Beware of hackers targeting Smart TV owners who lack strong cybersecurity
Given how readily available and prevalent technology is, it is easy to forget that computers are involved with nearly every portion of daily life. Computers run our cars, dishwashers, refrigerators, HVAC systems, and in this case, televisions. Smart TV’s are posing a major risk to the welfare of consumers all over the globe due to the network connections this “internet-of-things” (IoT) device has. Hackers are infiltrating smart TV’s through WiFi networks from weak authentication credentials and how multiple apps are signed into Smart TV’s—providing an easily-accessible platform for hackers to access multiple applications and assets. Smart TV’s are providing an easy route for hackers to access sensitive information and an ability to run unique social engineering operations. In one case mentioned in the article, hackers took control of a person’s smart TV and ran multiple social engineering/phishing operations to try and entice him into purchasing ‘premium channels’ offered by the product, using already-stolen private credentials: “They knew exactly what my AT&T bill was, they knew my address, cell phone number, home phone number,” he said. Consumers are also not understanding the need to patch/update these devices, which is exposing smart TV’s to easily-preventable vulnerabilities. Smart TV’s also have camera and microphones built in, which can also be hacked and expose individuals to a further array of malicious activity.
Thank you for the article. The times have led to technology that brings convenience as well as harm. Hackers can infiltrate smart TVs through WiFi networks from weak authentication credentials and how multiple applications log into them, which can pose a significant risk to consumers. It is as if providing hackers with an easily accessible platform to access multiple apps and assets amounts to a vulnerability-prone area. Personal information such as addresses, cell phone numbers, home phone numbers, etc. are all issues that require care not to be exposed, and its leakage poses a security risk.
Wow, another thing to worry about while at home using my smart tv. I have so many applications set up on my tv. Might be time to dial back how much information we put into our personal devices.
I came across this article that details that the feds have a bounty of $10 million in place for information leading to the identification or location of the DarkSide ransomware group.
The DarkSide randomware group is probably best known for the attack on the colonial Pipeline in May, and the group is also believed to have been behind a ransomware attack against Toshiba, as well as critical infrastructure attacks against Iowa-based farmers and Minnesota-based supply and grain marketing companies.
I thought it was really interesting that the feds were offering (what seems to be) a large sum of money. I think it goes to show that they are taking security threats seriously, and possibly that they need help in that field if they had raised the bounty from $5 million up the 10.
I think attacks like these will only continue to happen, and just goes to show that information/cyber security will only grow in importance as time goes on.
Gartner has released their predictions for cybersecurity and privacy for the next few years. These include:
-“ 75% of the world to be covered under some kind of privacy law with built-in subject rights requests and consent.”
-“Security will begin to play a bigger role in public policy… at least 30% of the world’s nations pass some form of legislation around ransomware.”
-“Cybersecurity will even become a priority for boards…40% of boards will have dedicated cyber committees or at least one qualified board member overseeing cybersecurity.”
-“Weaponized OT environments will result in human casualties by 2025 due to malware that they believe will spread at ‘wirespeeds.’”
I have mixed feelings about these predictions. It’s encouraging to expect an increased focus on privacy and security matters in the form of legislation. This bodes well for our industry and for our future job prospects. It’s concerning that they’re predicting human casualties from malware. I hope we’re able to prevent this for as long as possible.
I share your mixed feelings. Expecting the Legal structure of society to ‘catch up and keep up’ with Tech Evolution in this area seems doubtful to ever occur. As a result this prediction worries me because it can take a lot of legislative cycles and create bruising political battles for a watered down and probably ‘too little too late’ legislative outcome.
The federal government has been on the search for any information leading to the identity of the infamous ransomware group, DarkSide. The prize reward for information leading to this group is now set at $10 million. The increase of the reward from $5 million to $10 million comes after an announcement was made by BlackMatter, a derivative of DarkSide, which said it would also be ceasing operations due to increased pressure from international law enforcement agencies. DarkSide is best known for its highly disruptive attack on Colonial Pipeline in May. This created upheaval in fuel supplies on the U.S. East Coast as people began hoarding gas on the eve of Memorial Day weekend.
As part of Microsoft’s ever-expanding product suite, Privacy Management for Microsoft 365 is now available. I think my fellow class mates did a great job of highlighting how identity/access management can assist organizations in reducing privacy concerns. Privacy while a key compoment of security is often an entirely different skillset than networking or security engineering. Privacy violation cases can be daunting especially for an understaffed organization. I think this is a fanstatic tool to offer smaller businesses who cannot employ a full-time privacy officer but still offer some support by automating privacy operations for compliance.
Investment app Robinhood: Extortionist tricked our support desk and made off with customer information
Robinhood has announced that one of their support desk workers was tricked into allowing a bad actor to access their internal systems. This extortionist ended up stealing some customer data off of Robinhood’s systems. Most of the individuals affected only had their email addresses stolen but the severity ranged from this to name, DOB, zip code, and “more extensive account details”. The individual/individuals that performed this attack were attempting to extort Robinhood by demanding a payment. It does not sound like Robinhood is complying with the attackers, and has contacted the proper authorities. This attack adds to a list of poor showing regarding Robinhood’s information security. There have been several other incidents over the past few years that has affected Robinhood one way or another. I found this instance to be particularly interesting because they have explicitly told us that this was purely a social engineering attack. These attackers were able to gain access to Robinhood’s systems and extract data just by tricking someone who actually worked there. They didn’t exploit and vulnerabilities except for the human factor. Which we have seen time and time again, is the most important/impactful factor in infosec.
Couple week ago when I was walking around Times Square in my recent NYC visit, I saw lots of employees walking outside of the McAfee plaza and they all took out their phones to record something one of the huge LED screens. At this point, I had no idea about the McAfee Corp’s recent investment. So when I saw this article, I thought it was worth it to figure out the event I ran into.
The article is addressing the fact that remote working shift lead by pandemic, caused a risk in cybersecurity attacks and it increased the demand for preventative controls such as antivirus and security software. McAfee is knows as the first commercial antivirus placer into to market, and has bought by Intel after. And finally Advent International will take the cybersecurity company.
“Robinhood Trading App Suffers Data Breach Exposing 7 Million Users’ Information”
Robinhood reported that over 7 million customers’ personal information was accessed and a ransom payment was demanded during a data breach, this past Wednesday, November 3rd. It started with an unauthorized third party relying on social engineering calling customer support to convince the employee to provide access to customer support systems. Sensitive information (social security numbers, bank account and debit card numbers) did not appear to be exposed or financial loss from this incident. However, 5 million email addresses (including previously activated accounts) were obtained as well as 310 names and birth dates (10 of which revealed customers extensive account details). Robinhood notified law enforcement to investigate this incident but did not state if any extortion payments were made. The trading app recommended that customers use multi-factor authentication to secure their accounts.
Last night at about 1:24am there were multiple customers (an estimated 20,000) reporting that their Comcast services were experiencing outages. Initially, the massive outages were reported in the California Bay Area. The number had spiked up to about 50,000 customers at about 9:30am today. The areas affected are New Jersey, Philadelphia, Chicago and Indiana. As of right now, it is still unclear why these services are unavailable.
I first heard of these outages from a co worker at Jefferson University Hospitals. I immediately started to look into the ordeal, but majority of the articles that I found were really short. None of them knows why these services were unavailable. One article reported that at least one police department in Illinois were unable to receive phone calls. I’m sure this lack of availability was a detriment to many businesses that use and depend on their services daily. One twitter user wrote the following; “How about using Twitter to address the near nationwide outage?? Since we can’t access your website, nor contact you by phone, why not tell us what’s going on???”
I have no facts beyond what is in the press (virtually nothing), but I will note that not only was their service down (internet access), so were their tools and call centers. As a result this was very broad and foundational to be nationwide and crossing multiple services. Part of me wondered if they might have been majorly penetrated (although they have very good security teams and tools), or if this was just a cascading failure to their network. I can hardly wait to find out what really happened!
I thought this article was fun and a good change of pace and used a good analogy
“Op-Ed: What a house cat can teach us about cybersecurity”
The news today often contains reports about cybersecurity breaches that steal our data or threaten our national security. The nation spends billions of dollars on cybersecurity measures, and yet we seem unable to get ahead of this problem. Why are our computers so hard to protect?
Recent experience with a house cat provided insights into the nature of this problem. I am allergic to cats. My daughter came home, cat in hand, for an extended stay, and I had to find a way of confining Pounce to a limited area. However, as many cat parents would have known — though I did not — this was doomed to be a losing battle.
I went in a bit of a different direction than AuthN & AuthR this week. I came across this article that describes the ‘ecosystem’ of RaaS (Ransomware as a Service). The degree of structure and organization that the ‘bad guys’ have brought to their endeavours is truly astounding! There are 4 clearly defined business models that allow people with virtually no technical ability to profitably participate in the Ransomware ‘Movement’ blows my mind! It is truly impressive how mature the RaaS movement is and just how outmatched US Law Enforcement is in the face of this threat!
Researches discovered 14 critical vulnerabilities in the BusyBox software suite. BusyBox software is used by many operational technology and Internet of things devices. All of the vulnerabilities allowed for denial of service attacks and ten of them allowed for remote code execution.
This article discusses the difficulties organizations have as they try to manage all of the user identifies that make up their complex environments. One of the common themes is that access is managed by different departments across the enterprise and often times more than just one uniform identity access management (IAM) solution is used to manage the user identities. The article notes, “Virtually every day we see a new cyber incident make headlines, in large part because organizations are managing more identities than ever before and because they are unable to attain a 360-degree view of all their identities — which creates gaps, inconsistencies, and expands windows of exposure”. The author believes one uniform solution is a good start for organizations who are attempting to clean up their identities and it can ultimately pave a future path to securing their most valuable or critical assets.
“Cybersecurity; How to protect your child’s social identity”
The article describes how the digital age we live in, where most of our time is spent online, has a significant impact on our children. According to the Pew Research Center, 80 percent of parents report that their children ages 5 to 11 use tablets. Social Security numbers, credit card numbers, and some personal information about your child are just as important as these things need to be protected. Parents need to make sure their children know not to enter chat rooms or talk to strangers on the Internet. Just one photo from a social media platform is used by unscrupulous people to obtain addresses and other personal information from photos. Another way to protect yourself is to be hesitant to connect to public WIFI because it’s not secure. You want to make sure that you don’t access any type of information that you don’t want anyone to see. If you are in a situation where you cannot avoid using public WIFI, do not open personal applications that post sensitive information.
“U.S. Charges Ukrainian Hacker for Kaseya Attack; Seizes $6 Million from REvil Gang”
I found this article extremely interesting because hackers oversea who attack the United States, are very common to get away with it. Once I saw this article, I was surprised the United States was able to charge the cyber criminal.
Just yesterday, the United States charged a 22 year old cybercriminal from Ukraine. He was deploying REvil ransomeware to target multiple businesses and government entities in the country, including perpetrating the attack against a software company.
The article mentions he has been part of the ransomware operation since March of 2019 and put in place 2,500 attacks against businesses all around the world.
As mentioned in the title, this attacker was apart of “REvil ransomware gang”. The gang took more than $200 million since March of 2019 & hacked at least 175,000 computers.
The REvil ransomware gang needed to be caught, the United States offered up to $10 million as an award to any information to lead up to an arrest.
There was 6500 patients data was exposed in the recent data breach at the physical therapy center Viverant PT. Viverant PT is located in the Minneapolis, Minnesota. The current, former patients, and employees personally identifiable information (PII) was being exposed. Which included the patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and medical record numbers was unauthorizedly accessed. The other potentially accessed data that the have stated were the diagnostic or treatment information, credit/debit card information with the password or security code, health insurance information, financial account numbers with or without passwords or routing numbers, and digital signatures. They have discovered this data breach after they there was a suspicious email that was being sent out from one of the users accounts. Once they had identified the data breach, they have investigated the effects of that data breach and requested uses to change their passwords of their accounts. Viverant PT has also offered the affected victims with free credit monitoring services.
In this article it talks about Tor, the onion router. It is encrypted layered anonymous browser that guards information when browsing on the internet and allows access to any government restricted sites. Though more than half of the domains on the dark web are in fact legal it is shown to have an increase of illegal and illicit transactions through cryptocurrencies in exchange for goods and services. However there has been some policing and websites have been shutdown by governments. An example was the EU brought down 50 websites in 2018-2019 taking down two of the largest drug markets on the dark web. There have been some attempts for regulations as well in 2019 for crypto assets regarding anti-money laundering and counter measures towards financing terrorism. I believe it will be very challenging however still possible given that tor was developed by the government to begin with.
Thought this was an interesting read. It has more to do with neurolink and the cybersecurity of augmentation. Although – it’s much more science fiction at the current moment since it is purely speculative. But with the improvements made by Elon Musk (whom demonstrated a gorilla playing pong with it’s brain), I thought about how much impact would be affected by a device like neurolink. Since in all of the FIPS-199 security objectives would be categorized as HIGH-HIGH-HIGH for a lot of individuals utilizing neurolink. This technology, in many cases, would always have to be available (particularly for patients utilizing the device for brain impairment), the integrity would always have to be in check, and the confidentiality would be HIGH for a lot of high profile users.
It really gives a cyberpunk reality if you think about it; and the ramifications would be massive if hackers were literally given a pathway to your brain.
This article explains how in today’s digital world, customers have made it increasingly possible and common practice to keep user accounts with different service supplier access a range of services. In that regard, all attributes of the identity must be verified to operate, otherwise the resources would be vulnerable to financial and data loss. The article contends that makes it important to form an Identity Management System, which could provide central administration, user self- service, role based access control and integrated user management. Identity Management becomes very much vital for the environment working with multiple technologies, as it governs an entity (i.e. a human or a software agent) to authenticate and authorize for accessing the network via multiple technologies. Successful Identity Management increases the efficiency, security, access control and decreases the complexity, cost and many repetitive works. Essential features of present day identity management
“Hackers have breached organizations in defense and other sensitive sectors, security firm says”
The article I read this week was a written by Sean Lyngaas of CNN and it states that suspected hackers have breached nine different organizations in the defense, energy, health care, technology and education sectors. There is an ongoing effort by CISA researchers and the NSA to expose said hackers, with increased support by both the Trump administration and now the Biden administration. What the hackers hope to achieve is to steal passwords from the organizations they target in order to maintain long term access to networks, putting them in a position to intercept sensitive data that is emailed or stored on systems. It is believed that the nine organizations are just the “tip of the spear” and more victims will soon appear. It is also believed that US defense contractors in business with the Pentagon are a primary target for the hackers due to their highly-sought national security-related secrets. The hackers are exploiting a vulnerability in software that corporations use to manage network passwords, which the CISA and FBI warned about in September. The reason that information has been made public is so that corporations are aware they may be targets as well, and to provide assurance that the government is working closely with cybersecurity firms to stay on top of threats.
The article I am choosing to summarize for this weeks in-the-news is titled Onion Routing: What is Tor and How it Enhances Online Privacy.
I was intrigued to do some more detailed research into this topic because I saw that a good number of my classmates chose to write about it for discussion question three, which asked for us to talk about something from our textbook readings that we found interesting and why.
The article gave an overview of how onion routing works, what the Tor browser is, how it uses onion routing, and how onion routing boosts online privacy.
