Synopsis: The users were temporarily unable to reach adjacent countries internet web sites for short period of time (less than 1 – 3 minutes) due to an issue of Internet BGP backbone.

Description: On Sat, I was surprise that some internet web site looks unstable. It is not only happens on a single web site.

What do you think about or do you aware?
There are likely to be similar problems that you can find below:

1. The ABC ISP (AS __xx) configured a static route 66.220.144.0/24 pointing to null in order to block Facebook access for ABC ISP customers. However, the ISP started to announce the prefix 66.220.144.0/20 towards its upstream provider CDEF (AS xxxx) that propagated the announcement to its peers. Meanwhile Facebook (AS32934) that had been announcing prefix 66.220.144.0/20 so far, started to fight back. Facebook began to announce more specific prefix 66.220.144.0/24. They kept announcing 66.220.145.0/24, however the service would still not be available for a large part of Facebook users. Those were the users whose traffic took a path towards ABC ISP (AS__xx), thus it could not reach Facebook. The traffic was being backhauled by a static route configured on ABC (AS__xx) edge router.
2. Bogus AS Path

Preface: Docker Hub hack exposed data of 190,000 users

Incident details: On Thursday, 25th April, 2019 Docker Hub discovered unauthorized access to a single Hub database storing a subset of non-financial user data.

Impact: Data breach includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.

Doubt: Since Docker provides mirror service for Docker users especially Greater China area. Is there any problem found in this place?

Headline News: https://www.zdnet.com/article/docker-hub-hack-exposed-data-of-190000-users/

Preface: 540 Million Facebook Records Leaked

Who bare the responsibility? Misconfiguration

Headline News: Hundreds of millions of Facebook records exposed on Amazon S3 cloud!
See the link below for details:
https://www.forbes.com/sites/kateoflahertyuk/2019/04/03/facebook-exposes-540-million-user-records-what-you-need-to-know/#35a8f7043fd7

Observation: The incident shown that it is not difficult to keep track our web activities. A webhook (HTTP push API) is a way for an app to provide other applications with real-time information. As a result, what you are doing is that what thrid party get!
I believe that all related informations over there will be found on Dark Web?

Preface: We known so far that APT attack aim to lockdown specify attack target. The target will be specifics government regime and the their revenue. This is the modern way not require engage the traditional war.

Synopsis: APT attack lure people attention is that they form a structure attack and exploit with malware attacking major public facilities. For instance, Nuclear power station, water supply and Gas system. No matter it is a Botnet DDoS or implant malware conducting sabotage activities. It is a time consuming action. Perhaps above action didn’t fully exploit metamorphic definition. On my seen that a new generation of attack mechanism will be frequently exploit by APT group in future. The design will be similar LockerGoga Ransomware.

LockerGoga Ransomware:
Expert found that LockerGoga does not have any self-propagation mechanisms (needs to be manually deployed). But later on found that it relies SMB protocol (manually copy files from computer to computer). They are jeopardizing in supply chain industry now. But I believe that it the a pilot run now.

For more details, please refer url below: https://www.jdsupra.com/legalnews/lockergoga-ransomware-hits-manufacturer-94292/

Specifications: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.lockergoga.aa

Preface (Attack roadmap): Asus Live Update software installed on laptops and PCs encounter cyber attack in between June and November 2018. Hacker implant a backdoor into the live update software!

Observation: ASUS, it configures the network using dynamic host configuration protocol and then makes a plain HTTP request to a remote server to check if a newer version of the UEFI BIOS firmware is available than the version currently running in the system. Thus, there’s no SSL protection nor verification that it’s actually talking to the correct remote server.

Official announcement: ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups (below URL for reference): https://www.asus.com/News/hqfgVUyZ6uyAyJe1

Preface: Citrix Systems, Inc. is an American multinational software company that provides server, application and desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies.

About data breach occurred on Dec 2018:
Citrix says that the late 2018 attack appears to be distinct from the likely password-spraying attack that was the focus of the FBI’s Wednesday warning to the technology firm.

Doubt? Believe that enterprise firm should have SIEM deployment. If SIEM has in placed, could it be something wrong of their correlation rules? Or there is another reasons behind?

What do you think?

Headline news: https://www.zdnet.com/article/citrix-discloses-security-breach-of-internal-network/

Preface:
For companies that are experiencing cyber attacks. Moody said it has the potential to weaken its credit profile.

Analytic result by Moody’s:
About Moody’s findings. Ransomware attack against FedEx and Merck & Co in 2017. The total financial impact of all affected entities reached $10 billion.

Question: Does Moody’s rating only focus on financial losses?

Answer: The key factors for Moody’s do the analysis is based on the following ideas.
To develop a framework for understanding inherent cyber risk at the sector level, Moody’s focuses on the following:
1) vulnerability to the type of attack or event to which entities in a given sector are exposed.
2) potential impact of cyber events via disruption of critical businesses processes or negative reputational effects that lead to a loss of revenue as a result of customer attrition.

For more details on above, please refer below url: https://www.moodys.com/research/Moodys-Credit-implications-of-cyberattacks-will-hinge-on-long-term–PBC_1161216