#NSBCS.003 – Border (Gateway Protocol) Patrol

#NSBCS.003 – Border (Gateway Protocol) Patrol

Source: NSB Cyber

 

Border Patrol - An overview of the Border Gateway Protocol

On October 2023, Australia's second-largest telecommunications provider, Optus, experienced a major network outage that left millions of customers without internet access. The outage lasted for several hours and caused widespread disruption to businesses, government services, and emergency communications. The exact cause of the outage is still under investigation, but experts believe that it may have been related to a Border Gateway Protocol (BGP) routing error.

But what is BGP and how does it work?

Imagine you have a big collection of books, and you want to find a specific book without having to look through every single one. BGP is like a special filing system that helps you find the book you want quickly and easily. BGP works by giving each book a unique address, just like a house has an address. When you want to find a book, you simply tell BGP the address of the book you're looking for, and BGP will guide you to the right shelf where the book is located.

BGP is used in a similar way to help computers find the information they need on the internet. When you type a website address into your computer, BGP helps your computer find the right computer that has that website. It's like BGP is giving your computer directions to the website you're looking for. BGP is a really critical part of the internet, and it helps make sure that everyone can access the websites and information they need quickly and easily.


What we read this week:

  • Microsoft Edge Vulnerability Let Attackers Execute Malicious Code - A vulnerability in Microsoft Edge, tracked as CVE-2023-4529, allowed attackers to execute malicious code on affected systems. The vulnerability existed in the way that Edge handled certain types of JavaScript code. Microsoft has released a patch for the vulnerability, and users are advised to update their software immediately.

  • Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" network, which is used to locate lost or stolen Apple devices, can be exploited by malicious actors to steal keylogged passwords and other sensitive information. The vulnerability exists because the "Find My" network does not encrypt the data that is transmitted over it, making it easy for attackers to intercept and decrypt.

  • Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel - Google is warning about a new threat called Google Calendar RAT (GCR) that uses the Calendar service as command-and-control (C2) infrastructure. The tool creates a covert channel by exploiting event descriptions in Google Calendar, making it difficult for defenders to detect suspicious activity.

  • New GootLoader Malware Variant Evades Detection and Spreads Rapidly - A new variant of the GootLoader malware has been discovered that is designed to evade detection and spread rapidly. The malware is being spread through a variety of methods, including email spam and malicious attachments.

  • Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs - The Russian-speaking threat actor "farnetwork" has been linked to five different ransomware gangs including Ryuk, Conti, LockBit, Hive, and BlackCat. The group has been active since at least 2019 and has been actively trying to recruit affiliates for new ransomware operations through Russian-speaking hacker forums, demonstrating its persistent involvement in the ransomware ecosystem.

For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.

References:
Microsoft Edge Vulnerability Let Attackers Execute Malicious Code - cybersecuritynews.com
Apple 'Find My' network can be abused to steal keylogged passwords - bleepingcomputer.com
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel - thehackernews.com
New GootLoader Malware Variant Evades Detection and Spreads Rapidly - thehackernews.com
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs - bleepingcomputer.com

Previous
Previous

#NSBCS.004 - ASD Warns of Escalating Cyber Threats

Next
Next

#NSBCS.002 – Octo Tempest - Extortion, Encryption, and Destruction