Mistakes Were Made. One Group Found Responsible For Our CDN Nightmares
The Attacker Screwed Up, But So Did The Providers We Trust
The recent attacks against customers of Polyfill.io, BootCDN, Bootcss, and Staticfile were a complete CDN nightmare this week, but there is some semi-good news for everyone. Thanks to eagle eyed security researchers, a public GitHub repository was discovered to contain the Cloudflare secret keys which enabled the attacks to succeed. This also revealed that all four hijacks came from a single source, as they all shared code found in the repository.
The knowledge that it is a single group doesn’t help as much as getting access to some of the code does. The leak means that we know the active zones associated with the attackers Cloudflare account, which means they can be blocked. It also gives sysadmins the data they need to scan their logs to see if their data was misdirected. Hopefully it will also lead to protections put in place to stop the spread.
The attackers were not the only ones that made a huge mistake. Over at Bleeping Computer you can see a notice sent by Google ads notifying Polyfill.io their main service polyfill.io, and three more, Bootcss, BootCDN, and Staticfile all had suspicious redirects. Unfortunately that warning was completely ignored and the attacks continued. If someone had actually acted on the warning then the attacks could have been limited if not stopped completely.
Hopefully by next week there will be good news for anyone still using those services.
Researchers discovered a public GitHub repository where the purported operators of Polyfill.io had accidentally exposed their Cloudflare secret keys.
More Tech News From Around The Web
- TeamViewer links corporate cyberattack to Russian state hackers @ Bleeping Computer
- Microsoft Informs Customers that Russian Hackers Spied on Emails @ Slashdot
- Microsoft yanks Windows 11 update after boot loop blunder @ The Register
- Ticketmaster sends notifications about recent massive data breach @ Bleeping Computer
- Americans abroad cut off as AT&T, Verizon, T-Mobile US suffer roaming outages @ The Register
- NVIDIA NVLink Switch Chips Change to the HGX B200 @ ServeTheHome
- As expected, Apple set to vanish Batterygate, dodgy audio lawsuits with money @ The Register