From an information security standpoint, this past week (May 28 – June 3) has been quite an interesting one. Three major topics stand out: the new Flame malware, the WHMCS breach, and the controversy that surrounds the UGNazi hacker collective.
When the world first learned of the Flame
threat, many rushed to conclude that it may be the next Stuxnet, especially since its main targets were a number of Middle Eastern countries, including Iran. However, after further analysis, experts have admitted that the 20 MB malicious element doesn’t pose a big risk
as first believed, at least not yet.
Besides the now-infamous Flame, we also learned of the start of the Holy Lulz Crusade of Canada
, an operation initiated by Team Dig7tal that targets Canadian government and other major websites.
One of the most important victims of this campaign was the site of the Toronto Police Department
from which the hackers leaked the entire database, totaling a 32 MB file.
The WHMCS saga,
last week, continued with the arrest
of Cosmo, one of the hackers actively involved in the breach. Then, the company learned from “an ethical hacker” of an SQL Injection vulnerability in the billing software which could have allowed an attacker to gain access to their systems.
WHMCS has rushed to release a security update to address the issue, but we have a hunch that this incident is far from being over.
As far as UGNazi is concerned, the crew has caused a lot of controversy
, many individuals condemning their apparently unjustified actions
. The hackers also made public their personal vendetta plans against the famous Jester (th3j3st3r) by launching a distributed denial-of-service (DDOS) attack
on the site of the Wounded Warrior Project.
In the hacktivist
category we find a couple of interesting operations. One of them is aimed
at the Formula 1 Grand Prix that’s about to take place in Montreal. Anonymous promised to initiate both physical and virtual protests, claiming that sporting events shouldn’t take place in countries where human rights are violated.
We also had the opportunity to speak to a relatively new group of hacktivists called k0detec
, which highlighted
the security holes that exist in the United Kingdom’s National Health Service (NHS).
AlienVault issued an interesting report
in which it detailed how data breaches could result not only in intellectual property loss, but also in the loss of human lives.
Finally, we learned that the White House has taken initiative
in fighting botnets.