In summary, the article describes a cyber-attack, which was on the New Hampshire lottery website. The details describe how the attacker used a third- party vendor banner asking viewers to click. If the viewer clicked on the banner, a zip file was downloaded onto the user’s computer.
This relates to the discussion on mitigating risk once attacks occur by isolating the incident, which they did by shutting down the website. They (NH lottery) went offline so the banner was no longer accessible. They also stated that they came back online after the incident was dealt with and updated the website with enhanced security features.
Additionally, they provided instructions for users that did click on the banner, which included links to free antivirus software and a recommendation to update username and password if compromised.
The article I have chosen is “Ransomware Attacks are on the Rise” by Nate Nelson. The article outlines the increase in ransomware attacks since the restructuring of Conti. Nate notes it was “then the world’s foremost ransomware gang.” Conti’s reshaping has brought two new organizations into the fold. The first is Hiveleaks listed as an affiliate and BlackBasta listed as a replacement strain. The major reason for the restructure was a bounty by the U.S. Government for $15 million in exchange for “prized information” on Conti.
This article is relevant to this weeks readings in that ransomware directly impacts the CIA Triad. Primarily, confidentiality and availability. Ransomware has two objectives. Gain entry to a enterprises data and encrypt it. Ideally, also sending the data to themselves. The sad part is once the data is encrypted, you are at their mercy. Even if you pay the ransom, there’s no guarantee they’ll make the data available again. If those who need access to the data are not able to do so, this is a direct impact to availability of the CIA triad. To make matters worse, even if you pay, they can still turn around and sell or leak the data if they managed to exfiltrate it. This compromises confidentiality of the CIA triad. If data fails to remain private and only available to those who are authorized to view it, it is no longer confidential.
This article from The Hacker News discusses why data exfiltration (the unauthorized release of data) is potentially more of a threat than ransomware. Ransomware has become the cyber threat buzzword among non-industry leaders because it is a clearcut example of breaking both the availability and integrity legs of the CIA triad. It is such a simple concept with clear and obvious negative consequences that it is easy for non-experts to understand and act on. Data exfiltration is a much more insidious problem and is almost a perfect counterpoint to ransomware because it affects confidentiality without disturbing availability or integrity. The threat to the company comes from that data becoming public. The data could be intellectual property or financial data that gives competition an advantage or leaks of PII which hurts the employees and users, or threats of leaking embarrassing or harmful confidential or private communications.
I thought this article parallels our case study for the week. The threat of data exfiltration is very similar to the threat of data theft from a physical device theft. The scale, however, can be much larger. There is limited amount of data on a single system, where someone with full access can exfiltrate a massive amount of data from the entity’s central stores such as NAS devices and cloud storage..
This article discusses the LastPass security breach communicated to customers on 8/25/22. The email notified customers that an unauthorized party gained access to the development environment with the root cause being a developer account that had been compromised. Per the email communication the company took immediate action and identified (through use of a cybersecurity and forensics firm) that user data was not compromised, and that products and services were not directly affected. The bad actor was able to gain access to the source code and some proprietary information; however, the activities of the firm were able to mitigate and contain the breach quickly. While this breach appeared to be contained rather quickly and there was not much impact, there was a breach in 2015 that did result in user data being compromised. Lastly, the article notes that LastPass shared some of its security measures and recommendation for best practices related to passwords and password management.
This article from bleepingcomputer communicates that McAfee found five Google Chrome extensions that stole and tracked users’ browsing activity. These extensions were downloaded more than 1.4 million times and utilized malicious redirects to force users visiting specific websites to redirect through affiliate links. This means that the maker of the extension would receive an affiliate fee for any purchases on these extensions. What is notable is that these extensions functioned as intended on top of the malicious behavior. Another notable aspect is that some of these extensions utilized a hard-coded delay of installation prior to sending out browser activity. The article notes that although some of the listed extensions have been removed, some are still available and even though they have been removed from the store you will need to uninstall the extension from your web browser to remove them.
