Back to the breach

Well from the volume of security noise it would seem that our black-hatted associates have most certainly returned from the beaches of their private islands and super yachts, presumably on their private jets and are hunkered down in front of a wall of screens (mwahaha), just like in the films, either that or they have returned from Lanzarote with their parents and have fired up their water cooled gaming rigs, ready to wreak havoc. Possibly a combination of the two.

Attendees of our annual security event last year will remember that we were warning about the future of exploits in the mobile space, pointing out that the volume of devices is becoming too rich a target for even bitplayers.

This week a group of Internet delivery and security companies including Akamai, CloudflareFlashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru and others got together to take down a very nasty botnet, constructed for the purposes of DDOS called WireX.

WireX attacks started at a fairly low level and went mostly unrecorded at the start of August and ramped up steeply throughout the month starting on the 15th when events from a minimum of 70000 sources were observed.

It transpires that the bot warez (we are down with the kidz) were being spread by malicious applications on the Google Play store (no less) and the investigating panel identified the sources and removed them. Boy wouldn’t you have liked to be on one of those conference calls?

You can read Akamai’s version of the investigation here.

The implications of this sort of activity are multiple. Infected subscribers using masses of data, networks slowing down and of course the victims, don’t forget about them.

Be very careful about what apps you install, and for that matter what apps your kids install. Keep an eye out for excessive data use and install security software on your device.

There is another excellent write up by the venerable David Bisson here.

Proving that the boys (and girls of course) really are back in town, this week saw the uncovering of a truly massive 711 Million set of breached credentials, which may well include yours.

This looks like a combination of data from other breaches, which is currently been used for the purposes of Spam email which may contain additional malware.

Troy Hunt who runs the haveibeenpwned site has written an excellent piece about the compromised accounts and has imported the whole lot into the site so you can and should check if your name is on  the list.

To check your addresses, simply go here and enter your email addresses one by one.

If one of your addresses shows up red, change that account’s password immediately, turn on two factor authentication where you can, make sure you are using different passwords for all accounts and use a password manager.

If any of the above raises your stress levels, you can always contact us at: [email protected] or call 020 7517 3900 to talk about our Threat Intelligence services.