GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
GoDaddy reveals a security breach led to malware on customer sites, Cloudflare mitigates record-breaking HTTP DDoS attack and the WhiskerSpy backdoor. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. GoDaddy reveals hackers installed malware and stole source code in a multi-year security incident
GoDaddy, the popular web hosting giant, recently disclosed a breach in which hackers stole its source code and installed malware on GoDaddy customer websites, following an intrusion in its cPanel shared hosting environment over multiple years. The company discovered the breach when customers reported their websites being redirected to unknown domains. GoDaddy has confirmed that earlier breaches reported in November 2021 and March 2020 are linked to the same multi-year campaign. As part of an ongoing investigation, the company is collaborating with external cybersecurity experts and law enforcement agencies worldwide.
2. Cloudflare blocked DDoS super attack exceeding 71 million rps
Cloudflare recently mitigated a record number of hyper-volumetric DDoS attacks during the weekend of Feb. 11, with more than a dozen attacks ranging from 50 million to 70 million requests per second. The largest attack detected was over 71 million rps, 35% higher than the previously reported record. The attacks were HTTP/2-based, originating from over 30,000 IP addresses of multiple cloud providers. The campaign targeted websites such as gaming providers, cryptocurrency companies, hosting providers, and cloud computing platforms. Cloudflare recommends that organizations use automated detection and mitigation tools and prepare for the next DDoS wave.
3. New WhiskerSpy malware targets individuals on a pro-North Korea website
A new backdoor dubbed WhiskerSpy has been identified by researchers at Trend Micro, who linked it to a malware campaign from the relatively new threat actor Earth Kitsune. The actor, known for targeting those interested in North Korea, carried out the attack using a watering hole tactic, compromising a pro-North Korea website and injecting a malicious script. The victim would then be prompted to install a fake codec that instead installed the backdoor. Researchers found that only visitors from Shenyang, China; Nagoya, Japan; and Brazil were targeted.
4. U.S. Windows systems targeted by new MortalKombat ransomware
Cybersecurity researchers from Cisco Talos have discovered a new ransomware variant that uses Mortal Kombat imagery to lure victims. The malware encrypts all files on an infected computer, leaving it inoperable, and then displays a ransom note demanding payment in Bitcoin. The ransomware is being distributed via phishing emails, which purport to come from the cryptocurrency payment platform CoinPayments, and contain a ZIP file with a malicious executable that can trigger the infection. The attack has targeted individuals, small businesses, and large organizations in the U.S. since January.
5. Large Adsense fraud campaign infects nearly 11,000 WordPress websites
A malicious attack targeting WordPress sites has infected nearly 11,000 websites, according to a report by cybersecurity company Sucuri. The campaign uses over 70 fake domains that mimic URL shorteners to artificially increase traffic to pages with Google AdSense IDs, generating revenue from ad fraud. Visitors to compromised WordPress sites are redirected to fake Q&A portals, artificially increasing the authority of spammy sites in search engine results. Researchers found the threat actors to use Twitter's link shortener, pseudo-short URL domains, and Bing search result links to expand their reach.
See Infosec IQ in action
In this Series
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
