Google, Microsoft Emphasize Cloud Security as Hacks Intensify and Big Businesses Eye the Cloud*:
- Security fears have been associated with cloud computing ever since it began, and for the most part those fears have been unfounded – the big cloud providers are way better at security than your average enterprise.
- Google and Spotify announced that their security teams had come together to release a set of open-source tools for Google Cloud Platform (GCP) customers to “help give security teams the confidence and peace of mind that they have the appropriate security controls in place.”
- The new project is called Forseti Security, and it helps developers and security teams work together to make sure a group’s security protocols are followed at each step of the cloud development phase.
- Microsoft announced that it has developed a method for protecting data while it is being used, encrypting data in a secure enclave while running on its Azure services.
- This protects Azure customers from unauthorized data access by attackers who have stolen log-in credentials or exploited bugs in cloud software.
- Both moves are a sign that cloud companies are still facing a little pushback from potential customers worried about security concerns.
- This includes financial institutions, health care providers, and others that would love to put some of their workloads in the cloud but can’t afford to make a single security-related mistake.
- While all three big public cloud providers have world-class security teams protecting their main servers, configuration mistakes made by customers can render that expertise moot.
- Anything that makes cloud security easier will be welcomed by current and future customers alike.
*Source: Geek Wire, September 15, 2017
Iran-Linked Hackers Said to Be Attacking U.S. Companies*:
- A private cybersecurity firm has identified what it says is a hacking group sponsored by the Iranian government that has targeted organizations in the U.S., the Middle East, and Asia.
- The firm, FireEye, which gathers cyber intelligence, said in a recent report that the Iranian hacking group has targeted companies involved in the petrochemical industry and in military and commercial aviation.
- FireEye dubbed the group APT33 — APT stands for "advanced persistent threat" and it has hacked targets through spearphishing emails.
- APT33's focus on aviation may indicate the group's desire to gain insight into regional military aviation capabilities to enhance Iran's aviation capabilities or support Iran’s military decision making, according to the report.
- APT33’s activity is expected to continue to cover a broad scope of targeted entities, and may spread into other regions and sectors as Iranian interests dictate.
- Several other hacking campaigns in the past two years were also attributed to APT33
- Iran is considered one of the West's most dangerous cyber adversaries, along with Russia, China and North Korea.
*Source: NBC news, September 20, 2017
Number of Lost, Stolen or Compromised Records Increased by 164%*:
- Total number of 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017.
- Compared to the last six months of 2016, the number of lost, stole or compromised records increased by 164%.
- A large portion came from the 22 largest data breaches, each involving more than one million compromised records.
- The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted.
- More than 9 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches.
- Less than 1% of the stolen lost or compromised data in 2017 used encryption to render the information useless, a 4% drop compared to the last six months of 2016.
- Using data from the Breach Level Index, researchers found that two-thirds of firms breached had their share price negatively impacted.
- Primary sources: Malicious outsiders made up the largest percentage of data breaches (74%), but this source accounted for only 13% of all stolen or compromised records.
- Leading types: For the first six months of 2017, identity theft was the leading type of data breach in terms of incident, up 49% from the previous semester.
- Industries affected: Education witnessed one of the largest increases in breaches, while healthcare had a relatively similar amount of breaches compared to the last six months of 2016; financial services, government, and entertainment industries also experienced a significant jump in the number of breached records.
- Geographic distribution: North American still makes up the majority of all breaches and the number of compromised records; traditionally, North America has always had the largest number of publicly disclosed breaches although this may change in 2018 when GDPR and Australia’s Privacy Amendment Act are enforced.
*Source: Help Net Security, September 20, 2017
Malicious WordPress Plugin Used to Hijack More Than 200,000 Websites*:
- A WordPress plugin called Display Widgets has been found to contain a backdoor that could allow hackers to access what is posted on the site and modify content on infected pages.
- Over 200,000 sites have been affected by this plugin and security experts recommend that website owners who use the Display Widgets plugin uninstall it immediately.
- Display Widgets was first created as an open-source plugin, but was reported to have been sold off to a third party earlier this year.
- An update coded 2.6.0 was released by the new owners, which contained code that could download data from users' servers.
- The plugin received another update called the 2.6.1 version, which contained a file identified as "geolocation.php" that contained a malicious code that allowed authors of the plugin to post any content that they wanted on the host site.
- As the malicious code did not allow any user who was logged in to see content, owners of sites infected with this update could not see what new content had been posted on their site.
- After the developers were contacted about these issues, the plugin was pulled from WordPress temporarily.
- Display Widgets reportedly re-emerged in the WordPress repository in early July with another update labelled 2.6.2 that also contained malicious code.
*Source: International Business Times, September 18, 2017
SEC Discloses Hackers Made Off With Data From Its Filing System*:
- The U.S. Securities and Exchange Commission disclosed that hackers breached its online filing system and may have made "illicit gain through trading."
- The SEC gave few details about the hack, saying only that it involved a software “vulnerability” in its EDGAR online filing system, resulting in “access to nonpublic information.”
