The article points out several reasons why supply chain security is weaker than many think. This includes that enterprise networks have too many moving parts, which makes it difficult to monitor and control. Similarly, third party risk evaluations are not comprehensive enough, as demonstrated by the SolarWinds incident. This is important as supply chain security poses a huge risk for enterprises that can have disastrous effects with large reaches. This highlights the need to re-consider the security variables in supply chain management.
Last Friday a water treatment facility in Florida was breached and the adversary attempted to make modifications to the water by increasing the sodium hydroxide amount which could of had deadly implications. The adversary accessed the treatment plant’s supervisory control and data acquisitions (SCADA) system via a TeamViewer software installed on multiple computers at the plant and were also connected to the SCADA system. After an investigation it was determined that the computers this software was installed on were running Windows 7 32-bit, shared the same password for remote access, and were exposed to the Internet with no firewall protection. Windows 7’s end-of-life was in January 2020 and is no longer receiving security updates from Microsoft. Thankfully, an employee of the treatment plant noticed the intrusion and took the proper steps to reverse the increase of sodium hydroxide.
This article talks about a breach of data at the Florida water treatment facility last Friday due to inadequate security measures that we always discuss in class. Luckily, the breach was unsuccessful but the attacker was trying to increase sodium dosage in the water supply to dangerous levels by remoting accessing the system at the water treatment plant. The system operator was able to catch the intrusion before the command took place. The attack was done via “TeamViewer” software installed on one of the computers that were connected to the control system, then took over the supervisory control and data acquisition system to make malcicious changes. The computers were vulrenable because tehy were running 32-bit versions of Windows 7, now outdated, but also the machines had the same passwords for remote access and no firewall protection in place. This shows the importance of keeping computers, devices, and applications up to date. Windows 7 reached end of life status January 14, 2020 so hackers are exploiting small companies who dont have the IT infrastructure that can handle these attacks.
CISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted. The agency also noted that phishing and possibly a “pass-the-cookie” attack have been the primary attack vectors for the cloud attacks. An attacker would need to convince a user to click on a phishing email or otherwise compromise a user’s system, after which it’s possible to execute code on the machine. A simple command would allow an attacker to extract the appropriate cookie.
Yandex, the most used search engine in Russia and the fifth most popular search engine worldwide discovered that one of its employees was providing unauthorized access to users’ mailboxes for personal gain. This employee was one of the system administrators with access privileges to provide technical support for mailboxes. The company discovered that the data breach impacted 4000+ email accounts, during a routine screening by its security team, but has stressed that no payment details has been compromised and it has already blocked the unauthorized access to compromised mailboxes. Yandex joins ADT, Cisco, and Amazon in the latest data breach by an internal threat actor.
The teenager who launched several DDoS attacks on the Miami-Dade School District at the beginning of the school year avoided jail time in a plea deal. The 17-year-old confessed to launching eight different DDoS attacks on the district’s online learning platform. He used an online application to send the attacks, which brought down parts of the district’s network and disrupted the start of the school year.
An article published in the Tech Republic showed a 21.3 million healthcare records were compromised in the second half of 2020, which was a 177% increase from the first half of the year with 7.7 million records breached. The breaches cover hospitals to research labs and rehabilitation facilities. Hospitals made compromises in security to shift focus and resources to COVID responses.
How Pandemic Accelerated Convergence of Network, Security
The combination of network and security have become vital to cloud access and working remotely. Although they are both different entities, they are still part of the same team. There’s been a conflict between the 2 for more than a decade, but because of COVID-19 taking place, being able to unite them has become a priority in order to have better protection. Arista Networks, a networking company merged with Awake Security company that does network detection and responds to cloud glitches. Cisco, a network and security firm collaborated with AppDynamics which provides all around protection for applications; it only had outside protection previously. Fortinet a well-known security corporation merged with SD-WAN a network connectivity organization, that now provides high-speed application performance among different network environments.
