Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for the ‘cyber security’ Category

An Ounce of Cyber Prevention

leave a comment »

IBM’s X-Force IRIS incident response team has published new research based on recent cyberattacks they’ve been asked to assist on and are reporting that cyberattacks designed to cause damage have doubled in the past six months and that 50 percent of those organizations affected are in manufacturing.

Physical, meet digital.

Some of the malicious code — including Industroyer, NotPetya, Stuxnet, among others – aren’t just looking or stealing. These are search and destroy missions.

From the report:

In the past, destructive malware was primarily used by sophisticated nation-state actors, but new analysis from X-Force’s incident response data has found that these attacks are now becoming more popular among cybercriminal attackers, with ransomware attacks including wiper elements to increase the pressure on victims to pay the ransom. As a result of this expanding profile, X-Force IRIS noted a whopping 200 percent increase in the amount of destructive attacks that our team has helped companies respond to over the past six months (comparing IBM incident response activities in the first half of 2019 versus the second half of 2018).

Other key findings:

An analysis of real-world incident response data from X-Force IRIS paints a picture of the devastating effects of these attacks on companies. A few of the key findings include:

  • Massive destruction, massive costs: Destructive attacks are costing multinational companies $239 million on average. As a point of comparison, this is 61 times more costly than the average cost of a data breach ($3.92 million).
  • The long road to recovery: The debilitating nature of these attacks requires a lot of resources and time to respond and remediate, with companies on average requiring 512 hours from their incident response team. It’s also common for organizations to use multiple companies to handle the response and remediation, which would increase hours even further.
  • RIP laptops: A single destructive attack destroys 12,000 machines per company on average — creating quite a tab for new devices in order to get companies’ workforce back in action.

What You Can Do With An Ounce of Prevention

  • Test your response plan under pressure. Use of a well-tailored tabletop exercise and a cyber range can ensure that your organization is ready at both tactical and strategic levels for a destructive malware attack.
  • Use threat intelligence to understand the threat to your organization. Each threat actor has different motivations, capabilities and intentions, and threat intelligence can use this information to increase the efficacy of an organization’s response to an incident.
  • Engage in effective defense in depth. Incorporate multiple layers of security controls across the entire Cyberattack Preparation and Execution Framework.
  • Implement multifactor authentication (MFA) throughout the environment. The cost-benefit of MFA is tough to overstate, providing significant cybersecurity benefit in reducing the value of stolen or guessed passwords dramatically.
  • Have backups, test backups and offline backups. Organizations should store backups apart from their primary network and only allow read, not write, access to the backups.
  • Consider an action plan for a quick, temporary business functionality. Organizations that have been able to restore even some business operations following a destructive attack have fared better than their counterparts.
  • Create a baseline for internal network activity and monitor for changes that could indicate lateral movement

If you find yourself in a cyberemergency, you can reach IBM Security at 888-241-9812 in the US and Canada, or (001) 312-212-8034 outside the US.

Written by turbotodd

August 6, 2019 at 1:09 pm

What’s In Your Wallet?

leave a comment »

“What’s in your wallet?”

Too soon?

The Capital One hack, a breach of 106M U.S. and Canadian customers, gave me flashbacks of the Equifax hack…you know, the one that led so many of us to freeze our credit reports.

What we know so far: A female software engineer in Seattle hacked into a server holding customer information for Capital One and obtained over 100M credit applications, as well as 1M+ Canadian social insurance numbers.

The New York Times is reporting that the bank expected the breach to cost up to $150M, including credit monitoring costs for affected customers.

The Capital One hacker, one Paige Thompson, was a former employee of Amazon Web Services and dropped signals in online fora and Slack that she might be the person behind the hack.

Back to Equifax: Just last week that company settled claims from the 2017 data breach for roughly $650M.

What’s in Capital One’s wallet? Ask again once the regulators are through with them.

Written by turbotodd

July 30, 2019 at 9:35 am

Who Turned Out The Lights?

leave a comment »

Happy Monday!

