19 June 2020

IRM Weekly Cybersecurity Roundup: Amazon DDoS Attack and more

Details released on record-breaking Amazon DDoS attack

Amazon Web Services (AWS) has released information to confirm that it experienced a DDoS attack in February which fired 2.3Tbps (the previous record was 1.7Tbps)

To put this power into perspective, BT (UK telecommunication provider) sees just under half of 2.3Tbps on its entire UK network in a normal working day.

AWS managed to fend off the attack with various tools, meaning its websites were not knocked offline as planned by the attackers.

You can read more here.

Did the US experience the biggest cyber-attack in history?

On Monday afternoon, many flocked to Twitter to state that the US was under a major cyber-attack, with many pointing the finger at China for where the attack was stemming from.

US flag

These rumours were kicked off by US citizens experiencing a drop-out in mobile phone services, rendering them unable to send texts or make calls. Other organisations including internet services providers, social media platforms, gaming and banking organisations also experienced outages.

Twitter accounts with large followings fired up rumours by claiming that the US was under a “major DDoS attack”, sharing an ‘attack map’ to highlight areas that were affected. Experts were quick to point out that the map wasn’t so accurate and there was actually no evidence to show that a DDoS attack was underway.

According to statements from some of the organisations affected, the outages were due to other technical issues that were not related to cyber-attacks.

You can read more here.

Claire’s suffers serious cyber-attack

The jewellery and accessories company, Claire’s, has suffered from a cyber-attack in which credit card details have been stolen. This was after its sister company, Icing, was hit by a skimming cyber-attack.

The incident has been categorised as a ‘magecart’ attack – where hackers illegally install software onto the victim’s systems to make copies of customer payment data at the checkout. British Airways and Ticketmaster have also been victim to this sort of attack.

Experts have commented that careful monitoring of the network for unusual activity should have enabled the Claire’s security team to spot and block the suspicious activity.

Claire’s stated: “We removed that code and have taken additional measures to reinforce the security of our platform. We are working diligently to determine the transactions that were involved so that we can notify those individuals.”

You can read more here.

Global cybersecurity index ranks Europe as ‘least exposed’

In a survey by Password Managers, Finland was classified as the least exposed country out of 108 countries and Afghanistan is the most exposed. The United Kingdom was ranked 13th.

Exposure Map

Exposure Map – Source – Password Managers

For the purpose of the survey, ‘exposure’ is defined as “the fact of experiencing something or being affected by it because of being in a particular situation or place”.

Therefore within the context of cybersecurity, the countries were ranked using the frequency of malicious attacks alongside the level of cybersecurity commitments made by each country to analyse their own exposure to cybercrime.

You can read more here.

Quick-Fire Updates

Lion brewery forced to stop production: Last week, we covered the Australian brewery who had to turn to manual processes to continue production and delivery of their products. The company has experienced a second fresh cyber-attack this week, as cybercriminals demand $800,000 US Dollars. Read more here.

Israel and Greece promise to share cybersecurity info: In an agreement signed this week, they plan to strengthen regional cybersecurity by engaging in mutual dialogues and working on joint projects and initiatives. Read more here.

Fancy getting the newsletter sent your inbox directly every week? Sign up to the newsletter here.