Celeb SIM-Swap Crime Ring Stole $100M from U.S. Victims
On February 11 2021, A Celebrity SIM-Swap Crime Ring Stole $100M from U.S. Victims. Eight people in the U.K. were arrested in connection with the crime ring, A handful of suspects remain at large. In a typical SIM-swapping attack, attackers use stolen, or phished personal information – including, person’s mobile phone number to impersonate a target. They contact the victim’s mobile carrier (Which is easily discovered with an online search) and the attacker asks the provider to port the line to a different SIM card/device which is controlled by the attackers. In result all incoming calls and texts are re-routed to the fraudsters. This approach allows crooks to bypass SMS-based two-factor
authentication (2FA). From there, it’s easy to use the previously phished information to gain access to and take over online/mobile banking or other high-value accounts. This enabled them to steal money, cryptocurrencies and personal information, including contacts synced with online accounts,” They also hijacked social-media accounts to post content and send messages as the victim.”
“Cybersecurity experts warn hackers may try to disrupt vaccine distribution systems”
The article I choose is about how pharmacies are starting to ramp up security against bots. These bots would be used to disrupt the vaccination scheduling and impair Americans from getting their vaccines.
The researchers say that they have been able to greatly improve the ability to read data from digital memory due to a phenomenon called “quantum entanglement.” This research shows how to solve the problem by resorting to more complex light sources, for example, due to the increase in disk speed, energy fluctuations will hinder the correct retrieval of the alignment and introduce too many errors. The use of quantum entanglement completely eliminates unnecessary fluctuations. This solution also paves the way for non-invasive, ultra-sensitive measurements by greatly reducing the optical power without reducing the amount of information recovered from the system. Professor Stefano Pirandola said: “The experiment finally shows how we can use quantum entanglement to better read information from storage devices and other physical systems.”
Research on 30 mobile health (mHealth) apps revealed a variety of large security holes affecting many of the apps, putting users’ health records at risk of attack. Based on research from Approov, 77 percent of the apps have hardcoded API keys and 7 percent even have hardcoded usernames and passwords written into the app. All 30 are missing certificate pinning to ward against man-in-the-middle threats, and 50 percent don’t authenticate API requests with tokens.
Since medical records are some of the most valuable data available criminally on the internet, it is particularly shocking that there are such vast problems with mHealth apps. According to the article, it is key that app developers recognize the security risks of mobile APIs, and must adopt a paradigm that places API security at the center of app development.
There were a couple of really interesting points made in this article. The article was not about one event, but rather the trends noted in DDoS attacks in 2020. The first thing that stood out to me was that there has been a rise in RDDoS (ransom-related DDoS), where threats of DDoS attacks are preceded by ransom demands. This highlights a rise in financially motivated attacks. A second thing that stood out to me was that there is an increasing trend in DDoS attacks that are targeting not just the web-facing applications of a company, but their infrastructure, APIs, and DNS servers. With these critical elements becoming the subject of DDoS attacks, it is leading to attacks with longer duration of outages. A third point that stood out was that there is a relatively new technique called the NXNSAttack, which can cause a DNS server to perform thousands of requests based on just one request being sent by a hacker. This highlights that it does not take a lot of manpower or equipment to execute impactful DDoS attacks. The final thing that was interesting was that the trend has been toward shorter attack length with greater packet per second volume and with the rise of even faster broadband speeds with 5G, this is expected to only continue.
One of the largest and most sophisticated cyberattacks ever happened occurred last year known as the SolarWinds hack. According to the article, SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy, and Commerce Departments, which affected thousands of business and governmental agencies. The attack is believed to actually continuing happening today. If it was not for FireEye, perhaps no one would have discovered this mega cyber attack. The attack spread via software update distributed by the company SolarWinds. It is believed that Russian hackers were able to obtain confidential information from US agencies such as the US Treasury and US Justice Dept. as well as the business of Microsoft and Cisco.
Myanmar’s proposed cybersecurity bill draws wide condemnation
The ruling military of Myanmar recently proposed a new cybersecurity bill that is getting widespread scrutiny. This bill gives them the ability to access all user data. It also gives the government the ability to block “Fake news”, which will be determined by the government. Finally, the bill proposes that all data be stored by the government on government facilities. The justification, provided by the military government, for this bill is that it will slow down cyber crime. Many are condemning the bill, as it has very vague language that gives the government the power to do essentially whatever it wants. Human rights watch has spoken out strongly against the bill.
In my opinion, this bill would be a disaster. This sounds like something from 1984. Giving the government the ability to determine what is and isn’t fake news could lead to many bad things.
“Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities”
It was recently discovered that an IT monitoring tool Centreon, network monitoring software developed by the French company also called Centreon, has been exploited over a three-year period by Sandworm, a Russian hacker group. These attacks breached several French entities and impacted web-hosting providers. A backdoor was dropped via a webshell on several Centreon servers and the malware discovered included a webshell called PAS and another called Exaramel. PAS can access files operations such as searches, run arbitrary PHP commands, and can run brute-force password attacks against FTP and MySQL (for example). Exaramel provides remote administration functionality and includes shell command execution and copying files to and fro between an attacker-controlled server and the infected system. To date, it is still not clear on how many organizations have been impacted by this breach. The article also provides a reminder that since the Solar Winds attack, monitoring systems have become a target for hackers and urges organizations to update applications as soon as patches are available and to not expose these system web interfaces to the internet or to restrict access.
This article explains that DDos Attacks have decreased 31% in the 4th quarter of 2020. The hackers have been using crypto mining more than DDos. This could be due to the increased value in cryptocurrency. Although the decrease was 31%, DDOS attacks were still 10% higher than the same time frame in 2019, This article is deceiving in saying that the DDOS attacks have decreased when overall they are still increasing. If the value of cryptocurrency will decrease i would think that DDOS attacks will increase again.
This article emphasizes how DDOS attacks increased due to COIVD. Attackers took advantage of the increase in individuals working from home. The article also mentions industries such as health care, education, and e-commerce who were forced to go digital were among those who were hit the hardest. It mentions that attackers will continue to exploit this vulnerability as well as others that may arise as a result of the increased reliance on technology. Security professionals must remain vigilant and beef up security and monitoring.
Taylor Trench says
Supply chain security is actually worse than we think
https://www.zdnet.com/article/supply-chain-security-is-actually-worse-than-we-think/
The article points out several reasons why supply chain security is weaker than many think. This includes that enterprise networks have too many moving parts, which makes it difficult to monitor and control. Similarly, third party risk evaluations are not comprehensive enough, as demonstrated by the SolarWinds incident. This is important as supply chain security poses a huge risk for enterprises that can have disastrous effects with large reaches. This highlights the need to re-consider the security variables in supply chain management.
Nicholas Fabrizio says
URL: https://thehackernews.com/2021/02/poor-password-security-lead-to-recent.html
Title: Poor Password Security Led to Recent Water Treatment Facility Hack
Last Friday a water treatment facility in Florida was breached and the adversary attempted to make modifications to the water by increasing the sodium hydroxide amount which could of had deadly implications. The adversary accessed the treatment plant’s supervisory control and data acquisitions (SCADA) system via a TeamViewer software installed on multiple computers at the plant and were also connected to the SCADA system. After an investigation it was determined that the computers this software was installed on were running Windows 7 32-bit, shared the same password for remote access, and were exposed to the Internet with no firewall protection. Windows 7’s end-of-life was in January 2020 and is no longer receiving security updates from Microsoft. Thankfully, an employee of the treatment plant noticed the intrusion and took the proper steps to reverse the increase of sodium hydroxide.