Okay, golf fans out there, how about that U.S. Open?  Hats off to Gary Woodland, who held off the always lurking Brooks Koepka (and previous two-years-in-a-row U.S. Open winner) and fastidious Justin Rose to win his first ever major championship.

And there was hardly any bitching about the conditions of the venue, Pebble Beach, which I consider to be a good sign (i.e., no out of control rough, crazy fast greens, streaking fans…okay, that last one I made up just to see if I have your attention).

Of course, it’s kind of hard to bitch much about Pebble Beach — I’ve never been there in person, but even on TV it’s breathtaking.

Now, if you happened to be at a Target over the weekend trying to buy some merch, you might have had reason to bitch. For two days in a row, Target experienced a register outage that caused long lines and forced some customers to pay with cash.

You remember cash, right? That green stuff issued by the Federal Reserve that has pictures of past presidents and stuff on it?

Target shares are down more than 1.5% today as investors figured the missing weekend cash into the investment equation. The Wall Street Journal “Morning Download” email newsletter this morning cited Target as explaining the incident wasn’t security related, but rather blamed the outage on a data center issued related to “routine maintenance.” 

Tell me about those self-driving cars, again?  You know, the ones inextricably linked to the same clouds that are running the Target cash registers??

It could have been worse. You could have been trying to do the tango in Argentina (and Paraguay…and Uruguay…and parts of Chile…and Brazil). The power went off and left tens of millions in darkness for several hours on Sunday, and nobody seems to know why.

This as The New York Times on Sunday reported that the U.S. is escalating cyber attacks on Russia’s electric power grid and has placed potentially crippling malware inside the Russian system. Moscow responded today by saying such hacks could escalate into a cyberwar with the U.S.

Mutually assured power outages, anyone?

And on the subject of mutually assured whatever, Huawei’s CEO is doing some advance damage control on the U.S./China Chill-But-Getting-Colder trade war, explaining he expects the company’s revenues to drop $30B below forecast over the next two years.

That’s due largely to a drop of 40 to 60 million international smartphone shipments. 

I would recommend he go talk to Alexa about his problems, but according to a recent survey of 1,000+ U.S. adults, 46 percent never use voice assistants, and 19 percent use them less than once a month.

And for those who do use virtual assistants, 49 percent use them via smartphones as opposed to 18 percent on smart speakers.

Siri, tell Google Assistant to text Alexa not to bother me!

Written by turbotodd

June 17, 2019 at 11:14 am

Another Facebook Breach

leave a comment »

Happy Friday!

Well, depending on who you ask.

The BBC, Gizmodo, and others are reporting a new Facebook data breach, this time of private Facebook messages of at least 81,000 unfortunate souls.

It’s being reported the culprit was a Chrome Extension exploit, and is apparently not related to the more widespread September breach previously reported of 120 million Facebook accounts.

Some details:

The hackers, who may be Russian since they reached out to the BBC Russian Service, appear to have the Facebook messages of at least 81,000 people, mostly of Russians and Ukrainians, but also from people in the U.S., UK, and Brazil, according to the BBC.

“Browsers like Chrome can be very secure, but browser extensions can introduce serious gaps in their armor. The addition of browser extensions increases what is otherwise a small attack surface. Malicious extensions can be used to intercept and manipulate the data passing through the browser,” said Rick Holland, CISO of Digital Shadows, which helped the BBC analyze the breach.

As to the content of those messages:

Many of the messages are relatively benign and include simple chats about going on vacation and attending concerts. But as you’d expect, there are also more sensitive discussions, including “intimate correspondence between two lovers,” as the BBC describes it.

Hoped all 81K Facebook users whose private messages were sold!

Written by turbotodd

November 2, 2018 at 3:24 pm

Give the Fancy Bear Some Slack

leave a comment »

Happy Tuesday.

Another hacking story concerning the Russians, this time from The New York Times alleging that Microsoft has “detected and seized websites that were created in recent weeks by hackers linked to the Russian unit formerly known as the G.R.U.”

