CYBERSECURITY NEWS V. 23.10 – The largest DDoS attack, Egregor ransomware, Zoom implements E2EE

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts

News for discussion

Google hit by the largest DDoS attack in history

The Google Cloud team has told about a previously unknown DDoS attack, which took place in September 2017. The attack's speed was 2.54 Tbps, which makes it the largest in history. According to a report prepared by Google Threat Analysis Group (TAG), the attack was carried out by state-sponsored attackers from China. They sent UDP packets from devices connected to Chinese ISPs and used 180,000 unsecured CLDAP, DNS, and SMTP servers to amplify Google's responses. By making the incident public, Google wants to draw attention to the growing number and scale of state-sponsored DDoS attacks.

hexway commentary:

Well, well, DDoS attacks. It would seem that this is a schoolchildren weapon in the war against offenders on the Internet or a common method of the non-competitive struggle between car washes owners and other online stores. However, Google suspects Chinese state-sponsored attackers. Let's be realistic, they are unlikely to set as their goal the termination of Google services, most likely it was a customers' capabilities demonstration of such systems within the government agencies of China, or an attempt to distract attention during another, more targeted attack on Google services.
The details can only be guessed at, but the fact has remained a fact for a very long time - DDoS attacks are not something inaccessible, since they are not based on any know-how or rocket science technologies and techniques, but as a result, are available to many students and whole states. So do not forget to cover your Internet resource with protection from DDoS attacks, especially since it costs now like a school lunch.

News FYI

800,000 SonicWall VPN portals are vulnerable to new RCE

Critical Stack Buffer Overflow vulnerability (CVE-2020-5135) has been identified in SonicWall VPN. Its severity rating is 9.4. It could allow a remote attacker to cause a denial of service (DoS) state on a device and execute arbitrary code. The vulnerability affects SonicOS versions 6.5.4.7-79n and later, SonicOS 6.5.1.11-4n and later, SonicOS 6.0.5.3-93o and later, SonicOSv 6.5.4.4-44v-21-794 and later, and SonicOS 7.0.0.0-1. The patch has already been released, and users are strongly encouraged to apply it. The company is not aware of any exploitation cases, but a Shodan search revealed about 460 thousand vulnerable devices. In addition to this critical vulnerability, other issues have been fixed, including some DoS vulnerabilities (CVE-2020-5133, CVE-2020-5138, and CVE-2020-5139), a buffer overflow vulnerability (CVE-2020-5137), and other less dangerous ones.

Egregor ransomware stole and leaked Ubisoft and Crytek data

Operators of the Egregor ransomware have released data stolen from the two largest game manufacturers' internal computer networks – Ubisoft and Crytek. They published it on their darknet portal on October 15, a total of 20MB of Ubisoft and 300MB of Crytek data. How Egregor managed to steal the data is still unknown. The group has released files showing they have the source code for Watch Dogs: Legion, which is expected to be released this month. Among the leaked Crytek files are documents related to Warface and Arena of Fate. Neither Ubisoft nor Crytek would comment on the leak.

Zoom implements E2EE

Zoom will begin rolling out end-to-end encryption for both paid and free versions of the service starting next week. Users worldwide will be able to conduct video conferences with up to 200 participants in an enhanced security mode. Encryption will not work by default: an administrator or host must enable it in the settings. All E2EE keys are generated by the meeting participants' devices, not Zoom's servers, so all data exchanged between the participants cannot be decrypted by Zoom or third parties. End-to-end encryption will be in beta testing for 30 days so that the developers could collect user feedback. After the beta period, Zoom will launch the second phase of E2EE implementation (with four in total). Full end-to-end encryption will be available in 2021.