The article I came across this week that I found interesting has to do with a recent Cisco data breach through a compromised Google account. The attackers obtained access to the victim’s account through a known VPN flaw and obtained their security credentials which had been synched to their Chrome user profile. Cisco investigated the incident and concluded the attackers we not able to deploy any ransomware however were able to penetrate the network and conduct an internal network scan. The article highlights a new method of bypassing MFA that I had never heard of called MFA fatigue. This is where attackers send high volumes of authorization requests, overwhelming the user and giving them no choice but to accept, therefore authenticating the attacker and bypassing MFA.
This article makes me question the mitigation controls Cisco has in place. In this week’s reading, I learned about the three risk mitigation controls, those being administrative, physical, and technical. The administrative controls failed Cisco and lead to this data breach. If they had more rigid policies and rules in place to handle these sorts of incidents this most likely would not have happened. However, Cisco did get their technical controls right, the attacker was limited to performing a system scan and not being able to implant any malware.
I found this article interesting because it is an attempt to show case how state actors during conflicts can use vulnerabilities, malware to attack its adversary. Nowadays international conflict has moved from the use of bombs and artilleries to attack each other Countries the world have devised sophisticated means to attack their enemies. Some examples are how Russia interference in the US election, the hack on the US pipeline project etc. This article attempts to showcase how Russia backed Conti-affiliated hacking group have used different sophisticated means to attack Ukraine some of the industries targeted are the Hospitality industry, Banking and all others through the use of mapping, malware attacks, Trick BOTS, breaching and compromise of humanitarian organizations in eastern Europe as a means to destabilize donors helping Ukraine it its fight against Russia.
My take home from this article is how state actors have leveraged information security weakness to attack their enemies and infiltrate information systems and architecture.
I found this article very interesting because a hacker was able to breach the FBI data and now is selling the data on the dark web. The FBI missed the threat by the shared network in which they should have been careful in order to save the information and not giving the access to all of them. Once they got in the job was easy and they were able to get in by a simple python script. No data is safe out there unless you are using proper guidelines to monitor it. I think the FBI should have taken other steps to prevent from getting hacked into.
In summary, the article describes a cyber-attack, which was on the New Hampshire lottery website. The details describe how the attacker used a third- party vendor banner asking viewers to click. If the viewer clicked on the banner, a zip file was downloaded onto the user’s computer.
This relates to the discussion on mitigating risk once attacks occur by isolating the incident, which they did by shutting down the website. They (NH lottery) went offline so the banner was no longer accessible. They also stated that they came back online after the incident was dealt with and updated the website with enhanced security features.
Additionally, they provided instructions for users that did click on the banner, which included links to free antivirus software and a recommendation to update username and password if compromised.
https://seacoastcurrent.com/nh-lottery-website-back-online-after-cyber-attack/
The article I have chosen is “Ransomware Attacks are on the Rise” by Nate Nelson. The article outlines the increase in ransomware attacks since the restructuring of Conti. Nate notes it was “then the world’s foremost ransomware gang.” Conti’s reshaping has brought two new organizations into the fold. The first is Hiveleaks listed as an affiliate and BlackBasta listed as a replacement strain. The major reason for the restructure was a bounty by the U.S. Government for $15 million in exchange for “prized information” on Conti.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
This article is relevant to this weeks readings in that ransomware directly impacts the CIA Triad. Primarily, confidentiality and availability. Ransomware has two objectives. Gain entry to a enterprises data and encrypt it. Ideally, also sending the data to themselves. The sad part is once the data is encrypted, you are at their mercy. Even if you pay the ransom, there’s no guarantee they’ll make the data available again. If those who need access to the data are not able to do so, this is a direct impact to availability of the CIA triad. To make matters worse, even if you pay, they can still turn around and sell or leak the data if they managed to exfiltrate it. This compromises confidentiality of the CIA triad. If data fails to remain private and only available to those who are authorized to view it, it is no longer confidential.
https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html
This article from The Hacker News discusses why data exfiltration (the unauthorized release of data) is potentially more of a threat than ransomware. Ransomware has become the cyber threat buzzword among non-industry leaders because it is a clearcut example of breaking both the availability and integrity legs of the CIA triad. It is such a simple concept with clear and obvious negative consequences that it is easy for non-experts to understand and act on. Data exfiltration is a much more insidious problem and is almost a perfect counterpoint to ransomware because it affects confidentiality without disturbing availability or integrity. The threat to the company comes from that data becoming public. The data could be intellectual property or financial data that gives competition an advantage or leaks of PII which hurts the employees and users, or threats of leaking embarrassing or harmful confidential or private communications.
