Here are the top security stories from recent weeks:
- Mēris Botnet Breaks DDoS Record Targeting Russian Internet Giant Yandex
- Groove Ransomware Group Leaks Credentials of 87,000 FortiGate SSL VPN Devices
- Microsoft Fixes Vulnerabilities in Azure Allowing Hackers to Execute Code and Gain Data in Customer Containers
- FBI Warns Food and Agriculture Sector of Ransomware Attacks Aimed at Disrupting Supply Chains
- Singapore MyRepublic Discloses Data Breach Exposing Government-Issued IDs
A massive botnet named Mēris has been growing and attacking Yandex, the Russian version of Google. Separate attacks have shown the botnet numbering more than 30,000 devices, but researchers have also seen signs that the actual number of compromised devices may be as high as 250,000. The attack is the largest DDoS recorded by traffic volume at 21.8 million requests per second (RPS). In comparison, the previous largest attack seen by Cloudflare a few weeks earlier was at 17.2 million RPS.
Cybersecurity company Fortinet warns 87,000 credentials for its FortiGate SSL VPN devices have been published online by the Groove ransomware gang. Credentials were obtained by exploiting a vulnerability in the FortiOS SSL VPN software portal. The vulnerability, tracked as CVE-2018-13379, was patched and fixed in 2019. Fortinet says customers who have not changed their passwords may be vulnerable, recommending customers update their devices if not already done and perform a password reset.
Microsoft has fixed a vulnerability in Azure Container Instances that could have allowed attackers to execute code on other customers’ containers and gain access to data within the container. The vulnerability, first reported by Palo Alto Networks, has been dubbed “Azurescape.” Microsoft has sent out notifications to potentially affected customers and asked them to change privileged credentials. However, the company says there has been no evidence of an actual attack.
The FBI recently sent out an industry notification to the food and agriculture sector warning companies of ransomware attacks. The sector has seen increasing attacks in recent months as ransomware groups attempt to disrupt supply chains. Large agricultural businesses have been targeted because they are able to pay ransoms while smaller businesses are targeted because they often cannot afford extensive cybersecurity.
Singapore mobile carrier and ISP has disclosed a data breach exposing the personal information of nearly 79,400 mobile subscribers after an unauthorized person gained access to the information via a third-party data storage platform. Exposed data includes proof-of-identification documents including National Registration Identity Cards (NRICs) which have names, pictures, birthdates, addresses, and other identifying information of the card-holder. Those affected include Singapore citizens, permanent residents, employment/dependent pass holders, and foreign residents. MyRepublic has since secured the data storage.