View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 28, 2016updated 07 Nov 2016 2:29pm

Monthly Attack Alert: Biggest cyber attacks in October

By Alexander Sword

October saw the ominous predictions of Resilient CTO Bruce Schneier in September coming true as a number of major internet infrastructure providers fell victim to cyber attack.

Schneier had warned that the companies that operated the nuts and bolts of the internet were being tested in major DDoS attacks by what he believed to be a state actor.

This is a major theme across CBR’s monthly attack round-up; but perhaps as concerning as who the attacks are targeting is the way that they are being carried out.

Again, the DDoS methodology that is being deployed here was observed in September in the attack on blogger Brian Krebs’s website KrebsOnSecurity.

These developing trends happen against the usual background of data breaches and phishing scams.

Read on to find out about Dyn, StarHub, Weebly and the Red Cross.

 

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

1. Dyn

Believed to be one of the largest distributed denial of service (DDoS) attacks of all time, the attack on hosting provider took down several major sites such as Twitter, Reddit and Spotify which use Dyn’s infrastructure.

Starting at 11:10 AM UTC (12:10 PM BST) on 21 October, the DDoS hit the Dyn Managed DNS infrastructure. DDoS attacks flood an internet service with traffic, meaning that the server cannot cope with the demand.

Dyn began to monitor and mitigate the attack and restored service to normal around two hours later.

The attack mainly impacted customers in the US East region.

Dyn

Dyn was hit by a major DDoS attack.

The attack could have reached a magnitude in the 1.2 Tbps range, although Dyn said that this was not confirmed.

The Dyn attack follows DDoS attacks last month on OVH and KrebsOnSecurity. According to OVH’s founder, posting on Twitter, the combined brunt of the attack amounted to around 1.1 Tbps, while the Krebs attack apparently reached 620 Gbps.

Underpinning these attacks is the malware Mirai, which Dyn confirmed as the source of the attack.

Twitter

Some users were unable to access Twitter.

Mirai is encoded with a list of a few default passwords, including obvious words and phrases such as ‘password’ or ‘password123’. It trawls the net, looking for passive internet-connected devices such as routers and camera and inputting these passwords into the devices to try and take them over.

The size of the Dyn attack is impressive, but also interesting is the number of endpoints involved in the attack: according to Dyn, it involved up to 100,000 malicious endpoints.

This is a worrying trend, especially with the number of internet-connected devices set to increase over the coming years, and shows the need for the Internet of Things (IoT) to be properly secured.

2. StarHub

Less widely reported in the West, but demonstrating the same worrying trend, was an attack in Singapore on the StarHub domain name system (DNS).

StarHub

StarHub is a DNS and broadband provider in Asian city-state Singapore (pictured).

The attack came in two waves, leaving some subscribers unable to surf the web for up to two hours.

The Singaporean authorities warned other telecoms companies to put in place systems to detect and mitigate such attacks.

The StarHub attack used the same mechanism as the Dyn one, using a captured botnet of devices to ramp up traffic.

3. Red Cross

Moving on from the menace of IoT-power DDoS attacks, the Australian wing of the Red Cross blood donation service was impacted by a large data breach that saw the registration information of 550,000 donors.

According to the Red Cross, a file containing donor information was placed in an insecure environment by the third party that develops and maintains the Blood Service’s website.

red-cross-auThe details were from people who had made donations between 2010 and 2016, and including information such as names, addresses and dates of birth.

The online forms do not connect to our secure databases which contain the more sensitive medical information.

The Red Cross said that a third party cyber support service had assessed the information as of low risk of future direct misuse.

Jim Birch, Chair of the service, expressed the company’s deep disappointment, saying that “we take full responsibility for this mistake and apologise unreservedly.”

4. Weebly

Weebly, a web hosting service that provides a drag-and-drop website builder, saw details of over 43.4 million accounts stolen.

weeblyEach record in the database contained a username, email address, password and IP address.

The database was provided to the hack site LeakedSource, which said that Weebly has sent out password reset emails to its users after collaborating with LeakedSource.

The attack was believed to have been carried out in February.

5. Sainsburys

It is unclear how many people have fallen for this cyber attack, but this phishing scam aims to entice users to provide details with the promise of a financial rewards.

People in the UK received messages through WhatsApp providing a link and promising £100 worth of gift cards.

sainsburysThis attack relies on people forwarding on the message, so it comes from a trusted contact.

However, the link provided is erroneous and merely designed to collect the unsuspecting recipient’s information.

 

https://www.cbronline.com/news/cybersecurity/solutions/6-cyber-security-standards-defining-connected-world/

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU