This is your easyDNS #AxisOfEasy Briefing for the week of November 25th, 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from our guest this week Mark Jeftovic  and Len the Lengend click here.

In this issue: 

• Justice Department Targets Google Monopoly with Breakup Proposal
• Russian Hackers Exploit Firefox and Windows in Sophisticated Attack
• Bootkitty Threat Highlights Growing Risks for Linux Systems
• Microlise Ransomware Attack Highlights Growing Threats to Corporate Data
• Matrix Botnet Unleashes Global DDoS Campaigns Exploiting IoT Vulnerabilities
• Australia passes social media ban on under-16 kids
• That big telecom outage in Denmark 

Elsewhere Online:

• Magento Sites Under Attack: New Card-Skimming Malware Threatens Black Friday Shoppers
• Cyberattack Hits Halliburton, Causing $35 Million in Losses
• Ransomware Attack on Blue Yonder Disrupts Starbucks and UK Supermarkets
• Africa Sees Major Cybercrime Arrests in INTERPOL Operation
• LinkedIn Becomes Target for North Korean Hackers, $10M Lost

Justice Department Targets Google Monopoly with Breakup Proposal

The U.S. Department of Justice has unveiled a sweeping proposal to address Google’s dominance in search and advertising, following Judge Amit Mehta’s August ruling that the company violated antitrust laws. The plan includes requiring Google to sell its Chrome browser, regulate its Android platform, and stop paying billions to Apple to maintain its search monopoly. These measures aim to dismantle distribution bottlenecks that have stifled competition for years.

Antitrust Division Chief Jonathan Kanter stressed that monopolistic gains should not go unchallenged. “Lawbreakers don’t get to enjoy the fruits of their unlawful conduct,” he said. The proposal also seeks to limit Google’s head start in artificial intelligence, requiring data-sharing with competitors and restricting acquisitions of potential rivals.

While critics, including investors, view the measures as extreme, proponents like DuckDuckGo’s Kamyl Bazbaz believe the plan will spark “a new era of innovation, investment, and competition.” With a mini-trial set for April, the decision could reshape the tech landscape, fostering greater competition in search, AI, and beyond.

Read: https://www.thebignewsletter.com/p/the-proposal-to-break-up-google-is?r=2r6xf&utm_campaign=post&utm_medium=web

Russian Hackers Exploit Firefox and Windows in Sophisticated Attack

ESET researchers uncovered two zero-day vulnerabilities exploited by RomCom, a Russian-linked hacking group, targeting Firefox and Windows users in Europe and North America. These flaws allowed hackers to remotely install malware without user interaction, using a “zero-click” exploit triggered through malicious websites.

RomCom, known for supporting Russian government cyberattacks, leveraged these vulnerabilities to install its backdoor malware, granting broad device access. “This level of sophistication demonstrates the threat actor’s capability,” said ESET researchers Damien Schaeffer and Romain Dumont.

The attack impacted up to 250 victims, with most in Europe and North America. Mozilla patched Firefox on October 9, and Microsoft fixed the Windows flaw on November 12, following alerts from Google’s Threat Analysis Group.

The incident highlights the ongoing risk of state-sponsored hacking campaigns and underscores the critical need for timely vulnerability detection and patching to safeguard against such threats.

Read: https://techcrunch.com/2024/11/26/russia-linked-hackers-exploited-firefox-and-windows-zero-day-bugs-in-widespread-hacking-campaign/

Bootkitty Threat Highlights Growing Risks for Linux Systems

Cybersecurity researchers uncovered Bootkitty, the first UEFI bootkit targeting Linux systems, uploaded to VirusTotal on November 5, 2024. While currently a proof-of-concept, the bootkit disrupts kernel signature verification and preloads unknown binaries during the Linux startup process.

ESET researchers Martin Smolár and Peter Strýček explained its potential: “Bootkitty emphasizes the necessity of being prepared for future threats.” The bootkit bypasses UEFI Secure Boot if an attacker-controlled certificate is installed, using advanced techniques to disable integrity checks.

Its functionality includes modifying GRUB bootloader protocols and deploying rootkit features, such as hiding files and opening ports. A related kernel module, BCDropper, was also discovered, designed to load further malicious components.

This marks a shift in the UEFI threat landscape, previously seen as Windows-centric. Researchers warn organizations to enhance Linux system defenses as this proof-of-concept foreshadows future sophisticated attacks.

Read: https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html

Microlise Ransomware Attack Highlights Growing Threats to Corporate Data

Microlise, a UK-based fleet management software provider, confirmed a ransomware attack on its systems, with customer operations disrupted. On November 12, 2024, SafePay, a ransomware group, claimed responsibility, alleging it stole 1.2 terabytes of data. The group, known for double-extortion tactics, listed Microlise on its Tor-based leak site.