Quynh Nguyen says
This article talks about a breach of data at the Florida water treatment facility last Friday due to inadequate security measures that we always discuss in class. Luckily, the breach was unsuccessful but the attacker was trying to increase sodium dosage in the water supply to dangerous levels by remoting accessing the system at the water treatment plant. The system operator was able to catch the intrusion before the command took place. The attack was done via “TeamViewer” software installed on one of the computers that were connected to the control system, then took over the supervisory control and data acquisition system to make malcicious changes. The computers were vulrenable because tehy were running 32-bit versions of Windows 7, now outdated, but also the machines had the same passwords for remote access and no firewall protection in place. This shows the importance of keeping computers, devices, and applications up to date. Windows 7 reached end of life status January 14, 2020 so hackers are exploiting small companies who dont have the IT infrastructure that can handle these attacks.
https://thehackernews.com/2021/02/poor-password-security-lead-to-recent.html
Wei Liu says
Cloud Attacks Are Bypassing MFA, Feds Warn
CISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted. The agency also noted that phishing and possibly a “pass-the-cookie” attack have been the primary attack vectors for the cloud attacks. An attacker would need to convince a user to click on a phishing email or otherwise compromise a user’s system, after which it’s possible to execute code on the machine. A simple command would allow an attacker to extract the appropriate cookie.
https://threatpost.com/cloud-attacks-bypass-mfa-feds/163056/
Lakshmi Surujnauth says
“Yandex Data Breach Exposes 4K+ Email accounts”
Yandex, the most used search engine in Russia and the fifth most popular search engine worldwide discovered that one of its employees was providing unauthorized access to users’ mailboxes for personal gain. This employee was one of the system administrators with access privileges to provide technical support for mailboxes. The company discovered that the data breach impacted 4000+ email accounts, during a routine screening by its security team, but has stressed that no payment details has been compromised and it has already blocked the unauthorized access to compromised mailboxes. Yandex joins ADT, Cisco, and Amazon in the latest data breach by an internal threat actor.
https://threatpost.com/yandex-data-breach-email-accounts/163960/
Jonathan Mettus says
The teenager who launched several DDoS attacks on the Miami-Dade School District at the beginning of the school year avoided jail time in a plea deal. The 17-year-old confessed to launching eight different DDoS attacks on the district’s online learning platform. He used an online application to send the attacks, which brought down parts of the district’s network and disrupted the start of the school year.
https://www.local10.com/news/local/2021/02/12/teen-who-hacked-miami-dade-schools-wont-go-to-jail/
Xiduo Liu says
An article published in the Tech Republic showed a 21.3 million healthcare records were compromised in the second half of 2020, which was a 177% increase from the first half of the year with 7.7 million records breached. The breaches cover hospitals to research labs and rehabilitation facilities. Hospitals made compromises in security to shift focus and resources to COVID responses.
Xiduo Liu says
The article also laid out some items healthcare providers can take advantage such as identity access management systems to reduce the complexity and mitigate the flux in employees. Also, contract reviews with providers to ensure the proper data collection and retention. You can read more here: https://www.techrepublic.com/article/177-increase-hackers-grabbed-21-3-million-healthcare-records-in-the-second-half-of-2020/
Christopher Clayton says
How Pandemic Accelerated Convergence of Network, Security
The combination of network and security have become vital to cloud access and working remotely. Although they are both different entities, they are still part of the same team. There’s been a conflict between the 2 for more than a decade, but because of COVID-19 taking place, being able to unite them has become a priority in order to have better protection. Arista Networks, a networking company merged with Awake Security company that does network detection and responds to cloud glitches. Cisco, a network and security firm collaborated with AppDynamics which provides all around protection for applications; it only had outside protection previously. Fortinet a well-known security corporation merged with SD-WAN a network connectivity organization, that now provides high-speed application performance among different network environments.
