The article I found for this week that is worth to spare a 2 minutes reading is about a French hospital hit by a $10M ransomware in exchange for decryption key. The article indicated that this attack targeted the computer networks which compromised the software/storage systems and information systems and made the data for the patients inaccessible. This is a 1000-bed hospital which is pretty big and lots of lives can be hugely affected. So, to me it’s a clear sign that some these hospitals are not doing a good job to secure their systems against these attacks and there is a possibility that the business side is not fully supporting the IT Department with enough budgets to help mitigate these attacks.
The article I have chosen to highlight this week speaks to best practices for keeping your users safe when it comes to phishing attempts. The article points out that “Phishing has become the number one cyber issue for organizations, with 91% of cyber-attacks coming from malicious emails.” The reason I have chosen this article is it directly correlates with Risk Management in that internal users make up a large amount of inherit risk. The article speaks on how to help mitigate this risk by involving and getting the support of top management with use of financial metrics (SLE and ALE for successful phishing attacks and how implementing training can help save the business money.) As well as educating users with personalized trainings based on how they interact with sanctioned phishing emails. Not only analyzing the straightforward metrics but also emotional drivers – understanding why someone has clicked on that email to better prevent it from happening in a real phishing attempt.
This article by The Hacker News talks about methods to reduce the risks to your organization by adapting a more proactive and threat modeled approach rather than the traditionally more reactive approach. The article discusses several topics to address that include several steps to improve risk management via validation and simulated attack tools. The closing thought of the article is that when a business is able to incorporate a continuous threat management program that is actively looking for and addressing risks as they are discovered, it will be more prepared and better able to respond in the event that malicious actions are discovered.
Montenegro blames criminal gang for cyber attacks on government (msn.com)
In summary, the article states that Montenegro had a cyber-attack that hit their government digital infrastructure. The had a virus that affected 150 workstations. In order to contain the virus, the government internet sites shut down.
They also were able to find the where the stolen information will be on the dark web. There has not yet been a request for ransom.
The parliament was not affected because they are not on the same system as the government. This was not the first time their digital infrastructure was attacked.
This article discusses hackers’ use of popular video games to hide malware disguised as video game “cheats”, installers, or the games themselves. The most popular PC games are selected including Minecraft (the most popular), Roblox, Fifa, Far Cry and Call of Duty. The most popular mobile games are similar but also include Grand Theft Auto. The goal is for the hacker to trick or entice the user into downloading the malware. These games are targeted simply because of the wide array of people that play these games (10s of millions). In addition, since there are many option in the game to purchase upgrades or cheats, being able to access tricks and hints for free is very appealing, especially to younger users. Based on the research performed,
the most commonly used corrupt files are from downloaders, which was almost 90% of all infected cases
This article was really interesting to me because my 5 and 9 year old boys play Minecraft and Roblox and if we did not have parental controls to prevent downloads and in-app purchases, I am sure that our children would unknowingly download infected software.
This article discusses a recent attack against the apparel brand, ‘The North Face’. A large-scale credential stuffing attack was conducted on their website, resulting in 194,905 accounts being hacked. A credential stuffing attack is when threat actors utilize email addresses and usernames with passwords from previous data breaches to hack into accounts on other websites. The success of these kinds of attacks is reliant on individuals utilizing the same credentials across different accounts on different websites. Hackers were able to obtain user information including names, billing/shipping addresses, telephone numbers, gender, purchase histories, and a bit more sensitive data. However, payment details were not stored directly on the website. This is due to the utilization of a “token” linked to a payment card with a third-party card processor keeping the details. As such, the only financial information exposed were purchase histories and associated addresses for billing and shipping addresses.
In Class we discussed that once a vulnerability has been leveraged, by an hacker their intention is to stay there and continue to manipulate and infiltrate the system. This article is about how dangerous hackers have infiltrated banks in French speaking Africa countries for almost two years without been caught. One could imagine the amount of data breach and manipulation that would have been done in these two years without been noticed. However, these hackers used look alike domains, click link through malicious email attachment to lure their victims. Although in the US information security department are doing a lot to sensitize their personnel on the need to always verify before clicking any link but for countries like Africa where the IT advancement is relatively not up to date how would they be able to deal with these breaches without adequate training.
