By Colby Proffitt
1.) We had a security incident. Here’s what you need to know. (August 1, 2018)
Summary: A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.
Why it matters: Kudos to Reddit for handling this incident in a responsible manner. While the breach itself doesn’t appear to be severe since the attackers only gained read access, it’s a wake-up call for any organization currently using SMS for 2FA – there are just too many ways to intercept the code. It’s unclear exactly what means was used, but tactics such as SIM-swap and port-out scams have proven effective elsewhere. MFA, tokenization, biometrics, and adaptive authentication are the way of the future, and this breach is yet another reminder of just how critical it is that organizations continue to move in that direction.
2.) DHS details electrical grid attacks by Russian agents (July 26, 2018)
Summary: For the first time, DHS has offered more detailed and unclassified information about electrical grid attacks carried out by Russian hackers and the dangers to U.S. infrastructure.
Why it matters: There are a few points to note from this read. First, this is the most detailed information DHS has shared thus far regarding Russian attacks on U.S. critical infrastructure. That’s significant because an increasingly important part of a good cyber strategy is disseminating information for the purposes of education, but also to send messages to future malicious actors. Secondly, while once thought to be a sure way to secure critical systems, air-gapping (i.e., isolating/disconnecting) has once again proven to be nothing more than a speedbump for adversaries. Lastly, although many attackers have access to some of the latest and most sophisticated technology, many of their attacks still start with some of the most rudimentary of tactics – phishing, and exploiting the weakest link in the security chain: humans.
3.) SCAMS EXPOSED – eFoil for $199 from Sponsored Facebook ads? Liftfoils.com (August 3, 2018)
Summary: Scammers are getting more sophisticated, and are stealing credit volumes of credit card numbers and other financial information.
Why it matters: Surely, if an ad is sponsored on Facebook or Instagram, it must be legitimate, right? Think again. While it’s unclear if the scammers behind this particular operation are stealing and retaining user credit card numbers, or if they are only taking the money from the user’s account once, the amount of creative thought that’s behind this operation has resulted in a very convincing operation that’s fooling users on a large scale. This video offers a more detailed explanation, but at a high-level, if something seems too good to be true, it’s probably a scam.
4.) Town dusts off typewriters after cyber-attack (August 1, 2018)
Summary: A spokeswoman for Matanuska-Susitna said the malware had encrypted its email server, internal systems and disaster recovery servers. She said staff had “resourcefully” dusted off typewriters and were writing receipts by hand.
Why it matters: While ransomware attacks are becoming less and less surprising, it’s becoming increasingly surprising that more federal agencies and organizations aren’t taking the precautions that they should be. At a minimum, data should be backed up regularly. In this particular case, the last backup was a year old. Depending on the nature of the data, year old data may be sufficient, but it will likely be a major setback for any organization – essentially requiring that a year’s worth of work be redone. This article points out the resourcefulness of the employees who turned to typewriters and manual processes to continue working; however, with major pushes for modernization in the federal space, it’s important that cyber practices and processes take priority with any modernization efforts. Advanced solutions can modernize an organization, bring efficiencies, and simplify processes with automation, but if they’re not secure, they can also debilitate an entire organization.
5.) Report: Iran Hacks Israel In Cyber Attack (August 2, 2018)
Summary: The group, dubbed “Leafminer,” has attacked networks in Saudi Arabia, the UAE, Qatar, Kuwait, Bahrain, Egypt, Israel and Afghanistan, according to a report issued by US cyber security firm Symantec.
Why it matters: The Leafminer group made a rookie mistake by leaving a server available to the public; but they were still able to access multiple systems and extract important data from their targets. What’s clear is that Iran is learning rapidly from other actors and is rising as a malicious threat that needs to be taken seriously.