Microsoft repels 2.4Tbps DDoS, Fight the phish, & CISA on Zero Trust

October 22, 2021 by
Microsoft repels 2.4Tbps DDoS, Fight the phish, & CISA on Zero Trust
Lighthouse IT Solutions, Matthew Almendinger

The Lighthouse IT NOTcast - October 22th, 2021

Unfortunately, Griff was out this week and saw it was too spooky to record a podcast, but fear not! We have gotten some news and stories together to keep you entertained and updated until the next time we record!


Microsoft Azure repels whopping 2.4 Tbps DDoS attack

  • Microsoft has shared that its cloud computing service Azure successfully mitigated a Distributed Denial of Service (DDoS) attack that peaked at 2.4 Tbps.
  • The attack was directed towards an Azure customer in Europe and took place in the last week of August 2021.
  • The attack vector was a UDP reflection that spanned more than 10 minutes with very short-lived bursts, with three main peaks, the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps.
  • In the 2.4 Tbps attack, this strategy ensured that the attack traffic never reached the customer region, and was instead mitigated within the source countries itself.


Apple quietly patches yet another iPhone 0-day

  • Check you have 15.0.2
  • Apple deliberately announces security fixes only after they've been published, so you couldn't plan for them even if you wanted...
  • A remote code execution bug in the kernel could allow an attacker to trick an otherwise legitimate and harmless app into compromising the very core of the operating system.


Fight the phish! With Sophos!

  • How hard can it be to beat the criminals every time? Pretty hard for some as it turns out...
  • Phishing scammers get to try over and over again, while you and your staff only need to mess up once.
  • They can use email attachments one day, dodgy web links the next, rogue SMSs the day after that, and if none of those work, they can send you fraudulent messages on a social network
  • Keep yourself informed, stay alert, and use common sense.


CISA - Cybersecurity Summit 2021: Zero Trust

  • CISA has been releasing great 'fire-side' chats in regards to Cybersecurity and it's associated topics during this NCSAM.
  • This one is all about Zero-Trust!— Zero-Trust is a security model that describes an approach to designing and implementing IT systems where devices should not be trusted by default, even if they are connected to a managed corporate network such as the corporate LAN and even if previously verified.


LITS talk:

We have are launching Harmony Cloud, we have a Cybersecurity self-assessment that if you turn into us, we can help you audit and fix the holes in your network, and finally, we have a Cybersecurity Essentials booklet for business owners that helps you understand the current climate of cybersecurity and how to keep your company safe moving forward.


Listen to our archived podcasts here!