March 14, 2022
David Redekop

TWINN Security News March 14

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

Let’s talk about Distributed Denial of Service (DDoS) attacks. Such events are the most difficult to defend against because scores of computers, phones, IoT devices which are all under the control of an attacker can band together to form a co-ordinated attack on an intended victim website or service. One of the reasons such an attack is even possible from low-powered devices in a botnet, is because of amplification techniques. Amplification works by the request being small, with the expected response being large. It’s like when my son asks me to read another book. Small request, big task. My wife and I have 5 sons, so when each ask me to read a different book at the same time, that’s effectively a denial of service because now I can’t read properly to anyone. And it’s with such DDoS that we start with our first story this week:

Mitel Devices Abused for DDoS Vector With Record-Breaking Amplification Ratio. In this case, Mitel Voice systems are exploited to launch such an attack. What we like to draw our attention to, however, is that zero trust connectivity prevents even an unpatched system from participating in an attack. As we adopt zero trust across the Internet, such attacks will become less and less possible.

Linux has been bitten by its most high-severity vulnerability in years. While this is yet another vulnerability that will make IoT devices for years to come, it is again mitigated with properly-applied zero trust methodologies. Systems must be updated, there’s no doubt, but many linux-powered devices may simply never get an update, and as such, devices stay vulnerable until the product is shutdown at the end of its lifecycle.

Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say. It appears the attack happened on modems, not on satellite equipment itself.

Emotet Botnet’s Latest Resurgence Spreads to Over 100,000 Computers. After a 10-month hiatus, it’s back with over 100,000 nodes. For a podcast on how banking trojans work, I recommend Darknet Diaries Episode 111 called Zeus.

Multiple Security Flaws Discovered in Popular Software Package Managers. This is of concern because it now normalizes the notion of supply chain attacks. It’s not a direct attack, but takes advantage of the trust developers have with packages they rely on.

Did you know?

Google is buying a company you may never have heard of: Mandiant.

For a video version of this, see: