Weekly Cyber Security News
Welcome to Astria’s blog and our Weekly Cyber Security News segment. Here we share some of the most interesting and relevant pieces of cyber security news that we find. This valuable resource is here to keep you informed of vulnerabilities and solutions for your business, as well as to discuss some cyber security concepts.
1. Security Week: “Windows Updates Deliver Intel’s Spectre Microcode Patches.”
As we discussed in last week’s post about all things Spectre, Microsoft is patching some systems as of Friday. But Microsoft is not rolling out all patches immediately as they intend to test stability first.
In fact, Intel actually released patches earlier in the year, but the patches were causing many systems to crash. When Microsoft discovered the issues, they chose not to deploy the patches to their users until Intel provided more stable microcode patches.
That day has finally come, and Microsoft is now offering the patch for some processors and systems. Currently, Windows updates delivering the patch are available for Windows 10 and Windows Server versions 1709 with 6th Gen processors.
Some people with older processors and older versions of Windows will also receive patches as they complete more testing. Microsoft testing is a good sign for consumers, but it will be important to stay on top of the situation. Be sure to keep checking for Windows updates to patch Spectre.
2. Krebs On Security: “Powerful New DDoS Method Adds Extortion.”
Last week, the DDoS mitigation firm Akamai reported that criminals attacked one of their customers with the biggest DDoS attack to date. The attack reached a record 1.3 Tbps, but even more interesting is that the attackers attempted to extort their victims.
How did such a large attack take place? DDoS attackers are using a new method that takes advantage of the memcashed service. This service is legitimate when used correctly, but attackers are utilizing it to hit targets with fewer resources.
The surprising thing with these attacks is that many now include ransom notes mixed in. The attackers demand payment in crypto currency to stop the attack which otherwise shuts down a business’ website. For many modern businesses, web traffic is critical, and attacks like this could be problematic enough to pay the ransom.
Fortunately, filtering packets on port 11211 can mitigate this attack. Many web providers are already starting to filter this, and many firewalls do by default. But it is worth noting that attackers are finding new ways to get a ransom from victims. We may see more of these attacks in the future.
3. WeLiveSecurity: “Over 40% of online login attempts are attackers trying to invade accounts.”
If you find it unlikely that someone would try to break into your Netflix account, this may change your mind. In another report by Akamai, research found that up to 43% of global log in attempts are actually bots trying to break into accounts.
The amount of attempts does vary a bit by industry. For retailers, false attempts made up just over 1/3 of login attempts. But in the hospitality industry, bots made up a massive 82% of all login attempts. This means that most log in attempts on travel and booking websites are actually bots trying to break in!
Akamai also warns that this data may be on the lower end of reality. Due to the way they measured, they only tracked websites that use email addresses to log in. So this did not include any websites that have a user name to log in, and there may be many more false log in attempts.
All of this simply highlights the importance of strong passwords. Bots likely try to log in to your accounts regularly, so don’t make it easy for them! This also shows that it is important to have different passwords on different websites. If attackers get one email and password combo correct, they can try it again on other websites.
Do you need to know how to make good passwords? Let us know! We can write an article on how to make good passwords that you can remember.