company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

VoiceOver

Password

loading..
loading..
loading..

Apple Urgently Releases iOS Update to Fix VoiceOver Password Flaw

Update now! Apple releases critical iOS and iPadOS patches to fix a VoiceOver vulnerability that could expose your saved passwords. Protect your data today!

05-Oct-2024
2 min read

Related Articles

loading..

Scattered Spider

MoneyGram

MoneyGram’s global operations were paralyzed for five days in a shocking cyberat...

The MoneyGram cyberattack in September has highlighted a glaring reality: even the most established financial giants are not immune to advanced cyber intrusions. This wasn’t just a minor hiccup—MoneyGram’s extensive global operations, spanning over 200 countries with 350,000 physical locations, were paralyzed for five days. Customers found themselves locked out, unable to access or transfer funds, igniting widespread concern. Initially, many speculated ransomware as the likely culprit—a standard conclusion given the surge of such attacks in recent years. However, after working closely with cybersecurity experts and law enforcement, MoneyGram firmly denied any connection to ransomware. While this might offer temporary relief, the lack of transparency and concrete details raises an unsettling question: if it wasn’t ransomware, what kind of threat are we dealing with? The absence of clear answers leaves the door open to even more complex and potentially dangerous vulnerabilities that remain concealed beneath the surface. ### September Breach: Disruption & Chaos On September 20, MoneyGram's services were abruptly halted, with customers unable to transfer funds or access vital services for five days. The company acted quickly, taking systems offline to contain the breach, and it wasn't until September 25 that operations resumed. Despite whispers of a ransomware attack, MoneyGram vehemently denied this, stating, “At this time, we have no evidence that this issue involves ransomware.” Yet, behind this reassurance lies a deeper, more disturbing narrative involving a hacker collective known as Scattered Spider. ### Rise of Scattered Spider To understand the gravity of this situation, we must travel back to a series of attacks in recent history. Scattered Spider, a hacker group with a reputation for its sophisticated social engineering attacks, made headlines in September 2023 after its audacious breach of MGM Resorts. With a cunning impersonation tactic, they called the resort's IT help desk, posing as employees to reset a password, eventually gaining access to the entire network. In the blink of an eye, Scattered Spider deployed BlackCat ransomware, encrypting hundreds of critical servers, causing a digital blackout that reverberated through the casino and resort giant. This attack, while devastating, was not isolated. In fact, Scattered Spider's modus operandi is to target organizations using similar social engineering methods. Their precision and deep understanding of corporate systems have left a trail of chaos across various industries. What’s most troubling is that the tactics used against MGM appear eerily similar to those seen in MoneyGram’s breach. ### Social Engineering: Silent Killer MoneyGram’s breach, while not linked directly to ransomware, shares a disturbing parallel with previous Scattered Spider attacks. According to insiders, the attackers gained access through a social engineering attack on the company’s internal help desk. An employee’s credentials were compromised, allowing the intruders to access critical employee information in MoneyGram's Windows Active Directory Services. Although swift action prevented further damage, this breach could easily have spiraled into something far more catastrophic. This is the signature of Scattered Spider. Their hallmark is not brute force or sophisticated malware but rather the subtle manipulation of human trust—a vulnerability far harder to patch. By exploiting human error, they bypass even the most stringent cybersecurity defenses, gaining access to systems that would otherwise be impregnable. ### Unanswered Questions While MoneyGram has downplayed the event, stating that "no further damage" was done and that "the majority of our systems are now operational," there remain lingering concerns. The company’s assurance that the breach wasn’t tied to ransomware is comforting, but the very fact that such a significant platform fell prey to a social engineering attack sends a ripple of fear through the financial industry. MoneyGram has yet to publicly name the attackers, but the similarity in attack strategies to those employed by Scattered Spider leaves little room for doubt. This hacker collective has evolved, moving from resort giants like MGM to financial behemoths like MoneyGram. Are they sending a message? Are they honing their skills, biding their time until they can strike again with even greater ferocity? ### A History of Chaos Scattered Spider has been a thorn in the side of cybersecurity for years. Their attacks, dating back to their earlier incarnation as UNC3944, have been marked by meticulous planning and a deep understanding of the corporate systems they breach. They move silently, often remaining undetected until it’s too late. The MGM attack was a defining moment, one that brought Scattered Spider into the limelight. With Microsoft, the FBI, CISA, and cybersecurity firm Mandiant issuing warnings about the group’s tactics, the world took notice. Yet, despite these advisories, the group continues to wreak havoc. Their ability to adapt and evolve, to learn from their past attacks and refine their techniques, makes them one of the most dangerous hacker collectives in the world today. ### A Warning to All The attack on MoneyGram serves as a stark reminder that no company, no matter how large or how secure they may seem, is immune to the threat of cybercrime. The financial industry, in particular, stands at a precipice. With vast amounts of sensitive data and billions of dollars at stake, the risk of another breach—potentially more damaging than this one—looms large. For now, MoneyGram can breathe a sigh of relief. Their systems are back online, and their customers can once again transfer funds. But the damage has been done. Trust has been shaken, and the specter of Scattered Spider continues to hover over the financial world like a shadowy figure waiting for its next victim. As we move into an era where digital transactions become the lifeblood of the global economy, companies must remain vigilant. The tactics of groups like Scattered Spider will only grow more sophisticated. Today, it's MoneyGram. Tomorrow, it could be anyone. And in this ever-evolving game of cat and mouse, it’s clear that the hackers are always one step ahead. The intersection of MoneyGram and Scattered Spider is not just to be cautious—it’s a rather a rock bottom hit. We are at war with cybercriminals who do not need guns or bombs to cause devastation. All they need is a phone call, a little bit of deception, and a world of havoc follows. The question now shouldn't be who will be next?

