In the article, the Information Commissioner stated that hackers are not the biggest cyber risk to a company. A company that doesn’t do enough to protect itself against cyber risk is the biggest risk. A company must have the necessary controls in place to mitigate the risk. Without proper controls in place, a company opens itself up to cyber risk. Per the article, the Information Commissioner’s Office issued a warning by fining thee Interserv Group for failing to keep personal staff information secure, which is in breach of data protection law. Interserv didn’t have appropriate security measures in place to prevent a cyber-attack, which is how hackers gained access to 113K employees personal data done by a phishing email. Right now, cyber-attacks are a global concern. The Commissioner also stated that his office will fine companies if they do not have appropriate security measures in place, such as monitoring for suspicious activity, fail to act on warnings, not updating software and not providing training to staff.
The article I have chosen to highlight this week speaks to a company in the U.K whose system failed to stop a phishing email that an employee downloaded, while a subsequent anti-virus alert was not properly investigated. The attack led to 283 systems and 16 accounts being compromised, it uninstalled Interserve’s anti-virus system and encrypted all current and former employees’ information. The construction company has been fined 4.4 million pounds or nearly 5 million USD. This attack is almost 2 years old but the “Information Commissioner’s Office (ICO) said Interserve Group broke data protection law because the company failed to put appropriate measures in place to prevent the cyber-attack.” They stated in the article this was the 4th largest fine ever and would not be lowering the fined amount due to the negligence on Interserve’s part. The article goes on to state that “Interserve used outdated software systems and protocols, had a lack of adequate staff training and insufficient risk assessments”. and that “it left employees vulnerable to the possibility of identity theft and financial fraud,”
The article i chose this week is about several vulnerabilities in the Abode Systems iota All-In-One Security Kit. This kit includes a main security camera and hub that can alert users of unwanted movement in their homes. It also includes several motion sensors that can be attached to windows and doors. The vulnerabilities Talos discovered could lead to a variety of conditions, including providing attackers with the ability to change users’ login passwords, inject code onto the device, manipulate sensitive device configurations, and cause the system to shut down.
Cyber criminals can take advantage of these vulnerabilities leading to memory corruption, information disclosure and a denial of service.
Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept exploits for various vulnerabilities, some of which include malware. The researchers have discovered that the possibility of getting infected instead of obtaining a PoC could be as high as 10.3% excluding proven fakes and prankware. The researchers analyzed over 47,300 repositories advertising an exploit between 2017 and 2021 using IP address analysis, binary analysis through VirusTotal, and Hexadecimal and Base64 analysis. Of the 150,734 unique IPs extracted: over 2800 were on a matched blocklist, over 1500 were detected as malicious, and over 1000 were present in the AbuseIPDB database. In total, 4893 of the 47313 tested were deemed malicious with most concerning vulnerabilities from 2022.
In examining some of the malicious cases, researchers found different malware and scripts from RATs to Cobalt Strike. Some were found to contain malicious payloads flagged by VirusTotal while others were discovered to have inactive malicious components. As such, do not blindly trust repositories on GitHub and read and sandbox any code as well as utilize open-source intelligence tools like VirusTotal to examine code.
An attack on Medibank was noticed on October 12th when unusual activity was noticed on the network. They engaged multiple cyber security firms to isolate and move access to some customers in order to reduce the probability of data loss or more systems being damaged. Updated October 17th Medibank claims they contained the ransomware threat and on the 19th they confirmed that the attackers got in touch with claims that they have stolen data from the system. On October 20th Medibank confirmed that the threat was valid and began reaching out to affected customers although the number of customers was not released. The attack was said to be done through compromised user credentials.
This article is interesting because it took the organization so long to respond to a cyber breach/attack. The organization, See Tickets, a ticketing service provider disclosed a data breach of customer payment card information. The breach occurred on June 25, 2019 and was not discovered until April 2021. The organization launched an investigation in conjunction with a forensics firm but the full code was not removed from the site until January 2022 for a total of 2.5 years. The organization determined that credit card information may have been compromised by unauthorized individuals as a result of the investigation and in consultation with major credit card companies. The organization provided a notice to its impacted customers with guidance as to how to monitor and protect themselves, but they did not offer a free-of-charge identity protection service for the impacted customers. In addition, the organization has not disclosed who many customers were potentially impacted nor whether the hack was limited to the global site (which was confirmed) or also could have impacted regional sites. It appears this organization did not handle this security breach well.
Security researchers at WordPress discovered that hackers have started exploiting a critical vulnerability in Apache Commons Text. This vulnerability, dubbed Text4Shell, is similar to the infamous Log4Shell that affected another Apache product, Log4j. The Text4Shell exploit has a patch available, and is rated a critical 9.8 CVE.
This exploit highlights a weakness in the software industry. Free open source tools such as Apache’s are incredibly useful and are included in all manner of projects and products. However, one of their biggest draws – they are free – also a major issue. Because there is no direct income from sales, the support and security for these products is generally the responsibility of a small team of volunteers or crowd sourced. Apache is a non-profit with some paid staff, but even so, they do not have the resources to rapidly address and push out fixes like a major software development house.
Australian Clinical Labs (ACL) is finally disclosing a data breach from February 2022, exposing the medical records and sensitive information of 223,000 people. The company has yet to confirm any misuse of the stolen data, they have begun contacting all impacted clients that their data may be compromised. The ransomware gang Quantum Ransomware is responsible for the attack, uploading all 86GB of data stolen on their dark web website on June 14, 2022. ACL is claiming that they withheld disclosing this information to the public because based on their analysis the leak was too complicated to identify what clients were affected. Experts have been chiming in claiming nonsense, Sydney-based reporter Jeremy Kirk tweeting “examining the leaked data confirmed it was unstructured but not to the point of taking months to analyze”. This is yet another data breach in a string of Australian-based attacks, because of this, Australian lawmakers are proposing new data protection laws which give greater insight into breaches and fine companies for lacking data security.
I find it weird that ACL took so long, nine months, to disclose this information to the public. Within those nine months, lots of preventable damage could have been done if ACL had informed their customers of this breach. The article mentions this has been a recent problem in Australia due to less rigorous data protection laws. Companies like these need to take accountability informing their data holders of the potential danger they’re in rather than sweeping the problem under the rug.
Last Pass is a password management provider used by over 30 million people. It reported that a third party managed to infiltrate their network by accessing a compromised developer account. They managed to obtain proprietary property and source code. However, they were unable to obtain customers’ passwords. What I found fascinating about this article is the mechanisms and controls that Last Pass had in place which limited this data breach from getting worse. According to the article. “LastPass Development environment is physically separated from, and has no direct connectivity to, our Production environment. Secondly the Development environment does not contain any customer data or encrypted vaults. Thirdly, LastPass does not have any access to the master passwords of our customers’ vaults – without the master password, it is not possible for anyone other than the owner of a vault to decrypt vault data as part of our Zero Knowledge security model.”
Jill Brummer says
https://www.yahoo.com/entertainment/complacency-biggest-cyber-risk-not-230100475.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuYmluZy5jb20v&guce_referrer_sig=AQAAADNv2DzmpSEiZMiAqqvBEJwngpAzTsW4jkgQlknG6gua3Lc4DG2rQuextxjzCcS3tfHFLCWtY-aut6cOdkBgWhUKshFxlzQRKWOCV8n-X9qE9Bg5w6iJnNaC-Xxz7-g7n-CrrKVOHjzeDAekaoXl68wI85YMLAPC6wPTfhiofQdb
In the article, the Information Commissioner stated that hackers are not the biggest cyber risk to a company. A company that doesn’t do enough to protect itself against cyber risk is the biggest risk. A company must have the necessary controls in place to mitigate the risk. Without proper controls in place, a company opens itself up to cyber risk. Per the article, the Information Commissioner’s Office issued a warning by fining thee Interserv Group for failing to keep personal staff information secure, which is in breach of data protection law. Interserv didn’t have appropriate security measures in place to prevent a cyber-attack, which is how hackers gained access to 113K employees personal data done by a phishing email. Right now, cyber-attacks are a global concern. The Commissioner also stated that his office will fine companies if they do not have appropriate security measures in place, such as monitoring for suspicious activity, fail to act on warnings, not updating software and not providing training to staff.
