This Week in Security #5

Monday. June 03, 2024 - 2 mins

Navigating the ever-evolving landscape of cybersecurity can feel like a whirlwind—new threats, innovations, and incidents that are constantly reshaping the digital world. This week’s post breaks down some of the developments and that took place last week.

Rapid-fire:

Researchers crack password to a $3 million crypto wallet
911 S5, one of the largest botnets ever, taken down

Operation Endgame

Are the Avengers back in action for yet another movie? Thankfully not.

Coordinated by Europol, Operation Endgame was a coordinated effort by several EU countries (as well as the UK and US) to take down the botnets behind some of the most prolific malware systems out there.

From May 27-29 the operation took down or disrupted more than 100 servers and arrested 4 individuals

The operation targeted a kind of malware called “Droppers”.

Droppers are a kind of trojan which help download other malware. These are used as a catalyst for many other malware systems.
Often they will infiltrate a system through channels like email attachments and compromised websites

What’s next? By targeting droppers such as IcedID and Pikabot, the hope is that it will disrupt the activities of many other cybercriminals who will have to find another way to infiltrate their targets. According to the europol website “Operation Endgame does not end today”, as they plan to launch more activities in the near future.

Updates can be found on the operation endgame website.

Me in front of dinosaur fossils. — Me in front of dinosaur fossils

Snowflake Customers Breached

Ticketmaster experienced a data breach in late May, with a hacker group claiming that they have information on approximately 560 million customers.

Another Snowflake customer, Santander (a banking firm) was also reportedly breached by the same group.

Initial investigations suggested that the hacks were related to Snowflake’s systems, however the original article which alleged this has been taken down since. Snowflake claims they were not breached due to a vulnerability but rather by brute forcing client credentials.

Platforms generally prevent malicious actors from guessing a user’s password too many times, but by using a technique called password spraying (using the same common password and varying the username) this protection can be circumvented.

Please use 2FA where possible to limit the possibility of these kinds of issues.

Me with some flowers. — Me with some flowers

Security Fundamentals

Botnet: A botnet is a network of machines infected by a malicious user to be used for their own purposes. By agglomerating many machines, the malicious party has access to much more compute and can launch more powerful attack
The machines can be infected through many means, one is through droppers which we discussed earlier.

Siddhantha Bose

Living, learning, and meeting people along the way