Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label service disruption. Show all posts

Rorschach Ransomware Gang Targets Chilean Telecom Giant GTD

 

Chile's Grupo GTD has issued a warning that a hack has disrupted its Infrastructure as a Service (IaaS) infrastructure. Grupo GTD is a telecommunications firm based in Chile, Spain, Columbia, and Peru which offers services throughout Latin America.

The company delivers a variety of IT services, such as internet access, mobile and landline phone service, and data centre and IT managed services. 

On October 23rd, GTD was the victim of a cyberattack that disrupted multiple services, including its data centres, internet access, and Voice-over-IP (VoIP).

"We understand the importance of proactive and fluid communication in the face of incidents, therefore, in accordance with what we previously discussed on the phone, I would like to inform you that we are experiencing a partial impact on services as a result of a cybersecurity incident," states a GTD security incident notification. "This impact is limited to part of our laas platform and some shared services (IP telephony services, VPNs and OTT television system). Our communication COR, as well as our ISP, are operating normally."

To prevent the spread of the attack, the company isolated its IaSS platform from the internet, resulting in the outages. Chile's Computer Security Incident Response Team (CSIRT) revealed today that GTD was the victim of a ransomware attack. 

"The Computer Security Incident Response Team (Government CSIRT) of the Ministry of the Interior and Public Security was notified by the company GTD about a ransomware that affected part of its IaaS platforms during the morning of Monday, October 23," reads a machine-translated statement published on the CSIRT website. 

Although the ransomware operation behind the GTD attack has not been named by CSIRT, the researchers have discovered that it was the Rorschach variation, which was previously identified in an attack on a US corporation. 

In April 2023, Check Point Research discovered the relatively new Rorschach ransomware, also known as BabLock. The researchers cautioned that the encryptor was extremely fast and smart, with the ability to encrypt a device in 4 minutes and 30 seconds, even if they were unable to connect it to a specific ransomware group. 

The threat actors are using DLL sideloading vulnerabilities in genuine Trend Micro, BitDefender, and Cortex XDR executables to load a malicious DLL, according to a report on the GTD attack seen by researchers. 

This is the Rorschach injector DLL, which will inject a "config[.]ini" ransomware payload into a Notepad process. Ransomware will start encrypting files on the device as soon as it loads. 

The CSIRT has published a set of recommendations to make sure that companies linked to GTD's IaaS were not compromised. Antivirus scans, software safety checks, server account reviews, hard drive and processor performance analysis, network traffic monitoring, and keeping current system records are a few of these. 

The attack on GTD comes after a similar incident that took place earlier this year, when the Rhysida ransomware targeted the Chilean military and thousands of stolen government documents were made public. Regarding the recent attack, GTD has not yet responded to inquiries, and the incident is still being investigated.

Twitter Returns After Two-Hour Outage Affecting Tweets

On Wednesday, Twitter experienced a service disruption that resulted in users being unable to access certain parts of the platform, specifically the "Following" and "For you" feed. These feeds displayed an error message rather than the expected content. 

The problem was widespread and affected users globally. The issue persisted for approximately two hours before being resolved by Twitter's engineering team. 

DownDetector, a website that tracks service outages, reported issues with Twitter at 10:00 GMT, but the problem was resolved by 12:00. In the UK alone, over 5,000 users reported problems to DownDetector within half an hour of the Twitter service outage. 

The root cause of the outage is still unknown, and it is unclear if Twitter's recent 200 staff layoffs on Monday played any role in the incident. Further investigation is needed to identify the underlying cause of the outage and prevent similar incidents from occurring in the future. 

Even though some parts of Twitter, like the feeds, were not working, users could still send tweets as usual. However, no one could see or interact with those tweets. This caused top trending hashtags including "#TwitterDown" and "Welcome To Twitter".

Nevertheless, Twitter has had some temporary problems in the past few months. During a short outage in early February, some users were mistakenly told they had reached the daily limit for sending tweets. 

"It started shortly before the Musk takeover itself. The main spike has happened after the takeover, with four to five incidents in a month - which was comparable to what used to happen in a year,” Alp Toker, director of internet outage tracker NetBlocks, said Twitter has started experiencing more issues under Mr. Musk's tenure as CEO. 

Now we will learn why social media platforms generally suffer service disruptions and sudden outrage:

Social media networks can suffer shutdowns for a variety of reasons, including technical issues, cyber-attacks, policy violations, and government censorship. Technical issues such as server errors or bugs can cause social media networks to crash and become unavailable to users. 

In some cases, these issues can be quickly resolved, and the platform can be restored. However, if the issue is more severe, it may take longer to fix, and the platform may be down for an extended period. 

Cyber attacks such as Distributed Denial of Service (DDoS) attacks can also cause social media networks to go down. These attacks overwhelm a network with traffic, causing it to become unavailable to users. Cyber attackers may launch DDoS attacks for various reasons, such as to disrupt a particular organization or to extort money.