[Security Weekly] Massive DDoS Attack Shuts Down Over 200 Organizations in Belgium

cover image

1st Week of May 2021


1. Belgium ISP suffers massive DDoS attack knocking 200 organizations offline

In the morning of May 4, a massive DDoS attack hit Belgium’s government-owned internet service provider Belnet, directly cutting off the internet connection for over 200 organizations across the country. As a publicly funded company, Belnet’s main customers include the Belgium parliament, government agencies, educational institutions, and research centers.

As expected, the internet connection for the Belgium parliament was cut off, while a wide range of government services remained unavailable. National news agency VRT was also taken offline. This tremendous service outage lasted for a whole day, before Belnet announced that internet services were back to normal. 

Belnet is working with the Centre for Cyber Security Belgium (CCB) to investigate the incident. It said that the attack was very difficult to mitigate since the attackers kept changing their techniques, switching between different botnets. As of now, the company is staying on high alert for potential follow-up attacks.

To mitigate advanced DDoS attacks that run on hijacked residential IP addresses, a logical web application firewall (WAF) like WAPPLES can effectively identify the changes in attack patterns through AI technology, preventing such attacks from paralyzing the servers.

Sources: ZDNet, Infosecurity, Euronews


2. Scripps Health redirects emergency patients following ransomware attack

Scripps Health, a San Diego-based non-profit hospital system, suffered a ransomware attack over the weekend of May 1, forcing it to redirect emergency care services to nearby hospitals. With over 2,600 physicians, Scripps Health runs five hospitals and 19 outpatient clinics.

Upon discovery of the attack, Scripps sent out an internal notification and immediately redirected all emergency patients at four of its hospitals. A significant number of the hospitals’ IT systems were taken offline to prevent the ransomware from spreading further. This forced all physicians to adopt pen-and-paper processes for medical recording. The MyScripps online portal was also unavailable throughout the weekend, all appointments scheduled for May 3 were postponed.

The scale of the damage even impacted backup servers in Arizona. Yet, Scripps Health said that it is currently recovering its systems from backups. It remains unclear whether sensitive medical data were compromised.

Sources: Bleeping Computer, NBC San Diego


3. Peloton’s API vulnerability exposes sensitive customer data

Researchers at cybersecurity firm Pen Test Partners discovered a critical vulnerability in Peloton’s API that allowed unauthenticated individuals to access the personal data of users. Peloton is a New York-based manufacturer of IoT treadmills and stationary bikes, all of which can be connected to its subscription-based online tutorial platform.

The vulnerability allowed anyone on the internet to make an unauthenticated request for user account data to the API, even if the users chose private mode. The API enabled users to sync their profile data and workout records to Peloton’s servers. This is worrisome given that the machines have built-in cameras and microphones.

Exposed data included user IDs, gender, age, location, membership info, and instructor IDs. Among more than 3 million users, over 1 million of them are connected subscribers, including President Joe Biden, who appeared to be a user since 2019, although the White House would likely have prohibited the President from moving in with such IoT devices.

Sources: Threatpost, Infosecurity


4. Qualcomm chip vulnerability puts 30% of Android smartphones at risk

A critical vulnerability in Qualcomm’s Mobile Station Modem (MSM) chips, including the latest 5G versions, allowed remote hackers to inject malicious code into these chips and execute it to access the victims’ text messages, call histories, as well as to eavesdrop on phone calls. The Qualcomm MSM Interface (QMI) is used by 30% of all Android smartphones, including the Samsung Galaxy flagships and the Google Pixel lineup. 

Discovered by Check Point Research, the vulnerability (CVE-2020-11292) can be exploited when a malicious app is installed on the phone. The hackers can use the flaw to inject malicious code into the chips. Since intrusion comes from the chips within the phone, none of the security measures installed on the phone would be able to detect it. The malicious code can then be executed remotely.

The researchers refused to provide a proof-of-concept as it could give hackers a guide on how to execute the attack. Qualcomm immediately provided a fix to the flaw in December 2020. However, it could take a while for the patches to roll out since smartphone vendors would need to integrate the patches to their own software updates, usually starting with the latest models and working downwards to earlier ones.

Sources: Threatpost, Bleeping Computer


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security