Hi, everybody - Chad here. Happy Wednesday morning! Well, unless you’ve recently been victimized by worldly, ultra-sophisticated cybercriminals. Couple of pretty scary stories in the news this week, especially if you still get all itchy in the scalp when you hear “SolarWinds”. Let’s go see..
Well, it’s been a year, so these jerks are back. But this time, they’re getting creative - one newtechnique researchers observed the group using in the attacks is the abuse of repeated MFA push notifications to gain access to corporate accounts, according to the article. Most MFA providers send users a push notification or a phone call where they then enter a code/press a key as a second factor to authenticate access to an account.
From the article: “Using a valid username and password combination, the researchers said that the attackers issued multiple MFA requests to an end user’s legitimate device until the target accepted the authentication. This ultimately granted the threat actor access to the account, they said.”
Whoa. From the article: “Google announced today that it has taken action to disrupt the Glupteba botnet that now controls more than 1 million Windows PCs around the world, growing by thousands of new infected devices each day.” That’s kind of a big deal. That botnet has been running amok in Windows machines across the world (including the U.S.) In short, once a devices is botted, it can be used by threat actors to mine for cryptocurrency, steal user credential/cookies, or deploy proxies (on both Windows and IoT devices!) which later get re-sold as 'residential proxies' to their ever-expanding network of ultra-sophisticated cybercriminals.
Stay safe out there!