Kenya has been facing a significant cyber attack on its eCitizen portal, a key government online platform, which has disrupted access to over 5,000 government services for almost a week. The attack also impacted some private companies, including Safaricom, the operator of the popular mobile-money service M-Pesa. The government confirmed the cyber attack but stated that no data had been accessed or lost. The group claiming responsibility is Anonymous Sudan, believed to have links to Russia. The attack was carried out using a Distributed Denial of Service (DDoS) method, overwhelming the system with traffic. (bbcnews)
My thoughts: DDoS attacks are interesting because they are meant to cause disruption. They cause disruption with very low level of effort. They actually do not have any monetary gain and simply disrupt or bring down a service. According to the story, there is not evidence, hackers asked for a ransom. So when there is a DDoC attack, I always think there is a personal attack or retribution for something.
Another DDoS attack happened to Israel’s BAZAN Group, its largest oil refinery operator. It has been taken offline after a DDoS attack claimed by the hacktivist group 'Cyber Avengers.' The group also leaked alleged screenshots of BAZAN's SCADA systems used to monitor industrial control systems. BAZAN dismissed the leaked materials as fabricated and denied any damage to their servers or assets. The hacktivist group implied that they breached the company through Check Point, but Check Point denied the claims, stating there is no evidence of such a vulnerability. Cyber Avengers had previously claimed responsibility for other attacks, including the 2021 fires at Haifa Bay petrochemical plants and attacks on Israeli railway stations in 2020. (bleepingcomputer)
My thoughts: A classic tale of he said, she said. We do not know what really happened in this story. What we know for sure is that BAZAN was taken offline. However, a DDoS attack does not imply a cyber breach. Often a DDoS attack could be a diversion while an even bigger attack is happening. Does that mean Cyber Avengers conducted two attacks on the company?
The excitement of avid fans of Activision was short-lived as the Modern Warfare 2 servers were taken offline again after players detected a self-spreading worm virus. The malware, identified as Trojan:Win32 Wacatac.B!ml, targeted PC gamers through hacked lobbies. The hackers used a self-replicating worm to infect players' devices, and Activision took the servers offline to prevent further spreading. This isn't the first time Activision has faced cyber security attacks, as they were targeted by an SMS phishing attack earlier in the year, leading to the compromise of sensitive data. (hackread)
My thoughts: As the saying goes, once is enough, twice is too much, and thrice is a severe lack on your end. Is Activision ready for another attack?
Hawaii Community College has confirmed that it paid a ransom to the NoEscape ransomware gang to prevent the leaking of stolen data of approximately 28,000 individuals. The ransomware gang had listed the University of Hawaii (UH) on its extortion portal, threatening to publish 65 GB of stolen data if the ransom was not paid. UH decided to negotiate with the threat actors to protect the sensitive information of those affected. After a ransom payment was made, the data leak site was removed, and the restoration of the IT infrastructure is still underway. The university is working to implement additional security measures to prevent similar attacks in the future. NoEscape is a new ransomware operation similar to the now-defunct Avaddon ransomware, indicating it may be a rebrand of the previous group. (bleepingcomputer)
My thoughts: Paying NoEscape to get away from this situation just empowers these hackers and in my opinion a sign of desperation. We fund these criminals! Instead of paying hackers, why not proactively invest in cyber security and strengthen your cyber security posture? Paying ransom in a digital world is unlike ransom for a kidnapped victim. Just because they say they will “delete it”, data can be copied and sold over and over again.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.