USN-7073-2: Linux kernel (Azure) vulnerabilities

Read Time:14 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Watchdog drivers;
– Netfilter;
– Memory management;
– Network traffic control;
(CVE-2024-27397, CVE-2024-38630, CVE-2024-45016, CVE-2024-26960)

Read More

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Read Time:4 Minute, 2 Second

The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. The younger brother is facing charges that could land him life in prison for allegedly seeking to kill people with his attacks.

Image: FBI

Active since at least January 2023, AnonSudan has been described in media reports as a “hacktivist” group motivated by ideological causes. But in a criminal complaint, the FBI said those high-profile cyberattacks were effectively commercials for the hackers’ DDoS-for-hire service, which they sold to paying customers for as little as $150 a day — with up to 100 attacks allowed per day — or $700 for an entire week.

The complaint says despite reports suggesting Anonymous Sudan might be state-sponsored Russian actors pretending to be Sudanese hackers with Islamist motivations, AnonSudan was led by two brothers in Sudan — Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27.

AnonSudan claimed credit for successful DDoS attacks on numerous U.S. companies, causing a multi-day outage for Microsoft’s cloud services in June 2023. The group hit PayPal the following month, followed by Twitter/X (Aug. 2023), and OpenAI (Nov. 2023). An indictment in the Central District of California notes the duo even swamped the websites of the FBI and the Department of State.

Prosecutors say Anonymous Sudan offered a “Limited Internet Shutdown Package,” which would enable customers to shut down internet service providers in specified countries for $500 (USD) an hour. The two men also allegedly extorted some of their victims for money in exchange for calling off DDoS attacks.

The government isn’t saying where the Omed brothers are being held, only that they were arrested in March 2024 and have been in custody since. A statement by the U.S. Department of Justice says the government also seized control of AnonSudan’s DDoS infrastructure and servers after the two were arrested in March.

AnonSudan accepted orders over the instant messaging service Telegram, and marketed its DDoS service by several names, including “Skynet,” “InfraShutdown,” and the “Godzilla botnet.” However, the DDoS machine the Omer brothers allegedly built was not made up of hacked devices — as is typical with DDoS botnets.

Instead, the government alleges Skynet was more like a “distributed cloud attack tool,” with a command and control (C2) server, and an entire fleet of cloud-based servers that forwards C2 instructions to an array of open proxy resolvers run by unaffiliated third parties, which then transmit the DDoS attack data to the victims.

Amazon was among many companies credited with helping the government in its investigation, and said AnonSudan launched its attacks by finding hosting companies that would rent them small armies of servers.

“Where their potential impact becomes really significant is when they then acquire access to thousands of other machines — typically misconfigured web servers — through which almost anyone can funnel attack traffic,” Amazon explained in a blog post. “This extra layer of machines usually hides the true source of an attack from the targets.”

The security firm CrowdStrike said the success of AnonSudan’s DDoS attacks stemmed from a combination of factors, including sophisticated techniques for bypassing DDoS mitigation services. Also, AnonSudan typically launched so-called “Layer 7” attacks that sought to overwhelm targeted “API endpoints” — the back end systems responsible for handling website requests — with bogus requests for data, leaving the target unable to serve legitimate visitors.

The Omer brothers were both charged with one count of conspiracy to damage protected computers. The younger brother — Ahmed Salah — was also charged with three counts of damaging protected computers.

A passport for Ahmed Salah Yousif Omer. Image: FBI.

If extradited to the United States, tried and convicted in a court of law, the older brother Alaa Salah would be facing a maximum of five years in prison. But prosecutors say Ahmed Salah could face life in prison for allegedly launching attacks that sought to kill people.

As Hamas fighters broke through the border fence and attacked Israel on Oct. 7, 2023, a wave of rockets was launched into Israel. At the same time, AnonSudan announced it was attacking the APIs that power Israel’s widely-used “red alert” mobile apps that warn residents about any incoming rocket attacks in their area.

In February 2024, AnonSudan launched a digital assault on the Cedars-Sinai Hospital in the Los Angeles area, an attack that caused emergency services and patients to be temporarily redirected to different hospitals.

The complaint alleges that in September 2023, AnonSudan began a week-long DDoS attack against the Internet infrastructure of Kenya, knocking offline government services, banks, universities and at least seven hospitals.