Onion routing uses multiple crowdsourced servers/nodes to route communication, as opposed to single servers, which are used in regular proxies and VPN’s. This makes communication over a computer network (almost) anonymous, and makes it incredibly difficult for eavesdroppers to trace the original sender of communications. Communication starts off encrypted at the original senders server, gets gradually decrypted in layers by going through multiple servers/nodes, and then finally reaches the destination server.
The Tor browser uses onion routing to anonymize communication, and also disables common browser add-ons that collect data and reveal the information and PII of users. It has been praised for keeping underground journalists in unsafe countries secret, but has also been criticized for aiding criminals in their online crimes.
“Robinhood trading app hit by data breach affecting seven million.”
U.S. stock trading app Robinhood has been hit by a security breach that has exposed the names or email addresses of more than 7 million people.
The company said the breach affected “limited personal information of some of our customers.
It doesn’t believe the most sensitive information it collects – U.S. Social Security numbers and financial information – was compromised.
Robinhood said it rejected the payment request and reported the attack.
Such ransom demands are not uncommon in cyberattacks and usually amount to a promise not to sell compromised data or to leak it online for free. The company did not specify which terms were involved in its case.
Instead of complying with what it called “extortion,” Robinhood said it had notified law enforcement authorities and hired an outside cybersecurity firm to help handle the incident.
This article, despite being be CNN, reveals research from security firm Palo Alto Networks stating that foreign hackers “have breached nine organizations in the defense, energy, health care, technology and education sectors — and at least one of those organizations is in the US.” This continues to show the gravity of insecure systems in sectors of high importance to society. The research suggests that the threat actor could be one suspected Chinese hacking syndicate, based on an overlap in attack vectors that were previously identified in other breaches. Palo Alto Networks generated a report detailing all of these items in collaboration with the National Security Agency (NSA) and the US Cybersecurity and Infrastructure Security Agency (CISA) in an effort to combat cyber espionage, which they claim is the type of activity occurring here; the threat actor is passively dwelling within these important systems as a spy campaign to gather intelligence. According to the article, another major cybersecurity firm, Mandiant, has also previously stated that a group of hackers linked to China have utilized a certain software vulnerability to exploit similar systems of high caliber in defense, education, finance, and public sector organizations in both the US and Europe. Another major issue mentioned is that this type of access has led to defense contractors revealed, and further breaches of these contractors is releasing highly sensitive information. This information in total has been disclosed in an effort to thwart the attack vectors used by these groups in the hope that other US systems are able to address these vulnerabilities before it is too late and further sensitive information is extracted out of the country. I think this article really addresses the importance of adequate cybersecurity in place as a measure of national security to combat espionage, and perhaps shows just how vulnerable systems in important sectors can still be/likely are. In my opinion, it was a good decision to release the information regarding the attack vectors used so that others might be able to protect themselves, rather than hiding the information regarding the breach internally like many would have done and still do.
This article talks about the number of cyber incidents affecting healthcare across 30 countries. Since July of 2020, there have been an average reported number of incidents between 10-25 every month, and this trend has been on the rise. 69% of countries stated healthcare was a critical infrastructure, but there’s no legislation mandating they have a certain basic level of controls in place. In the US, there is a minimum care required when collecting PHI, but there are no requisite controls specifically regarding protecting them against general cyber incidents.
After a healthcare organization experiences a ransomware attack, 15% led to patients being redirected to other facilities. 20% led to appointment cancellations, and some services were out for four months.
Beware of hackers targeting Smart TV owners who lack strong cybersecurity
Given how readily available and prevalent technology is, it is easy to forget that computers are involved with nearly every portion of daily life. Computers run our cars, dishwashers, refrigerators, HVAC systems, and in this case, televisions. Smart TV’s are posing a major risk to the welfare of consumers all over the globe due to the network connections this “internet-of-things” (IoT) device has. Hackers are infiltrating smart TV’s through WiFi networks from weak authentication credentials and how multiple apps are signed into Smart TV’s—providing an easily-accessible platform for hackers to access multiple applications and assets. Smart TV’s are providing an easy route for hackers to access sensitive information and an ability to run unique social engineering operations. In one case mentioned in the article, hackers took control of a person’s smart TV and ran multiple social engineering/phishing operations to try and entice him into purchasing ‘premium channels’ offered by the product, using already-stolen private credentials: “They knew exactly what my AT&T bill was, they knew my address, cell phone number, home phone number,” he said. Consumers are also not understanding the need to patch/update these devices, which is exposing smart TV’s to easily-preventable vulnerabilities. Smart TV’s also have camera and microphones built in, which can also be hacked and expose individuals to a further array of malicious activity.
https://www.koaa.com/news/on-your-side/beware-of-hackers-targeting-smart-tv-owners-who-lack-strong-cybersecurity
Hi Lauren,
Thank you for the article. The times have led to technology that brings convenience as well as harm. Hackers can infiltrate smart TVs through WiFi networks from weak authentication credentials and how multiple applications log into them, which can pose a significant risk to consumers. It is as if providing hackers with an easily accessible platform to access multiple apps and assets amounts to a vulnerability-prone area. Personal information such as addresses, cell phone numbers, home phone numbers, etc. are all issues that require care not to be exposed, and its leakage poses a security risk.
