Lou Covey, Author at Cyber Protection Magazine

DDoS on X was avoidable, but inevitable

Lou Covey March 17, 2025

The DDoS attack on X.com this week provided a certain amount of schadenfreude for people less than enamored by Elon Musk. It also rang alarm bells in the cybersecurity community as that style of attack seems to be making a comeback, and not for financial gain. All indications are corporations, and, in particular, government institutions are not ready to repel attacks motivated by political revenge.

Security intelligence company Fletch.ai this week identified multiple ongoing attacks around the world targeting corporations for a variety of political positions, depending on which side the entities supported. Issues include the Ukraine/Russia war, Palestine/Israel, immigration, tariffs and just plain political leanings.

Musk blamed Ukrainian hackers for the attack on X (aka Xitter) but because DDoS attacks use multiple servers arrow the globe it is difficult to identify a particular source. However, Fletch and other analysts identify pro-Russian and pro-Chinese hacktivist groups behind most of the attacks using tried-and-true botnets.

Cheap and easy

Mithilesh Ramaswamy, a senior security engineer at Microsoft, said the cost of compute and cloud infrastructure are cheap now creating a low barrier to entry. “Even renting a botnet or using a DDoS-for-hire service is relatively simple and inexpensive.”

Dependency on cloud services also make organizations vulnerable when they rely heavily on third-party services or microservices architectures, he explained, allowing attackers to exploit integration weak points and unleash large-scale disruptions with targeted floods of traffic.

Cloudflare reported blocking a record-breaking 5.6 Tbps DDoS attack carried out by a Mirai-variant botnet. The significant increase in DDoS attacks in 2024, with a 53% rise from the previous year, underscores the growing threat. Fletch reported that the BadBox botnet infected over one million Android devices in 2024 “Despite efforts to disrupt it, the botnet continued to grow, indicating the persistent and evolving nature of DDoS threats.”

A pro-Palestinian hacktivist group known as Dark Storm claimed responsibility for attack on X.com, which caused major outages on the platform over the course of 48 hours. But that claim has not been verified.

Lax security

Ian Thornton-Trump, a well-respected security expert and current CISO for the Inversion6, blamed lax security standards at X.com for the breach. He pointed out that the section of the X.com servers the was hit was not covered by their Cloudflare subscription. Cloudflare is primarily a third-party service that provides a robust protection against DDoS attacks. The rise of these services helped drive the popularity of the attacks down over the past few years, but an organization still has to turn on the protection as they implement new data services. X apparently did not do that.

Premium Membership Required

You must be a Premium member to access this content.

Join Now

Already a member? Log in here

Scam bucket: Tech support fraud

Lou Covey March 7, 2025

Dealing with wonky printers is a universal frustration. According to Gartner studies, printers are by far the biggest technology problem, racking up 50 percent of all technical support calls worldwide. And that makes them a very profitable scam. 

Here’s how it works. You’re sitting at home and want to print out a bill, letter, or other document and the printer hangs up. The little wheel is just spinning and spinning. After multiple tries you decide to call tech support to fix the problem. After 2 hours of sitting listening to the same song, interrupted by the recorded voice telling you your “call is important,” you start surfing for some sort of help. Your results show three or four sites for printer support and a free chat service.

You click one of them, still waiting on your phone for help, and immediately get someone in the chatbot who is very helpful and asks if they can be connected to your computer to see what the problem is. In the hope of being freed from frustration you click on a link and suddenly your “savior” is moving around your computer downloading “the latest printer driver.” It is only much later that you find he has found your banking information and has sucked your account dry.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Greg Linres, Huntress principle threat Intelligence Analyst

Phishing grows but can be blunted

Lou Covey February 28, 2025

Phishing attacks are on the rise again with the help of sophisticated generative-AI tools. However, new defenses and increased wariness among potential victims are blunting phishing’s potential for widespread harm.

For the uninitiated, phishing is a foundational practice for all cybercrime. For the most part, it is a scatter-gun methodology, sending out as many emails, texts, social media posts, and even phone calls as possible to get victims to give up personal information or access sensitive files. There are billions of phishing attacks going on around the world every year. According to FBI reports, the latest report shows losses in 2022 were more than $10 billion. The totals go up every year.

Phishing on the rise

Huntress recently issued a comprehensive report on the state of cybercrime that showed an alarming increase in the number of attacks in 2024 using no less than 285 different forms of attack. Modern attack methodologies go far beyond just sending out massive amounts of emails. They can also include an “urgent” voicemail or text, urging the victim to immediately click on the link of an email; infiltrating reply chains; QR codes instead of links, and signature impersonations.

One new phishing kit is Astaroth, which was revealed in January by SlashNext, a cloud email security provider. Primarily marketing on the Telegram messaging platform, the kit sells for $2000 and includes free trials.

EU’s DORA: Who will stand up for protection?

Lou Covey February 18, 2025

The EU's Digital Operational Resiliency Act (DORA) went live in January. This legislation's goals seem to conflict with the US administration’s willingness to ignore technology security standards. The question is: Who will stand up to protect corporate and consumer data?

