To keep up with the firehose of news and press releases, we’ve decided to deliver some extra news to you on the side every Monday and Thursday morning. Some of it is an extension of our own reporting that didn’t make its way into a story, while others might be content we’ve bookmarked for later reading and thought of sharing with you. We’re doing a similar thing at Channel Daily News – check it out here. You can also view our previous ITWC Morning Briefing here. Today’s briefing is delivered by ITWC editorial director Alex Coop.
What you need to know, right now
It’s what you need to know right now in the world of IT and tech – ’nuff said.
From The Wall Street Journal – Twitter, TikTok Have Held Preliminary Talks About Possible Combination [FULL STORY]
Twitter has had preliminary talks about a potential combination with TikTok, the popular video-sharing app that the Trump administration has declared a national-security threat due to its Chinese ownership, according to people familiar with the matter.
Experts chime in about that nasty Reddit hack
By compromising moderator accounts, hackers were able to post Make America Great Again campaign banners and other pro-Trump signage all over at least 70 popular subreddits on Aug. 7. This isn’t the first time Reddit has been hacked. Back in 2017, Reddit got compromised thanks to some shoddy two-factor authentication. A number of experts offered insights via email about the latest attack on Reddit.
Zack Allen, director of threat intelligence at ZeroFOX
The mod support thread from Reddit shows that Reddit believes moderator accounts were compromised from those subreddits. They recommend that moderators of these separate subreddits to check for signs of compromise, as well as turn 2FA on. Due to the ecosystem of Reddit, most of these popular subreddits are actually ran by volunteers, which makes it tough for Reddit to enforce certain security requirements as it currently stands. From what it looks like, it’s a coordinated campaign targeting moderators of these popular subreddits. The accounts were probably compromised from a credential stuffing attack (reused passwords from well-known breaches, like the ones from ShinyHunters and/or GnosticPlayers), phishing or a combination of both.
Mark Sangster, vice-president and industry security strategist at eSentire
The Reddit hack follows on the heels of hacks against specific, high-profile Twitter accounts and YouTube. Similar to the Twitter attack, the Reddit cyber assault appears to target numerous high-profile subreddit (special interest channels).
Like all cyber attacks, the details slowly emerge. Without direct line of sight, it is difficult to determine the root cause and factors. However, mismanaged data dumps, stolen credentials through harvesting, and tricking insiders into relinquishing credentials are top methods.
Given that moderator accounts appear to be hacked, this is likely the result of a concentrated phishing campaign to harvest the credentials of Reddit moderators with privileges to change and modify their specific subreddits. It’s a tried and tested method used by cyber criminals and activists. It starts with cultural engineering, posing as an industry or business insider, to circumvent traditional trust controls, and establish instant rapport. Assumed an insider, targets relax their guard and often fall prey. It demonstrates an investment on the part of the criminal to learn the jargon, procedures and ecosystem of the target industry or entity.
In the case that non-public systems or accounts were tampered with, it reeks of what we call hands-on-keyboard attacks. Once the legitimate credentials are stolen, they are used to access the business through the security controls, such as encrypted private networks and remote access tools. Once inside, these doppelgangers create new accounts with privileged administrative rights and move around the system as any legitimate employee would. This is called living-off-the-land and it’s extremely hard to detect with the naked eye. It takes detailed scrutiny, at the microscopic level, to detect and stop.
This serial attack on social outlets highlights the risks of carrying politically-charged content. Even as agnostic news aggregators and carriers, organizations that provide platforms for free speech and political content are likely to be targeted more frequently leading up to the U.S. presidential election this year. While the Twitter hackers were arrested last week, it’s clear that their tools and methodologies have been shared and made an impression on the hacker community, are easy to use, and will be tested more frequently against major platforms.
We are likely in for a bumpy ride when it comes to misinformation, subversion and tampering in this election season. This establishes a new norm to which we have to adapt, and seek new ways to assess candidates and establish what we consider the facts. It seems virtual reality is less about avatars, simulated senses, and alien worlds and instead, it’s about the Black Mirror world of liquid identities, fluid facts and nebulous truths. In essence, this virtual world has less and less substance to which we can anchor our values and assess our options.
What’s worse, Reddit’s has a history of being hacked, and was called out for not having multi-factor authentication (MFA), considered a tablestake of cybersecurity. Assuming the organization adjusted their program to include MFA and other security improvements, it becomes imperative to publicly establish root causes and contributing factors so other firms can learn from this event and avoid the same fate.
Organizations can reduce their risk:
- Evaluate your participation in high-risk activities or associations (politically charged topics, products or clients, locations in destabilized regions, etc.) and consider how to address the risk through cybersecurity programs.
- Do the basics: proper password hygiene paired with multi-factor authentication, encrypt data and remote connections (use a VPN), user Identity and Access Management tools (IAM) to further control user privileges, and restrict administrative rights.
- Consider using Privileged Access Management (PAM) to further restrict and monitor administrative activities and remove privilege from basic password-based security.
- Heighten monitoring of sensitive information and high profile employees.
- Restrict access to sensitive information about the high-profile client.
- Ask yourself: Is the business worth the cyber risk? Sometimes it’s not.”
In case you missed it
The recent news that we maybe didn’t get to yet, or it’s the news we’ve reported on and feel is worth resurfacing. Sometimes we’ll also feature awesome stories from other publications.
Reddit wasn’t alone in getting hacked last week. Intel is investigating a security breach after earlier 20 GB of internal documents, with some marked “confidential” or “restricted secret,” were uploaded online on file-sharing site MEGA. According to ZDNet, the data was published by Till Kottmann, a Swiss software engineer, who said he received the files from an anonymous hacker who claimed to have breached Intel earlier this year. CEO of Minerva Labs, Eddy Bobritsky had this to say about the hack in an email:
Evasive threats, those that evade your security solutions, together with a ransomware attack which are evasive as well, typically show their results, week after week. There will be more attacks to come, and they will be bigger and stronger.
Did you ask yourself what security solutions does Intel use? How big is their cybersecurity budget? Do they use Palo Alto? CrowdStrike? McAfee? Microsoft? CheckPoint? All of them? How can such a breach even be possible? The answer is sad, but simple – none of these vendors build to deal with evasive threats or with a prevention-first approach. They must detect malicious activity fist, and only then can they respond. And that means that by the time they detect it, it’s too late.
Canada Learning Code unveiled a new national computer science education framework designed to for students from kindergarten to Grade 12. The non-profit organization unveiled the new framework last week, and you can read it in its entirety here.
Samsung’s annual August announcement extravaganza, Galaxy Unpacked, took a mystical turn this year when it unveiled its newest devices in a colour palette that included signature colour Mystic Bronze, plus Mystic White, Mystic Black, Mystic Grey, Mystic Silver, and Mystic Green. Canada will see all colours on one device or another.
From IT World Canada – Persistent memory – reshaping advanced analytics to improve customer experiences [FULL BLOG POST]
Keeping hot data closer to the CPU has become increasingly difficult in these capacity-limited situations.
From IT Business Canada – Coffee shop owner says Shopify saved her business, suggests other business owners take advantage of free tools [FULL STORY]
The impact of COVID-19 has been especially hard on businesses that rely on foot traffic for their survival. Nia Bangala, owner of a coffee shop Congo Coffee in downtown Toronto that had to be shut down because of the pandemic, says it’s time for every brick and mortar business owner to push themselves to move their operations online with the help of partners like Shopify.