Wow, another thing to worry about while at home using my smart tv. I have so many applications set up on my tv. Might be time to dial back how much information we put into our personal devices.
I came across this article that details that the feds have a bounty of $10 million in place for information leading to the identification or location of the DarkSide ransomware group.
The DarkSide randomware group is probably best known for the attack on the colonial Pipeline in May, and the group is also believed to have been behind a ransomware attack against Toshiba, as well as critical infrastructure attacks against Iowa-based farmers and Minnesota-based supply and grain marketing companies.
I thought it was really interesting that the feds were offering (what seems to be) a large sum of money. I think it goes to show that they are taking security threats seriously, and possibly that they need help in that field if they had raised the bounty from $5 million up the 10.
I think attacks like these will only continue to happen, and just goes to show that information/cyber security will only grow in importance as time goes on.
https://threatpost.com/feds-offer-10-million-bounty-on-darkside-info/176030/
Gartner has released their predictions for cybersecurity and privacy for the next few years. These include:
-“ 75% of the world to be covered under some kind of privacy law with built-in subject rights requests and consent.”
-“Security will begin to play a bigger role in public policy… at least 30% of the world’s nations pass some form of legislation around ransomware.”
-“Cybersecurity will even become a priority for boards…40% of boards will have dedicated cyber committees or at least one qualified board member overseeing cybersecurity.”
-“Weaponized OT environments will result in human casualties by 2025 due to malware that they believe will spread at ‘wirespeeds.’”
I have mixed feelings about these predictions. It’s encouraging to expect an increased focus on privacy and security matters in the form of legislation. This bodes well for our industry and for our future job prospects. It’s concerning that they’re predicting human casualties from malware. I hope we’re able to prevent this for as long as possible.
Article: Gartner predicts privacy law changes, consolidation of cybersecurity services and ransomware laws for next 4 years
Author: Jonathan Greig
Published: October 20, 2021
Link: https://www.zdnet.com/article/gartner-predicts-privacy-law-changes-consolidation-of-cybersecurity-services-and-ransomware-laws-for-next-4-years/
I share your mixed feelings. Expecting the Legal structure of society to ‘catch up and keep up’ with Tech Evolution in this area seems doubtful to ever occur. As a result this prediction worries me because it can take a lot of legislative cycles and create bruising political battles for a watered down and probably ‘too little too late’ legislative outcome.
Feds Offer $10 Million Bounty for DarkSide Info
The federal government has been on the search for any information leading to the identity of the infamous ransomware group, DarkSide. The prize reward for information leading to this group is now set at $10 million. The increase of the reward from $5 million to $10 million comes after an announcement was made by BlackMatter, a derivative of DarkSide, which said it would also be ceasing operations due to increased pressure from international law enforcement agencies. DarkSide is best known for its highly disruptive attack on Colonial Pipeline in May. This created upheaval in fuel supplies on the U.S. East Coast as people began hoarding gas on the eve of Memorial Day weekend.
https://threatpost.com/feds-offer-10-million-bounty-on-darkside-info/176030/
As part of Microsoft’s ever-expanding product suite, Privacy Management for Microsoft 365 is now available. I think my fellow class mates did a great job of highlighting how identity/access management can assist organizations in reducing privacy concerns. Privacy while a key compoment of security is often an entirely different skillset than networking or security engineering. Privacy violation cases can be daunting especially for an understaffed organization. I think this is a fanstatic tool to offer smaller businesses who cannot employ a full-time privacy officer but still offer some support by automating privacy operations for compliance.
https://www.darkreading.com/privacy/privacy-management-for-microsoft-365-now-generally-available
Investment app Robinhood: Extortionist tricked our support desk and made off with customer information
Robinhood has announced that one of their support desk workers was tricked into allowing a bad actor to access their internal systems. This extortionist ended up stealing some customer data off of Robinhood’s systems. Most of the individuals affected only had their email addresses stolen but the severity ranged from this to name, DOB, zip code, and “more extensive account details”. The individual/individuals that performed this attack were attempting to extort Robinhood by demanding a payment. It does not sound like Robinhood is complying with the attackers, and has contacted the proper authorities. This attack adds to a list of poor showing regarding Robinhood’s information security. There have been several other incidents over the past few years that has affected Robinhood one way or another. I found this instance to be particularly interesting because they have explicitly told us that this was purely a social engineering attack. These attackers were able to gain access to Robinhood’s systems and extract data just by tricking someone who actually worked there. They didn’t exploit and vulnerabilities except for the human factor. Which we have seen time and time again, is the most important/impactful factor in infosec.
https://www.theregister.com/2021/11/09/robinhood_breach/
Couple week ago when I was walking around Times Square in my recent NYC visit, I saw lots of employees walking outside of the McAfee plaza and they all took out their phones to record something one of the huge LED screens. At this point, I had no idea about the McAfee Corp’s recent investment. So when I saw this article, I thought it was worth it to figure out the event I ran into.
The article is addressing the fact that remote working shift lead by pandemic, caused a risk in cybersecurity attacks and it increased the demand for preventative controls such as antivirus and security software. McAfee is knows as the first commercial antivirus placer into to market, and has bought by Intel after. And finally Advent International will take the cybersecurity company.
https://www.reuters.com/technology/mcafee-be-bought-by-advent-led-group-over-14-billion-2021-11-08/
“Robinhood Trading App Suffers Data Breach Exposing 7 Million Users’ Information”
Robinhood reported that over 7 million customers’ personal information was accessed and a ransom payment was demanded during a data breach, this past Wednesday, November 3rd. It started with an unauthorized third party relying on social engineering calling customer support to convince the employee to provide access to customer support systems. Sensitive information (social security numbers, bank account and debit card numbers) did not appear to be exposed or financial loss from this incident. However, 5 million email addresses (including previously activated accounts) were obtained as well as 310 names and birth dates (10 of which revealed customers extensive account details). Robinhood notified law enforcement to investigate this incident but did not state if any extortion payments were made. The trading app recommended that customers use multi-factor authentication to secure their accounts.
https://thehackernews.com/2021/11/robinhood-trading-app-suffers-data.html
Last night at about 1:24am there were multiple customers (an estimated 20,000) reporting that their Comcast services were experiencing outages. Initially, the massive outages were reported in the California Bay Area. The number had spiked up to about 50,000 customers at about 9:30am today. The areas affected are New Jersey, Philadelphia, Chicago and Indiana. As of right now, it is still unclear why these services are unavailable.
I first heard of these outages from a co worker at Jefferson University Hospitals. I immediately started to look into the ordeal, but majority of the articles that I found were really short. None of them knows why these services were unavailable. One article reported that at least one police department in Illinois were unable to receive phone calls. I’m sure this lack of availability was a detriment to many businesses that use and depend on their services daily. One twitter user wrote the following; “How about using Twitter to address the near nationwide outage?? Since we can’t access your website, nor contact you by phone, why not tell us what’s going on???”
https://people.com/human-interest/comcast-xfinity-outage-impacts-thousands-across-us/
https://www.nbcnews.com/tech/tech-news/xfinity-comcast-internet-outages-spread-us-rcna4954
https://www.mlive.com/news/2021/11/comcast-outage-knocks-out-internet-tv-and-phone-service-across-us.html
I have no facts beyond what is in the press (virtually nothing), but I will note that not only was their service down (internet access), so were their tools and call centers. As a result this was very broad and foundational to be nationwide and crossing multiple services. Part of me wondered if they might have been majorly penetrated (although they have very good security teams and tools), or if this was just a cascading failure to their network. I can hardly wait to find out what really happened!
I had a good time this morning trying to use my comcast internet. I would love to hear about what really happen.
I thought this article was fun and a good change of pace and used a good analogy
“Op-Ed: What a house cat can teach us about cybersecurity”
The news today often contains reports about cybersecurity breaches that steal our data or threaten our national security. The nation spends billions of dollars on cybersecurity measures, and yet we seem unable to get ahead of this problem. Why are our computers so hard to protect?
Recent experience with a house cat provided insights into the nature of this problem. I am allergic to cats. My daughter came home, cat in hand, for an extended stay, and I had to find a way of confining Pounce to a limited area. However, as many cat parents would have known — though I did not — this was doomed to be a losing battle.
https://www.latimes.com/opinion/story/2021-11-07/op-ed-what-a-house-cat-can-teach-us-about-cybersecurity
I went in a bit of a different direction than AuthN & AuthR this week. I came across this article that describes the ‘ecosystem’ of RaaS (Ransomware as a Service). The degree of structure and organization that the ‘bad guys’ have brought to their endeavours is truly astounding! There are 4 clearly defined business models that allow people with virtually no technical ability to profitably participate in the Ransomware ‘Movement’ blows my mind! It is truly impressive how mature the RaaS movement is and just how outmatched US Law Enforcement is in the face of this threat!
https://www.upguard.com/blog/what-is-ransomware-as-a-service
Researches discovered 14 critical vulnerabilities in the BusyBox software suite. BusyBox software is used by many operational technology and Internet of things devices. All of the vulnerabilities allowed for denial of service attacks and ten of them allowed for remote code execution.
https://threatpost.com/busybox-security-bugs-linux-devices/176098/
https://betanews.com/2021/11/02/poor-identity-management-easier-to-launch-attacks/
This article discusses the difficulties organizations have as they try to manage all of the user identifies that make up their complex environments. One of the common themes is that access is managed by different departments across the enterprise and often times more than just one uniform identity access management (IAM) solution is used to manage the user identities. The article notes, “Virtually every day we see a new cyber incident make headlines, in large part because organizations are managing more identities than ever before and because they are unable to attain a 360-degree view of all their identities — which creates gaps, inconsistencies, and expands windows of exposure”. The author believes one uniform solution is a good start for organizations who are attempting to clean up their identities and it can ultimately pave a future path to securing their most valuable or critical assets.
“Cybersecurity; How to protect your child’s social identity”
The article describes how the digital age we live in, where most of our time is spent online, has a significant impact on our children. According to the Pew Research Center, 80 percent of parents report that their children ages 5 to 11 use tablets. Social Security numbers, credit card numbers, and some personal information about your child are just as important as these things need to be protected. Parents need to make sure their children know not to enter chat rooms or talk to strangers on the Internet. Just one photo from a social media platform is used by unscrupulous people to obtain addresses and other personal information from photos. Another way to protect yourself is to be hesitant to connect to public WIFI because it’s not secure. You want to make sure that you don’t access any type of information that you don’t want anyone to see. If you are in a situation where you cannot avoid using public WIFI, do not open personal applications that post sensitive information.
