slider

Netizen: Monday Security Brief (8/5/2024)

Today’s Topics:

  • DDoS Attack Triggers Microsoft Global Outage
  • State-Sponsored Chinese Hackers Target Japanese Organizations with LODEINFO Malware
  • How can Netizen help?

DDoS Attack Triggers Microsoft Global Outage

On July 30, 2024, a Distributed Denial-of-Service (DDoS) attack caused a global outage of Microsoft services. The tech giant revealed that an error in its DDoS protection measures worsened the situation instead of mitigating it.

The outage lasted for about 10 hours, from 11:45 UTC to 19:43 UTC, affecting various Microsoft platforms, including Outlook, Azure, and Minecraft. Microsoft cloud services like Intune and Entra were also impacted. Multiple organizations, such as banks, courts, and utility services, reported issues.

Microsoft described an “unexpected usage spike” that led to Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, causing errors, timeouts, and latency spikes. Stephen Robinson, Senior Threat Intelligence Analyst at WithSecure, noted that although the outage was short and affected only a subset of services, its impact was significant for many users.

In response, Microsoft made networking configuration changes to support its DDoS protection efforts and performed failovers to alternate networking paths. These actions mitigated most of the issues by 14:10 UTC, with normal service levels resuming globally by 19:43 UTC. The incident was declared mitigated at 20:48 UTC.

Microsoft apologized to customers via its X account and promised to publish a Preliminary Post Incident Review (PIR) within 72 hours to provide more details on the event and its response.

The outage’s ripple effects were felt across various sectors. Cambridge Water, the HM Courts and Tribunals Service, and NatWest were among the organizations impacted. Customers around the world experienced difficulties accessing websites and services dependent on Microsoft’s platforms. Microsoft’s quick response and implementation of a fix showed improvement, and the situation was monitored to ensure full recovery.

This incident occurred just days after a major outage caused by a flawed software update from cybersecurity firm CrowdStrike, which affected millions of computers worldwide and resulted in substantial financial losses and lawsuits.

The outage coincided with Microsoft’s financial update, where the company reported weaker-than-expected growth in its April-June period, causing shares to drop by 2.7% in after-hours trading. Despite these challenges, revenue in the “intelligent cloud” unit rose 21% year-on-year, contributing to an overall revenue increase of 15% to $64.7 billion, with profit rising 11% to $22 billion.


State-Sponsored Chinese Hackers Target Japanese Organizations with LODEINFO Malware

A Chinese state-sponsored hacking group known as Stone Panda (APT10) has been exploiting antivirus software to deploy a new version of the LODEINFO malware against high-value targets in Japan. These targets include media groups, diplomatic agencies, government organizations, public sector entities, and think tanks.

The LODEINFO backdoor malware includes several advanced capabilities. It can download and upload files to and from Command and Control (C2) servers, inject shellcode into memory, kill processes using process IDs, change directories, send malware and system information, take screenshots, encrypt files using an AES key, and execute commands via Windows Management Instrumentation (WMI). Additionally, it has configuration capabilities, although the implementation is incomplete.

First discovered in 2019, LODEINFO has been continuously updated and improved to enhance its sophistication as a cyber-espionage tool. The malware and its infection methods have evolved to evade security products and complicate analysis by security researchers. Recent versions, such as v0.6.6 and v0.6.7, include support for Intel 64-bit architecture, reflecting the attackers’ focus on expanding their target environments.

Improvements in LODEINFO include the implementation of the Vigenere cipher, a complex infection flow with fileless malware, partial XOR encryption, C2 communication packets with unique data structures and variable lengths, and the use of password-protected documents. These updates indicate a concentrated effort by APT10 to make detection, analysis, and investigation more challenging.

The updated TTPs and enhancements in LODEINFO highlight the persistent threat posed by APT10 and their focus on sophisticated cyber-espionage operations. The attackers’ ability to continuously improve their malware to evade detection underscores the need for robust cybersecurity measures.

Maintaining a secure infrastructure with the latest antivirus software tools and constant vigilance is critical to defending against sophisticated malware like LODEINFO. Organizations are advised to stay updated on the latest threat intelligence and ensure their security measures are robust and up-to-date.


How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 


Copyright © Netizen Corporation. All Rights Reserved.