Saturday Ukraine experienced an electrical outage in the vicinity of Kiev. Ukrenergo, the national power company, said the interruption was caused by an "external influence." Investigation continues, focusing on "failure of automation control."
Flashpoint has published its close look at the ShadowBrokers' leak of Equation Group code. The security company concludes, "with medium confidence," that it was an inside job. They say the data's structure looks like something from an internal code repository, one accessible to contractors and employees. The Grugq offers an interesting and wide-ranging cultural and linguistic close-reading of the communications surrounding the leak.
WordPress vulnerabilities may have been overestimated, as source-code analysis shop RIPS noted last week, but some bad actors are paying them a lot of attention nonetheless. Over the past three weeks WordFence has observed 1.6 million brute-force attempts daily against WordPress sites. About a sixth of these attacks originate in a single Ukrainian ISP.
Cisco's Talos unit warns of "hailstorm" spam: it evades detection by sending low volumes of spam from a large number of IP devices. PerimeterX observes a similar technique used in botnet-driven brute-force attacks, which avoid tripping volumetric warnings by using a very large number of bots.
Neustar's study of DDoS growth in 2016 is out. And the SANS Internet Storm Center reports that Mirai is prowling the wild, sniffing for new bots at Port 6789.
According to White Ops, Russian criminals are exploiting ad networks in the "Methbot" scam, diverting between $3 and $5 million a day from US advertisers.