-lammy-calls-out-putins-mafia-state\">imposed sanctions<\/a> on Russian citizens involved in spreading LockBit and <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2623\">linked<\/a> to another hacker group, Evil Corp.<\/p>\n<p>Information obtained from the <a href=\"https:\/\/u1f987.com\/en\/news\/uk-authorities-seize-lockbit-ransomware-sites\">seizure of ransomware servers<\/a> in February 2024 significantly aided in identifying the perpetrators.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Major Outage in Runet Coincides with Global Telegram Issues<\/strong><\/h2>\n<p>On October 3, a major outage occurred in the Russian segment of the internet. According to the service <a href=\"https:\/\/xn--90aqok.xn--p1ai\/\">&#8220;\u0421\u0431\u043e\u0439.\u0440\u0444&#8221;<\/a>, issues arose with the <span data-descr=\"fast payment system\" class=\"old_tooltip\">FPS<\/span>, some banks, Telegram, VK, and several mobile operators.\u00a0<\/p>\n<p>Users reported slow file loading and difficulties logging into applications.<\/p>\n<p>Simultaneously, the Telegram messenger experienced a <a href=\"https:\/\/downdetector.com\/status\/telegram\/\">global outage<\/a>\u2014chats would not open and messages would not send. <\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/hnfr972hteoaxwfw-hcnhpmeeyg.webp\" alt=\"hnfr972hteoaxwfw-hcnhpmeeyg\" class=\"wp-image-242569\"\/><figcaption class=\"wp-element-caption\">Data: Downdetector.<\/figcaption><\/figure>\n<p>As the cause of the issues was unclear, users jokingly speculated in comments, considering recent <a href=\"https:\/\/u1f987.com\/en\/news\/pavel-durov-placed-under-judicial-supervision-with-e5-million-bail\">news<\/a> surrounding Durov.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXdwzMV42Sr-PdK6Yitmcs0rSf6haWCA10GVNVfwtpl5BLtZMjud0N3O3qCU90H6PLBRO5YPWlijpMIp4xK0Ac_br0uSEzF6-SJ92RfaS7DHhZie2cUTCAfDXLHkvYkSZtV-lQKrY3iNC_-3vhj1ZR_QtjpU?key=jFZxy_iEBiSOR-TCh5sNnA\" alt=\"Cybersecurity Highlights: DDoS Attacks, Fraudulent Apps, and More\"\/><figcaption class=\"wp-element-caption\">Data: <a href=\"https:\/\/downradar.ru\/ne-rabotaet\/telegram.org#comments\">Downradar<\/a>.<\/figcaption><\/figure>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXfl6Slu3MUZtz-BmI00ljxUDMcJo4p3ZZXF9JrBBU9Br4HXJbhMF5OOoyJhi0SA0uyf_uFyPLsSFbFWxrOr6gO4vLQ8th9TjyeL3DLp0ys_5BfRwa01wDX7kAGyFwRlVhPDoNsBBJz2m7aGRO333nWRI78?key=jFZxy_iEBiSOR-TCh5sNnA\" alt=\"Cybersecurity Highlights: DDoS Attacks, Fraudulent Apps, and More\"\/><figcaption class=\"wp-element-caption\">Data: Downdetector.<\/figcaption><\/figure>\n<p>Over an hour after the outage began, Telegram services resumed.<\/p>\n<p>A similar situation with the messenger occurred on October 1. Experts <a href=\"https:\/\/t.me\/addmeto\/5887\">linked<\/a> it to military actions in the Middle East.<\/p>\n<h2 class=\"wp-block-heading\"><strong>X Pays $5.2 Million in Fines to Resume Service in Brazil<\/strong><\/h2>\n<p>The social network X has requested to resume operations in Brazil after paying $5.24 million in fines imposed by the local Supreme Court in August. This was reported by <a href=\"https:\/\/www.reuters.com\/technology\/musks-x-seek-resumption-brazil-service-fines-paid-sources-say-2024-10-04\/\">Reuters<\/a>.<\/p>\n<p>Previously, the platform owned by Elon Musk was accused of spreading misinformation and lacking a legal representative in the country. Access to it was <a href=\"https:\/\/u1f987.com\/en\/news\/brazil-blocks-x-infostealer-targets-ethereum-wallets-and-other-cybersecurity-events\">blocked<\/a>, and users were threatened with hefty fines for bypassing restrictions.<\/p>\n<p>According to the publication, Brazil is one of the largest and most desirable markets for X.\u00a0<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>A Bitcoin developer introduced the &#8220;most anonymous&#8221; messenger.<\/li>\n<li>Anti-money laundering regulations for the digital ruble recommended for adoption.<\/li>\n<li>The case of a $24 million cryptocurrency theft from an AT&#038;T subscriber will be reopened.<\/li>\n<li>In Q3, crypto hackers and scammers stole assets worth $753 million.<\/li>\n<li>Massive searches were conducted in St. Petersburg&#8217;s Bitcoin exchanges as part of the investigation into Cryptex and UAPS services. Some suspects were placed under house arrest.<\/li>\n<li>Australian law enforcement decrypted a seed phrase to seize $6.4 million in cryptocurrency.<\/li>\n<li>Durov revealed the number of disclosed Telegram user data.<\/li>\n<li>In September, crypto projects lost $120 million due to hacker attacks.<\/li>\n<li>A US resident confessed to stealing $37 million in cryptocurrency.<\/li>\n<li>Over 250 crypto investors lost ~$650,000 due to a single fraudster.<\/li>\n<li>The Central Bank of Russia will study cross-border Bitcoin transfers by Russians.<\/li>\n<li>A former Coinbase employee was accused of stealing code for an AI project.<\/li>\n<li>Kazakhstan closed 19 Bitcoin exchanges with a turnover of over $60 million.<\/li>\n<li>Zilliqa to release a &#8220;permanent patch&#8221; after new failures.<\/li>\n<li>AI vs. AI. Nvidia&#8217;s CEO discussed combating the &#8220;dark side&#8221; of neural networks.<\/li>\n<li>An expert predicted the death of &#8220;cypherpunk values&#8221; in blockchain.<\/li>\n<li>A crypto whale lost $32 million in a phishing attack.<\/li>\n<li>Tether helped freeze $6 million from crypto scammers.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to Read Over the Weekend?<\/strong><\/h2>\n<p>Why, if code is law, are exploits and hacks illegal? Explained in the article:<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week. Cloudflare thwarted the largest DDoS attack with a capacity of 3.8 Tbps. Thousands of users downloaded fraudulent cryptocurrency apps from Google Play and the App Store. A modification of Meta&#8217;s smart glasses revealed a person&#8217;s home address. The development of Outlast was delayed due [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":17541,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-17542","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"36","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/17542","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=17542"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/17542\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/17541"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=17542"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=17542"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=17542"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}