Cloud Security News: Week in Review is our blog series, grabbing the more interesting cloud security scoops from the web. Sit back, relax, and catch up on all you should know about this week.
Last Friday a DDoS attack devastated companies and consumers on the East Coast by stopping service from Twitter, Spotify, Netflix, and more. This week a hacker is selling an IoT botnet to carry out future attacks. Sources believe this tool could create an attack ten times bigger than the one we saw last Friday. In other data leak news, Weebly confirmed a hack thought to have been carried out in February of this year and DomainTools suggested that customers change passwords after a data leak scare that resulted from a previous LinkedIn breach. Don’t miss the details of the biggest security events this week – Catch them all below!
By Eli Blumenthal (@eliblumenthal)
A massive online attack hit New Hampshire-based Dyn last Friday morning. Dyn, an Internet Performance Management company, was able to restore service within 11 hours of the beginning of attack. The assault kept users, primarily in the US east coast, from accessing Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, Paypal and other sites. At this time, it’s unclear who orchestrated the attack but security experts suggest the attackers relied on Mirai to take over online devices and launch the DDoS attack.
By Waqas (@writerblues)
Although last Friday was a huge setback for many websites, the IoT botnet being sold on a darknet forum could launch an attack ten times the size of the Dyn disruption. According to Forbes, hacked IoT devices with 180,000 bots can allegedly carry DDoS attacks up to 1Tbps. At this time, it’s unclear if the botnet for sale is connected to Mirai or the DDoS attack on Dyn servers. Read the full piece to learn more about protecting your IoT devices from hackers.
By Zack Whittaker (@zackwhittaker)
More than 43.4 million accounts were stolen in a recent hack of Weebly and Foursquare accounts. The hack is thought to have been carried out in February and information includes usernames, email addresses, passwords, and IP addresses. Weebly confirmed the breach in a statement while an internal Foursquare source denies the breach saying “We have done an internal investigation and no breach has occurred.”
By Steve Ragan (@SteveD3)
This Monday, an intelligence platform known as DomainTools warned customers to change their passwords after receiving breach warning. Using data from previous “data dumps” such as LinkedIn and Dropbox, it appears the hacker utilized this data in carrying out the DomainTools breach. Looking for a takeaway? Be sure to reset passwords regularly to best protect your personal data.