https://www.eweek.com/networking/how-pandemic-accelerated-convergence-of-network-security
Kyuande Johnson says
Celeb SIM-Swap Crime Ring Stole $100M from U.S. Victims
On February 11 2021, A Celebrity SIM-Swap Crime Ring Stole $100M from U.S. Victims. Eight people in the U.K. were arrested in connection with the crime ring, A handful of suspects remain at large. In a typical SIM-swapping attack, attackers use stolen, or phished personal information – including, person’s mobile phone number to impersonate a target. They contact the victim’s mobile carrier (Which is easily discovered with an online search) and the attacker asks the provider to port the line to a different SIM card/device which is controlled by the attackers. In result all incoming calls and texts are re-routed to the fraudsters. This approach allows crooks to bypass SMS-based two-factor
authentication (2FA). From there, it’s easy to use the previously phished information to gain access to and take over online/mobile banking or other high-value accounts. This enabled them to steal money, cryptocurrencies and personal information, including contacts synced with online accounts,” They also hijacked social-media accounts to post content and send messages as the victim.”
https://www.newsbreak.com/news/2161455257515/authorities-bust-sim-swap-ring-they-say-took-millions-from-the-rich-and-famous
Panayiotis Laskaridis says
“Cybersecurity experts warn hackers may try to disrupt vaccine distribution systems”
The article I choose is about how pharmacies are starting to ramp up security against bots. These bots would be used to disrupt the vaccination scheduling and impair Americans from getting their vaccines.
https://wgntv.com/news/coronavirus/cybersecurity-experts-warn-hackers-may-try-to-disrupt-vaccine-distribution-systems/
To-Yin Cheng says
Researchers improve data readout by using ‘quantum entanglement’
https://www.sciencedaily.com/releases/2021/01/210121132030.htm
The researchers say that they have been able to greatly improve the ability to read data from digital memory due to a phenomenon called “quantum entanglement.” This research shows how to solve the problem by resorting to more complex light sources, for example, due to the increase in disk speed, energy fluctuations will hinder the correct retrieval of the alignment and introduce too many errors. The use of quantum entanglement completely eliminates unnecessary fluctuations. This solution also paves the way for non-invasive, ultra-sensitive measurements by greatly reducing the optical power without reducing the amount of information recovered from the system. Professor Stefano Pirandola said: “The experiment finally shows how we can use quantum entanglement to better read information from storage devices and other physical systems.”
Mitchell Dulaney says
“mHealth Apps Expose Millions to Cyberattacks”
Research on 30 mobile health (mHealth) apps revealed a variety of large security holes affecting many of the apps, putting users’ health records at risk of attack. Based on research from Approov, 77 percent of the apps have hardcoded API keys and 7 percent even have hardcoded usernames and passwords written into the app. All 30 are missing certificate pinning to ward against man-in-the-middle threats, and 50 percent don’t authenticate API requests with tokens.
Since medical records are some of the most valuable data available criminally on the internet, it is particularly shocking that there are such vast problems with mHealth apps. According to the article, it is key that app developers recognize the security risks of mobile APIs, and must adopt a paradigm that places API security at the center of app development.
https://threatpost.com/mhealth-apps-millions-cyberattacks/163966/
Megan Hall says
“Ransom Related DDoS Attacks Rise from the Dead as Attack Vectors Diversify”
https://portswigger.net/daily-swig/ransom-related-ddos-attacks-rise-from-the-dead-as-attack-vectors-diversify#:~:text=Common%2C%20low%2Deffort%20ransom%20DDoS,attacks%20targeting%20websites%20and%20applications.
There were a couple of really interesting points made in this article. The article was not about one event, but rather the trends noted in DDoS attacks in 2020. The first thing that stood out to me was that there has been a rise in RDDoS (ransom-related DDoS), where threats of DDoS attacks are preceded by ransom demands. This highlights a rise in financially motivated attacks. A second thing that stood out to me was that there is an increasing trend in DDoS attacks that are targeting not just the web-facing applications of a company, but their infrastructure, APIs, and DNS servers. With these critical elements becoming the subject of DDoS attacks, it is leading to attacks with longer duration of outages. A third point that stood out was that there is a relatively new technique called the NXNSAttack, which can cause a DNS server to perform thousands of requests based on just one request being sent by a hacker. This highlights that it does not take a lot of manpower or equipment to execute impactful DDoS attacks. The final thing that was interesting was that the trend has been toward shorter attack length with greater packet per second volume and with the rise of even faster broadband speeds with 5G, this is expected to only continue.
