In this week's Cyber Weekly:
Thanks to all 9517 subscribers. It really takes a community to fight against cyberattacks. By sharing these newsletters, we can reach more people and help others from becoming a statistic. Simply share the post in the top right corner.
Also, follow me on LinkedIn for daily tech discussions >> Luigi Tiano.
On September 8, a ransomware attack hit the Long Island County. Over two months later, details are still being released and the full scope of the damage is still emerging, but it's clear that more personal information was exposed than had been previously announced. In additional to the personal information they thought was stolen, it was determined that driver's license numbers of over 470,000 people were also exposed.
But that isn't all.
Without immediately knowing the source of the attack, the county disabled 10,000 emails and scrubbed infected hardware when they were attacked. In fact, their antivirus alerted them of the attack. But without the proper cyber security tools in place, the county is still offline today.
Thoughts: What a disaster! This is exactly why antivirus cannot be your entire cyber security strategy. It’s not enough anymore. Antivirus is meant to let you know when something goes wrong. However, hackers have evolved. Knowing you were breached is not enough.
Here are some of the solutions you want to help prevent this from happening to you. You need to try to prevent the attack altogether, but as we say layering on your security is the best way to defend yourself. Firewalls, MFA, email web filtering, Endpoint Detection and Response (EDR) and for some daring and mature clients XDR. These are only a few! Many clients are required to implement EDR at a minimum in order to qualify for cyber insurance. Antivirus just won’t cut it anymore!
Ideally, you would invest in extended detection and response (XDR) that prevents and identifies attacks. XDR is a more holistic approach that identifies, monitors, investigates, responds to potential threats. If you have questions about this solution, schedule a 15-minute call with me directly in my calendar.
Earlier this year, personal information of 5.4 million Twitter users was stolen from a vulnerability in their API. The stolen data included Twitter IDs, names, login names, phone numbers and email addresses of subscribers. Initially, it was believed that one hacker stole the data.
Last week, security researchers identifies that many hackers used the same vulnerability to steal data. The data on the dark web also seems to be different than the 5.4 million users we already knew were exposed – up to 17 million users. And in addition to that, the data is being given away for free to hackers online. (bleepingcomputer)
Thoughts: This always happens. Data breaches are worse than we read in the news. This reveals two things.
First, if a service provider you use gets hacked, your data was compromised – you need to change your passwords and you need to be extra vigilant for fraud. They likely have your email.
Second, usually a cyber attack affects companies/institutions for months. You may also look into a dark web monitoring solution where your identity and credit requests are monitored. Avoiding a cyber attack is the goal. A great example is the next story.
We reported on Sobey’s "IT issue" just two weeks ago. Employees are revealing the real aftermath of the cyber attack.
Here are some of the things happening:
“It’s basically been a mess” one employee said.
“The company has not officially told employees the cause of the outage. They have been instructed to simply tell customers it's an IT issue.” (cbc)
Thoughts: Sobey’s is trying to cover up the extent of the cyber attack. In fact, they still haven’t confirmed it was a ransomware attack (although many speculate that it is Black Basta ransomware.) Clearly, the stores are being affected by something out of their control. Two weeks have gone by. We shall see what happens over the holidays. It will be chaos.
The CNIL(Commission nationale de l'informatique et des libertés is an independent) is the body responsible for issuing sanctions. Earlier this month, they made it public that they were issuing one to Discord – a platform to talk over voice, video and text. In other words, it’s a community based-platform that is similar to Microsoft Teams for the non-business world.
The imposed fine is determined by a few factors including breaches identified, number of people concerned and efforts made to reach compliance.
Here is a list of the sanctioned breaches in laymen’s terms:
Thoughts: This is not looking good for a company worth $7billion. Imagine what the small companies are overlooking. I really want to stress the importance of protecting your personal information. It can lead to really awful things. Don’t just give away your information without asking if it is really necessary.
I started Assurance IT with my childhood friend Ernesto Pellegrino in 2011. Our mission is to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include: endpoint management, cloud backup, DRaaS, Office 365 backup, and Quebec's Law 25 training.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.