In summary, the article addresses that the Office on the National Cyber Director at the White house is developing a “new cyber workforce and education strategy”. This is to address the excessive open positions (currently over 700k) in cybersecurity and the skills gap in cybersecurity. The lack of cybersecurity talent is causing agencies (both private and public sector) to steal talent from each other.
I do agree with implementing a strategy to address the skills gap in cybersecurity; however, there should be more affordable ways to gain the skills and knowledge if it’s such an issue in filling cyber positions. I also think it would be beneficial to incorporate classes that are geared more towards tech and cyber earlier in education (i.e. middle and high school).
The article I have chosen, speaks to the vast amount of phishing attacks that exist. Phishing isn’t just email clickbait attempts. They have evolved into so much more. I have chosen this article as it is important that we explain to our user base the different types of phishing attacks so that they may be better protected against them. The many examples of phishing include, smishing (sms), vishing (voice), pharming (redirection to fake sites), Whaling (targeting executive/high value employees), etc.
IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun.
I find this article interesting because i would think that having an extra layer of security such as the MFA would protect the information asset from been exploited. This article corroborates the fact that MFA is also susceptible to been attacked by cyber criminals. According to the article the cyber-attack was done through phishing email and a breach of the MFA. It is noteworthy that everyday cyber criminals are becoming sophisticated with their tactics hence organizations must sensitize their employees adequately through training and awareness on cyber security concern, in addition to that data should be secured at rest and in transit.
American Airlines had a security breach back in July where outside actors were able to access employees’ and customers’ names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers, and/or certain medical information. The attack was said to be done by a phishing attack and that only a small number of employee and customer records were actually leaked. American Airlines also gave free two-year memberships of Experian’s IdentityWorks to help resolve the issue had any of the leaked user information been affected but American also added that they have no evidence of the personal information being misused yet.
Tea Pot, a recent Uber hacker who is believed to be only 18 years strikes it again. According to the article, there was a “network intrusion that allowed an unauthorized party to illegally download early footage for the Grand Theft Auto VI.” Similarly to other attacks, a same technique was utilized which is multi-factor authentication (MFA) bombing to get past extra account security layers. After reading this article I am starting to think that there maybe some big guys behind this young cybercriminal.
This recent article from computer weekly looks at a report from Tessian Research on SETA programs from a user perspective and finds that they are generally not well regarded. Users find programs boring and often pay no attention to the training provided. Over 40% or respondants don;t see anything wrong with well known cyber-dangerous activities warned about in training. Phishing simulations are particularly poorly viewed, with almost half of people having a bad experience with a phishing test.
The researchers identified several areas where security teams can make a more positive impact. One is to create and spread a positive company culture. Another is to establish clear and open communication with staff.
The new version of Microsoft Windows 11 was released with security configuration baseline settings through their Microsoft Security Compliance Toolkit. This new baseline added extra defenses to several areas for enterprise customers, with the highlight being the addition of Kernel Mode Hardware-enforced Stack Protection. This provides additional hardware-level protection for kernel code against malware threats on systems with chipsets that support hardware shadow stacks. This new protection provides security for common exploit techniques such as Return-Oriented and Jump Oriented Programming by auto-triggering exceptions when a process’ natural flow has been modified. This new security is dependent on Virtualization Based Protection of Code Integrity and applies to the baseline, but if it deviates from this baseline then the additional security will not be active. Furthermore, the new baseline has protection against phishing attacks through enhanced Windows Defender SmartScreen as well as new security settings for Printers based on RPC and credential theft protection through a number of new settings.
The fintech company Revolut has fallen victim to a targeted cyber-attack in which the personal information of tens of thousands of customers has been leaked. The attack had taken place on September 10 but the intrusion was quickly identified and isolated, however, from the brief period attackers had access to the system they had access to .16% of customers’ data. The disclosure statement noted the attackers had used social engineering methods to persuade access into the system. Interestingly, this data breach triggered a phishing campaign where attackers are contacting customers, posed as Revolut, to try and steal more account information under the pretense of securing their accounts.