Elias Harake says
One of the largest and most sophisticated cyberattacks ever happened occurred last year known as the SolarWinds hack. According to the article, SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy, and Commerce Departments, which affected thousands of business and governmental agencies. The attack is believed to actually continuing happening today. If it was not for FireEye, perhaps no one would have discovered this mega cyber attack. The attack spread via software update distributed by the company SolarWinds. It is believed that Russian hackers were able to obtain confidential information from US agencies such as the US Treasury and US Justice Dept. as well as the business of Microsoft and Cisco.
https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-02-14/
Charlie Corrao says
Myanmar’s proposed cybersecurity bill draws wide condemnation
The ruling military of Myanmar recently proposed a new cybersecurity bill that is getting widespread scrutiny. This bill gives them the ability to access all user data. It also gives the government the ability to block “Fake news”, which will be determined by the government. Finally, the bill proposes that all data be stored by the government on government facilities. The justification, provided by the military government, for this bill is that it will slow down cyber crime. Many are condemning the bill, as it has very vague language that gives the government the power to do essentially whatever it wants. Human rights watch has spoken out strongly against the bill.
In my opinion, this bill would be a disaster. This sounds like something from 1984. Giving the government the ability to determine what is and isn’t fake news could lead to many bad things.
https://www.zdnet.com/article/myanmars-proposed-cybersecurity-bill-draws-wide-condemnation/
Christa Giordano says
“Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities”
It was recently discovered that an IT monitoring tool Centreon, network monitoring software developed by the French company also called Centreon, has been exploited over a three-year period by Sandworm, a Russian hacker group. These attacks breached several French entities and impacted web-hosting providers. A backdoor was dropped via a webshell on several Centreon servers and the malware discovered included a webshell called PAS and another called Exaramel. PAS can access files operations such as searches, run arbitrary PHP commands, and can run brute-force password attacks against FTP and MySQL (for example). Exaramel provides remote administration functionality and includes shell command execution and copying files to and fro between an attacker-controlled server and the infected system. To date, it is still not clear on how many organizations have been impacted by this breach. The article also provides a reminder that since the Solar Winds attack, monitoring systems have become a target for hackers and urges organizations to update applications as soon as patches are available and to not expose these system web interfaces to the internet or to restrict access.
https://thehackernews.com/2021/02/hackers-exploit-it-monitoring-tool.html
Michael Doherty says
DDOS Attacks have decreased!
This article explains that DDos Attacks have decreased 31% in the 4th quarter of 2020. The hackers have been using crypto mining more than DDos. This could be due to the increased value in cryptocurrency. Although the decrease was 31%, DDOS attacks were still 10% higher than the same time frame in 2019, This article is deceiving in saying that the DDOS attacks have decreased when overall they are still increasing. If the value of cryptocurrency will decrease i would think that DDOS attacks will increase again.
https://threatpost.com/ddos-attacks-q4-cryptomining-resurgence/163998/
Ashleigh Williams says
DDoS Attacks Surge in 2020 Due to #COVID19
This article emphasizes how DDOS attacks increased due to COIVD. Attackers took advantage of the increase in individuals working from home. The article also mentions industries such as health care, education, and e-commerce who were forced to go digital were among those who were hit the hardest. It mentions that attackers will continue to exploit this vulnerability as well as others that may arise as a result of the increased reliance on technology. Security professionals must remain vigilant and beef up security and monitoring.
https://www.infosecurity-magazine.com/news/ddos-surge-202-covid/