https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-17 15:06:512024-10-17 15:06:51Hackers are extorting Globe Life with stolen customer data
The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. The younger brother is facing charges that could land him life in prison for allegedly seeking to kill people with his attacks.
Image: FBI
Active since at least January 2023, AnonSudan has been described in media reports as a “hacktivist” group motivated by ideological causes. But in a criminal complaint, the FBI said those high-profile cyberattacks were effectively commercials for the hackers’ DDoS-for-hire service, which they sold to paying customers for as little as $150 a day — with up to 100 attacks allowed per day — or $700 for an entire week.
The complaint says despite reports suggesting Anonymous Sudan might be state-sponsored Russian actors pretending to be Sudanese hackers with Islamist motivations, AnonSudan was led by two brothers in Sudan — Ahmed Salah YousifOmer, 22, and Alaa Salah Yusuuf Omer, 27.
AnonSudan claimed credit for successful DDoS attacks on numerous U.S. companies, causing a multi-day outage for Microsoft’s cloud services in June 2023. The group hit PayPal the following month, followed by Twitter/X (Aug. 2023), and OpenAI (Nov. 2023). An indictment in the Central District of California notes the duo even swamped the websites of the FBI and the Department of State.
Prosecutors say Anonymous Sudan offered a “Limited Internet Shutdown Package,” which would enable customers to shut down internet service providers in specified countries for $500 (USD) an hour. The two men also allegedly extorted some of their victims for money in exchange for calling off DDoS attacks.
The government isn’t saying where the Omed brothers are being held, only that they were arrested in March 2024 and have been in custody since. A statement by the U.S. Department of Justice says the government also seized control of AnonSudan’s DDoS infrastructure and servers after the two were arrested in March.
AnonSudan accepted orders over the instant messaging service Telegram, and marketed its DDoS service by several names, including “Skynet,” “InfraShutdown,” and the “Godzilla botnet.” However, the DDoS machine the Omer brothers allegedly built was not made up of hacked devices — as is typical with DDoS botnets.
Instead, the government alleges Skynet was more like a “distributed cloud attack tool,” with a command and control (C2) server, and an entire fleet of cloud-based servers that forwards C2 instructions to an array of open proxy resolvers run by unaffiliated third parties, which then transmit the DDoS attack data to the victims.
Amazon was among many companies credited with helping the government in the investigation, and said AnonSudan launched its attacks by finding hosting companies that would rent them small armies of servers.
“Where their potential impact becomes really significant is when they then acquire access to thousands of other machines — typically misconfigured web servers — through which almost anyone can funnel attack traffic,” Amazon explained in a blog post. “This extra layer of machines usually hides the true source of an attack from the targets.”
The security firm CrowdStrikesaid the success of AnonSudan’s DDoS attacks stemmed from a combination of factors, including sophisticated techniques for bypassing DDoS mitigation services. Also, AnonSudan typically launched so-called “Layer 7” attacks that sought to overwhelm targeted “API endpoints” — the back end systems responsible for handling website requests — with bogus requests for data, leaving the target unable to serve legitimate visitors.
The Omer brothers were both charged with one count of conspiracy to damage protected computers. The younger brother — Ahmed Salah — was also charged with three counts of damaging protected computers.
A passport for Ahmed Salah Yousif Omer. Image: FBI.
If extradited to the United States, tried and convicted in a court of law, the older brother Alaa Salah would be facing a maximum of five years in prison. But prosecutors say Ahmed Salah could face life in prison for allegedly launching attacks that sought to kill people.
As Hamas fighters broke through the border fence and attacked Israel on Oct. 7, 2023, a wave of rockets was launched into Israel. At the same time, AnonSudan announced it was attacking the APIs that power Israel’s widely-used “red alert” mobile apps that warn residents about any incoming rocket attacks in their area.
In February 2024, AnonSudan launched a digital assault on the Cedars-Sinai Hospital in the Los Angeles area, an attack that caused emergency services and patients to be temporarily redirected to different hospitals.
The complaint alleges that in September 2023, AnonSudan began a week-long DDoS attack against the Internet infrastructure of Kenya, knocking offline government services, banks, universities and at least seven hospitals.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-17 14:07:242024-10-17 14:07:24Is a CPO Still a CPO? The Evolving Role of Privacy Leadership
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-17 12:06:432024-10-17 12:06:43Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-17 12:06:422024-10-17 12:06:42NIS 2 Compliance Deadline Arrives: What You Need to Know
Security researchers created an algorithm that turns a malicious prompt into a set of hidden instructions that could send a user’s personal information to an attacker.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-17 11:06:442024-10-17 11:06:44This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats
As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-17 11:06:432024-10-17 11:06:43GPS Jamming Is Screwing With Norwegian Planes
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-10-17 10:06:452024-10-17 10:06:45Anonymous Sudan DDoS Service Disrupted, Members Charged by US
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Hackers are extorting Globe Life with stolen customer data
/in General NewsThe insurance giant says an unknown threat actor has stolen data including SSNs and health information
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Sudanese Brothers Arrested in ‘AnonSudan’ Takedown
/in General NewsThe U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. The younger brother is facing charges that could land him life in prison for allegedly seeking to kill people with his attacks.
