DDoS attacks, CVSS 4.0 and Malware - Nov 6th to Nov 12th, 2023 F5 SIRT This Week in Security

Jordan here as your editor this week for a round-up of notable security news that caught my eye. Keeping up to date with new technologies, techniques and information is an important part of our role in the F5 SIRT. The problem with security news is that it's an absolute fire-hose of information, so each week or so we try to distill the things we found interesting and pass them on to you in a curated form.
It's also important for us to keep up to date with the frequently changing behaviour of bad actors. Bad actors are a threat to your business, your reputation, your livelihood. That's why we take the security of your business seriously. When you're under attack, we'll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency please contact F5 SIRT.


ChatGPT Suffers Outage Due to DDoS Attack

ChatGPT recently encountered a major disruption caused by a DDoS (Distributed Denial of Service) attack, with Anonymous Sudan taking responsibility. The group leveled accusations of bias in the programming against OpenAI, ChatGPT's parent company, and outlined various reasons for the attack in a Telegram post. To combat these challenges, a defense-in-depth strategy is essential, and this is where specialized DDoS mitigation services like those offered by F5 become invaluable. F5's technology, featuring real-time traffic analysis, scalable protection, and a multi-layer defense strategy, plays a critical role in safeguarding digital assets. These robust solutions are designed not just to respond to attacks, but to anticipate and mitigate them, ensuring the resilience and continuity of operations for businesses. In a digital landscape marked by complex geopolitical and ethical considerations, particularly in AI technology, having an effective DDoS solution like F5's in place is crucial for maintaining a secure and reliable digital presence.

This attack on ChatGPT highlights the critical need for robust DDoS mitigation strategies in today's digital landscape. Companies must invest in comprehensive cybersecurity solutions to protect against such sophisticated threats.

Common Vulnerability Scoring System version 4.0

The release of the Common Vulnerability Scoring System (CVSS) version 4.0 introduces significant changes to the standard, reflecting its evolution and adaptation to the constantly changing cybersecurity landscape. This new version reiterates that CVSS is not just about the Base score, introducing new nomenclature to identify combinations of Base, Threat, and Environmental factors to encourage consumers to use all metric groups for better refinement over how any given vulnerability impacts their specific environment. As my co-worker Megazone has said before, CVSS is just the beginning. It's important to highlight that CVSS must be considered as one input when considering the overall calculation of risk, focused on measuring the severity of vulnerabilities as part of a broader assessment process. 

Some of the key changes in CVSS 4.0 include finer granularity in the Base metrics and values, with the introduction of a new metric, Attack Requirements (AT), and new values for User Interaction (UI), categorized as Passive (P) and Active (A). Another notable change that I am happy to see is the retirement of the Scope metric, which has been expanded in the Impact Metrics section. This section now includes explicit assessment of impact to both Vulnerable System (VC, VI, VA) and Subsequent Systems (SC, SI, SA), providing a more comprehensive view of a vulnerability's potential effects. The latest version also highlights the increasing significance of technology and it's impact on our daily lives by introducing a Safety metric. This metric is applicable in both the Supplemental and Environmental metrics categories and allows for providers and consumers to score based on the potential impact to human life. For more details check out the CVSS 4.0 documentation, training and new calculator.

The release of CVSS 4.0 marks a significant advancement in vulnerability assessment, offering more nuanced metrics for a detailed risk analysis. It's a step forward in aligning cybersecurity measures with the evolving nature of digital threats.

BlazeStealer Malware

The recent discovery of the BlazeStealer malware in various Python packages on the Python Package Index (PyPI) is yet another troubling instance of software supply chain attacks. Initiated in January 2023, this campaign involves eight packages, such as Pyobftoexe, Pyobfusfile, Pyobfexecute, and others, disguised as harmless obfuscation tools. Instead of providing legitimate functionality, the packages were engineered to download and run a Python script from an external source as soon as they were installed.

BlazeStealer exhibits a wide array of detrimental capabilities. It downloads an additional script from an outside source, setting up a Discord bot that allows attackers to gain full control of the affected computer. The malware is capable of stealing a variety of sensitive data, like web browser passwords and screenshots, and can perform numerous malicious actions, including file encryption and disabling Microsoft Defender Antivirus. It also poses a severe threat to the system's stability by spiking CPU usage, adding scripts that shut down the system, and potentially causing the infamous blue screen of death.

In light of this situation, developers are urged to exercise extra caution and rigorously scrutinize packages prior to their use. The emergence of BlazeStealer is indicative of a larger trend in the cybersecurity realm, with open-source repositories increasingly being used as conduits for malware. A study by Phylum highlighted this growing issue, revealing that a significant number of packages in various ecosystems execute dubious code during installation. 

The discovery of BlazeStealer in Python packages underscores the increasing risk of software supply chain attacks. It serves as a stark reminder for developers and organizations to rigorously vet open-source software to safeguard their digital infrastructure.

Published Nov 14, 2023
Version 1.0

Was this article helpful?

No CommentsBe the first to comment