I find it interesting that almost all the articles I read that have to do with major data breaches, phishing, and social engineering always play a huge part in the incident. This puts extra emphasis on the importance of security education and training awareness mentioned in this week’s reading. I wish the article highlighted the social engineering tactics used more, I’m curious as to how they were able to convince an employee to handover some sort of admin/high-level access to the network.
This article is about a new method hackers are using called MFA fatigue which takes advantage of push notifications used to help authenticate a user. The threat actor creates a script that repeatedly attempts to log in with stolen credentials and thereby sending push notifications to the account owner’s cell phone. The repeated attempts will eventually cause the account owner to inadvertently accept the notification as a result of the MFA spam and fatigue sets in.
Attackers are using this method since stolen credentials are one of the easiest ways to obtain unauthorized access to a site, application, device, etc. It is also pretty easy for attackers to use since it does not require malware or the infrastructure in place for phishing.
If you believe you are a victim of an attack or attempted attack, the article recommends contacting Information Security of your organization to inform them and also changing your password/login credentials should stop the barrage of push notifications. A few suggestions organizations can use to combat this type of attack include disabling push notifications, implementing push notifications with number verification whereby the notification includes a step where the user needs to enter a number received as part of the notification and access is only granted if the numbers match, and limiting the number of authentication requests resulting in a lockout or an alert generated if that number has been exceeded.
This article is about a recent breach tied to the Twilio hackers which involved several businesses. The most interesting information i found reading this article is the fact that threat actor gained access to the company’s internal tools using stolen credentials from a third-party vendor that had access to their systems. This is a reoccurring event which is similar to breach that occurred in Target where its vendor HVAC’s system was compromised through one of its staff responding to a phishing email thereby compromising Targets POS system that led to loss of millions of dollars and PII of customers. In as much as companies do not separate business process, financial process and vendor account management process they will continue to leave a loophole for cyber criminals to exploit even though they spend a lot to protect their own IT infrastructure.
This week’s topic aligns perfectly with the real-world events going on as Hurricane Ian approaches landfall in the coming days. Data Centers across Florida are putting into place their hurricane preparation plans to ensure the safety and operation of their data centers. The article highlights the preparation plan of Flexential, a company that manages two high-risk data centers in the Tampa Bay area. They are expecting widespread power outages, so a part of their preparation is ensuring fuel levels for their backup generators and keeping their maintenance up to date. Flexential is also bringing in their emergency mobile response team, who are experts in the operation of data centers under extreme conditions, to keep the data center in operation throughout the storm surge. Given the frequency of hurricanes in the area, many data centers are designed to withstand hurricane conditions, Skylink describes their data center as “a bunker built in the middle upper floor of a newly built, freestanding office building” which is 40 feet above sea level and “capable of withstanding anything mother nature has in store.”
I find this article interesting because these data centers remain in Florida despite the frequency of extreme weather conditions like hurricane Ian. The companies must outweigh the physical risk they face with the convenience of having their data centers closer to their operations. However, it seems like this risk is calculated, they have invested a lot in procedures, infrastructure, and personnel that all help their data centers remain operational.
https://www.fedscoop.com/office-of-the-national-cyber-director-to-develop-nationwide-cyber-workforce-strategy-in-the-coming-months/
In summary, the article addresses that the Office on the National Cyber Director at the White house is developing a “new cyber workforce and education strategy”. This is to address the excessive open positions (currently over 700k) in cybersecurity and the skills gap in cybersecurity. The lack of cybersecurity talent is causing agencies (both private and public sector) to steal talent from each other.