I thought this article parallels our case study for the week. The threat of data exfiltration is very similar to the threat of data theft from a physical device theft. The scale, however, can be much larger. There is limited amount of data on a single system, where someone with full access can exfiltrate a massive amount of data from the entity’s central stores such as NAS devices and cloud storage..
This article discusses the LastPass security breach communicated to customers on 8/25/22. The email notified customers that an unauthorized party gained access to the development environment with the root cause being a developer account that had been compromised. Per the email communication the company took immediate action and identified (through use of a cybersecurity and forensics firm) that user data was not compromised, and that products and services were not directly affected. The bad actor was able to gain access to the source code and some proprietary information; however, the activities of the firm were able to mitigate and contain the breach quickly. While this breach appeared to be contained rather quickly and there was not much impact, there was a breach in 2015 that did result in user data being compromised. Lastly, the article notes that LastPass shared some of its security measures and recommendation for best practices related to passwords and password management.
https://www.ghacks.net/2022/08/26/lastpass-discloses-august-2022-security-breach/
This article from bleepingcomputer communicates that McAfee found five Google Chrome extensions that stole and tracked users’ browsing activity. These extensions were downloaded more than 1.4 million times and utilized malicious redirects to force users visiting specific websites to redirect through affiliate links. This means that the maker of the extension would receive an affiliate fee for any purchases on these extensions. What is notable is that these extensions functioned as intended on top of the malicious behavior. Another notable aspect is that some of these extensions utilized a hard-coded delay of installation prior to sending out browser activity. The article notes that although some of the listed extensions have been removed, some are still available and even though they have been removed from the store you will need to uninstall the extension from your web browser to remove them.
https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/
The article I came across this week that I found interesting has to do with a recent Cisco data breach through a compromised Google account. The attackers obtained access to the victim’s account through a known VPN flaw and obtained their security credentials which had been synched to their Chrome user profile. Cisco investigated the incident and concluded the attackers we not able to deploy any ransomware however were able to penetrate the network and conduct an internal network scan. The article highlights a new method of bypassing MFA that I had never heard of called MFA fatigue. This is where attackers send high volumes of authorization requests, overwhelming the user and giving them no choice but to accept, therefore authenticating the attacker and bypassing MFA.
This article makes me question the mitigation controls Cisco has in place. In this week’s reading, I learned about the three risk mitigation controls, those being administrative, physical, and technical. The administrative controls failed Cisco and lead to this data breach. If they had more rigid policies and rules in place to handle these sorts of incidents this most likely would not have happened. However, Cisco did get their technical controls right, the attacker was limited to performing a system scan and not being able to implant any malware.
https://www.hackread.com/cisco-confirms-breach-employee-google-account-hacked/
I found this article interesting because it is an attempt to show case how state actors during conflicts can use vulnerabilities, malware to attack its adversary. Nowadays international conflict has moved from the use of bombs and artilleries to attack each other Countries the world have devised sophisticated means to attack their enemies. Some examples are how Russia interference in the US election, the hack on the US pipeline project etc. This article attempts to showcase how Russia backed Conti-affiliated hacking group have used different sophisticated means to attack Ukraine some of the industries targeted are the Hospitality industry, Banking and all others through the use of mapping, malware attacks, Trick BOTS, breaching and compromise of humanitarian organizations in eastern Europe as a means to destabilize donors helping Ukraine it its fight against Russia.
My take home from this article is how state actors have leveraged information security weakness to attack their enemies and infiltrate information systems and architecture.
https://thehackernews.com/2022/09/some-members-of-conti-group-targeting.html
https://gizmodo.com/fbi-infragard-cybersecurity-hack-critical-infrastructur-1849893073
I found this article very interesting because a hacker was able to breach the FBI data and now is selling the data on the dark web. The FBI missed the threat by the shared network in which they should have been careful in order to save the information and not giving the access to all of them. Once they got in the job was easy and they were able to get in by a simple python script. No data is safe out there unless you are using proper guidelines to monitor it. I think the FBI should have taken other steps to prevent from getting hacked into.