Cyber Security News Update 3/2/2018

GitHub has survived the largest Denial of Service (DDoS) attack ever recorded, coming in at an astounding 1.3 Tbs of traffic. This is nearly five times larger than the next biggest DDoS attack, and it GitHub came through in one piece. DDoS attacks are used to deny others the service of a website; they work by overloading the servers used to host a particular website and forcing them offline. The DDoS attack against GitHub worked by exploiting unprotected memcached servers, which help make up the backbone of the internet. These servers respond to traffic with a large volume of response data, and while they’re supposed to be protected and kept behind firewalls, many are left unguarded or outside of their owner’s security. This allowed them to be given simple commands that directed their response traffic at GitHub’s servers. GitHub has worked to increase its bandwidth as the site grows more popular, and its service provider had additional servers on-hand to provide overflow capacity. GitHub also relies on anti-DDoS software that picks out malicious traffic and redirects it dead-ends or empty servers. This adaptive defense helped GitHub remain up despite a DDoS attack of unprecedented size and intensity. The use of memcached servers for a DDoS amplification attack like this is troubling; many of memcached servers remain unprotected, even after multiple warnings and requests to move them behind a firewall.
Source: GitHub rides out record-breaking DDoS attack that leveraged memcached servers

The FS-ISAC fell victim to a phishing attack after an employee clicked on a malicious email, which cloned his credentials and used them to send our malicious emails to other accounts. FS-ISAC is a security company that specializes in physical and cyber threats; it provides assistance and know-how to financial companies. This makes it particularly egregious that an employee of theirs fell for a phishing scheme; as we’ve said before, do not open emails if you don’t know the sender. If you must open them, don’t download any of the attachments. FS-ISAC reported that the breach was contained and no sensitive information was stolen, as other employees noted the odd email and reported it as malicious. FS-ISAC currently believes that the attack wasn’t targeted specifically at them and is nothing to be concerned about.
Source: FS-ISAC hit with phishing attacks

As technology advances so do the tools that cyber-criminals use. Trojans and packet sniffers are joined by fileless malware attacks and SMS phishing. Fileless malware relies on file types that don’t normally have malware in them, such as Microsoft Word Documents, to slip through antivirus software. These dangerous Word documents have proto-malware hidden in their Macros. When the victim downloads the document and enables editing the macros spring into action and begin downloading things from online, or they mess with system settings. Before anti-virus software can react they’ve disabled important parts of the system or the protective software. This sort of attack and other more innovative ways are becoming more common, and cyber security must adapt if it wants to remain effective and relevant.
Source: Fileless Malware: Why You Should Care