The story goes on to suggest the sites were an attempt meant to trick people into thinking they were going to be visiting conservative think tank sites like the Hudson Institute, but instead were redirected to pages created by the hackers in order to steal passwords and other credentials.

Microsoft president Brad Smith had this to say: 

These attacks are seeking to disrupt and divide,” he said. “There is an asymmetric risk here for democratic societies. The kind of attacks we see from authoritarian regimes are seeking to fracture and splinter groups in our society.

But enough depressing security news…what new gadgets are coming out and how much do they cost?

Apple is rumored to be developing a pro-focused upgrade to the Mac mini and a MacBook Air reboot that will have smaller bezels and a retina 13” screen later this year. This according to a report from Bloomberg.

Bloomberg suggests the new laptop will look similar to the current MacBook Air and will remain about 13 inches. No word on cost. Me, my 2011 vintage MacBook Air still works just fine, thank you very much.

Finally, Slack has raised $427 million in a new Series H round, valuating the company “north of $7.1B,” according to a story by Axios

At last count, Slack had 8 million daily active users and over 70K paid teams, and only just three years ago was valued just above that of your standard, everyday Silicon Valley unicorn (just north of $1B).

Maybe they need a new term for those unicorns who graduate to +$5B valuations.  Unicornaminotaur?

Written by turbotodd

August 21, 2018 at 9:51 am

Hack the Fax

leave a comment »

Your fax machine is making that awful sound and is out of paper, and oh, yeah, now it’s also being hacked.

And the 1980s wants it back, stat.

While you’re waiting for the time machine to kick in, know that CNBC is reporting that Check Point Software Technologies researchers on Sunday released a report indicating that fax machines have serious security flaws.

And those vulnerabilities could allow an attacker to steal sensitive files through a company’s network using just a phone line and a fax number.

To whit one must logically ask the question, who in 2018 is still using a fax machine?

And to which the answer is apparently tens of millions (including in those nifty all-in-one printers).

Here’s how CNBC is reporting that the hack works:

They faxed over lines of malicious code disguised as an image file to the printer, relying on the fact that no one usually checks the contents received over a fax. The file was decoded and stored in the printer’s memory, which allowed the researchers to take over the machine. From there, they were able to infiltrate the entire computer network to which the printer was connected.

These kinds, they think of everything these days. 

What’s my next, my Royal portable typewriter??

Written by turbotodd

August 13, 2018 at 9:24 am

Posted in 2018, cyber security

Tagged with

Too Fit To Hack?

leave a comment »

We’ve become aware of two more major cyber security breach events over the past several days.

First, Under Armour went public with the news that in February around 150 million MyFitnessPal user accounts were hacked, stating that “an unauthorized party acquired data associated with MyFitnessPal user accounts.”

That data included usernames, passwords, and email addresses, but not bank, driving license or social security information.

No word on whether or not how many steps you took on average per day was revealed!

And The New York Times is reporting that a well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor. 

The company indicated that the data appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers.

Hudson’s Bay, the Canadian company that owns both firms, suggested that its e-commerce platforms appeared to have been unaffected by the breach.

The Times’ story suggests that the Lord & Taylor theft is one of the largest known breaches of a retailer, and demonstrates how difficult it is to secure credit-card transaction systems.

Check out this white paper from IBM Security to learn more how your organization can take a proactive approach to threat detection and prevention.

P.S. Another one that missed my radar…Boeing was hacked by the “WannaCry” virus last week. CBSNews reported Boeing announced that it “detected a limited intrusion of malware” that “infiltrated “a small number of systems.”

An initial report from chief engineer Mike VanderWel at Boeing Commercial Airplane production engineering that “the virus would affect equipment used in functionality tests of airplanes and potentially ‘spread to airplane software’” and that it was metastasizing rapidly.”

Fasten your seat belts.

Written by turbotodd

April 2, 2018 at 9:20 am

Posted in 2018, cyber security, e-commerce

Tagged with

%d bloggers like this: