Security News

The U.S. Cybersecurity and Infrastructure Security Agency warned today of ongoing distributed denial-of-service attacks after U.S. organizations across multiple industry sectors were hit. "CISA is aware of open-source reporting of targeted denial-of-service and distributed denial-of-service attacks against multiple organizations in multiple sectors," the cybersecurity agency said.

In 2022, the total number of DDoS attacks worldwide increased by 115.1% over the amount observed in 2021, according to Nexusguard. While the overall number of DDoS attacks did more than double, the maximum size of 361.9 gigabits per second represented a 48.2% decrease over those measured in 2021.

Empowering Google security and networking solutions with AIIn this Help Net Security interview, Sunil Potti, GM and VP of Cloud Security at Google Cloud, talks about how new security and networking solutions powered by AI help improve security so Google customers can address their most pressing security challenges and remain ahead of an ever changing threat landscape. Infosecurity Europe 2023Infosecurity Europe took place at ExCeL London from June 20-22, 2023 and Help Net Security was on site.

A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 Wi-Fi routers to rope the devices into a distributed denial-of-service botnet. "The Telegram channel was started in May 2022, and the threat actor has been monetizing its botnet by providing DDoS-as-a-service and selling the malware source code," security researchers Joie Salvio and Roy Tay said.

A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 Wi-Fi routers to build an army of bots to conduct attacks. Condi aims to enlist new devices to create a powerful DDoS botnet that can be rented to launch attacks on websites and services.

Poorly managed Linux SSH servers are getting compromised by unknown attackers and instructed to engage in DDoS attacks while simultaneously mining cryptocurrency in the background. "The source code of Tsunami is publicly available so it is used by a multitude of threat actors. Among its various uses, it is mostly used in attacks against IoT devices. Of course, it is also consistently used to target Linux servers," researchers with AhnLab's Security Emergency response Center explained.

The Microsoft 365 and Azure Portal outages users expirienced this month were caused by Layer 7 DDoS attacks, Microsoft has confirmed on Friday. Throughout the first half June 2023 Microsoft confirmed, at various times, ongoing issues with its cloud-based services - Microsoft 365 and Azure Portal - but did not say at the time that they were caused by an increase in traffic.

"These attacks likely rely on access to multiple virtual private servers in conjunction with rented cloud infrastructure, open proxies, and DDoS tools," the tech giant said in a post on Friday.Redmond said it further observed the threat actor launching layer 7 DDoS attacks from multiple cloud services and open proxy infrastructures.

The Associated Press reported that in response to its inquiries about the cause of the outage, Microsoft admitted that Anonymous Sudan and DDoS orchestrated by the group were the cause of the outages. The post that the AP claims is Microsoft's admission of succumbing to Anonymous Sudan doesn't mention the source of the DDoS - but does state: "Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.".

Microsoft has confirmed that recent outages to Azure, Outlook, and OneDrive web portals resulted from Layer 7 DDoS attacks against the company's services. The outages occurred at the beginning of June, with Outlook.com's web portal targeted on June 7th, OneDrive on June 8th, and the Microsoft Azure Portal on June 9th. Microsoft did not share at the time that they were suffering DDoS attacks but hinted that they were the cause, stating for some incidents that they were "Applying load balancing processes in order to mitigate the issue."