Microlise assured customers that “no customer systems data was compromised” and stated that most systems are back online. The company has informed authorities about the corporate data breach but withheld specific details.

SafePay, a lesser-known group using LockBit ransomware, has been linked to over 20 intrusions. It threatens to leak stolen data if demands are unmet, raising concerns about corporate cybersecurity.

This incident underscores the growing sophistication of ransomware attacks. Companies are urged to fortify defenses as attackers increasingly combine data theft with extortion to amplify pressure on victims.

Read: https://www.securityweek.com/microlise-confirms-data-breach-as-ransomware-group-steps-forward/

Matrix Botnet Unleashes Global DDoS Campaigns Exploiting IoT Vulnerabilities

A threat actor named Matrix has launched a widespread distributed denial-of-service (DDoS) campaign exploiting vulnerabilities and misconfigurations in Internet of Things (IoT) devices. This lone attacker, likely a Russian script kiddie, employs a multifaceted operation to scan for flaws, exploit security gaps, deploy malware, and establish shop kits, co-opting IP cameras, routers, DVRs, and telecom equipment into a botnet. The campaign relies on widely available tools, such as those hosted on GitHub, to deploy Mirai malware and other DDoS-related programs like PYbot, pynet, DiscordGo, Homo Network, and tools capable of disabling Microsoft Defender.

Primary targets include IP ranges in China and Japan, with additional attacks in Argentina, Australia, Brazil, Egypt, India, and the U.S. Ukraine’s absence suggests financial motives, supported by a DDoS-for-hire service marketed via the Telegram bot “Kraken Autobuy,” which offers tiered cryptocurrency-based attacks. Matrix also exploits misconfigured Telnet, SSH, and Hadoop servers, particularly targeting infrastructure from AWS, Microsoft Azure, and Google Cloud.

Simultaneously, NSFOCUS reports on XorBot, an evasive botnet targeting Intelbras cameras and routers from NETGEAR, TP-Link, and D-Link. Both campaigns underscore the growing threat from accessible tools, emphasizing the urgent need for updated firmware, stronger credentials, and secure configurations to counter opportunistic attacks.

Read: https://thehackernews.com/2024/11/matrix-botnet-exploits-iot-devices-in.html


Australia passes social media ban on under-16 kids

Australia has passed the world’s strictest social media laws, banning children under 16 from using platforms like Snapchat, TikTok, and Instagram. The legislation, which will take at least 12 months to take effect, imposes fines of up to A$50 million on tech companies for non-compliance. Prime Minister Anthony Albanese stated the move aims to protect children from social media harms, a sentiment echoed by many parents. However, critics highlight concerns about privacy, enforcement challenges, and the potential for children to circumvent the rules using tools like VPNs.

The law excludes gaming and messaging platforms and platforms without account requirements (e.g., YouTube). Age verification technology will be required, but its effectiveness and privacy implications remain uncertain. Children who bypass the ban will not face penalties. While the law has strong parental support, digital experts and youth advocates warn it could drive young users to less regulated parts of the internet. Global leaders are closely monitoring Australia’s approach as similar proposals are being discussed in countries like Norway and the UK.

Read: https://www.bbc.com/news/articles/c89vjj0lxx9o

That big telecom outage in Denmark 

While Americans celebrate Thanksgiving, Denmark has faced a nationwide telecommunications outage, disrupting cellphone service and halting train operations. The outage, caused by technical difficulties in the TDC Net network, affects mobile coverage sporadically and has also impacted emergency call services. To address this, emergency vehicles are being deployed on the streets for urgent assistance.

Rail traffic in the west of Denmark has been suspended due to errors in the digital signaling system, with efforts underway to resolve the issue. The incident follows a recent sabotage of undersea fiber optic cables in the Baltic Sea and occurs amidst heightened geopolitical tensions in Eastern Europe.

Read: https://www.zerohedge.com/geopolitical/denmark-hit-whole-country-mobile-outage-trains-halted



Elsewhere Online:

Magento Sites Under Attack: New Card-Skimming Malware Threatens Black Friday Shoppers
Read: https://www.darkreading.com/application-security/sneaky-skimmer-malware-magento-sites-black-friday

Cyberattack Hits Halliburton, Causing $35 Million in Losses
Read: https://latesthackingnews.com/2024/11/15/halliburton-cyberattack-update-losses-worth-35-million-hit-the-firm/

Ransomware Attack on Blue Yonder Disrupts Starbucks and UK Supermarkets
Read: https://www.infosecurity-magazine.com/news/starbucks-sainsburys-ransomware/

Africa Sees Major Cybercrime Arrests in INTERPOL Operation
Read: https://hackread.com/interpol-arrest-dismantle-cybercrime-networks-africa/

LinkedIn Becomes Target for North Korean Hackers, $10M Lost
Read: https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html