Hackers Mess with Canadian Armed Forces Recruiting, White House Social Media and Russian Banks
This week's cyber incidents include website redirecting and a big (but not the biggest) botnet.
In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
Canadian Armed Forces Website Redirects to Chinese Page
Anyone looking to sign up for Canada’s Armed Forces on Thursday instead found themselves looking at information about the Chinese government—in Mandarin.
The Canadian Armed Forces recruiting site redirected visitors to an apparent Chinese government URL Thursday afternoon until it was replaced with a 404 page, according to CBC News.
The report states a private-sector company hosted the recruiting website and no Department of National Defence servers were compromised.
Canadian officials have not said who may be behind the incident.
Email Flaw Grants Access to Any Medium Page
A penetration tester figured out how to add himself to the White House’s Medium publication, Motherboard reports.
Allan Jay Dumanhug figured out how to add a person as an author to any Medium publication using the feature that adds authors by email, proving his concept with the White House’s Medium channel. The bug allowed him to swap out a 12-digit publication code in the invite’s HTTP request, and then he received an invitation to contribute.
A Medium spokeswoman told Motherboard the flaw allowed the invited person to submit drafts to the channel but didn't allow the ability to publish.
Botnet of 24,000 Devices Targets Russian Banks
Five Russian banks were targeted by hackers for multiple days last week.
Hackers targeted multiple banks with distributed denial-of-service attacks, which flood systems with traffic. The attacks started Nov. 8 and came in waves, lasting from one to 12 hours, according to a BBC report. Statements from Sberbank and Alfabank said bank operations were not interrupted.
The botnet included at least 24,000 devices in 30 countries, though about half of the devices were located in the U.S., said a RT.com article. The attacks lasted two days.
Last month, a massive DDoS attack attributed to the Mirai family of malware crippled Domain Name System provider Dyn, slowing internet service down for large portions of the U.S. Security firm Kaspersky Labs said the Russian bank attacks do not appear to be related to Mirai, according to The Hacker News, though they did employ smart devices.