CISO2CISO Editor 2@ciso2ciso.com - 38d
Cloudflare successfully mitigated a record-breaking 5.6 Tbps Distributed Denial of Service (DDoS) attack on October 29, 2024. The attack, launched by a Mirai-variant botnet, targeted an internet service provider (ISP) in East Asia. The botnet comprised of 13,000 compromised IoT devices flooding the target with malicious data, which aimed to cripple the ISP’s operations.
The attack lasted only 80 seconds, but Cloudflare's autonomous defence systems promptly identified and mitigated the anomalous traffic without human intervention, intercepting and neutralizing the malicious data at Cloudflare's edge nodes. Each IP address within the botnet generated an average traffic of approximately 4 Gbps. The successful defense highlights the escalating sophistication and scale of DDoS threats, with hyper-volumetric attacks exceeding 1 Tbps dramatically increasing. This incident underscores the importance of robust DDoS mitigation strategies and the need for continuous evolution in network security.
References :
- ciso2ciso.com: New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers – Source: www.infosecurity-magazine.com
- securityaffairs.com: New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers
- The Hacker News: Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
- Techzine Global: Mirai variant Murdoc_Botnet targets cameras and routers
- ciso2ciso.com: New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers – Source: www.infosecurity-magazine.com
- discuss.privacyguides.net: New botnet network targets Avtech cameras and Hauwei HG532 routers
- hackread.com: New Mirai Variant Murdoc_Botnet Launches DDoS Attacks via IoT Exploits
- bsky.app: Interesting research from Qualys here where they found a botnet that’s infected vulnerable AVTECH cameras and Huawei routers.
- cyberpress.org: New IoT Botnet Launching large-scale DDoS attacks Hijacking IoT Devices
- gbhackers.com: New IoT Botnet Launching Large-Scale DDoS attacks Hijacking IoT Devices
- securityonline.info: IoT Botnet Fuels Large-Scale DDoS Attacks Targeting Global Organizations
- ciso2ciso.com: Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers – Source:thehackernews.com
- ciso2ciso.com: New Mirai Variant Murdoc_Botnet Launches DDoS Attacks via IoT Exploits
- Pyrzout :vm:: Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
- ciso2ciso.com: Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices.
- ciso2ciso.com: Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices
- ciso2ciso.com: Details about the mitigation of the DDoS attack.
- gbhackers.com: Record Breaking 5.6 Tbps DDoS attack Launched by Mirai Botnet
- ciso2ciso.com: Cloudflare Mitigates Massive 5.6 Tbps Mirai-Variant DDoS Attack – Source:hackread.com
- gbhackers.com: Record Breaking 5.6 Tbps DDoS attack Launched by Mirai Botnet
- securityonline.info: Mirai Botnet Unleashes Record-Breaking DDoS Attack, Cloudflare Thwarts Threat
- hackread.com: Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack
- gbhackers.com: Researchers have identified an active malware campaign involving a Mirai botnet variant, dubbed Murdoc, which has been targeting AVTECH cameras and Huawei HG532 routers since at least July 2024.
- BleepingComputer: The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices.
- gbhackers.com: Researchers have identified an active malware campaign involving a Mirai botnet variant, dubbed Murdoc, which has been targeting AVTECH cameras and Huawei HG532 routers since at least July 2024.
- securityonline.info: On October 29, 2024, Cloudflare revealed details of a DDoS attack orchestrated using a Mirai botnet comprising 13,000
- Pyrzout :vm:: Cloudflare Mitigates Massive 5.6 Tbps Mirai-Variant DDoS Attack – Source:hackread.com
- blog.cloudflare.com: In 2024, Cloudflare's autonomous DDoS defense systems blocked 21.3M DDoS attacks, up 53% YoY, and 420 DDoS attacks in Q4 2024 exceeded 1 Tbps, up 1,885% QoQ (The Cloudflare Blog)
- Pyrzout :vm:: Cloudflare thwarts a massive 5.6 Tbps Mirai-variant DDoS attack targeting one of its customers
Classification:
do son@securityonline.info - 73d
References :
- CyberInsider: FBI Warns of HiatusRAT Campaigns Targeting Web Cameras and DVRs
- BleepingComputer: The FBI warned today that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online.
- : FBI advisory: The FBI released this Private Industry Notification (PIN) to highlight HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs.
- securityaffairs.com: The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs
- www.bleepingcomputer.com: Bleeping Computer
- malware.news: Vulnerable webcams, DVRs subjected to HiatusRAT intrusions
- malware.news: Vogons, Task Scams, HiatusRat, Cellebrite, Deloitte, Quantum, Aaran Leyland, and More - SWN #438
- www.csoonline.com: That cheap webcam? HiatusRAT may be targeting it, FBI warns
- Industrial Cyber: The Federal Bureau of Investigation (FBI) published Tuesday a Private Industry Notification (PIN) to spotlight HiatusRAT scanning campaigns.
- Cybernews: Malicious campaigns are attacking Chinese-branded IoT devices – web cameras and DVRs – to crack authentication.
- securityonline.info: The FBI, in collaboration with CISA, has issued a new alert regarding the HiatusRAT malware campaign. The latest iteration of the campaign has shifted its focus to Internet of Things.
Classification:
- HashTags: #HiatusRAT #WebcamSecurity #CyberThreat
- Company: FBI
- Target: IoT Devices
- Product: Webcams and DVRs
- Feature: Vulnerability Exploitation
- Malware: HiatusRAT
- Type: Malware
- Severity: Major
do son@securityonline.info - 77d
Security researchers at Oasis Security have uncovered a critical vulnerability in Microsoft's Azure Multi-Factor Authentication (MFA) system. This flaw allowed attackers to bypass MFA, gaining unauthorized access to user accounts across various Microsoft services, including Outlook emails, OneDrive files, Teams chats, and Azure Cloud resources. The bypass was achieved by exploiting a lack of rate limiting on authentication attempts and a larger than expected window of time in which a single MFA code remains valid. The attack could be executed relatively quickly, took about an hour, did not require any user interaction, and crucially, did not trigger any notifications to alert the account holder.
The vulnerability stems from the way Microsoft handles MFA verification codes. By rapidly creating new sessions and attempting a large number of codes, attackers could exhaust all possible six-digit codes. Even with the standard 30-second validity, Microsoft had a time window of about three minutes which increased the attempts that could be made. Despite many failed attempts, no alerts were sent to the account owners making the attack difficult to detect. Oasis Security reported the vulnerability to Microsoft and collaborated with them to resolve it. The full report detailing the vulnerability, its resolution and lessons learned is available from the Oasis Security research team.
References :
- : Oasis : Oasis had reported a vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation that allows attackers to bypass it and gain unauthorized access to the user's account (including Outlook emails, OneDrive files, Teams chats, Azure Cloud, etc.) No CVE ID is indicated. See the 9 page .
- heise online English: Microsoft Azure MFA protection could be leveraged Attackers were able to bypass multi-factor authentication in Microsoft's Azure and gain unauthorized access.
- www.heise.de: Microsoft Azure MFA protection could be leveraged
- www.oasis.security: Oasis Security Research Team Discovers Microsoft Azure MFA Bypass
- The Hacker News: Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms
- securityonline.info: Critical Microsoft Azure MFA Bypass Exposed: What You Need to Know
Classification:
- HashTags: #MicrosoftMFA #AzureSecurity #AuthenticationBypass
- Company: Microsoft
- Target: Microsoft Users
- Attacker: Oasis
- Product: Azure MFA
- Feature: MFA Bypass
- Type: Vulnerability
- Severity: Major
|
|
FlagThis - #IoT
