CloudSEK, a cybersecurity start-up, recently experienced a series of distributed denial of service (DDoS) attacks, which resulted in the temporary unavailability of its website. These attacks came shortly after the company published a research report on SpinOk, a malware that allegedly compromised numerous apps on the Google Play Store. The CEO and founder of CloudSEK, Rahul Sasi, linked the timing of the cyber attack to their discovery of the supply chain attack targeting Android users. This article examines the incident, its implications, and CloudSEK’s response to the attack.
The DDoS Attacks and SpinOk Malware:
Starting from June 3, CloudSEK was targeted by a wave of DDoS attacks. These attacks overwhelmed the company’s servers, rendering their website inaccessible to users. The timing of the attacks coincided with the publication of CloudSEK’s research on SpinOk, an Android malware. The research revealed that SpinOk had compromised 101 apps available on the Google Play Store. Disturbingly, 43 of these compromised apps remained active on the Play Store, with some having accumulated over 5 million downloads. It was estimated that approximately 30 million users could have been affected by these malicious apps.
According to CloudSEK’s research, the Android.Spy.SpinOk virus was designed to detect hidden spyware within marketing modules and the apps they were embedded in. It collected files from infected Android devices and transferred them to attackers. Additionally, it had the ability to manipulate clipboard contents, posing a significant threat to user privacy and data security.
CloudSEK’s Response and Impact:
Rahul Sasi acknowledged the ongoing DDoS attacks and attributed them to the alarming discovery of the SpinOk malware. The attacks disrupted CloudSEK’s operations and website accessibility for several days. However, as of June 7, the website was functioning normally again. The company is yet to provide detailed information on its mitigation efforts and plans to counter future cyber attacks.
In terms of the impact of the SpinOk malware, CloudSEK’s research identified the compromised apps and highlighted the significant number of affected users. The start-up emphasized the need for swift action to address the issue, particularly the removal of the compromised apps from the Google Play Store to protect millions of users from potential privacy breaches and data theft.
Previous Cybersecurity Incident:
This recent DDoS attack is not the first cybersecurity incident faced by CloudSEK. In the past, the company experienced a breach where an employee’s Jira password was compromised, granting unauthorized access to the company’s confluence pages. As a result, the threat actor gained access to training and internal documents, VPN and Endpoint IP addresses accessible through the VPN configuration. CloudSEK clarified that critical customer information was not stored, as the company’s products leverage public data to provide external threat intelligence rather than storing sensitive customer data.
CloudSEK’s battle against DDoS attacks following their exposure of the SpinOk malware highlights the persistent threats faced by cybersecurity companies. The incident underscores the importance of proactive measures to safeguard sensitive information and ensure the integrity of digital platforms. By promptly addressing the supply chain attack and collaborating with relevant stakeholders, CloudSEK aims to protect Android users from potential privacy violations. As the cybersecurity landscape evolves, it is crucial for organizations to stay vigilant, update security protocols, and maintain transparency to effectively counter cyber threats and protect user data.