loading..   05-Oct-2024
loading..   6 min read
loading..

DDoS

CUPS

Critical CUPS vulnerability allows 600x DDoS attack amplification via a single p...

The Common Unix Printing System (CUPS) is a widely used open-source printing system that manages print jobs and queues on Unix-like operating systems. While essential for network printing, CUPS can introduce security vulnerabilities if not properly managed. Recent disclosures have highlighted vulnerabilities within CUPS that threat actors could exploit to launch distributed denial-of-service (DDoS) amplification attacks. This comprehensive analysis delves into the intricacies of these vulnerabilities, their exploitation mechanisms, and mitigation strategies to safeguard affected systems. --- ### Understanding CUPS CUPS provides a modular printing system that enables a computer to act as a print server. It uses the Internet Printing Protocol (IPP) and supports various printing services, making it integral to many network environments. However, its widespread adoption also makes it a target for cyber threats. --- ### Overview of the Vulnerabilities Vulnerability in cups-browsed Daemon The cups-browsed daemon is responsible for browsing remote printers and adding them to the local print system. A vulnerability within this daemon allows attackers to send specially crafted packets that trick the CUPS server into treating a target device as a printer to be added. ### Exploitation via Malicious UDP Packets Attackers can exploit this vulnerability by sending a single malicious UDP packet to an exposed CUPS service. This packet initiates a series of unintended actions by the CUPS server, leading to DDoS amplification. --- ### Mechanism of DDoS Amplification #### Amplification Factor Each malicious packet sent to a vulnerable CUPS server causes it to generate larger IPP/HTTP requests to the target device. This results in a significant amplification of traffic—up to 600 times the size of the initial packet. #### Impact on Servers and Networks **Bandwidth Consumption:** The amplified traffic consumes considerable bandwidth, potentially overwhelming the target's network capacity. **Resource Exhaustion:** Both the CUPS server and the target device experience increased CPU and memory usage. **Infinite Request Loops:** In some cases, CUPS servers enter an infinite loop, continuously sending requests and exacerbating the attack's impact. --- ### Scope of the Vulnerability #### Exposed and Vulnerable Servers Security researchers estimate that a significant number of CUPS servers are exposed online, with thousands running outdated versions dating back to 2007. These outdated systems lack critical security patches, making them susceptible to exploitation. #### Potential for Botnet Recruitment Cybercriminals can exploit these vulnerabilities to build botnets for more extensive DDoS attacks or achieve remote code execution (RCE) by chaining multiple vulnerabilities. --- ### Technical Analysis of the Exploit - **1. Initial Probe:** The attacker sends a crafted UDP packet to the vulnerable CUPS server. - **2. Triggering Printer Addition:** The server misinterprets the packet, attempting to add the target as a new printer. - **3. Amplified Request Generation:** The server sends larger IPP/HTTP requests to the target device. - **4. Resource Drain:** Repeated requests lead to bandwidth and CPU resource exhaustion on both the server and the target. - **5. Infinite Loop Scenarios:** Certain errors can cause the server to repeatedly attempt connections, creating an endless loop of traffic. --- ### Mitigation Strategies #### Apply Security Patches ***Update CUPS***: Ensure that the CUPS software is updated to the latest version, incorporating all security patches that address known vulnerabilities. #### Disable Unnecessary Services ***Stop cups-browsed Daemon***: If not required, disable the cups-browsed service to eliminate the attack vector. `sudo systemctl stop cups-browsed` `sudo systemctl disable cups-browsed` #### Implement Network Access Controls ***Firewall Configuration:*** Restrict access to CUPS services using firewalls to allow only trusted networks or hosts. ***UDP Traffic Limitation:*** Limit or monitor UDP traffic to and from CUPS servers. #### Monitor and Detect Anomalous Activity ***Intrusion Detection Systems***: Deploy IDS/IPS solutions to detect and prevent exploitation attempts. ***Log Analysis***: Regularly review system logs for unusual activity related to CUPS services. ### Educate and Train Staff ***Security Awareness:*** Ensure that system administrators are aware of the latest vulnerabilities and the importance of timely patching. ***Incident Response Planning:*** Develop and maintain an incident response plan for potential security breaches.

loading..   04-Oct-2024
loading..   4 min read
loading..

