Fans or Foes?#

The source of the attack has sparked a bit of debate. Bartłomiej Wypartowicz suggested it might not have been a deliberate attack. Instead, he proposed that the sheer volume of fans trying to watch the match — “fans of the Polish national team on Sunday after lunch” — could have unintentionally crashed the site.

“Millions of IP addresses want to visit the site,” Wypartowicz posted, hinting at an innocent overload.

Russian Interference?#

However, not everyone is convinced it was just a passionate fan frenzy. Pawel Olszewski, Poland’s deputy minister of digital affairs, believes the crash was a malicious act, likely orchestrated by Russia. Drawing parallels to past incidents like the 2018 Olympic Destroyer attack and threats against other major sports events, Olszewski pointed the finger firmly at the Russian Federation.

“It was a DDoS attack aimed at disabling the service,” he told Radio RMF24. “All leads lead to the Russian Federation. … This attack was repelled very quickly.”

Whether it was a case of overenthusiastic soccer fans or a calculated cyberattack, the disruption of Poland’s UEFA Euro 2024 opening match broadcast was a reminder that cybercriminals don’t take a break — even for soccer. Fortunately, the quick actions of TVP and national operators ensured fans were back in the game in no time. So, next time you’re tuning in to watch a match, keep in mind that it’s not just the players who have to be on their toes.

Sources: https://x.com/tvp_info/status/1802334019830382634

Guns, Tanks, and… Antivirus Software?#

Commerce Secretary Gina Raimondo explained that national security is increasingly about technology and data. Despite a thorough investigation into Kaspersky and attempts to mitigate risks, the continued cyber threats from Russia led officials to impose a full ban.

The Bigger Picture#

This ban is another chapter in the deteriorating U.S.-Russia relations. With Russia’s ongoing conflict in Ukraine and its other aggressive actions, including testing anti-satellite weapons and aligning with North Korea, the ban signifies a clear stance. However, it also poses immediate challenges for American businesses using Kaspersky software, who will need to find new solutions within three months.

Who’s Affected?#

The exact number of U.S. customers using Kaspersky is confidential, but it’s known to include state and local governments and critical infrastructure providers. Raimondo reassured these users that they aren’t in trouble but urged them to switch to alternative software to safeguard their data.

What’s Next?#

Commerce, Homeland Security, and Justice departments will collaborate to inform users and ensure a smooth transition. DHS’s Cybersecurity and Infrastructure Security Agency will also assist critical infrastructure organizations in finding alternatives to Kaspersky.

Kaspersky’s Response#

Kaspersky has denied being a security risk, attributing the U.S. decision to the current geopolitical climate and theoretical concerns rather than any real assessment of their products’ integrity.

As Kaspersky’s presence in the U.S. winds down, affected users need to act swiftly to protect their systems. This move underscores the growing intersection of technology and national security, with antivirus software now a key battleground. So, while you might have once only worried about protecting your computer from malware, now you also have to consider international espionage. Who knew keeping your data safe could be so dramatic?

Source: https://www.wired.com/story/us-bans-kaspersky-software/

The Hack#

According to ShinyHunters, the group infiltrated a Belarusian-founded contractor to access Snowflake accounts, impacting about 165 customer accounts. Among the victims were Ticketmaster and Santander, the latter losing data for 30 million customers, including sensitive financial information. Other potential victims include Lending Tree and Advance

Auto Parts.#

Snowflake, a major data storage firm, said the hackers did not directly breach its network. Instead, security firm Mandiant revealed that hackers accessed accounts through third-party contractors, though they didn’t specify which ones.

Who’s Involved?#

ShinyHunters identified one contractor as EPAM Systems, a software engineering firm. They claim an EPAM employee’s computer in Ukraine was infected with info-stealer malware, allowing hackers to capture unencrypted usernames and passwords for Snowflake accounts, including Ticketmaster’s. EPAM, however, denies any involvement, suggesting the hacker’s story is fabricated.

EPAM’s Role#

EPAM, founded by Arkadiy Dobkin, boasts significant operations and a partnership with Snowflake. Despite their denials, hackers claim to have accessed the Snowflake accounts using credentials found on an EPAM worker’s computer. The hacker group argues that the lack of multifactor authentication (MFA) on these accounts facilitated their breach.

Mandiant’s Findings#

Mandiant confirmed that hackers used old credentials stolen by info-stealers to access accounts. This highlights the growing risk from third-party contractors and the importance of robust security measures like MFA. According to Mandiant, hundreds of Snowflake credentials have been exposed via info-stealers since 2020, making breaches like this possible.

The Snowflake breach underscores the vulnerability of relying on third-party contractors and the critical need for security measures like MFA. While EPAM denies any involvement, the allegations from ShinyHunters and Mandiant’s findings point to significant lapses in cybersecurity practices, leaving sensitive data at risk.

In an era where digital security is paramount, this incident serves as a stark reminder to companies to tighten their defenses and remain vigilant against increasingly sophisticated cyber threats.

Source: https://www.wired.com/story/epam-snowflake-ticketmaster-breach-shinyhunters/