Happy Halloween and welcome to a special ghostly edition of our monthly NewsScam –containing some spooky news indeed! Don’t miss out on reading all about the arrest of a young cybercriminal from France and potentially the largest-ever distributed denial of service attack (DDoS), and so much more!
A 22-year-old French Citizen's “Trick” Didn't Work Out So Well
A 22-year-old man from Epinal, France, has pleaded guilty to the conspiracy to commit wire fraud and aggravated identity theft in U.S. District Court (Seattle, Washington). The young man, Sebastien Raoult, aka Sezyo Kaizen, was arrested last year in Morocco and was extradited to the U.S. in January 2023. He, along with two accomplices, were indicted by a grand jury in June 2021 for hacking into corporate computers to steal sensitive data and customer records, including personal and financial information. Their targets spanned multiple companies in Washington State, across the US, and globally. This trio is linked to the notorious group ShinyHunters, known for selling hacked data from over 60 companies between April 2020 and July 2021.
New DDoS Record is Truly Frightening
In a groundbreaking revelation, a consortium of tech experts disclosed the largest DDoS attack to date. Google, Cloudflare, and Amazon AWS unveiled the shocking details of an August DDoS campaign that condensed a month’s worth of Wikipedia traffic into a mere two-minute deluge. At its peak, this campaign hit over 398 million requests per second (RPS), dwarfing the previous largest DDoS attack, which peaked at 46 million RPS, by over eightfold.
More Cyber Scaries...
If you recently booked a flight with major Spanish airline Air Europa, you might have paid more than you think. This was a nightmare for data security as anyone who had purchased a flight on the company's website may have given away their credit card information, including the expiration date and security code. As soon as Air Europe learned about the breach – the company immediately notified customers to contact their banks and stop any payments, although this may have been too late for those who had already given away their details.
UK citizens are also experiencing a nightmare of their own, as the UK government has failed to upgrade their outdated Whitehall computer system, which could expose the critical data of UK residents including bank details and National Insurance numbers. HM Revenue Customs (HMRC) are ringing alarm bells, as fears arise that hackers may find their way into the UK’s entire taxation system.
Apparently chasing after social security numbers seems to be quite ‘en vogue’ in cybercrime at the moment, with a breach on DC’s voter roll exposing a significant amount personal information. The reality is that over 600,000 lines of US voter data has been accessed while a banner on their website advises people of the breach accompanied by an apology for the inconvenience.
Meanwhile Equifax continues to write history and their previous massive breach in 2017 competes with the most recent breach, compromising confidential data from UK consumers including dates of birth, phone numbers, Equifax membership login details, partially visible credit card numbers, and residential addresses.
New and ongoing threats seem to continuously permeate the digital landscape, but perhaps the Halloween festivities will provide some muchneeded respite. Read below for more of the latest in cybersecurity news:
Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach - DarkReading
Royal Family Website Downed by DDoS Attack - Infosecurity Magazine