Cloudflare

DDoS

Cloudflare mitigated the largest recorded DDoS attack peaking at 3.8 Tbps, highl...

In a landmark DDoS event, Cloudflare has announced the successful mitigation of the largest recorded Distributed Denial-of-Service (DDoS) attack to date, which peaked at a staggering 3.8 terabits per second (Tbps). This hyper-volumetric attack targeted organizations across the financial services, internet, and telecommunications sectors, underscoring the escalating scale and sophistication of cyber threats facing global infrastructure. ### A Month-Long Siege of Volumetric Attacks The colossal assault was part of a sustained campaign spanning over a month, during which more than 100 hyper-volumetric DDoS attacks were launched. These attacks aimed to overwhelm network infrastructure by inundating it with massive amounts of illegitimate traffic, thereby consuming bandwidth and depleting system resources. This deluge of data effectively denied legitimate users access to services, fulfilling the primary objective of a DDoS attack. ### Technical Anatomy of the Attack The attacks primarily targeted the network and transport layers (Layers 3 and 4) of the OSI model. Many of these assaults surpassed two billion packets per second (pps) and exceeded bandwidths of 3 Tbps. The threat actors orchestrated the campaign using a diverse array of compromised devices, including: - Asus Home Routers - MikroTik Systems - Digital Video Recorders (DVRs) - Web Servers These infected devices formed a global botnet with significant concentrations in Russia, Vietnam, the United States, Brazil, and Spain. ### UDP Exploitation on Fixed Ports The attackers predominantly utilized the User Datagram Protocol (UDP) on fixed ports to transmit data. UDP is favored in such attacks due to its connectionless nature, allowing rapid transmission without the overhead of establishing a formal connection, thus amplifying the attack's speed and volume. ### Cloudflare's Autonomous Defense Mechanism Cloudflare's advanced DDoS mitigation infrastructure autonomously detected and neutralized all the attacks in real-time. The peak attack, which hit 3.8 Tbps, lasted approximately 65 seconds. The company's ability to withstand such a massive onslaught without manual intervention highlights the effectiveness of its automated defense systems and the importance of robust cybersecurity measures. ### Global Distribution of Attack Sources ### Infected devices were distributed globally, with hotspots in key regions. #### Comparative Analysis with Previous Records Before this incident, the record for the largest publicly disclosed volumetric DDoS attack was held by Microsoft, which mitigated a 3.47 Tbps attack targeting an Azure customer in Asia. Cloudflare's recent mitigation surpasses this figure, indicating a troubling increase in the scale at which malicious actors are operating. #### Emerging Threats: The CUPS Vulnerability In a related development, cybersecurity firm Akamai has identified that recently disclosed vulnerabilities in the Common UNIX Printing System (CUPS) for Linux could serve as a new vector for DDoS attacks. Akamai's research revealed: #### Over 58,000 publicly accessible systems vulnerable to CUPS exploitation. These systems could be co-opted to send thousands of requests in amplification attacks. Some CUPS servers responded repeatedly to initial requests, potentially leading to endless loops of malicious traffic. ### Implications for Cybersecurity The escalation in both the scale of attacks and the exploitation of new vulnerabilities like CUPS underscores the evolving threat landscape. Organizations must adopt proactive and adaptive security strategies, including: Investing in Automated Defense Systems: As demonstrated by Cloudflare, autonomous mitigation can effectively neutralize large-scale attacks without human intervention. Regular Vulnerability Assessments: Identifying and patching vulnerabilities like those in CUPS can prevent systems from being exploited in botnets. Global Collaboration: Sharing threat intelligence across industries and borders is crucial for anticipating and defending against emerging threats. Cloudflare's successful mitigation of the largest recorded DDoS attack serves as both a warning and a call to action. As cyber threats continue to grow in scale and complexity, the importance of robust, automated, and adaptive cybersecurity measures cannot be overstated. Organizations worldwide must remain vigilant and collaborative to safeguard the integrity of global digital infrastructure.

loading..   03-Oct-2024
loading..   4 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303