Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Shutdown Servers.. Show all posts

Cyber Attack: North Korea Suffers Internet Outage

North Korea faced an internet shutdown, and experts suspect cyber-attacks are the main reason. The internet outage remained for six hours in the country on Wednesday last week during local morning time. It is the second incident causing internet outages in North Korea in the past two weeks. Cybersecurity expert Junaid Ali from Britain says the recent outage may be due to a denial-of-service (DDoS) attack. 

If a user in North Korea tried to connect to an IP address, the internet could not route the data into the country. The servers were back to normal within a few hours after the DDoS attack. Individual servers, however, could not function normally because of the disruption, these servers include-Naenara, the North Korean government official portal, Air Koryo Airlines, and the North Korea Ministry of Affairs. 

News website NK Pro reports network records and log files suggest that websites hosted in North Korean domains that end with ".kp" could not be accessed. A similar incident happened in North Korea earlier on January 24, 2022. In simple terms, network disturbance, not power cut, caused the internet outage. Experts observed that no internet traffic went in and out of North Korea during the attack. 

According to Junaid ", it is common for one server to go offline for some periods, but these incidents have seen all web properties go offline concurrently. It is not common to see their entire internet dropped offline. 

During the incidents, operational degradation would build up first with network timeouts, then individual servers going offline and then their key routers dropping off the internet." Internet access is restricted in North Korea, we don't know how many people have direct access to it, but the data suggests that around 25 million people have access to the internet, which is only 1% of the total population.

Ransomware Attack On Major European Bookseller

 

Recently a ransomware attack targeted a leading book supplier software, the attack interrupted regular functions of thousands of bookstores in Europe including France, Belgium, and the Netherlands. The data stolen may have included not only personally identifiable information but also payment details. 
The ransomware group targeted TiteLive, a French company that provides cloud-based software for book sales and inventory management. Bookstores that have been affected by the ransomware attack included Libris, Aquarius, Donner, Malperthuis, and Atheneum Boekhandels. Additionally, some other clients have also been listed on the company’s website including Paris Libraries, Gallimard, Furet du Nord SciencesPo, and La Pro-Cure. 

In order to prevent the ransomware attack from spreading, TiteLive shut down its IT infrastructure, which resulted in a days-long downtime of MediaLog. Media Log includes processing online orders and shipping, cash sales, and customer relationship functions such as loyalty cards, direct mail, and financial information. 

According to the company’s website, the company offers its primary product to more than 1,000 bookstores. Owing to the disruption, around 130 independent bookshops in the Netherlands, Belgium, and France are largely shut down. Currently, these stores do not have access to billing and inventory data. For now, the form of ransomware that was used in the attack has not been disclosed. 

The group of attackers asked for a huge ransom payment for the encryption which targeted Windows servers run by TiteLive, forcing the company’s products offline. Furthermore, at present, what data may have been stolen is also unclear. However, the company has clarified that it is not going to pay ransom to the malicious actors.

Microsoft 365 Services Restored After Hours Long Outage


Recently Microsoft was hit with a massive global outage that interrupted users’ access to multiple services including Outlook.com, Office 365, Teams, Exchange, Azure, OneDrive Dynamics 365, SharePoint, amid other cloud-based services.

As per the Azure status history page, the users who were trying to access any of Microsoft’s services encountered issues with logging in and server connection as the downtime started around 21:25 UTC on Monday.


The service interruptions had a rather short lifetime, lasting for several hours before Microsoft technicians fixed the issue and successfully rolled back their systems on Tuesday.

In current times of global pandemic wherein physical access for people is restricted all over the world, the outage of online services has proven to be even more disruptive as the number of people relying on it for work and studies has sprung up by a remarkable margin. As classrooms moved online, students and educational institutions are heavily dependent on services offered by Microsoft and Google, primarily.

Giving insights on the matter, Microsoft said “Users who were not already authenticated to the cloud services using Azure AD would have seen multiple authentication request failures. The impact was primarily in the Americas based on the issue being exacerbated by load, but users in other regions may also have experienced some impact. Users that had previously authenticated prior to the issue may not have experienced any noticeable effect.”

Acknowledging the issue, Microsoft 365 Status said in a tweet, “we’ve received reports of users experiencing issues accessing their Exchange Online accounts via Outlook on the Web. Our initial investigation indicates that India-based users are primarily impacted audience. Further details can be found in your admin center under EX223208.”

“We took corrective actions to mitigate the impact to Exchange ActiveSync and have confirmed that service has been restored after users force a sync on their impacted devices. More information can be found under EX223053 in the admin portal.” Microsoft 365 Status said in another tweet.

The issues affecting Microsoft’s online authentication systems have been resolved by the company and the services are restored. Most users reported their system being fully recovered and services functioning normally again.

USA: Leading Servers Of Greenville Were Shutdown Owing It To A Ransomware Attack!



In the state of South Carolina, a city by the name of Greenville was attacked by a ransomware which blacked-out majority its servers.


The source of the ransomware and the infection is being conjectured upon by the help of the city staff and IT professionals.

As a basic ransomware works the organizations affected were asked for money. The IT team is working on getting the operation back online

The only servers that were separate and went unaffected were of the Greenville Utilities Commission and that of the emergency for and police department.

The infection first surfaced on the server of the Greenville Police Department. The IT division was immediately contacted and as result the servers were shutdown.

The shutdown hasn’t affected many of the operations and functions, just that the way things go about needed some adjusting.

Thanks to people not being too dependent on computers not much has been affected in the city except for people willing to do payments would need to do so in cash.

After CIRA’s free parking accident and the shutdown of Norsk Hydro, it’s evident that ransomware is an emerging hazard to cyber-security.