13 September 2019

IRM Weekly Cybersecurity Roundup: Wikipedia's DDos attack and more.

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

Wikipedia hit by DDoS attack

Wikipedia announced on Twitter that the site had been hit by a malicious DDoS attack (Distributed Denial of Service) over the weekend, causing global outages for users.

Wikipedia's DDos Attack

It is not yet known what damage Wikipedia’s DDos attack has caused. As of Monday morning, the website was back up and running.

Wikipedia wasn’t the only one to be hit by a DDoS attack this week.  The game developer Blizzard Entertainment found its World of Warcraft Classic servers were hit, resulting in a high latency and disconnections.

It is uncertain if Wikipedia’s DDos attack and Blizzard Entertainment’s attack are linked, but a Twitter account, “UkDrillas”, claims accountability. The account has since been suspended. You can read more here.

One billion Android phones open to SMS phishing attack

A security flaw in Android phones including Huawei, LG, Samsung and Sony has been found, leaving users vulnerable to advanced phishing attacks.

Researchers found limited authentication checks in the Open Mobile Alliance Client Provisioning. If exploited, it could enable hackers to pose as network operators and send a message, tricking users into accepting malicious settings.

The vulnerability could re-route all user internet traffic through a proxy server owned by the hacker, enabling them to see emails and web history.

The Samsung S9, Huawei P10, LG G6 and the Sony Experia XZ premium were more vulnerable to the attack and over half of all smartphones could be affected. You can read more here.

Google Calendar users exposed to fake invite scam

In 2017, a major bug was been found in Google Calendar which allowed hackers to exploit information through unwarranted email invites. It is only now that Google is addressing the issue.

The flaw allowed hackers to take advantage of the default setting which automatically adds invitations into a user’s calendar. This is done via an email leading to official-looking pages requesting financial and personal credentials.

The researchers noted: “this was a particularly useful feature for hackers, as users have grown weary of receiving spam and malicious links in emails. Receiving an official notification through Google Calendar is less likely to provoke suspicion”.

Google has said they are “working diligently” to fix the flaw and have advised users to report any suspicious invitations or event in their inbox. You can read more here.

Quick-fire Updates:

McDonald’s to use AI for drive-thrus: The fast food chain McDonald’s is planning to replace human servers with voiced-based AI technology to improve the ordering process. You can read more here.

Scraping” public data doesn’t constitute hacking: According to a new court ruling, the practice of scraping business social networking websites public-facing data and selling it to employers is not illegal. You can read more here.

99% of phishing emails rely on users clicking links: Phishing emails are one of the most common cybersecurity risks in malicious hacking campaigns due to the legitimate looking emails that are received, causing users to fall victim. You can read more here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM. 

Are you looking to get into a career in cyber? Check out IRM’s job vacancies on our careers page or sign up to our careers newsletter for future roles.