Another huge DDoS attack, ransomware variants increase and a warning about vulnerable PLCs.
Welcome to Cyber Security Today. It’s Friday, August 19th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Denial of service attacks are still being used to block access to victims’ websites. One of the latest attacks took place on June 1st when an unnamed customer of Google’s Cloud Armor protection service faced a record 46 million requests per second. Denial of service attacks leverage the power of infected routers, servers and computers to fire a wave of requests to a website. They are used as harassment or a way of diverting the attention of IT and security teams from a cyber attack elsewhere on the network. In this case a threat actor assembled a botnet of over 5,000 devices spread over 132 countries for its attack. Companies and government departments that think they may be targets of a denial of service attack should buy DDoS mitigation protection.
Reports of the successful use of ransomware go up and down every month, but one thing isn’t declining: The number of ransomware variants being created by crooks. That’s according to researchers at Fortinet. The number of new ransomware strains they found in the first six months of this year grew by over 10,000. By comparison, 5,400 new variants were discovered in the last half of 2021.
By the way, are you looking for help defending against ransomware? The Ransomware Task Force earlier this month issued a Blueprint for Ransomware Defense, a set of 40 actions organizations can take to protect against and respond to ransomware attacks.
Infected programmable logic controllers used in internet-connected devices found in utilities and factories could be leveraged to compromise operational networks. That’s according to researchers at Claroty. They found a way to exploit PLCs from Rockwell Automation, Schneider Electric, GE and others. After that an attacker could compromise the workstations of engineers who monitor the PLCs, and from there get into OT networks. All of the vulnerabilities found were reported to the PLC manufacturers. Most have issued fixes, patches or distributed mitigation plans for their customers. Even still, organizations using PLCs should limit public internet connectivity of these devices as much as possible. And accessing those devices should be limited to a small number of engineering workstations.
Remember later today the Week in Review edition of the podcast will be available online. This week, Terry Cutler of Montreal’s Cyology Labs will join me to discuss bugs in software patches that are supposed to fix bugs, fake online job offers and the dangers of collecting to much customer data.
Links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.