The cyber attack they never saw coming & the worst way to handle one

In this week's Cyber Weekly:

1. The cyber attack they never saw coming
2. All bank customer data was accessed
3. German energy industry keeps getting attacked
4. The worst way to handle a cyber attack
5. In case you didn't know...

Thanks to all 8292 subscribers. It really takes a community to fight against cyberattacks. By sharing and commenting on these newsletters, we can reach more people and help others from becoming a statistic. Share your comments below or simply like the post.

Also, follow me on LinkedIn for daily tech discussions >> Luigi Tiano.

1. The cyber attack they never saw coming

A private investment firm in the U.S detected some unusual activity on the company’s internal Atlassian Confluence page, noting the behavior was coming from their own network. The security team triggered an incident response and discovered the suspect user’s MAC address. (which is a unique identifier for every device connected on your network) The device was logged in from remote location, however at the same time, the same MAC address was being by another devices very close to the company’s office (meaning it was most likely on the WIFI network)

The team traced the device that eventually led to the roof of the office building. That is where they found drones. They found $15,000 worth of gear that was flown onto the roof allowing them to “spoof” the Wi-Fi network employees normally connect to. For all the really technical details, visit this website.

My thoughts: Cyber criminals are investing $15,000 to fly on drone on a roof of a building, but some companies I talk to don’t see value in investing in employee training. Regardless of your level of expertise and role within your organization, this is a reminder that everyone should be on the lookout for suspicious activity in and around your company.

2. All Bank Customer Data was Accessed

Last week, Medibank, announced that hackers accessed ALL of its customers personal data. The Australian bank admitted that customer data was stolen.

"As previously advised, we have evidence that the criminal has removed some of this data, and it is now likely that the criminal has stolen further personal and health claims data. As a result, we expect that the number of affected customers could grow substantially."

The company downplayed the attack the week before. In retaliation, the hackers extorted the company providing a sample of 100 stolen files. (bleepingcomputer)

My thoughts: If you hear that your data might be stolen, always assume it was. Companies, even with the best intentions, don’t know the extent of an attack until a full investigation is completed. And that could take months. Never assume your data is safe, it’s probably not.

3. German Energy industry keeps getting attacked

In the latest news from Germany’s energy industry, Enercity, one of Germany’s largest energy suppliers confirmed a cyber attack last week. Their team got to work immediately and avoided greater damage. Operational technology and critical infrastructure were not affected whereas their customer service was affected.

“Our grids and power plants are stable and the security of supply is guaranteed,” the company stated. (therecord)

My thoughts: There is a sense of ease knowing they acted quickly and they “guarantee” power supply. Although, I don’t know what “guaranteed” actually means. These stories worry me tremendously. Operational technology is embedded in so much critical infrastructure in our world. Sometimes I wonder if we underestimate how sensitive and important it really is.

4. The worst way to handle a cyber attack

Earlier this month, we learned about Optus, Australian Phone Service Provider, was the victim of a cyber attack affecting 40% of the country’s population. Now, the telecommunications company is not saving face by sending cyber attack letters to dead people. On top of that, they were never even customers of the company. Here are what people are also nervous about:

“I received a letter from Optus addressed to a former resident,” one person wrote. “Given I’ve been in this house for over a decade, I’m left wondering how far back does Optus’ data retention go? How many people don’t yet know their data has been compromised?”

Another person posted: “A bit over a month after the Optus cyber attack, I get a letter today saying my licence number was exposed. It has been over 12 years since I was a customer of theirs.” (news.com.au)

My thoughts: The communications department is not doing very well. Also, their data backup / archive strategy seems to be a mess. I can understand a cyber attack can lead to a lot of internal chaos, but revealing it to the public on such a large scale is really taking it to the next level. I will let you all in on a dirty little secret. MANY Companies don’t have a proper data backup / retention / archive strategy in place. This needs to start from compliance and trickle down to the technical teams managing this data.

5. In case you didn't know...

I started Assurance IT with my childhood friend Ernesto Pellegrino in 2011. Our mission is to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include: endpoint management, cloud backup, DRaaS, Office 365 backup, and Quebec's Law 25 training.

‍