The internet makes the world so much smaller—you can Skype with a friend in India and conference-in a co-worker in Argentina. While teleportation has yet to be invented and you still can’t hop a flight on the Concorde, virtual communication makes the distance feel smaller.
Just like the internet itself, this week in review spans the globe, but hits close to home: Russia, India and France, but also bots in your living room.
Home Routers (A War Between Super Powers?)
On December 5th, 5 Russian banks were hit with a DDoS (distributed denial-of-service) attack that seemed to be coming from a bot army of home routers. The attacks peaked at 3.2 million packets per second (Mpps), lasting no more than a couple of hours each.
Similar bot attacks have caused massive internet outages, drawing attention to the security of the IoT (Internet of Things). Home devices across the world can be hacked and act as a robot army, but until recent large-scale attacks most of the public remained uninformed.
As for this cyber offensive, Russian authorities are saying that the attacks were mitigated and did not interrupt customer service. Considering that it comes on the heels of the US announcing that not only did it thing Russia was behind certain election-related hacks, but also that it would retaliate, some are questioning if this isn’t part of an on-going saga between the two nations.
Cold War part deux? Maybe. At the very least, update your home devices.
It’s not just Hillary Clinton’s private email server and Donald Trump’s tax returns that have been hacked: these days it’s like anyone who is anybody has been hacked.
One of the latest: Vijay Mallya, prominent Indian businessman has found himself targeted by a hacking group (or individual) known as “Legion.”
Mallya is no stranger to headlines in his home country. Once called “The King of Good Times” and living in Britain (possibly to escape settling lawsuits and tax disputes in India), Mallya found his personal email addresses, private communications, personal property and physical addresses published online.
So who is Legion? Lex Luthor, of comic book lore, created the “Legion of Doom.” For now, news outlets speculate about him (or her or them). A Robin Hood in India? A political hacktivist? Money-motivated? Who knows.
DailyMotion, In Motion
The French video sharing site, Dailymotion is one of the most visited sites on the entire internet, with millions of visitors each day. Hacking news site ZDNet was able to verify the hack, which was first identified on LeakedSource.
It seems 85 million user accounts were compromised. And while the stolen passwords were encrypted, a simple online decryption tool works for that.
The breach reportedly took place in October, though we are just finding out about it now. Not bad, considering the average length of time it takes to detect a cyber attack is probably in the neighborhood of 200 days.
What Patterns We See
Length of time before detection is one major difference between blatant attacks like that on Russia and Mr. Mallya, versus the DailyMotion hack: hackers in an active attack were detected and identified as they took place. We may not know who they are, but they also do not attempt to hide the fact of the attack.
Hacks like that on DailyMotion, with user data stolen, we often do not hear of until someone reports such data being sold on the black market.
The same could be said of many corporate attacks, such as corporate espionage: just because you have not yet identified an attack does not mean it is not there. It can take months, or even years, before you learn of an intrusion, and it is often an outside force (such as law enforcement) notifying you of the breach.
So, as always, change your passwords and protect your virtual assets. You don’t want to be in the headlines in our next Cyber Week in Review, but we’ll see you here.