Cybersecurity Highlights: DDoS Attacks, Fraudulent Apps, and More

We have compiled the most significant cybersecurity news of the week.

Cloudflare Thwarts Largest DDoS Attack at 3.8 Tbps

Since early September, Cloudflare’s defense systems have been combating a month-long campaign of hyper-volumetric DDoS attacks targeting organizations in the financial services, internet, and telecommunications sectors. 

The perpetrator used various types of compromised devices, including a large number of Asus home routers, Mikrotik systems, digital video recorders, and servers. These were primarily based in Russia, Vietnam, the USA, Brazil, and Spain.

Many of the attacks aimed at the target’s network infrastructure exceeded 2 billion packets per second. The largest peaked at 3.8 Tbps, a record figure among those publicly disclosed so far.

Previously, Microsoft held the record, having thwarted a massive DDoS attack with a capacity of 3.47 Tbps aimed at an Azure client in Asia.

Thousands Download Fraudulent Crypto Apps from Google Play and App Store

Group-IB specialists discovered a family of malicious programs called UniShadowTrade in Google Play and the App Store, which mimic various legitimate cryptocurrency and trading platforms.

See more

Beware of fraudulent trading apps! A recent #PigButchering scam was discovered on the #AppleStore & #GooglePlay. #Cybercriminals are exploiting trust in official platforms. pic.twitter.com/8R01MWkQ7I

— Group-IB Threat Intelligence (@GroupIB_TI) October 2, 2024

The fake apps operate under a “pig butchering” scheme. Victims found through social networks and dating apps are lured with promises of large investment returns. All deposits go to the scammers’ wallets. Additionally, they may request identity documents for theft purposes. 

By the time the apps were removed from the stores, their downloads had exceeded several thousand. The perpetrators continue their activities on phishing sites.

Meta’s Smart Glasses Modification Reveals Personal Addresses

Harvard students AnhPhu Nguyen and Caine Ardayfio combined Meta Ray Bans 2 smart glasses with facial recognition technology, enabling the identification of individuals and revealing their social media profiles, home addresses, phone numbers, and family member information. This was reported by 404 Media.

The I-XRAY project code is closed, but in an accompanying document, developers state they use the Pimeyes service to search for faces with URLs of image sources. With this, the application can access yearbooks, profiles on employer websites, or sports clubs the person might belong to. 

Once a name is determined, information gathering continues through data brokers holding a wide range of details. The search result using a LLM is displayed on a smartphone screen.

Real-world experiments showed dozens of successful identifications, though some data were inaccurate and contained incorrect names.

See more

Are we ready for a world where our data is exposed at a glance? @CaineArdayfio and I offer an answer to protect yourself here:https://t.co/LhxModhDpk pic.twitter.com/Oo35TxBNtD

— AnhPhu Nguyen (@AnhPhuNguyen1) September 30, 2024

A Meta representative emphasized to the media that the smart glasses themselves do not provide such identification capabilities and reminded users to use Facebook View in a “safe, legal, and respectful manner.” 

Pimeyes stated they were “quite surprised” by the details provided to them.

Elusive Malware Infects Linux Servers with Crypto Miner for Three Years

Researchers at Aqua Nautilus discovered and detailed the malware perfctl, which for three years attacked millions of Linux servers and infected several thousand with a hidden Monero cryptocurrency miner.

Attackers exploit misconfigurations or exposed login interfaces to breach servers. Due to its high level of evasion and use of rootkits, perfctl is difficult to detect in an infected system.

The crypto miner interacts with specified pools via Tor, keeping network traffic hidden and profits untraceable.

Outlast Development Delayed Due to Cyberattack

Canadian video game developer Red Barrels announced a delay in the development of the Outlast series due to a recent cyberattack.

The incident did not affect player data, but the compromise of internal IT systems significantly disrupted production timelines. 

“We will do our best to follow our plan, but unfortunately, some things will have to be postponed. We will share a more detailed update on this issue as soon as we can,” the team stated.

Red Barrels took measures to protect information and conducted an in-depth investigation of the breach with the help of external experts. 

Four More Suspected LockBit Ransomware Gang Members Arrested

Europol arrested four individuals suspected of links to the LockBit hacker group. The operation took place in August, but was only reported now.

Among those detained, at the request of French authorities, was a suspected developer of the ransomware program, whose identity and location are undisclosed. It is highly likely that this refers to Russian Dmitry Khoroshev, known by the aliases LockBitSupp and putinkrab. 

The British authorities arrested two members of the LockBit affiliate, while Spain detained the administrator of the Bulletproof hosting service used by the hackers. Nine ransomware servers were seized.

Additionally, the UK, US, and Australia imposed sanctions on Russian citizens involved in spreading LockBit and linked to another hacker group, Evil Corp.

Information obtained from the seizure of ransomware servers in February 2024 significantly aided in identifying the perpetrators.

Major Outage in Runet Coincides with Global Telegram Issues

On October 3, a major outage occurred in the Russian segment of the internet. According to the service “Сбой.рф”, issues arose with the FPS, some banks, Telegram, VK, and several mobile operators. 

Users reported slow file loading and difficulties logging into applications.

Simultaneously, the Telegram messenger experienced a global outage—chats would not open and messages would not send.

As the cause of the issues was unclear, users jokingly speculated in comments, considering recent news surrounding Durov.

Over an hour after the outage began, Telegram services resumed.

A similar situation with the messenger occurred on October 1. Experts linked it to military actions in the Middle East.

X Pays $5.2 Million in Fines to Resume Service in Brazil

The social network X has requested to resume operations in Brazil after paying $5.24 million in fines imposed by the local Supreme Court in August. This was reported by Reuters.

Previously, the platform owned by Elon Musk was accused of spreading misinformation and lacking a legal representative in the country. Access to it was blocked, and users were threatened with hefty fines for bypassing restrictions.

According to the publication, Brazil is one of the largest and most desirable markets for X. 

Also on ForkLog:

• A Bitcoin developer introduced the “most anonymous” messenger.
• Anti-money laundering regulations for the digital ruble recommended for adoption.
• The case of a $24 million cryptocurrency theft from an AT&T subscriber will be reopened.
• In Q3, crypto hackers and scammers stole assets worth $753 million.
• Massive searches were conducted in St. Petersburg’s Bitcoin exchanges as part of the investigation into Cryptex and UAPS services. Some suspects were placed under house arrest.
• Australian law enforcement decrypted a seed phrase to seize $6.4 million in cryptocurrency.
• Durov revealed the number of disclosed Telegram user data.
• In September, crypto projects lost $120 million due to hacker attacks.
• A US resident confessed to stealing $37 million in cryptocurrency.
• Over 250 crypto investors lost ~$650,000 due to a single fraudster.
• The Central Bank of Russia will study cross-border Bitcoin transfers by Russians.
• A former Coinbase employee was accused of stealing code for an AI project.
• Kazakhstan closed 19 Bitcoin exchanges with a turnover of over $60 million.
• Zilliqa to release a “permanent patch” after new failures.
• AI vs. AI. Nvidia’s CEO discussed combating the “dark side” of neural networks.
• An expert predicted the death of “cypherpunk values” in blockchain.
• A crypto whale lost $32 million in a phishing attack.
• Tether helped freeze $6 million from crypto scammers.

What to Read Over the Weekend?

Why, if code is law, are exploits and hacks illegal? Explained in the article: