In this Cyber Weekly, we witness how some of the most destructive breaches are rarely the most complex.
As we know, many breaches could be avoided. Here are 5 cyber attacks that could have been avoided if the proper email security was in place.
Thanks to all 15,345 subscribers. It really takes a community to fight against cyberattacks. Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network!
In this week's Cyber Weekly:
Highly confidential documents have been leaked from the US Military. It turns out that one of their employees was publishing the documents on a Discord Server called Thug Shaker Central with about 30 members in it. For those who don’t know what Discord is, think of a Discord Server like a Teams channel, but for Gamers. The documents shared, included CIA threat assessments of North Korea and current battle plans of the war in Ukraine. The employee’s position allowed him to have access to more information than an average employee. However, he was sharing these documents for months before anyone in the government knew about it. (forbes)
My thoughts: When hearing about this, I immediately thought about access management. However, the employee was in IT, which often means they have more privileged access than other employees. Regardless, access management still seems to play a factor. There is no reason a “junior” in IT has access to such sensitive data including war plans. Access management is often overlooked with companies taking for granted that employees will not go “rogue”.
Second, there seems to be a clear lack of employee training. Let’s presume there was no malintent. (big presumption here) Why did the employee think it was okay to share highly sensitive documents; or any documents for that matter? Heightened awareness in the enterprise is often looked at as natural and logical, however we learn every day they are not. The Zero Trust principle clearly says. “Never trust, always verify!”
Hydro-Quebec is the sole provider of electricity to the province of Quebec in Canada. Hydro Quebec also provides service to a portion of the north eastern USA. A Pro-Russian cyber criminal group attacked their website last week in a Denial of Service Attack. That is when the criminals overload the website with requests that eventually make the site unresponsive and “unusable”. The purpose of this attack isn’t to steal data, but rather to cause disruption.
"It's one of the most unsophisticated attacks that exists in the entire cyber security domain. And so in that sense, it's good news -- but it is highly disruptive," said tech analyst Carmi levy.
No private information or company data was stolen. (from what has been reported) At the time of this article, the website is fully functional. (ctvnews)
My thoughts: Denial of service attacks (DDoS) are difficult to stop or prevent as technology improves. One attack last year peaked at 46 million requests per second. For some businesses, one second of a DDoS attack can take it down. The best advice I could give you is to set up website monitoring so any strange behavior is immediately identified. On another note, this attack came one week after over 1 million Quebec citizens lost power for about 3 days. It was a difficult two weeks for Hydro-Quebec.
Open source media player software provider Kodi confirmed a data breach. Threat actors stole the company’s forum database containing the personal information of over 400 000 users. The unknown threat actors attempted to sell the data on BrachForums (which was taken down this month). It doesn’t seem like the cyber criminals accessed anything else. Kodi is urging every user to change their password. (hackernews)
My thoughts: This is the unfortunate reality of cyber breaches. Even if you change platform or change passwords, it may sometimes be too late since hackers may have access to some personal data. With more data privacy legislation coming to the forefront, do you think companies should be held more accountable for data breaches?
An IT firm in the UK was breached affecting 140 organizations. Personal data was accessed and stolen. Unfortunately, this includes access to information of a charity affecting more than 1000 people. There have been ransom demands to the IT firm, but they have not been paid.
My thoughts: This is another example of a third-party breach. Please complete a vendor assessment before partnering with any vendor. Here are 5 third-party breaches that might convince you to take action. Do you know who you are doing business with?
Assurance IT is on a mission to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include: endpoint management, cloud backup, DRaaS, and Microsoft 365 backup. Help us accomplish this mission by sharing this newsletter to your network!
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.