Reference: https://www.koaa.com/news/covering-colorado/cybersecurity-how-to-protect-your-childs-social-identity
“U.S. Charges Ukrainian Hacker for Kaseya Attack; Seizes $6 Million from REvil Gang”
I found this article extremely interesting because hackers oversea who attack the United States, are very common to get away with it. Once I saw this article, I was surprised the United States was able to charge the cyber criminal.
Just yesterday, the United States charged a 22 year old cybercriminal from Ukraine. He was deploying REvil ransomeware to target multiple businesses and government entities in the country, including perpetrating the attack against a software company.
The article mentions he has been part of the ransomware operation since March of 2019 and put in place 2,500 attacks against businesses all around the world.
As mentioned in the title, this attacker was apart of “REvil ransomware gang”. The gang took more than $200 million since March of 2019 & hacked at least 175,000 computers.
The REvil ransomware gang needed to be caught, the United States offered up to $10 million as an award to any information to lead up to an arrest.
Reference:
https://thehackernews.com/2021/11/us-charges-ukrainian-hacker-for-kaseya.html
There was 6500 patients data was exposed in the recent data breach at the physical therapy center Viverant PT. Viverant PT is located in the Minneapolis, Minnesota. The current, former patients, and employees personally identifiable information (PII) was being exposed. Which included the patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and medical record numbers was unauthorizedly accessed. The other potentially accessed data that the have stated were the diagnostic or treatment information, credit/debit card information with the password or security code, health insurance information, financial account numbers with or without passwords or routing numbers, and digital signatures. They have discovered this data breach after they there was a suspicious email that was being sent out from one of the users accounts. Once they had identified the data breach, they have investigated the effects of that data breach and requested uses to change their passwords of their accounts. Viverant PT has also offered the affected victims with free credit monitoring services.
References:
https://portswigger.net/daily-swig/data-breach-at-us-healthcare-provider-viverant-pt-impacts-more-than-6-500-patients
In this article it talks about Tor, the onion router. It is encrypted layered anonymous browser that guards information when browsing on the internet and allows access to any government restricted sites. Though more than half of the domains on the dark web are in fact legal it is shown to have an increase of illegal and illicit transactions through cryptocurrencies in exchange for goods and services. However there has been some policing and websites have been shutdown by governments. An example was the EU brought down 50 websites in 2018-2019 taking down two of the largest drug markets on the dark web. There have been some attempts for regulations as well in 2019 for crypto assets regarding anti-money laundering and counter measures towards financing terrorism. I believe it will be very challenging however still possible given that tor was developed by the government to begin with.
https://www.imf.org/external/pubs/ft/fandd/2019/09/the-truth-about-the-dark-web-kumar.htm
At the University of Colorado, a data breach has exposed personal information of 30,000 current and former students. An attack on a 3rd party service called Atlassian is what caused this incident. Atlassian is a software program to share resources and documents. PII, names, student ID’s, addresses, DOB’s, phone numbers and genders were some of the information that was potentially leaked.
https://portswigger.net/daily-swig/data-breach-at-colorado-university-impacts-30-000-students
https://kdvr.com/news/local/hackers-try-to-extort-university-of-colorado-in-cyberattack/
Thought this was an interesting read. It has more to do with neurolink and the cybersecurity of augmentation. Although – it’s much more science fiction at the current moment since it is purely speculative. But with the improvements made by Elon Musk (whom demonstrated a gorilla playing pong with it’s brain), I thought about how much impact would be affected by a device like neurolink. Since in all of the FIPS-199 security objectives would be categorized as HIGH-HIGH-HIGH for a lot of individuals utilizing neurolink. This technology, in many cases, would always have to be available (particularly for patients utilizing the device for brain impairment), the integrity would always have to be in check, and the confidentiality would be HIGH for a lot of high profile users.
It really gives a cyberpunk reality if you think about it; and the ramifications would be massive if hackers were literally given a pathway to your brain.
https://www.forbes.com/sites/forbestechcouncil/2020/11/18/hacking-humans-how-neuralink-may-give-ai-the-keys-to-our-brains/?sh=14547d4a5791
This article explains how in today’s digital world, customers have made it increasingly possible and common practice to keep user accounts with different service supplier access a range of services. In that regard, all attributes of the identity must be verified to operate, otherwise the resources would be vulnerable to financial and data loss. The article contends that makes it important to form an Identity Management System, which could provide central administration, user self- service, role based access control and integrated user management. Identity Management becomes very much vital for the environment working with multiple technologies, as it governs an entity (i.e. a human or a software agent) to authenticate and authorize for accessing the network via multiple technologies. Successful Identity Management increases the efficiency, security, access control and decreases the complexity, cost and many repetitive works. Essential features of present day identity management
https://www.researchgate.net/publication/322878884_Identity_Management_Systems_A_Comparative_Analysis
“Hackers have breached organizations in defense and other sensitive sectors, security firm says”
The article I read this week was a written by Sean Lyngaas of CNN and it states that suspected hackers have breached nine different organizations in the defense, energy, health care, technology and education sectors. There is an ongoing effort by CISA researchers and the NSA to expose said hackers, with increased support by both the Trump administration and now the Biden administration. What the hackers hope to achieve is to steal passwords from the organizations they target in order to maintain long term access to networks, putting them in a position to intercept sensitive data that is emailed or stored on systems. It is believed that the nine organizations are just the “tip of the spear” and more victims will soon appear. It is also believed that US defense contractors in business with the Pentagon are a primary target for the hackers due to their highly-sought national security-related secrets. The hackers are exploiting a vulnerability in software that corporations use to manage network passwords, which the CISA and FBI warned about in September. The reason that information has been made public is so that corporations are aware they may be targets as well, and to provide assurance that the government is working closely with cybersecurity firms to stay on top of threats.
