Avast Blog_Security News: DDoS attack forces Wikipedia offline

[harlan4096]

Plus, a BEC bust leads to 281 arrests, a new phishing scam cleverly uses captcha, and will the next trend of IoT hacking involve your local gas pump?

Last Friday, the Wikimedia Foundation issued a statement that a malicious attack had forced its popular information site Wikipedia to go offline for intermittent periods in several countries. The foundation confirmed to Forbes that it had been hit by a massive DDoS (Distributed Denial of Service) attack – an onslaught of access requests meant to overwhelm a system so it malfunctions or shuts down. DDoS attacks, typically carried out by botnets, can involve hundreds of thousands, sometimes millions, of hijacked servers commanded to issue concurrent and nonstop access requests. Forbes reported that Wikipedia went offline in the U.K., France, Germany, Italy, The Netherlands, Poland, and parts of the Middle East.

In an effort to help the Wikimedia Foundation recover, Craig Newmark Philanthropies – the nonprofit run by Craigslist founder Craig Newmark – has pledged a gift of $2.5 million. The foundation says the money will help grow capabilities in application security, risk management, incident response, and more. “DDoS attacks are easy to perform in a cheap way,” commented Avast Security Evangelist Luis Corrons. “Anyone with a grudge against Wikipedia could have launched it with no effort. Sadly, defending against them is not as cheap, so it is really good news that Craig Newmark has stepped up, so we can all keep benefiting from Wikipedia.”

This week’s stat

Avast researchers have found that Android flashlight applications request an average of 25 permissions to access data or features on mobile devices, potentially exposing users in unnecessary ways.

International BEC bust leads to 281 arrests

In a coordinated effort between U.S. government agencies and law enforcement, a four-month operation tracking perpetrators of business email compromise (BEC) scams led to the arrest of 281 individuals around the world. Operation reWired, as the effort was called, launched in May 2019 as a special project between the Department of Justice, Department of Homeland Security, Department of the Treasury, Postal Inspection Service, and Department of State, reported DarkReading. BEC scams often target employees who have access to company finances, starting with a phishing email pretending to be from an associated company or fellow employee requesting a wire transfer or other rerouting of funds for seemingly legitimate reasons, such as payment for a late invoice or the setup of a new bank account for direct deposit paychecks. Throughout the operation, investigators found that the BEC scammers also may have stolen more than 250,000 identities and filed more than 10,000 fraudulent tax returns, which would have generated over $91 million. The international bust involved 167 suspects in Nigeria, 74 in the U.S., 18 in Turkey, 15 in Ghana, and suspects in France, Italy, Japan, Kenya, Malaysia, and the U.K. The FBI reported that since 2013, BEC scams have cost business owners over $10 billion in losses. Avast Evangelist Corrons lauds the operation but reminds users to stay vigilant. “BEC attacks are dangerous and put companies all around the world at serious risk. It is fantastic that U.S. law enforcement agencies have been able to coordinate this global bust. Still, BEC is a profitable ‘business’ and precautions need to be taken as new players will eventually appear.”
...

Continue Reading