News — DDoS RSS

In the context of a DDoS attack impacting Protected Health Information (“PHI”) shared among multiple custodians, while responsibility for data privacy is shared, it ultimately rests with the data owners and holders. One approach to establishing accountability for privacy violations stemming from information flow during a DDoS attack - Boston Children’s Hospital (“BCH”) - calls for a nuanced application of Helen Nissenbaum’s Contextual Integrity framework. This involves carefully considering the complexity and variability of the contextual constraints that shape an individual’s expectations of privacy regarding how information should flow. For example, because BCH used the same Internet Service Provider (“ISP”) as seven other care institutions, the organized attack shad the potential to bring down multiple pieces of BCH’s critical infrastructure...

An hour before the invasion, malicious traffic was detected emerging from several SurfBeam2 and SurfBeam 2+ modems and/or associated customer premise equipment (CPE) physically located within Ukraine. The modems were allegedly serviced by a Eutelsat subsidiary, Skylogic, which was in charge for managing a partition of the KA-SAT overall network, specifically BAP1 and BAP2. Ruben Santamarta’s research allegedly revealed that at the time of the attack, Skylogic counted on Fortinet for VPN services, which suffered a cyberattack from the Russian group “Groove” in 2021, leading to the leak of almost half a million credentials of VPN appliances. Despite Fortinet developing and releasing a patch to the uncovered vulnerability, it is presumed that Skylogic had not deployed it at the time...