DORA is highly targeted at the stability and resilience of the financial services sector. It ensures financial institutions can respond to, withstand, and recover from ICT-related threats and disruptions. It also requires robust strategies and policies to manage ICT risks in financial institutions.
Arnaud Treps, chief information security officer at Odaseva, said, “DORA is very different from previous regulation where you have to change where you operate. DORA is about having proper backups, the capability to restore quickly, and building redundancy.”

Europe takes the lead

But does the US rejecting data privacy regulation mean walling America off from the rest of the world? Meta has threatened to potentially limit

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Teenagers, representing representatives of DOGE, oversee and government worker on a desktop computer.

The case for insider-threat detection

Lou Covey February 11, 2025

An independent threat intelligence team warned the Treasury Department that representatives of the Department of Government Efficiency was by an independent threat intelligence were a significant “insider threat.” The warning made the problem of insider threats a new worry for US citizens, sparking multiple discussions on social media. It also made a new case for technology that defended against the threat.

Insider threats are not the most common form security weakness, but they are the hardest to defend against. Even if a company is successful in screening out potential bad actors in the hiring process, then they have to. make sure who they hired is who shows up to get their security badge. And if they get past those two processes, there’s always the possibility of an unbalanced or angry employee bringing a firearm into the office to commit mayhem. Luckily there are technologies in place, such as advanced detection and response, identification validation and AI driven weapons detection available in the market.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Simon Linstead and Lou Covey discuss quantum computingg

The quantum computing chimera

Lou Covey January 28, 2025

Quantum computing could potentially break current encryption methods, leading to a surge in research into quantum-safe cryptography, but will theymore

How social media moderation works

Lou Covey January 22, 2025

There has been a lot of debate regarding the imposition of moderation on social media and whether that constitutes censorship and violations of the right to free speech. That argument is specious at best. Offending content on commercial social media is removed only when it negates profitability.

Most humans moderate their speech. Sometimes we think about impulsively speaking in reaction to something that incites strong emotions. People who do not react have what is called, “self-control”. Some people don’t have that filter (I’m looking at you, Elon) and blurt out offensive, nonfactual, or dishonest responses. Sometimes they aren’t atypical, they are just selfish people without manners (still looking at you Elon). Moderation of your speech is just a civilized attitude.

Profit motive

When it comes to social media, however, especially for-profit social media, the primary factor is profit. That has been the guiding principle of all social media moderation.

James Bore talks about cybersecurity marketing

Security industry addicted to bland marketing

Lou Covey January 17, 2025

There is no question that the cybersecurity industry performs a vital role in keeping the digital world safe. It’s too bad the industry is so dedicated to bland, repetitive and un-informational marketing and research.

The problem doesn’t exist with cybersecurity alone. Every tech industry under finances and plagiarizes marketing communications both within and without their niches, but the problem in security is that there is so little actual data to refer to, it is easy to make it up and still be believed. The introduction of AI into marketing efforts definitely cuts down the price and effort of communications, but it makes the bland and repetitive content even more bland, repetitive while making it less informative than when humans are actually involved.

Anyone involved in the process of evaluating this content and mining nuggets of relevant truth knows the problem and some are trying to do something about it. James Bore is one of them.

Editorial: Jog on, Meta

Lou Covey January 10, 2025

Mark Zuckerberg made two announcements about major changes in Meta in the past two weeks. The first was the revelation that they would be creating hundreds of AI-driven bots to interact with users. The second was the announcement that they would stop moderation of content, “except for dangerous stuff,” according to a video posted by Zuckerberg. With a certain amount of schadenfreude, we note that Meta had to pull the accounts they had already made as users started engaging with them, finding their inherent flaws and raking them over the coals for how piss-poor their execution was.

Both of these announcements validated a decision I had made earlier this year to start divesting myself of Meta platform accounts. I made the request to deactivate all the accounts (Facebook, Instagram and Messenger) a week before both announcements. I would have done it sooner if I had known it would take Meta 30 days from my request to deactivate everything. This morning, however, I received a text from my partners in Cyber Protection Magazine asking if I thought we should deactivate our Facebook account.

Frankly, I had forgotten we had one, basically because we received zero engagement from the platform, despite the amount of content we put up there. That,.too, is a result of Meta de-emphasizing legacy media. Of course, I concurred with the team. Sometime in February, we will disappear from Facebook.

A new year and new problems

Lou Covey January 3, 2025

We open a new year and a new season with our friend, Ian Thornton-Trump, chief information security officer at the MSSP Inversion6 and in 30 minutes we take on some pretty meaty subjects.
First, we discuss how China strategically infiltrated technology systems in the US and other countries as a geopolitical message rather than attacks. He discusses the challenges of securing complex, interconnected systems and the need for proactive defense.
Next we review the rise of corporate power and influence and how the increasing wealth and influence of individuals like Elon Musk is disrupting the traditional balance of power in democracies. The ethical concerns around wealthy individuals wielding disproportionate political influence could result in something the oligarchs are not expecting.
Finally, we review potential trade wars and the possibility of Canada and Mexico joining the BRICS alliance.
2025 is going to be bumpy but very interesting.