Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action.
This week: The world’s biggest phone book courtesy of Facebook, Irish colleges are the latest ransomware victims, and emerging evidence that the Rule of 1% is starting to apply in cyber attacks.
This week’s action: Disaster recovery – As the name suggests, think about how you will recover from a disaster like a ransomware attack.
- Introducing the world’s biggest Phonebook, courtesy of Facebook.
A Facebook flaw enabled details of 533 million individuals to be extracted from the platform. To quote Bloomberg, it is “a reminder of the company’s ability to collect mountains of information and its [inability] to protect [it]”. The details include each individual’s Facebook ID, date of birth, full name, location, and in many cases, their email address and phone number. The data was extracted in 2019 but has now been published on a hacker’s website for all to see. This was possible because of “a flaw in [Facebook’s] technology that allowed the information to leak out”. Facebook’s old motto of moving fast and breaking things continues to apply. Lessons? You should assume that any information about you that you (or someone you know) shared with Facebook is now public knowledge. This includes your email address, phone number and date of birth. To see if your data has been exposed by this event or other data breaches, check https://haveibeenpwned.com. In the longer term, think about using a fake date of birth on sites that don’t really need to know your true DOB (i.e. the majority of sites). Similarly, think about using different email accounts to separate important activities from everything else. At least that way, a data disclosure like this Facebook one will have less of an impact on your important logins and activities.
- Ransomware attacks continue. National College of Ireland (NCI) and Technical University (TU) Tallaght are the latest victims.
NCI and TU Tallaght are the latest victims of ransomware. Both attacks seem to have occurred close to the Easter weekend. NCI has been forced to cancel classes until at least April 8th while it tries to recover services, and assignment deadlines have been extended. TU Tallaght has informed its ‘customers’ (students) that its systems will not be available until Monday 12th April. Hopefully, the affected data and systems can be restored by both organisations and the attacks have not included any data exfiltration from the organisations.
Read more: https://www.bleepingcomputer.com/news/security/ransomware-hits-tu-dublin-and-national-college-of-ireland/
- The source code for one of the most popular open source programming languages was almost infected with malware
Cyber attacks are increasingly targeting core platforms and services used by thousands of organisations across the world. The recent Solarwinds and Microsoft Exchange incidents are just two of the many examples. In this latest incident, someone tried to infect the source code of the PHP repository with malicious code. Fortunately, it appears the attacker was just trying to demonstrate that there was a vulnerability in the code repository and wanted it to be found. Many web platforms are coded in PHP, including WordPress (the world’s most popular website builder). The vulnerablity that enabled the attack seems to have been the use of a custom-configured code repository server and the absence of some complex and inconvenient security measures. It is now being addressed through a migration to GitHub, a platform that is apparently used by 56 million developers to manage their source code. What are the lessons? If you develop software or provide a SaaS solution, make sure your code is protected and any changes go through sufficient review before getting deployed. If you are the purchaser of such software or solutions, ask the vendor what secure measures are in place to protect their code.
Read more: https://www.csoonline.com/article/3613593/php-backdoor-attempt-shows-need-for-better-code-authenticity-verification.html
- 1.8 billion: According to the FBI, US businesses and individuals lost at least USD $1.8bn in 2020 due to Business Email Compromise (BEC). This figure is based on the FBI’s analysis of over 19,000 reported complaints, out of a total of 791,790 complaints received by the FBI’s Internet Crime Complaint Center (IC3) in 2020. The definition of “BEC” varies so it is more useful to focus on the FBI’s description of the crime as a “scam targeting both businesses and individuals performing transfers of funds”. In other words, the people who handle payments within firms are being fooled into transferring money into the criminal’s bank account. It is likely to be an underestimate as there is no guarantee that a victim will report an incident to the FBI.
(Read more: https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf )
- 199: 80% of ransomware payments go through one of 199 bitcoin wallets. And 46% of these go through one of 25 wallets. While ransomware is rampant, it appears that a large portion of the ransom payments end up in a relatively small number of ‘wallets’. As the referenced article states, “It’s starting to look like the ransomware industry is developing its own version of the 1%, where a small number of players enjoy most of the wealth” and “the spiralling trend of increasingly large ransomware cash demands and attack frequency is not the work of a large number of criminals.”
(Read more: https://www.cyberscoop.com/ransomware-hack-bitcoin-money-laundering-chainalysis/)
ONE ACTION – If you do only one ‘cybersecurity’ thing this week, do this.
- Disaster Recovery: You have already confirmed that your backups are in place and they can be relied on. It’s now time to think about the other things you will need to do if you suffer a ransomware attack. Having a backup of the data is critical, but you also need to know you can restore the server or service where this data will be restored to. For example, backups of your fileshares will be useless without your file server. if your file server has been wiped out, do you know how you will rebuild it or replace it? Do you know who you will need to do it? Do you know how long this will take, and is this downtime going to be a problem for your business and your reputation?