Written by
Team Nucleus
Content
Written on
24th January, 2025
SHARE ARTICLE
Analyst Insight
An interesting event this week was the record-breaking 5.6Tbps DDoS attack mitigated by Cloudflare. This was launched by a Mirai-variant botnet utilising over 13,000 IoT devices to carry out the attack lasting only 80 seconds. Mirai malware takes advantage of default credentials to infect IoT devices into remotely controlled bots used for large-scale DDoS attacks. This shows many IoT devices are still being shipped with default credentials such as “admin” or “password”, this can be easily prevented by providing unique credentials with new IoT devices.
Cloudflare Reports of Record-Breaking 5.6 Tbps DDoS Attack
This week, Cloudflare released their 2024 Q4 DDoS Threat Report. Cloudflare’s products allow them to gather accurate data on threat actor trends and provide insight into their capabilities. A record-breaking DDoS attack was captured, with 5.6 Tbps launched by a Mirai-variant botnet. The attack lasted 80 seconds and utilised a botnet of 13,000 IoT devices.
Cloudflare reported on a 53% increase of DDoS attacks in 2024, with them blocking 21.3 million attacks. In Q4, 49% of DDoS attacks were Layer 3/4 (Network and Transport) with the remaining 51% being HTTP. Finally, over 420 attacks in Q4 exceeded 1 billion packets per second (pps) and 1 Tbps.
HP Enterprise Investigates Potential Data Breach
Hewlett Packard Enterprise (HPE) is investigating claims of a new security breach. The threat actor, IntelBroker, an administrator of the hacking forum BreachForums, alleges they have stolen sensitive documents including source code from HPE's developer environments. IntelBroker is known for posting high-profile data breaches.
HPE is working to verify these claims, assess potential risks, and implement additional security measures. The breach claims surfaced on January 16, 2025, with IntelBroker stating they accessed HPE's systems stealing data, product source code and access keys. HPE has activated its cyber response protocols and launched an investigation, stating there is no operational impact or evidence of customer information being stolen at this point in time.
Ransomware Gangs Utilise Microsoft Teams for Phishing Campaigns
Researchers at Sophos discovered threat actors are posing as tech support on Microsoft Teams to phish employees, steal data and deliver ransomware. The threat actors exploited companies that allow calls and chats from external domains to contact employees.
A technique they used to create a sense of urgency to pick up the calls or respond to the chats is “Email-bombing” where thousands of spam email messages are delivered to mailboxes. The threat actors would then offer assistance in the IT crisis and take control of the victim’s computer then install malware using Microsoft remote control tools such as quick assist or directly through Teams screen sharing.
FCC Mandates Stronger Telecommunications Cybersecurity
The Federal Communications Commission (FCC) has mandated U.S. telecom companies to strengthen their security after last year’s Salt Typhoon breaches, where a limited number of U.S. official’s private communications were stolen by the threat actors.
Under Section 105 of the Communications Assistance for Law Enforcement Act (CALEA), the ruling requires telecom providers to secure their systems from unauthorized access and interception; the act is effective immediately. The ruling also introduces an annual certification process to ensure companies maintain an up-to-date cybersecurity risk management plan. Additionally, the FCC is seeking input on further measures to protect U.S. communications infrastructure.
Trump Administration Dismantles U.S. Cyber Safety Review Board
The recent inauguration of President Trump has brought a new wave of reshaping and legislation for the U.S. government. This week, Trump has reportedly discharged members of its advisory committees, including the Cyber Safety Review Board (CSRB). Their role is to investigate significant cybersecurity incidents which pose a threat to the nation.
The CSRB were responsible for investigating the recent Salt Typhoon attacks against telecoms companies; this week’s decision has disrupted the process. Although with any new U.S. presidency, this could be a restructuring of the board members, as it was founded by the previous presidential candidate.
