Commit 10_10_2023: Predator targets journalists, politicians

Frida Lannerström / Unsplash

Welcome to Commit 10_10_2023! README senior editor Nathaniel Mott here with the top infosec news after a brief interlude to observe Indigenous Peoples’ Day.

AI: Predator Files reveal Intellexa’s prey

Amnesty International, European Investigative Collaborations and their media partners Der Spiegel and Mediapart revealed on Oct. 9 that “shocking spyware attacks have been attempted against civil society, journalists, politicians and academics in the European Union (EU), USA and Asia” between February and June, with confirmed targets of these attacks including “United Nations (UN) officials, a Senator and Congressman in the USA and even the Presidents of the European Parliament and Taiwan.”

The revelation arrived as part of the Predator Files project devoted to revealing “how European companies supplied dictators cyber-surveillance tools for more than a decade.”  The groups behind the report linked this most recent campaign to a threat actor that “may have been acting on behalf of Vietnamese authorities or interest groups.” That’s somewhat surprising—Vietnam isn’t the first country I think of when someone mentions spyware—but it reinforces the idea that the spyware market is vast.

Google: Finally a DDoS attack worth caring about

I mentioned in the last installment of the Changelog newsletter that I don’t particularly care about distributed denial-of-service (DDoS) attacks, “especially if they don’t use novel techniques,” so of course Google and a consortium of other tech companies today revealed how they responded to the largest DDoS attack to date… which was enabled by a novel technique that exploits the HTTP/2 protocol.

“This new series of DDoS attacks reached a peak of 398 million requests per second (rps), and relied on a novel HTTP/2 ‘Rapid Reset’ technique based on stream multiplexing that has affected multiple Internet infrastructure companies,” Google said. This technique allowed the attack to dwarf the previous record holder, which came in at 46 million rps. I’ll see you back here when the new record is broken.

BC: Here’s what arrived on Patch Tuesday

BleepingComputer reported that Microsoft released “security updates for 104 flaws, including three actively exploited zero-day vulnerabilities,” as part of this month’s Patch Tuesday. (Which means defenders should have a lot of fun on Exploit Wednesday, of course.)

The zero-days include flaws in Skype for Business, WordPad and the HTTP/2 protocol that enabled the DDoS attacks mentioned above. Check out BleepingComputer’s report for more information about these zero-days, plus a tally of vulnerabilities addressed by other companies and organizations.

Wired: Hacktivists contribute to chaos in Israel

Much has been said about the conflict in Israel. I’m going to focus strictly on the cybersecurity aspect of this war, and Wired's report that hacktivists were quick to target “dozens of government websites and media outlets with defacements and DDoS attacks, attempts to overload targets with junk traffic and bring them down.” The outlet also reported that “some groups claim to have stolen data, attacked internet service providers, and hacked the Israeli missile alert service known as Red Alert.”

It’s worth remembering that we’re unlikely to know the true extent of cyber’s role in this conflict until long after it’s settled. I’ve already seen some claims on the platform formerly known as Twitter that I would describe as dubious at best. (As long as I’m in polite company, that is.) DDoS attacks were all but guaranteed to accompany the conflict—we saw a similar pattern at the start of the Russia-Ukraine war—and it’s probably best to carefully scrutinize any claims of more sophisticated cyber-related activity.