I do agree with implementing a strategy to address the skills gap in cybersecurity; however, there should be more affordable ways to gain the skills and knowledge if it’s such an issue in filling cyber positions. I also think it would be beneficial to incorporate classes that are geared more towards tech and cyber earlier in education (i.e. middle and high school).
https://www.realinfosec.net/cybersecurity-academy/types-of-phishing-attacks-how-to-identify-them-the-definitive-guide/ – Types of Phishing Attacks & How to Identify Them: The Definitive Guide
The article I have chosen, speaks to the vast amount of phishing attacks that exist. Phishing isn’t just email clickbait attempts. They have evolved into so much more. I have chosen this article as it is important that we explain to our user base the different types of phishing attacks so that they may be better protected against them. The many examples of phishing include, smishing (sms), vishing (voice), pharming (redirection to fake sites), Whaling (targeting executive/high value employees), etc.
IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun.
I find this article interesting because i would think that having an extra layer of security such as the MFA would protect the information asset from been exploited. This article corroborates the fact that MFA is also susceptible to been attacked by cyber criminals. According to the article the cyber-attack was done through phishing email and a breach of the MFA. It is noteworthy that everyday cyber criminals are becoming sophisticated with their tactics hence organizations must sensitize their employees adequately through training and awareness on cyber security concern, in addition to that data should be secured at rest and in transit.
https://www.bbc.com/news/technology-62937678
https://www.bleepingcomputer.com/news/security/american-airlines-discloses-data-breach-after-employee-email-compromise/
American Airlines had a security breach back in July where outside actors were able to access employees’ and customers’ names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers, and/or certain medical information. The attack was said to be done by a phishing attack and that only a small number of employee and customer records were actually leaked. American Airlines also gave free two-year memberships of Experian’s IdentityWorks to help resolve the issue had any of the leaked user information been affected but American also added that they have no evidence of the personal information being misused yet.
Tea Pot, a recent Uber hacker who is believed to be only 18 years strikes it again. According to the article, there was a “network intrusion that allowed an unauthorized party to illegally download early footage for the Grand Theft Auto VI.” Similarly to other attacks, a same technique was utilized which is multi-factor authentication (MFA) bombing to get past extra account security layers. After reading this article I am starting to think that there maybe some big guys behind this young cybercriminal.
https://thehackernews.com/2022/09/rockstar-games-confirms-hacker-stole.html?
https://www.computerweekly.com/news/252523196/Cyber-security-training-boring-and-largely-ignored
This recent article from computer weekly looks at a report from Tessian Research on SETA programs from a user perspective and finds that they are generally not well regarded. Users find programs boring and often pay no attention to the training provided. Over 40% or respondants don;t see anything wrong with well known cyber-dangerous activities warned about in training. Phishing simulations are particularly poorly viewed, with almost half of people having a bad experience with a phishing test.
The researchers identified several areas where security teams can make a more positive impact. One is to create and spread a positive company culture. Another is to establish clear and open communication with staff.
https://www.bleepingcomputer.com/news/microsoft/windows-11-22h2-adds-kernel-exploit-protection-to-security-baseline/
The new version of Microsoft Windows 11 was released with security configuration baseline settings through their Microsoft Security Compliance Toolkit. This new baseline added extra defenses to several areas for enterprise customers, with the highlight being the addition of Kernel Mode Hardware-enforced Stack Protection. This provides additional hardware-level protection for kernel code against malware threats on systems with chipsets that support hardware shadow stacks. This new protection provides security for common exploit techniques such as Return-Oriented and Jump Oriented Programming by auto-triggering exceptions when a process’ natural flow has been modified. This new security is dependent on Virtualization Based Protection of Code Integrity and applies to the baseline, but if it deviates from this baseline then the additional security will not be active. Furthermore, the new baseline has protection against phishing attacks through enhanced Windows Defender SmartScreen as well as new security settings for Printers based on RPC and credential theft protection through a number of new settings.
https://techcrunch.com/2022/09/20/revolut-cyberattack-thousands-exposed/
The fintech company Revolut has fallen victim to a targeted cyber-attack in which the personal information of tens of thousands of customers has been leaked. The attack had taken place on September 10 but the intrusion was quickly identified and isolated, however, from the brief period attackers had access to the system they had access to .16% of customers’ data. The disclosure statement noted the attackers had used social engineering methods to persuade access into the system. Interestingly, this data breach triggered a phishing campaign where attackers are contacting customers, posed as Revolut, to try and steal more account information under the pretense of securing their accounts.