Nicholas Foster says
https://www.theguardian.com/business/2022/oct/24/outsourcer-interserve-fined-4-point-4m-cyber-attack-failings-data-breach-personal-information
The article I have chosen to highlight this week speaks to a company in the U.K whose system failed to stop a phishing email that an employee downloaded, while a subsequent anti-virus alert was not properly investigated. The attack led to 283 systems and 16 accounts being compromised, it uninstalled Interserve’s anti-virus system and encrypted all current and former employees’ information. The construction company has been fined 4.4 million pounds or nearly 5 million USD. This attack is almost 2 years old but the “Information Commissioner’s Office (ICO) said Interserve Group broke data protection law because the company failed to put appropriate measures in place to prevent the cyber-attack.” They stated in the article this was the 4th largest fine ever and would not be lowering the fined amount due to the negligence on Interserve’s part. The article goes on to state that “Interserve used outdated software systems and protocols, had a lack of adequate staff training and insufficient risk assessments”. and that “it left employees vulnerable to the possibility of identity theft and financial fraud,”
Abayomi Aiyedebinu says
The article i chose this week is about several vulnerabilities in the Abode Systems iota All-In-One Security Kit. This kit includes a main security camera and hub that can alert users of unwanted movement in their homes. It also includes several motion sensors that can be attached to windows and doors. The vulnerabilities Talos discovered could lead to a variety of conditions, including providing attackers with the ability to change users’ login passwords, inject code onto the device, manipulate sensitive device configurations, and cause the system to shut down.
Cyber criminals can take advantage of these vulnerabilities leading to memory corruption, information disclosure and a denial of service.
https://blog.talosintelligence.com/2022/10/vuln-spotlight-abode-.html?&web_view=true
Kenneth Saltisky says
https://www.bleepingcomputer.com/news/security/thousands-of-github-repositories-deliver-fake-poc-exploits-with-malware/
Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept exploits for various vulnerabilities, some of which include malware. The researchers have discovered that the possibility of getting infected instead of obtaining a PoC could be as high as 10.3% excluding proven fakes and prankware. The researchers analyzed over 47,300 repositories advertising an exploit between 2017 and 2021 using IP address analysis, binary analysis through VirusTotal, and Hexadecimal and Base64 analysis. Of the 150,734 unique IPs extracted: over 2800 were on a matched blocklist, over 1500 were detected as malicious, and over 1000 were present in the AbuseIPDB database. In total, 4893 of the 47313 tested were deemed malicious with most concerning vulnerabilities from 2022.
In examining some of the malicious cases, researchers found different malware and scripts from RATs to Cobalt Strike. Some were found to contain malicious payloads flagged by VirusTotal while others were discovered to have inactive malicious components. As such, do not blindly trust repositories on GitHub and read and sandbox any code as well as utilize open-source intelligence tools like VirusTotal to examine code.
Matthew Stasiak says
https://www.helpnetsecurity.com/2022/10/21/medibank-hack-data-breach/
An attack on Medibank was noticed on October 12th when unusual activity was noticed on the network. They engaged multiple cyber security firms to isolate and move access to some customers in order to reduce the probability of data loss or more systems being damaged. Updated October 17th Medibank claims they contained the ransomware threat and on the 19th they confirmed that the attackers got in touch with claims that they have stolen data from the system. On October 20th Medibank confirmed that the threat was valid and began reaching out to affected customers although the number of customers was not released. The attack was said to be done through compromised user credentials.
Christa Giordano says
https://www.bleepingcomputer.com/news/security/see-tickets-discloses-25-years-long-credit-card-theft-breach/
This article is interesting because it took the organization so long to respond to a cyber breach/attack. The organization, See Tickets, a ticketing service provider disclosed a data breach of customer payment card information. The breach occurred on June 25, 2019 and was not discovered until April 2021. The organization launched an investigation in conjunction with a forensics firm but the full code was not removed from the site until January 2022 for a total of 2.5 years. The organization determined that credit card information may have been compromised by unauthorized individuals as a result of the investigation and in consultation with major credit card companies. The organization provided a notice to its impacted customers with guidance as to how to monitor and protect themselves, but they did not offer a free-of-charge identity protection service for the impacted customers. In addition, the organization has not disclosed who many customers were potentially impacted nor whether the hack was limited to the global site (which was confirmed) or also could have impacted regional sites. It appears this organization did not handle this security breach well.
David Vanaman says
https://thehackernews.com/2022/10/hackers-started-exploiting-critical.html
Security researchers at WordPress discovered that hackers have started exploiting a critical vulnerability in Apache Commons Text. This vulnerability, dubbed Text4Shell, is similar to the infamous Log4Shell that affected another Apache product, Log4j. The Text4Shell exploit has a patch available, and is rated a critical 9.8 CVE.
This exploit highlights a weakness in the software industry. Free open source tools such as Apache’s are incredibly useful and are included in all manner of projects and products. However, one of their biggest draws – they are free – also a major issue. Because there is no direct income from sales, the support and security for these products is generally the responsibility of a small team of volunteers or crowd sourced. Apache is a non-profit with some paid staff, but even so, they do not have the resources to rapidly address and push out fixes like a major software development house.
Maxwell ODonnell says
Australian Clinical Labs (ACL) is finally disclosing a data breach from February 2022, exposing the medical records and sensitive information of 223,000 people. The company has yet to confirm any misuse of the stolen data, they have begun contacting all impacted clients that their data may be compromised. The ransomware gang Quantum Ransomware is responsible for the attack, uploading all 86GB of data stolen on their dark web website on June 14, 2022. ACL is claiming that they withheld disclosing this information to the public because based on their analysis the leak was too complicated to identify what clients were affected. Experts have been chiming in claiming nonsense, Sydney-based reporter Jeremy Kirk tweeting “examining the leaked data confirmed it was unstructured but not to the point of taking months to analyze”. This is yet another data breach in a string of Australian-based attacks, because of this, Australian lawmakers are proposing new data protection laws which give greater insight into breaches and fine companies for lacking data security.
I find it weird that ACL took so long, nine months, to disclose this information to the public. Within those nine months, lots of preventable damage could have been done if ACL had informed their customers of this breach. The article mentions this has been a recent problem in Australia due to less rigorous data protection laws. Companies like these need to take accountability informing their data holders of the potential danger they’re in rather than sweeping the problem under the rug.
https://www.bleepingcomputer.com/news/security/australian-clinical-labs-says-patient-data-stolen-in-ransomware-attack/
Shepherd Shenjere says
Last Pass is a password management provider used by over 30 million people. It reported that a third party managed to infiltrate their network by accessing a compromised developer account. They managed to obtain proprietary property and source code. However, they were unable to obtain customers’ passwords. What I found fascinating about this article is the mechanisms and controls that Last Pass had in place which limited this data breach from getting worse. According to the article. “LastPass Development environment is physically separated from, and has no direct connectivity to, our Production environment. Secondly the Development environment does not contain any customer data or encrypted vaults. Thirdly, LastPass does not have any access to the master passwords of our customers’ vaults – without the master password, it is not possible for anyone other than the owner of a vault to decrypt vault data as part of our Zero Knowledge security model.”
https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/