Mistakes Were Made. One Group Found Responsible For Our CDN Nightmares

Source: Bleeping Computer Mistakes Were Made.  One Group Found Responsible For Our CDN Nightmares

The Attacker Screwed Up, But So Did The Providers We Trust

The recent attacks against customers of Polyfill.io, BootCDN, Bootcss, and Staticfile were a complete CDN nightmare this week, but there is some semi-good news for everyone.  Thanks to eagle eyed security researchers, a public GitHub repository was discovered to contain the Cloudflare secret keys which enabled the attacks to succeed.  This also revealed that all four hijacks came from a single source, as they all shared code found in the repository.

The knowledge that it is a single group doesn’t help as much as getting access to some of the code does.  The leak means that we know the active zones associated with the attackers Cloudflare account, which means they can be blocked.  It also gives sysadmins the data they need to scan their logs to see if their data was misdirected.  Hopefully it will also lead to protections put in place to stop the spread.

The attackers were not the only ones that made a huge mistake.  Over at Bleeping Computer you can see a notice sent by Google ads notifying Polyfill.io their main service polyfill.io, and three more, Bootcss, BootCDN, and Staticfile all had suspicious redirects.  Unfortunately that warning was completely ignored and the attacks continued.  If someone had actually acted on the warning then the attacks could have been limited if not stopped completely.

Hopefully by next week there will be good news for anyone still using those services.

Researchers discovered a public GitHub repository where the purported operators of Polyfill.io had accidentally exposed their Cloudflare secret keys.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!