I find it interesting that almost all the articles I read that have to do with major data breaches, phishing, and social engineering always play a huge part in the incident. This puts extra emphasis on the importance of security education and training awareness mentioned in this week’s reading. I wish the article highlighted the social engineering tactics used more, I’m curious as to how they were able to convince an employee to handover some sort of admin/high-level access to the network.
https://www.bleepingcomputer.com/news/security/mfa-fatigue-hackers-new-favorite-tactic-in-high-profile-breaches/
This article is about a new method hackers are using called MFA fatigue which takes advantage of push notifications used to help authenticate a user. The threat actor creates a script that repeatedly attempts to log in with stolen credentials and thereby sending push notifications to the account owner’s cell phone. The repeated attempts will eventually cause the account owner to inadvertently accept the notification as a result of the MFA spam and fatigue sets in.
Attackers are using this method since stolen credentials are one of the easiest ways to obtain unauthorized access to a site, application, device, etc. It is also pretty easy for attackers to use since it does not require malware or the infrastructure in place for phishing.
If you believe you are a victim of an attack or attempted attack, the article recommends contacting Information Security of your organization to inform them and also changing your password/login credentials should stop the barrage of push notifications. A few suggestions organizations can use to combat this type of attack include disabling push notifications, implementing push notifications with number verification whereby the notification includes a step where the user needs to enter a number received as part of the notification and access is only granted if the numbers match, and limiting the number of authentication requests resulting in a lockout or an alert generated if that number has been exceeded.
This article is about a recent breach tied to the Twilio hackers which involved several businesses. The most interesting information i found reading this article is the fact that threat actor gained access to the company’s internal tools using stolen credentials from a third-party vendor that had access to their systems. This is a reoccurring event which is similar to breach that occurred in Target where its vendor HVAC’s system was compromised through one of its staff responding to a phishing email thereby compromising Targets POS system that led to loss of millions of dollars and PII of customers. In as much as companies do not separate business process, financial process and vendor account management process they will continue to leave a loophole for cyber criminals to exploit even though they spend a lot to protect their own IT infrastructure.
https://www.bleepingcomputer.com/news/security/doordash-discloses-new-data-breach-tied-to-twilio-hackers/
This week’s topic aligns perfectly with the real-world events going on as Hurricane Ian approaches landfall in the coming days. Data Centers across Florida are putting into place their hurricane preparation plans to ensure the safety and operation of their data centers. The article highlights the preparation plan of Flexential, a company that manages two high-risk data centers in the Tampa Bay area. They are expecting widespread power outages, so a part of their preparation is ensuring fuel levels for their backup generators and keeping their maintenance up to date. Flexential is also bringing in their emergency mobile response team, who are experts in the operation of data centers under extreme conditions, to keep the data center in operation throughout the storm surge. Given the frequency of hurricanes in the area, many data centers are designed to withstand hurricane conditions, Skylink describes their data center as “a bunker built in the middle upper floor of a newly built, freestanding office building” which is 40 feet above sea level and “capable of withstanding anything mother nature has in store.”
I find this article interesting because these data centers remain in Florida despite the frequency of extreme weather conditions like hurricane Ian. The companies must outweigh the physical risk they face with the convenience of having their data centers closer to their operations. However, it seems like this risk is calculated, they have invested a lot in procedures, infrastructure, and personnel that all help their data centers remain operational.
https://datacenterfrontier.com/florida-data-centers-brace-for-powerful-hurricane-ian/