https://www.cnn.com/2021/11/07/politics/hackers-defense-contractors-energy-health-care-nsa/index.html
The article I am choosing to summarize for this weeks in-the-news is titled Onion Routing: What is Tor and How it Enhances Online Privacy.
I was intrigued to do some more detailed research into this topic because I saw that a good number of my classmates chose to write about it for discussion question three, which asked for us to talk about something from our textbook readings that we found interesting and why.
The article gave an overview of how onion routing works, what the Tor browser is, how it uses onion routing, and how onion routing boosts online privacy.
Onion routing uses multiple crowdsourced servers/nodes to route communication, as opposed to single servers, which are used in regular proxies and VPN’s. This makes communication over a computer network (almost) anonymous, and makes it incredibly difficult for eavesdroppers to trace the original sender of communications. Communication starts off encrypted at the original senders server, gets gradually decrypted in layers by going through multiple servers/nodes, and then finally reaches the destination server.
The Tor browser uses onion routing to anonymize communication, and also disables common browser add-ons that collect data and reveal the information and PII of users. It has been praised for keeping underground journalists in unsafe countries secret, but has also been criticized for aiding criminals in their online crimes.
Kundu, K. (2021, February 19). Onion Routing: What is Tor and How it Enhances Online Privacy. Beebom.com. Retrieved from https://beebom.com/onion-routing-what-is-tor-how-enhances-online-privacy/.
“Robinhood trading app hit by data breach affecting seven million.”
U.S. stock trading app Robinhood has been hit by a security breach that has exposed the names or email addresses of more than 7 million people.
The company said the breach affected “limited personal information of some of our customers.
It doesn’t believe the most sensitive information it collects – U.S. Social Security numbers and financial information – was compromised.
Robinhood said it rejected the payment request and reported the attack.
Such ransom demands are not uncommon in cyberattacks and usually amount to a promise not to sell compromised data or to leak it online for free. The company did not specify which terms were involved in its case.
Instead of complying with what it called “extortion,” Robinhood said it had notified law enforcement authorities and hired an outside cybersecurity firm to help handle the incident.
https://www.bbc.com/news/technology-59209494
This article, despite being be CNN, reveals research from security firm Palo Alto Networks stating that foreign hackers “have breached nine organizations in the defense, energy, health care, technology and education sectors — and at least one of those organizations is in the US.” This continues to show the gravity of insecure systems in sectors of high importance to society. The research suggests that the threat actor could be one suspected Chinese hacking syndicate, based on an overlap in attack vectors that were previously identified in other breaches. Palo Alto Networks generated a report detailing all of these items in collaboration with the National Security Agency (NSA) and the US Cybersecurity and Infrastructure Security Agency (CISA) in an effort to combat cyber espionage, which they claim is the type of activity occurring here; the threat actor is passively dwelling within these important systems as a spy campaign to gather intelligence. According to the article, another major cybersecurity firm, Mandiant, has also previously stated that a group of hackers linked to China have utilized a certain software vulnerability to exploit similar systems of high caliber in defense, education, finance, and public sector organizations in both the US and Europe. Another major issue mentioned is that this type of access has led to defense contractors revealed, and further breaches of these contractors is releasing highly sensitive information. This information in total has been disclosed in an effort to thwart the attack vectors used by these groups in the hope that other US systems are able to address these vulnerabilities before it is too late and further sensitive information is extracted out of the country. I think this article really addresses the importance of adequate cybersecurity in place as a measure of national security to combat espionage, and perhaps shows just how vulnerable systems in important sectors can still be/likely are. In my opinion, it was a good decision to release the information regarding the attack vectors used so that others might be able to protect themselves, rather than hiding the information regarding the breach internally like many would have done and still do.
https://www.cnn.com/2021/11/07/politics/hackers-defense-contractors-energy-health-care-nsa/index.html
https://www.weforum.org/agenda/2021/11/healthcare-cybersecurity/
This article talks about the number of cyber incidents affecting healthcare across 30 countries. Since July of 2020, there have been an average reported number of incidents between 10-25 every month, and this trend has been on the rise. 69% of countries stated healthcare was a critical infrastructure, but there’s no legislation mandating they have a certain basic level of controls in place. In the US, there is a minimum care required when collecting PHI, but there are no requisite controls specifically regarding protecting them against general cyber incidents.
After a healthcare organization experiences a ransomware attack, 15% led to patients being redirected to other facilities. 20% led to appointment cancellations, and some services were out for four months.