The Internet is (once again) awash with IoT botnets delivering record DDoSes
We’re only three weeks into 2025, and it’s already shaping up to be the year of Internet of Things-driven DDoSes. Reports are rolling in of threat actors infecting thousands of home and office routers, web cameras, and other Internet-connected devices. Here is a sampling of research released since the first of the year. A post on Tuesday from content-delivery network Cloudflare reported on a recent distributed denial-of-service attack that delivered 5.6 terabits per second of junk traffic—a new record for the largest DDoS ever reported. The deluge, directed at an unnamed Cloudflare customer, came from 13,000 IoT devices infected by a variant of Mirai, a potent piece of malware with a long history of delivering massive DDoSes of once-unimaginable sizes.
Threat Actors Delivering Ransomware Via Microsoft Teams Using Voice Calls
Sophos Managed Detection and Response (MDR) has uncovered two distinct ransomware campaigns exploiting Microsoft Teams to gain unauthorized access to targeted organizations. The threat actors, tracked as STAC5143 and STAC5777, are leveraging a default Microsoft Teams configuration that allows external users to initiate chats or meetings with internal users. The attack methodology involves several types and approaches for more sophistication.
Trump admin fires security board investigating Chinese hack of large ISPs
The Department of Homeland Security has terminated all members of advisory committees, including one that has been investigating a major Chinese hack of large US telecom firms. “The Cyber Safety Review Board—a Department of Homeland Security investigatory body stood up under a Biden-era cybersecurity executive order to probe major cybersecurity incidents—has been cleared of non-government members as part of a DHS-wide push to cut costs under the Trump administration, according to three people familiar with the matter,” NextGov/FCW reported yesterday.
PowerSchool hacker claims they stole data of 62 million students
The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they stole the personal data of 62.4 million students and 9.5 million teachers. PowerSchool is a cloud-based software solutions provider for K-12 schools and districts that provides tools for enrollment, communication, attendance, staff management, learning systems, analytics, and finance. On January 7th, PowerSchool disclosed that it suffered a cyberattack after a threat actor used stolen credentials to access the company’s PowerSource customer support portal.
OpenAI opposes data deletion demand in India citing US legal constraints
Reuters-backed ANI’s copyright lawsuit against OpenAI takes a global turn, raising complex legal challenges over AI training practices and cross-border compliance. OpenAI has informed the Delhi High Court that any directive requiring it to delete training data used for ChatGPT would conflict with its legal obligations under US law. The statement came in response to a copyright lawsuit filed by the Reuters-backed Indian news agency ANI, marking a pivotal development in one of the first major AI-related legal battles in India.