- The breach was first detected in 2016, but the SEC didn't realize until last month that the hackers may have been able to exploit the hack for profit.
- The federal government has been bedevilled for years by high-profile cyber breaches, among them the theft of sensitive data about more than 21 million people whose records were compromised at the Office of Personnel Management in 2015.
- More than 8,000 documents posted by WikiLeaks included authentic material about CIA hacking methods, some of it classified top secret.
- State and local governments ranked last among 17 major industries and institutions examined for cybersecurity, highlighting outdated software and slow or inadequate deployment of critical updates.
- This year, President Trump signed an executive order mandating a single, unified set of standards for cybersecurity and making the heads of each government agency responsible for its own security.
- The order put responsibility for cybersecurity on the shoulders of the director of every federal agency, making it more difficult for executives to pass the buck to their information technology staffs.
*Source: NBC news, September 21, 2017
No Nuclear Weapon is Safe From Cyber-Attacks*:
- There hasn’t been a cyberattack on a nuclear weapons system yet, but it’s becoming much more difficult to guarantee their safety.
- In late 2010, fifty nuclear missiles went missing from under the noses of officers at the Francis E. Warren Air Force Base in Wyoming, US.
- For the better part of an hour, the missiles could not be reliably monitored or communicated with.
- This terrifying episode, it turns out, was all down to a single hardware failure in the communication system at the base, but officials were so rattled by the incident investigators were ordered to search for more vulnerabilities in the US’s nuclear weapons silos.
- Any vulnerability in a nuclear weapon system could be potentially catastrophic.
- The risk isn’t limited to the possibility of hackers launching a missile remotely; cyberattackers could tamper with a system so it thinks it’s being attacked or gives humans misleading information about the status of its nuclear weapons.
- Cyber-attacks have always posed some risk to nuclear weapons systems, but since the peak of the Cold War, international efforts to limit the development and use of nuclear weapons have largely kept the prospect of nuclear war at a distance.
- The increasing sophistication of cyberattacks also makes it harder to reach for diplomacy as a way of stopping nuclear attacks.
- For years nuclear diplomacy relied on the mutual acknowledgement of the strength of different nations’ nuclear forces, but now it’s much more difficult to know your enemy.
- The 2010 Stuxnet attack, which brought Iranian nuclear enrichment facilities grinding to a halt, showed for the first time that cyber-attacks could hit nuclear infrastructure hard.
- Although nuclear weapons systems are deliberately designed to be minimally exposed to the outside world, no system can be completely isolated from attacks because the systems rely on software or computers.
- The manufacturing process is another risk, says Unal, as hackers could introduce malicious code into a weapon while it’s still being built.
- Working out who is actually committing a cyberattack presents a further set of problems – the 2017 cyber-attacks perpetrated against Ukraine, for example, are most likely to have been carried out by Russia, but no one has admitted to that.
- Between 2009 and 2013 17 nations collaborated to create the Tallinn Manual, a non-binding document that analyses how state-level cyber-attacks are governed by conflict law.
*Source: Wired, September 22, 2017
Cybercriminals Are Feeding Off of America's Small Businesses, New Study Shows*:
- A study released by a data security solutions firm, found that small-to-mid-sized businesses paid $301 million in ransomware.
- The company said 5% of all small-to-mid sized businesses across the globe fell victim to a ransomware attack in 2016.
- Ransomware incidents have been more frequent in 2017 among small-to-mid-sized businesses.
- One notable attack occurred earlier this year, when a group of hackers used tools believed to be stolen from the National Security Agency to lock computers across more than 150 countries.
- As the software, called WannaCry, spread, it locked computers in hospitals, government buildings, central banks and big corporations, like Nissan and FedEx across the globe.
- The key to minimizing damage from ransomware attacks is detection and having the ability to combat the threat.
- The study found that while every industry is vulnerable to ransomware attacks, health care, construction, manufacturing and finance tend to be hit more than others.
*Source: Fox Business, September 09, 2017
Viacom Data Leak*:
- Viacom accidentally left a trove of key internal access credentials, critical data and configuration files exposed on an unsecured Amazon server.
- The powerful Fortune 500 Company owns a number of major media companies and cable channels including Paramount Pictures, Comedy Central, and Nickelodeon among others.
- A security researcher discovered the vulnerable Amazon Web Services S3 cloud storage bucket in August that was mistakenly configured for public access, so anyone with the correct URL could have accessed and downloaded the confidential data.
- Besides passwords and manifests from Viacom's servers, the bucket contained the media giant's access key and secret key for its AWS account.
- UpGuard researchers warned that the mistake could have allowed nefarious actors to launch a host of damaging cyber-attacks against the media behemoth.
- It is unclear how long the data was exposed and if any hackers have accessed the sensitive files.
- Viacom said there was no evidence to suggest that its data was abused by hackers and noted that no customer details were exposed in the leak.
- The exposure is the latest in a slew of S3 buckets and cloud-related data leaks discovered by security researchers that were inadvertently left exposed due to cloud configuration errors.
*Source: IBT times, September 20, 2017