‘FreakOut’ Botnet Targets Unpatched Linux Systems

DDoS Protection
Fraud Management & Cybercrime

Researchers Says Malicious Network Could Be Used to Launch DDoS Attacks

'FreakOut' Botnet Targets Unpatched Linux Systems
How the ‘FreakOut’ botnet infects Linux systems (Source: Check Point Research)

Researchers at Check Point Research are tracking a new botnet dubbed “FreakOut” that’s targeting vulnerabilities in Linux systems.

The goal behind the botnet’s attacks, researchers say, is to create an IRC botnet – a collection of machines infected with malware that can be remotely controlled – that then can be used for malicious activities, such as launching distributed denial-of-service attacks or cryptomining (see: Monero Mining Botnet Targets PostgreSQL Database Servers ).

See Also: 7 Ways to Take Cybersecurity to New Levels

The FreakOut botnet is targeting Linux-based systems that include the TerraMaster operating system, which manages TerraMaster network-attached storage servers; the Zend framework, designed to build web application services using PHP; and Liferay Portal, a web application platform that enables users to create portals and websites.

Each of these open-source systems has a vulnerability that the FreakOut botnet attempts to exploit, the researchers say. In the TerraMaster OS, the remote code execution flaw is tracked as CVE-2020-28188. The Zend framework deserialization bug is listed as CVE-2021-3007. And the deserialization vulnerability within the Liferay Portal is CVE-2020-7961.

Researchers urge users to patch these flaws to…


3 months after cyberattack that threatened ‘public health crisis,’ Jersey City MUA computer systems still not fully restored

The recent cyberattack at the Jersey City Municipal Utilities Authority inflicted damage that lasted months and threatened to cause a “public health crisis,” the agency said.

Officials from Jersey City and the autonomous utilities agency have said little about the Sept. 30 ransomware attack, which MUA documents said blocked access to “vital” water and sewer information.

But the MUA spent nearly half a million dollars to address the attack, and the agency’s computer systems were still not fully functional even three months after the cyber incursion, an MUA resolution passed last month shows.

At a Dec. 17 meeting, the MUA Board of Commissioners voted to approve a new $391,000 emergency contract with cyber security firm Digital Team Six for “technical restoration services,” according to a resolution obtained through an Open Public Records request. The new contract was “necessary to avert a public health crisis,” the resolution said.

“Despite repeated efforts … problems continued to be encountered with restoring all of the JCMUA’s internet technology network to full operation,” the resolution states, adding that “it has become increasingly apparent that advanced technical assistance will be required.”

But the extent of the potential “public health crisis” is unclear. JCMUA Executive Director Jose Cunha could not be reached for comment and MUA Board of Commissioners Chair Maureen Hulings declined to comment. Digital Team Six staff did not immediately respond to requests for comment.

The contract comes on the heels of an $18,675 contract with a different information technology firm, as well as a $25,000 contract with Pennsylvania law firm Mullen Coughlin to investigate the incident — putting known expenditures related to the incident at $434,675. MUA officials expected at least $25,000 of that to be covered by insurance.

It’s also unclear exactly what the hacker or hackers wanted to target. However, the attack caused the agency to “lose access to vital information and documentation related to the provision of water and sewerage services to the citizens of the City of Jersey City,” an October resolution reads.

In ransomware attacks, hackers block…


Federal court system’s sealed records likely breached by SolarWinds hack

The online filing system used by the federal court system was likely breached in the SolarWinds hack, suspected to be orchestrated by Russia, potentially compromising highly sensitive sealed documents that contain nonpublic details about ongoing investigations.

a statue of a man

© Provided by Washington Examiner

The Administrative Office of the U.S. Courts revealed an “apparent compromise of the confidentiality” of its case management and electronic case files system “due to these discovered vulnerabilities” and said this week that it was “under investigation.” The federal judiciary is working with the Homeland Security Department on a “security audit” related to the cyberattacks that “greatly risk compromising highly sensitive non-public documents … particularly sealed filings” stored on the online system, adding that “due to the nature of the attacks, the review of this matter and its impact is ongoing.”

The revelation that the federal courts were likely successfully hacked came just after the Justice Department admitted that its email systems had been compromised, though the agency stressed that it believed the number of potentially affected email boxes was limited to 3%, and they had no indication that classified information had been taken.

The judiciary’s administrative office said the federal courts “are immediately adding new security procedures to protect highly sensitive confidential documents filed with the courts,” including that “highly sensitive court documents filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system” and “will not be uploaded” to the online system. The office noted that the new practice won’t change current policies regarding public access to court records because sealed records are already confidential “and currently are not available to the public.”

Sealed documents on the court’s online system, such as arrest and search warrant affidavits, can contain a host of sensitive information, and the nonpublic records can include the names of suspects and targets, secret…


Federal Judiciary’s Systems Likely Breached in SolarWinds Hack

WASHINGTON—The electronic filing system used by federal courts has likely been compromised in the massive SolarWinds hack, federal judiciary officials said, extending to another branch of government the impact of a suspected Russian cyber-espionage campaign that has breached more than half a dozen Trump administration agencies.

The federal judiciary was working to immediately add new security procedures to protect “highly sensitive confidential documents filed with the courts,” according to a statement Wednesday by the Administrative Office of the U.S. Courts.

“An apparent compromise of the confidentiality of the [filing] system due to these discovered vulnerabilities currently is under investigation,” the statement said. “Due to the nature of the attacks, the review of this matter and its impact is ongoing.”

Beginning Wednesday, highly sensitive court documents filed with federal courts on paper or via secure electronic devices will be stored in a stand-alone computer system, according to the statement, and won’t be uploaded as usual to the electronic case-filing system. The new procedure wouldn’t change public access to court records because sealed records already aren’t available to the public, it said.

Gaining access to confidential judiciary records could be especially valuable to foreign spies, analysts said, because of the extreme sensitivity of information they often contain, including investigative techniques described in search warrants or specific email accounts or phone numbers being surveilled.