Read More

Pitfalls of Cloud Sprawl and How to Avoid Them

Read Time:4 Minute, 26 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Cloud computing has become a boon to organizations due to its flexibility, scalability, and cost-effectiveness. However, without proper oversight, it evolves into an untidy collection of cloud instances, platforms, and resources cascading through the enterprise environment. While this growth typically aligns with increasing operational needs, it leads to a phenomenon dubbed cloud sprawl, a situation that presents both economic and security risks.

In many companies, departments independently deploy cloud services or virtual machines to streamline tasks. Employees can also opt for unauthorized cloud instances (shadow IT) to boost convenience. According to a Netskope research, an eyebrow-raising 97% of cloud applications used in the enterprise are unmanaged and freely adopted by employees and organizational units.

This may seem like minor foul play for the sake of higher productivity, but the downside soon becomes evident. IT teams lose visibility over the “snowballing” cloud ecosystem that suddenly lacks centralized control and potentially opens up a Pandora’s box.

Walking a Security Tightrope

When cloud sprawl takes over, security problems surface. Without unified oversight, applying consistent security measures across the board becomes an arduous task. This lack of control can impact the company’s security in several ways:

Data security gaps: Shadow IT, coupled with too many isolated cloud environments, makes it difficult for IT and security teams to keep a record of sensitive data effectively. This leads to potential data leak or loss.
IAM challenges: Cloud accounts that are no longer maintained tend to have weak access controls. This condition complicates identity and access management (IAM), making it harder to protect credentials like API keys and tokens.
Expanded attack surface: Each unused or poorly managed cloud resource can become a blind spot, making the environment more vulnerable to cyberattacks. Outdated software, misconfigured settings, and unauthorized access points give malefactors more avenues to exploit.
Compliance repercussions: When it comes to regulatory compliance, fragmented data across multiple clouds throws a spanner in the works. Standards like GDPR, HIPAA, and PCI DSS require clear control over data integrity and traceability, but when data storage and security practices aren’t unified, demonstrating compliance becomes a tall order.

These risks entail operational difficulties as IT teams juggle vulnerability management, access controls, and security monitoring. Letting the situation slide creates loopholes for cyber threats. A centralized cloud management approach ensures that growth doesn’t outpace oversight.

Operational and Financial Fallout

Cloud sprawl doesn’t just affect security; it also strains budgets and resources. Orphaned or underused cloud instances add to operational costs and make it hard for organizations to track and optimize their cloud spending. The result is an inflated cloud bill, driven by inefficiencies that could otherwise be avoided.

The proliferation of duplicate resources and data across platforms drains processing power, slowing down business-critical applications and affecting user experiences. Decentralized management practices can also create silos, where teams work independently using fragmented tools and data. This undermines collaboration, swamps innovation, and leads to redundant efforts across departments.

What to Do About It

Addressing cloud sprawl starts with a comprehensive strategy that gives organizations sufficient visibility and control over the entire cloud territory. While there’s no universal solution, the following best practices can pave the way toward taming it:

Centralized governance: Establish clear rules for selecting, deploying, and managing cloud resources. IT teams should enforce policies around data encryption, access management, vulnerability scanning, and compliance to ensure consistency across the organization. Regular audits help keep the infrastructure in check.
Increased visibility: Consider leveraging a cloud-native application protection platform (CNAPP) that offers centralized management, real-time threat detection, and incident response. Not only do these solutions help identify and address cyberattacks, but they also streamline cloud resource management and thereby reduce unnecessary spending.
Access control prioritization: Use a tried-and-tested AIM service to manage user roles and permissions effectively. Implement multi-factor authentication and adhere to the principle of least privilege to minimize risks from potential unauthorized access.
Cross-department collaboration: Encourage better interoperability between IT, security, and business units to align cloud usage with organizational goals. Open communication can reduce the risks associated with shadow IT and create a catch-all approach to handling cloud resources.
Employee training: Educating employees about potential risks of cloud misuse and the ways to avoid them can beef up the entire organization’s security posture. This training is only effective if it’s conducted regularly enough to cover emerging threats along with new cybersecurity trends.

A holistic approach combining human expertise with specialized tools for automation and governance is essential to declutter cloud environments and prevent sprawl from resurfacing. This has to be a process rather than a one-stop action, so IT leaders must continuously enforce policies and controls to ensure the company’s cloud infrastructure remains healthy and secure for the long haul.

Endnote

Cloud management can make or break. When done right, it becomes fertile ground for smooth enterprise operations. However, if too many cloud resources slip below IT’s radar and stay that way, everything turns on its head. Ultimately, a proactive management strategy ensures that cloud technology remains a business asset rather than a costly vulnerability.

Read More

News, Advisories and much more

Exit mobile version