Plus, two blasts from the past return – Emotet and Spectre.
A new distributed denial-of-service (DDoS) amplification attack can increase damaging effects by four billion times and stretch out the length of the attack to 14 hours. The record-breaking amplification vector comes from misconfigured servers belonging to Mitel MiCollab and MiVoice Business Express collaboration systems. Researchers have reported that the Mitel DDoS amplification attacks have been used against financial institutions, logistics companies, gaming companies, and organizations in other markets. “DDoS attacks usually target companies and government online services,” Avast Security Evangelist Luis Corrons commented. “In this case, this amplified attack traffic can be safely mitigated using standard DDoS defense tools and techniques.” Organizations using Mitel servers are strongly advised to make sure they are configured correctly. For more on this story, see Ars Technica.
Emotet botnet blooms again
The Emotet botnet, taken down in January 2021 only to return in November, has now infected 130,000 systems in 179 countries. Just months after Europol and Eurojust took control of the botnet servers and disrupted the malware’s operation, the Conti ransomware gang brought it back to life in order to gain access to corporate networks. The initial infection used TrickBot, but every subsequent attack dropped the Cobalt Strike pentesting tool in order to gain remote access. The attacks seem to be focused on the countries of Japan, Indonesia, Thailand, South Africa, Mexico, United States, China, Brazil, and Italy. For more, see Bleeping Computer.
IT leaders launch SustainableIT.org
Tech executives from around the globe joined forces to form SustainableIT.org, a nonprofit focused on advancing global sustainability through technology leadership. The joint effort of the leaders of the IT community will focus on three pillars of sustainability – environmental, societal, and governance. The organization will define best practices and encourage transparency. “Sustainability is the megatrend of the century,” said Delphix founder and CEO Jedidiah Yueh, leader of the group. “For too long, sustainability has been a problem for someone else to solve. Today, we’re joining forces with technology leaders from the world’s largest organizations to make sustainability our collective problem to solve.” For more, see ZDNet.
New Spectre attack bypasses Intel defenses
Researchers have discovered a new attack method that can defeat the defenses of the hardware-based mitigations both Intel and ARM have applied to their CPUs over the past years to fix the Spectre flaw. Intel and ARM have assigned different names to the attack, so it’s known as both Spectre-BHB (Branch History Buffer) and Spectre-BHI (Branch History Injection). The proof-of-concept exploit was created by VUSec researchers. Spectre attacks trick the speculative execution mechanism in CPUs into leaking information from temporary caches that act as side channels. For more information on these attacks, see CSO.
Google announces new archive feature
According to the Android Developers Blog, Google researchers have begun working on a new feature that will enable app archiving. The archived app will remain on the device as easily restorable, but will have parts temporarily removed that reduce its size by 60%. The new feature will first be offered to app developers in Bundletool 1.10. For apps built with the Android Gradle Plugin 7.3, Google is developing archived APKs, which should be functional later in 2022. In the blog post, Google claims developers will benefit from fewer uninstalls and substantially lower friction for users to pick back up their favorite apps.
This week’s ‘must-read’ on The Avast Blog
A new report documents a wide variety of crypto crime techniques, combining old and new ways to manipulate markets. Read up as we dig into the findings.