Today’s Cybersecurity Threats and Trends - 10/04/2024

A cloudflare's up against a DDoS Tsunami.

Author

J.W. Croley
October 04, 2024

1. Perfctl Predicament

Primary Threat: The new Perfctl malware is targeting millions of Linux servers, exploiting misconfigurations and vulnerabilities such as CVE-2021-4043. According to Aqua Security’s blog, the malware uses rootkits to evade detection and install cryptominers and proxy-jacking software on compromised systems. It masquerades as a legitimate process and uses the TOR network for communication, making tracking difficult.

  • MITRE Tactics: Defense Evasion, Persistence

  • Risk: High – The stealthy nature of the malware threatens millions of servers worldwide.

2. Critical Vulnerability Plagues LiteSpeed Plugin

Primary Threat: Over 6 million WordPress websites are at risk due to a critical unauthenticated stored XSS vulnerability in the LiteSpeed Cache Plugin. Patchstack’s report reveals that attackers can exploit this flaw to inject malicious code, compromising admin accounts and stealing sensitive data. Users are urged to update to version 6.5.1 or later to mitigate the risk.

  • MITRE Tactics: Initial Access, Execution

  • Risk: High – Millions of WordPress sites are exposed to potential data breaches and privilege escalation.

Did you know…?

The first known DDoS (Distributed Denial of Service) attack occurred in 1999, a hacker managed to completely disable the University of Minnesota’s internal network for more than 48 hours with a massive UDP flood. The attack highlighted the power of overwhelming a network with massive amounts of traffic, a tactic that’s still widely used today—only on a much larger scale, like the record-breaking 3.8 Tbps DDoS attack we saw recently! This evolution shows just how much the internet's vulnerability landscape has grown over the years.

3. APT37 Unleashes Cyber Assault on Asia

Primary Threat: A new ShroudedSleep campaign by APT37 (linked to North Korea) is targeting Southeast Asian countries with a highly stealthy PowerShell backdoor known as VeilShell. According to Securionix, this malware uses sophisticated evasion techniques to exfiltrate sensitive information and maintain long-term persistence on compromised systems. The attackers are particularly targeting governmental organizations in Cambodia and Thailand.

  • MITRE Tactics: Persistence, Collection

  • Risk: High – This espionage campaign continues to be a serious threat to Southeast Asian organizations.

4. Massive DDoS Wave Disrupted

Primary Threat: The world just witnessed the largest Distributed Denial-of-Service (DDoS) attack ever recorded, peaking at a staggering 3.8 Tbps and 2.14 billion packets per second. According to Cloudflare’s blog, the attack targeted multiple customers and was mitigated automatically by Cloudflare's advanced DDoS protection systems. The majority of the malicious traffic originated from compromised IoT devices and home routers worldwide.

  • MITRE Tactics: Impact, Denial of Service

  • Risk: High – Such massive DDoS attacks can disrupt critical services and take down internet infrastructure.

5. Russian Cyber Ring Crumbles

Primary Threat: The U.S. Department of Justice and Microsoft disrupted a Russian spear-phishing operation by seizing 107 domains used in attacks linked to the Callisto Group, a Russian intelligence unit. According to the DOJ press release, the group targeted U.S. government entities and private sector organizations, attempting to steal sensitive information through phishing campaigns. The domains were used to send fraudulent emails, steal credentials, and exfiltrate data.

  • MITRE Tactics: Credential Access, Exfiltration

  • Risk: High – Coordinated international efforts highlight the growing cyber threat from state-sponsored actors.

IN SUMMARY:

Today's newsletter covers a range of critical cybersecurity incidents.

The stealthy Perfctl malware targets millions of Linux servers, while a major LiteSpeed Cache Plugin vulnerability puts millions of WordPress sites at risk.

North Korean APT37 continues its espionage campaign using ShroudedSleep, and a record-breaking DDoS attack hit 3.8 Tbps.

Lastly, the U.S. and Microsoft successfully disrupted a Russian spear-phishing campaign, seizing 107 domains used by Russian intelligence to target U.S. organizations.

Stay paranoid and patch those systems!

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)