Microsoft has uncovered a vulnerability in the popular social media app TikTok, where users can have their entire profiles taken over by clicking a single malicious link. After being made public, TikTok quickly patched the flaw. TikTok noted that this flaw had not affected iPhone users but was a bug in the android version of the app. TikTok has been downloaded on the android library over 1.5 billion times, it is still unclear how many android users’ accounts were compromised so far.
When reading this article, it became obvious to me that TikTok’s information risk management team is not doing an adequate job. For a flaw as glaring as the one mentioned in the article to make it to a distribution of the app on android is a big red flag. Within this week’s reading, it was heavily emphasized that user data protection is paramount to the operation of any organization. Not only would the company lose revenue due to a data breach but may also face criminal prosecution for not prioritizing the security of its user information.
This article summarizes the recent flaw that was found in the macOS and iOS kernel and WebKit that would allow outside actors to take over devices. The kernel bug was labeled “CVE-2022-32894” and the specific issue was an out-of-bounds write issue that was fixed with improved bounds checking. This bug allowed arbitrary code to be executed with kernel privileges. The WebKit bug was labeled “CVE-2022-32894” and was another out-of-bounds write issue that processed malicious web content that could have led to code execution. Apple wasn’t the only company that dealt with this same bug, as Google and their chrome browser also had an arbitrary code execution bug. Apple’s newest iOS 15.6.1 and macOS Monterey 12.5.1 updates relieved this issue and I personally dealt with it at my work as we were given the order to force the update through as soon as possible once the newest update came out.
Shepherd Shenjere says
https://www.bleepingcomputer.com/news/security/french-hospital-hit-by-10m-ransomware-attack-sends-patients-elsewhere/ (Links to an external site.)
The article I found for this week that is worth to spare a 2 minutes reading is about a French hospital hit by a $10M ransomware in exchange for decryption key. The article indicated that this attack targeted the computer networks which compromised the software/storage systems and information systems and made the data for the patients inaccessible. This is a 1000-bed hospital which is pretty big and lots of lives can be hugely affected. So, to me it’s a clear sign that some these hospitals are not doing a good job to secure their systems against these attacks and there is a possibility that the business side is not fully supporting the IT Department with enough budgets to help mitigate these attacks.
Nicholas Foster says
https://www.infosecurity-magazine.com/news-features/five-ways-successful-antiphishing/ – Five Ways to Achieve a Successfully Anti-Phishing Campaign
The article I have chosen to highlight this week speaks to best practices for keeping your users safe when it comes to phishing attempts. The article points out that “Phishing has become the number one cyber issue for organizations, with 91% of cyber-attacks coming from malicious emails.” The reason I have chosen this article is it directly correlates with Risk Management in that internal users make up a large amount of inherit risk. The article speaks on how to help mitigate this risk by involving and getting the support of top management with use of financial metrics (SLE and ALE for successful phishing attacks and how implementing training can help save the business money.) As well as educating users with personalized trainings based on how they interact with sanctioned phishing emails. Not only analyzing the straightforward metrics but also emotional drivers – understanding why someone has clicked on that email to better prevent it from happening in a real phishing attempt.
David Vanaman says
https://thehackernews.com/2022/09/what-is-your-security-team-profile.html
This article by The Hacker News talks about methods to reduce the risks to your organization by adapting a more proactive and threat modeled approach rather than the traditionally more reactive approach. The article discusses several topics to address that include several steps to improve risk management via validation and simulated attack tools. The closing thought of the article is that when a business is able to incorporate a continuous threat management program that is actively looking for and addressing risks as they are discovered, it will be more prepared and better able to respond in the event that malicious actions are discovered.
Jill Brummer says
Montenegro blames criminal gang for cyber attacks on government (msn.com)
In summary, the article states that Montenegro had a cyber-attack that hit their government digital infrastructure. The had a virus that affected 150 workstations. In order to contain the virus, the government internet sites shut down.
They also were able to find the where the stolen information will be on the dark web. There has not yet been a request for ransom.
The parliament was not affected because they are not on the same system as the government. This was not the first time their digital infrastructure was attacked.
Jill Brummer says
https://www.msn.com/en-us/news/world/montenegro-blames-criminal-gang-for-cyber-attacks-on-government/ar-AA11kq9D
Here is the link. The link did not copy over with my original post.
