Bots Buy Up Raspberry Pi Products | Avast

Adafruit, a distributor of Raspberry Pi single board computers, has mandated that certain new purchases can only be completed with the use of two-factor authentication. The new requirement is due to reselling schemes that use bots to buy up the last of the products. Raspberry Pi chief Eben Upton told ZDNet that this kind of automated purchasing is typical when supplies are short, as opportunists try to profit from the situation by clearing the market, then reselling the products at a marked-up cost. Users intending to purchase “certain high-demand items” from Adafruit will now need to have a verified Adafruit account with two-factor authentication enabled. 

“This is an interesting use of 2FA – not to protect users from ID Theft, but to make sure it’s a real user behind the purchase,” commented Avast Security Evangelist Luis Corrons. “This is not the first time we’ve seen bots being used this way, either. When PlayStation 5 and Xbox Series were launched, the demand was much higher than the supply, and some groups used bots to acquire any and all units in order to resell them later at a higher price.” Currently, 1GB, 2GB, 4GB, and 8GB Raspberry Pi variants are all sold out at Adafruit. 

Apple services experience massive outage

On Monday, many Apple services went down for several hours, including Apple Music, iCloud, iMessage, Apple Maps, Apple Card, Apple TV+, the App Store, FaceTime, Siri, and more. The outage was both consumer-facing and internal, as Apple’s own infrastructure was affected, causing Apple Store employees to resort to pen and paper to keep the stores running. Apple suffered a smaller outage last month, but it was nowhere near the scale of Monday’s issues, which affected over 29 Apple services. Apple’s System Status page now reports all outages and issues resolved. For more, see Ars Technica. 

Lapsus$ hacking group steals Microsoft source code

Microsoft confirmed on its blog this week that the Lapsus$ hacking group had exfiltrated portions of Microsoft source code. “No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity.” Lapsus$ said it got 45% of the source code for Bing and Cortana and 90% for Bing Maps. Microsoft maintains the leak is not severe enough to pose a risk. For more on this, see The Verge. 

And the fastest ransomware is…

Researchers at Splunk conducted encryption speed tests on 10 notorious ransomware strains, testing 10 samples per strain, and the quickest to encrypt was LockBit, with a median time of 5 minutes and 50 seconds. The longest encryption rates came from Maze and Mespinoza (PYSA), both coming in at 1 hour and 54 minutes. The tests were to help answer the question of how cybersecurity can become more effective at detecting and shutting down ransomware. Splunk concluded that they’re original hypothesis was correct – if ransomware executes on a system, it is too late at that point to prevent it. Splunk emphasizes that early detection is key to stopping an attack. For more, see Splunk’s blog.

MikroTik routers abused in botnet operation 

“This is the story of piecing together information and research leading to the discovery of one of the largest botnet-as-a-service cybercrime operations we’ve seen in a while,” wrote Avast Senior Malware Researcher Martin Hron for Avast Threat Labs. Hron and his team discovered that a cryptomining campaign, Glupteba malware, TrickBot malware, and many DDoS attacks were coming from the same command-and-control center. “Default credentials, several vulnerabilities, but most importantly the CVE-2018-14847 vulnerability…allowed the cybercriminals behind this botnet to enslave all of these routers, and to presumably rent them out as a service,” Hron wrote. Users of MikroTik routers are advised to update with the latest security patches. For more, see The Hacker News. 

This week’s ‘must-read’ on The Avast Blog

Avast researchers have found password stealer malware disguised as a private Fortnite server, where users can meet for a private match and use skins for free. The malware is being heavily propagated on communications platform Discord.