Weekly Cybersecurity Recap April 8
Table of Contents
- By Steven
- Apr 08, 2022
Digital security is squarely in the spotlight as the world is increasingly on edge during Russia's war against Ukraine. The federal government has warned of potential cyber-attacks here at home. Though plenty of digital attacks are successfully executed daily, it appears as though Russia has not breached the United States' most important digital safeguards. Let's shift our attention to cyber-attacks and digital weaknesses of note from the week gone by.
AcidRain Malware Attacks Viasat
It appears as though AcidRain malware might be responsible for the wiping of Viasat modems. Viasat has not confirmed the malware is the direct cause of the wiping, yet all indications point to AcidRain as the culprit. The AcidRain malware contains code similar to the malware referred to as VPNFilter. Those in the digital security community insist Russia is likely behind the digital attack.
All in all, the AcidRain malware has wiped out thousands of the company's modems. The attack was launched on the same day that Russia attacked Ukraine. The wiping of Viasat modems centers on the overwriting of data stored within the devices' modem flash memory. As a result, the wiped modems became non-functional, forcing either a re-flashing or replacement.
Globant Compromised
Globant systems have suffered a data breach. The company's internal system for storing data was illegally accessed by an outsider. Nearly 70 gigs of Globant data were stolen and posted to the web.
Lapsus$ hackers are behind the Globant attack. The Lapsus$ hackers gained access to the company's code repository to conduct the breach. The attack caught some in the digital security world by surprise as several Lapsus$ hackers were arrested earlier this year. The hackers' infiltration of Globant centered on DevOps platform credentials used to access platform entryways that are essential to development operations.
Russian Botnet Thwarted
A botnet from Russia was recently disrupted prior to the point at which it could be weaponized. News of the successful disruption was publicized earlier this week during a press conference. The hacking group called "Sandworm" within the GRU intelligence collective is behind the botnet. Sandworm is located in Russia.
The United States intelligence brass disrupted the botnet threat with assistance from its partners in the international intelligence community. The GRU control connected to thousands of devices attached to affected networks was disabled before the point at which the botnet could be weaponized.
If the botnet were not thwarted, it would have likely infected devices connected to the internet to disperse harmful malware. To be more specific, Sandworm's botnet used a Cyclops Blink code. United States intelligence agencies had to go as far as obtaining court authorization to take down the Cyclops Blink code.
DeFi Platforms Suffer $1 Billion Loss
Though it might be hard to believe, DeFi platforms have lost more than a billion dollars through the initial financial quarter of the year. The financially damaging hacks stem from dApps used in the context of decentralized finance, commonly referred to as DeFi. Perhaps the most disturbing component of the billion dollars lost in the industry's hacks through the first quarter of the year is the fact that this total is greater than that of 2021 as a whole.
The Ronin attack is the most significant of all the recent DeFi hacks. The hack of Ronin took place about a week ago, leading to more than a half a billion-dollar loss. This digital attack resulted from a digital criminal obtaining access to Ronin's private keys, setting the stage for the transfer of crypto away from the platform.