This article was written and produced by William Veit, Senior Security Consultant, FoxPointe Solutions. Looking to get in touch with William? Reach out today: email@example.com.
From the nation’s shift to a remotely working culture to the upcoming elections we must maintain our awareness to the importance of Information Security. So far in 2020, there are many significant breaches that remind us of the importance of remaining information security aware and protective of personal data. One threat comes from TrickBot, using a botnet, this underground organization has infected over a million computing devices around the world since 2016. A botnet is a logical collection of Internet-connected devices such as computers, smartphones or IoT devices whose security have been breached and control ceded to a Third Party. Each compromised device, known as a "bot", is created when a device is penetrated by software from a malware distribution. Botnets are increasingly rented out by cyber criminals as commodities for a variety of illicit purposes.
Data breaches will be a fact of life for as long as people make mistakes, whether that's overlooking database configuration best practices, not applying remote access controls or applying weak passwords. Hopefully the ongoing cybercrimes that we read about in the news will give us a better awareness of the most common mistakes that lead to data breaches. With this knowledge, we will know what to look for ensuring that the next news report does not involve our business. A few of cyber breach cases we have read about recently in the news include Twitter, ZOOM, Marriott, Magellan Health and Garmin.
Twitter took the whole internet by storm when it was hit by one of the most audacious online attacks breaching the accounts, through the identification of credentials, of Barack Obama, Elon Musk, Joseph R. Biden Jr., Bill Gates, and many more. Since the COVID-19 pandemic, organizations around the world adopted work from home policies. ZOOM video conferencing became a widely used application for the virtual meetings and became a hotspot among cybercriminals. Earlier this year it was reported that more than half a million ZOOM account login credentials were breached and either put up for sale or given away. In another report, the hotel chain Marriott disclosed a security breach that impacted the data of more than 5.2 million hotel guests. Hackers obtained login credentials of two accounts of the hotel chain’s employees who had access to customer information. The credentials were next used by the thieves to siphon off the data, it took nearly a month before the breach was discovered. Magellan Health, a Fortune 500 company, was struck by a ransomware attack and data breach in April 2020. The healthcare giant confirmed that over 350,000 patients were affected in the cyberattack. The organization reported that the attack was launched with a fully planned process where hackers leveraged a phishing scheme to gain access to systems of the health care organization after sending out a phishing email and impersonating their clients before deploying a ransomware attack. In August, Sky News reported that the GPS company Garmin paid a multimillion-dollar ransom to recover its data from hackers. The attack led to a multi-day outage of Garmin services including its smartwatches and aviation products. The malware used against the company has been attributed to Evil Corp, a Russia-based hacker group.
As the United States government and independent experts have warned, ransomware is one of the largest threats to the upcoming presidential elections. A head of the upcoming election, last month Microsoft announced actions against TrickBot. Microsoft's vice president of customer security and trust, Tom Burt reported that the key infrastructure of TrickBot was cut off so those operating the organization will no longer be able to initiate new infections or activate ransomware already dropped into computer systems”. However, concerns remain that hackers can use ransomware to infect computer systems used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust¹.
A few important steps to protect against cyber criminals include:
- Securing your organization takes more than investing in the right infrastructure; it's about building a security aware culture. Your employees should be kept aware of emerging cyber threats.
- Storing plaintext passwords is a big problem, strong pass phrases and multifactor authentication must be encouraged.
- Identify your highest-risk data and exercise tight controls over who can access it.
- Acknowledge that mistakes happen. In the event of a breach, inform your users so they can protect their identities. How you handle a breach will be critical to navigating the incident and regaining customer trust. The data breach is only part of the story, identification of the root cause and your response are critical.
- Invest in experienced cybersecurity personnel. Your Business needs smart people to make sure information technology infrastructures are properly configured, and just as important, know what to do when it doesn't.
- Incorporate phishing incident response tools to instantly report suspicious-looking and unsolicited emails.
- Get an independent security assessment and if someone points out a vulnerability, correct the weakness timely.
Reach out to me or one of my talented colleagues to schedule a one-hour cybersecurity readiness session.
FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.