This week in InfoSec  (08:59)

With content liberated from the “today in infosec” twitter account and further afield

8th February 2000: A 15-year-old Canadian identified at the time only by his handle  "MafiaBoy" launched a 4-hour DDoS attack against http://cnn.com. The attacks also targeted Yahoo, eBay, Amazon and other sites over a 3 day period. In 2001 a Canadian court sentenced him to 8 months.

https://twitter.com/todayininfosec/status/1755576730306089245

7th February 2000: Dennis Michael Moran (aka Coolio) performed a smurf attack against Yahoo's routers, causing its websites to be inaccessible for hours. Conversations on an IRC channel led to him being identified and convicted for a series of DDoS and website defacement crimes.

https://twitter.com/todayininfosec/status/1755267532540244316     

Rant of the Week (14:35)

Viral news story of botnet with 3 million toothbrushes was too good to be true

In recent days you may have heard about the terrifying botnet consisting of 3 million electric toothbrushes that were infected with malware. While you absent-mindedly attended to your oral hygiene, little did you know that your toothbrush and millions of others were being controlled remotely by nefarious criminals.

Alas, fiction is sometimes stranger than truth. There weren't really 3 million Internet-connected toothbrushes accessing the website of a Swiss company in a DDoS attack that did millions of dollars of damage. The toothbrush botnet was just a hypothetical example that some journalists wrongly interpreted as having actually happened.

It apparently started with a January 30 story by the Swiss German-language daily newspaper Aargauer Zeitung. Tom's Hardware helped spread the tale in English on Tuesday this week in an article titled, "Three million malware-infected smart toothbrushes used in Swiss DDoS attacks."

https://www.malwarebytes.com/blog/awareness/2024/02/how-to-tell-if-your-toothbrush-is-being-used-in-a-ddos-attack

Billy Big Balls of the Week (21:50)

Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’

A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.

The elaborate scam saw the worker duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations, Hong Kong police said at a briefing on Friday.

“(In the) multi-person video conference, it turns out that everyone [he saw] was fake,” senior superintendent Baron Chan Shun-ching told the city’s public broadcaster RTHK.

Chan said the worker had grown suspicious after he received a message that was purportedly from the company’s UK-based chief financial officer. Initially, the worker suspected it was a phishing email, as it talked of the need for a secret transaction to be carried out.

However, the worker put aside his early doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized, Chan said.

Believing everyone else on the call was real, the worker agreed to remit a total of $200 million Hong Kong dollars – about $25.6 million, the police officer added.

Industry News (28:58)

Clorox and Johnson Controls Reveal $76m Cyber-Attack Bill

Meta's Oversight Board Urges a Policy Change After a Fake Biden Video

Malware-as-a-Service Now the Top Threat to Organizations

Chinese Spies Hack Dutch Networks With Novel Coathanger Malware

Meta to Introduce Labeling for AI-Generated Images Ahead of US Election

Governments and Tech Giants Unite Against Commercial Spyware

France: 33 Million Social Security Numbers Exposed in Health Insurance Hack

20 Years of Facebook, but Trust in Social Media Remains Rock Bottom

AI-Powered Robocalls Banned Ahead of US Election

Tweet of the Week (37:15)

https://x.com/gossithedog/status/1755282171198054805?s=46&t=1-Sjo1Vy8SG7OdizJ3wVbg

Come on! Like and bloody well subscribe!