Welcome to Cyber Security Today. This is the Week In Review edition for Friday December 11th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
With me this week for a look at the top data breaches of 2020 is Dinah Davis, vice-president of research and development at Arctic Wolf.
The hear this podcast click on the arrow below:
First a look at the top news from the past week:
People who fail to properly secure their databases are paying the price. According to the ZDNet news service more than 85,000 stolen SQL databases have been put up for sale on a dark web portal. The average cost for each is $500. These databases were likely stolen because their creators left them open on the Internet and failed to properly password-protect them. ZDNet says the haul is part of a database ransom scheme that’s been going on since the beginning of the year. Hackers are breaking into databases, copying the tables, deleting the originals and then demand money from victims to get their data back. Those who don’t pay will have their databases put up for sale to criminals.
The recently-created Egregor ransomware gang continues to catch unprepared victims. Among the latest is an international human resource consulting firm called Randstad. It said servers in the U.S., Italy, France and Poland were hit.
Also reportedly struck by ransomware was the Mexican operations of electronics manufacturer Foxconn, which makes components for a number of firms and owns the Sharp and Belkin brands. The Bleeping Computer news service says the DoppelPaymer gang has published what it says are stolen files from Foxconn. The ransom demand is reportedly $34 million.
And it’s been an embarrassing week for security vendor FireEye: The respected company admitted it was hacked by a highly sophisticated threat actor presumed to be an unnamed country. What it got away with were assessment tools FireEye uses to test customers’ defences. To make sure these aren’t used against organizations FireEye released 300 countermeasures that can detect the use of those tools to minimize their effect.
Turning to my guest this week, I asked Dinah Davis how she would describe 2020 from a cybersecurity perspective:
“I would call it the year of the breach,” she said. “The number of security attacks, the intensity of them, the size of them has increased dramatically. And there’s definitely been a theme with COVID around, using COVID as an attack vector and now using the vaccines as another attack vector. Things have really escalated this year.”
A number of the breaches to be discussed have things in common, she added: Many were initiated with social engineering attacks. “Social engineering still seems to be the main attack vector for many of the breaches. They’re really preying on people’s hopes, their fears and their ability to trust as a way to get into companies.”
The incidents of interest she picked were:
–the August hack of the SANS Institute, a leading provider of cybersecurity training and certification programs. It started with an employee falling for one phishing email that gave the hacker access to the victim’s Outlook account. By setting up an email forwarding rule the hacker received over 500 emails from that account which included personal information on thousands of people.
One way to prevent this type of attack, Davis said, is to monitor email there are no changes to forwarding settings unless you chose.
— the July hack of a consumer electronics manufacturer Garmin, which makes smartwatches fitness, trackers and navigation devices. One news report says that the company paid a $10 million ransom to get access to its data back.
That raises the question of whether a ransom should be paid. It has to be decided on a case by case basis, Davis said. If your organization decides it has to pay a ransom, she added, it should find a firm experienced with negotiating with the hackers. Often the price can be lowered.
— in October the FBI issued a public warning to the healthcare industry to expect COVID-19 related cyber attacks. These would use hacking tools like TrickBot. Davis noted the FBI helpfully disclosed many common file names for the malware and common domains that the malware used, allowing security vendors and IT departments to block them. The warning was an other indication of how criminals were taking advantage of the pandemic.
— in August crooks stole student information from a Las Vegas-area county school district, including social security numbers as part of a ransomware attack. In this case the school district decided not the pay the ransom. That led the hackers to leak student records it had copied. That tied to a major ransomware trend in 2020, Davis said.
— one of the biggest international events took place in July was the hack of many Twitter accounts of well-known people to push a Bitcoin scam. Three people have been charged with being behind the attack by persuading a small number of Twitter employees by phone to change account passwords. One of the lessons, Davis said, is a telephone can be just as good a vehicle for a cyber attack as email.
— the recent spread of warnings that state-sponsored hackers are trying to steal data on COVID-19 vaccines from biomedical research firms. It points to the need of the medical community to patch software as soon as security updates are available, Davis said.
— finally, in another COVID related incident World Health Organization was victimized by hackers called Dark Hotel who created a fake email system and portal to gain inside information. Fortunately, Davis said, the scheme was unveiled before it did any damage by a man who watches domain name registrations.
Arctic Wolf will go into more detail about these incidents next week. Meanwhile to hear more about our conversation listen to the full podcast.