Image: FBI
Active since at least January 2023, AnonSudan has been described in media reports as a “hacktivist” group motivated by ideological causes. But in a criminal complaint, the FBI said those high-profile cyberattacks were effectively commercials for the hackers’ DDoS-for-hire service, which they sold to paying customers for as little as $150 a day — with up to 100 attacks allowed per day — or $700 for an entire week.
The complaint says despite reports suggesting Anonymous Sudan might be state-sponsored Russian actors pretending to be Sudanese hackers with Islamist motivations, AnonSudan was led by two brothers in Sudan — Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27.
AnonSudan claimed credit for successful DDoS attacks on numerous U.S. companies, causing a multi-day outage for Microsoft’s cloud services in June 2023. The group hit PayPal the following month, followed by Twitter/X (Aug. 2023), and OpenAI (Nov. 2023). An indictment in the Central District of California notes the duo even swamped the websites of the FBI and the Department of State.
Prosecutors say Anonymous Sudan offered a “Limited Internet Shutdown Package,” which would enable customers to shut down internet service providers in specified countries for $500 (USD) an hour. The two men also allegedly extorted some of their victims for money in exchange for calling off DDoS attacks.
The government isn’t saying where the Omed brothers are being held, only that they were arrested in March 2024 and have been in custody since. A statement by the U.S. Department of Justice says the government also seized control of AnonSudan’s DDoS infrastructure and servers after the two were arrested in March.
AnonSudan accepted orders over the instant messaging service Telegram, and marketed its DDoS service by several names, including “Skynet,” “InfraShutdown,” and the “Godzilla botnet.” However, the DDoS machine the Omer brothers allegedly built was not made up of hacked devices — as is typical with DDoS botnets.
Instead, the government alleges Skynet was more like a “distributed cloud attack tool,” with a command and control (C2) server, and an entire fleet of cloud-based servers that forwards C2 instructions to an array of open proxy resolvers run by unaffiliated third parties, which then transmit the DDoS attack data to the victims.
Amazon was among many companies credited with helping the government in the investigation, and said AnonSudan launched its attacks by finding hosting companies that would rent them small armies of servers.
“Where their potential impact becomes really significant is when they then acquire access to thousands of other machines — typically misconfigured web servers — through which almost anyone can funnel attack traffic,” Amazon explained in a blog post. “This extra layer of machines usually hides the true source of an attack from the targets.”
The security firm CrowdStrike said the success of AnonSudan’s DDoS attacks stemmed from a combination of factors, including sophisticated techniques for bypassing DDoS mitigation services. Also, AnonSudan typically launched so-called “Layer 7” attacks that sought to overwhelm targeted “API endpoints” — the back end systems responsible for handling website requests — with bogus requests for data, leaving the target unable to serve legitimate visitors.
The Omer brothers were both charged with one count of conspiracy to damage protected computers. The younger brother — Ahmed Salah — was also charged with three counts of damaging protected computers.
A passport for Ahmed Salah Yousif Omer. Image: FBI.
If extradited to the United States, tried and convicted in a court of law, the older brother Alaa Salah would be facing a maximum of five years in prison. But prosecutors say Ahmed Salah could face life in prison for allegedly launching attacks that sought to kill people.
As Hamas fighters broke through the border fence and attacked Israel on Oct. 7, 2023, a wave of rockets was launched into Israel. At the same time, AnonSudan announced it was attacking the APIs that power Israel’s widely-used “red alert” mobile apps that warn residents about any incoming rocket attacks in their area.
In February 2024, AnonSudan launched a digital assault on the Cedars-Sinai Hospital in the Los Angeles area, an attack that caused emergency services and patients to be temporarily redirected to different hospitals.
The complaint alleges that in September 2023, AnonSudan began a week-long DDoS attack against the Internet infrastructure of Kenya, knocking offline government services, banks, universities and at least seven hospitals.
Krebs on Security – Read More
Is a CPO Still a CPO? The Evolving Role of Privacy Leadership
/in General NewsHas the role of chief privacy officer become something more than it was? And is it still a role that just one person can handle?
darkreading – Read More
F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability
/in General NewsF5 has released patches for a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity bug in BIG-IQ.
The post F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters
/in General NewsCisco has released patches for multiple vulnerabilities in ATA 190 series firmware, including two high-severity flaws.
The post Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters appeared first on SecurityWeek.
SecurityWeek – Read More
NIS 2 Compliance Deadline Arrives: What You Need to Know
/in General NewsThe NIS 2 compliance deadline is Oct. 17. Discover essential insights on requirements, impacts, and what organisations must do now.
Security | TechRepublic – Read More
This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats
/in General NewsSecurity researchers created an algorithm that turns a malicious prompt into a set of hidden instructions that could send a user’s personal information to an attacker.
Security Latest – Read More
5 Ways to Reduce SaaS Security Risks
/in General NewsAs technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised
The Hacker News – Read More
GPS Jamming Is Screwing With Norwegian Planes
/in General NewsSo much jamming is taking place in northeastern Norway, regulators no longer want to know.
Security Latest – Read More
Anonymous Sudan DDoS Service Disrupted, Members Charged by US
/in General NewsThe DoJ has announced charges against Anonymous Sudan members and the disruption of their DDoS attack service.
The post Anonymous Sudan DDoS Service Disrupted, Members Charged by US appeared first on SecurityWeek.
SecurityWeek – Read More