Christa Giordano says
https://www.bleepingcomputer.com/news/security/minecraft-is-hackers-favorite-game-title-for-hiding-malware/
This article discusses hackers’ use of popular video games to hide malware disguised as video game “cheats”, installers, or the games themselves. The most popular PC games are selected including Minecraft (the most popular), Roblox, Fifa, Far Cry and Call of Duty. The most popular mobile games are similar but also include Grand Theft Auto. The goal is for the hacker to trick or entice the user into downloading the malware. These games are targeted simply because of the wide array of people that play these games (10s of millions). In addition, since there are many option in the game to purchase upgrades or cheats, being able to access tricks and hints for free is very appealing, especially to younger users. Based on the research performed,
the most commonly used corrupt files are from downloaders, which was almost 90% of all infected cases
This article was really interesting to me because my 5 and 9 year old boys play Minecraft and Roblox and if we did not have parental controls to prevent downloads and in-app purchases, I am sure that our children would unknowingly download infected software.
Kenneth Saltisky says
https://www.bleepingcomputer.com/news/security/200-000-north-face-accounts-hacked-in-credential-stuffing-attack/
This article discusses a recent attack against the apparel brand, ‘The North Face’. A large-scale credential stuffing attack was conducted on their website, resulting in 194,905 accounts being hacked. A credential stuffing attack is when threat actors utilize email addresses and usernames with passwords from previous data breaches to hack into accounts on other websites. The success of these kinds of attacks is reliant on individuals utilizing the same credentials across different accounts on different websites. Hackers were able to obtain user information including names, billing/shipping addresses, telephone numbers, gender, purchase histories, and a bit more sensitive data. However, payment details were not stored directly on the website. This is due to the utilization of a “token” linked to a payment card with a third-party card processor keeping the details. As such, the only financial information exposed were purchase histories and associated addresses for billing and shipping addresses.
Abayomi Aiyedebinu says
In Class we discussed that once a vulnerability has been leveraged, by an hacker their intention is to stay there and continue to manipulate and infiltrate the system. This article is about how dangerous hackers have infiltrated banks in French speaking Africa countries for almost two years without been caught. One could imagine the amount of data breach and manipulation that would have been done in these two years without been noticed. However, these hackers used look alike domains, click link through malicious email attachment to lure their victims. Although in the US information security department are doing a lot to sensitize their personnel on the need to always verify before clicking any link but for countries like Africa where the IT advancement is relatively not up to date how would they be able to deal with these breaches without adequate training.
https://www.infosecurity-magazine.com/news/hackers-targeted-financial/
Maxwell ODonnell says
Microsoft has uncovered a vulnerability in the popular social media app TikTok, where users can have their entire profiles taken over by clicking a single malicious link. After being made public, TikTok quickly patched the flaw. TikTok noted that this flaw had not affected iPhone users but was a bug in the android version of the app. TikTok has been downloaded on the android library over 1.5 billion times, it is still unclear how many android users’ accounts were compromised so far.
When reading this article, it became obvious to me that TikTok’s information risk management team is not doing an adequate job. For a flaw as glaring as the one mentioned in the article to make it to a distribution of the app on android is a big red flag. Within this week’s reading, it was heavily emphasized that user data protection is paramount to the operation of any organization. Not only would the company lose revenue due to a data breach but may also face criminal prosecution for not prioritizing the security of its user information.
https://nypost.com/2022/09/01/tiktok-security-flaw-put-hundreds-of-millions-at-hacking-risk/
Matthew Stasiak says
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
This article summarizes the recent flaw that was found in the macOS and iOS kernel and WebKit that would allow outside actors to take over devices. The kernel bug was labeled “CVE-2022-32894” and the specific issue was an out-of-bounds write issue that was fixed with improved bounds checking. This bug allowed arbitrary code to be executed with kernel privileges. The WebKit bug was labeled “CVE-2022-32894” and was another out-of-bounds write issue that processed malicious web content that could have led to code execution. Apple wasn’t the only company that dealt with this same bug, as Google and their chrome browser also had an arbitrary code execution bug. Apple’s newest iOS 15.6.1 and macOS Monterey 12.5.1 updates relieved this issue and I personally dealt with it at my work as we were given the order to force the update through as soon as possible once the newest update came out.