Genetics Firm 23andMe Says User Data Stolen in Credential Stuffing Attack
Article Link: https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/
- Recently, the genetic biotechnology company 23andMe announced that user data was taken from its platform and being sold on hacking forums in bulk for $1-$10 per account.
- 23andMe noted that the threat actors compromised individual accounts with credentials from other data breaches and then used 23andMe’s “DNA Relatives” feature to gain information on other non-compromised accounts. Currently it is not believed that 23andMe’s systems were breached.
- 23andMe stated that information exposed likely includes full names, usernames, profile photos, gender, date of birth, location, and any genetic ancestry results. They also encouraged users to change their credentials, avoiding reusing credentials, and utilized 23andMe’s MFA features.
- Link to 23andMe’s Announcement: https://blog.23andme.com/articles/addressing-data-security-concerns
Researchers Warn of 100,000 Industrial Control Systems Exposed Online
Article Link: https://www.bleepingcomputer.com/news/security/researchers-warn-of-100-000-industrial-control-systems-exposed-online/
- According to Bitsight, who scans millions of IP ranges for numerous organizations, about 100,000 industrial control systems (ICS) were found to be exposed to the public across the globe.
- Bitsight highlighted that the United States had the highest number of exposed ICS devices, and the education, technology, and government industries were sectors with the most prevalent amount of exposed ICS devices.
- The article also discussed that many ICS systems are vulnerable to critical-severity vulnerabilities, many of which could be targeted by malicious hackers.
- Link to Bitsight’s Report: https://www.bitsight.com/blog/bitsight-identifies-nearly-100000-exposed-industrial-control-systems
NSA and CISA Reveal Top 10 Cybersecurity Misconfigurations
Article Link: https://www.bleepingcomputer.com/news/security/nsa-and-cisa-reveal-top-10-cybersecurity-misconfigurations/
- The NSA and CISA recently released a list of the top ten most common cybersecurity misconfigurations discovered by their red and blue teams. Information relating to misconfiguration TTPs was also released within the list as well.
- Several of the top misconfigurations include default software and application configurations, poor credential hygiene, and a lack of network segmentation.
- The report outlined eliminating default credentials and hardening configurations in addition to several other steps to mature systems that may be misconfigured.
- Link to CISA’s Report: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
Google, Yahoo Push DMARC, Forcing Companies to Catch Up
Article Link: https://www.darkreading.com/dr-tech/google-yahoo-push-dmarc-forcing-companies-to-catch-up
- Both Google and Yahoo have announced that bulk email senders, those who send 5,000 or more emails in a day according to Google, will be required to utilize Domain-based Message Authentication Reporting and Conformance (DMARC) on their email systems starting in Q1 of 2024.
- Google and Yahoo are encouraging organizations to configure and enable SPF records, DKIM, and DMARC all to further enhance email monitoring and security. While currently only slated for large senders, the hope is that the requirements will encourage other organizations to follow suit.
- As the article notes, these email security enhancements are helpful, but will likely encourage attackers to further develop workarounds to continue sending malicious emails to organizations.
- Link to Google’s Announcement: https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
- Link to Yahoo’s Announcement: https://blog.postmaster.yahooinc.com/post/730172167494483968/more-secure-less-spam
Poor Cybersecurity Habits are Common Among Younger Employees
Article Link: https://www.helpnetsecurity.com/2023/10/06/unsafe-cybersecurity-habits/
- According to Ivanti, who surveyed 6,500 executive leaders, cybersecurity professionals, and general office workers across the globe, employees under 40 years old tend to have less secure cybersecurity habits compared to employees who are over 40 years old.
- Several key statistics were highlighted. Specifically, 38% of employees under 40 use the same passwords on multiple devices compared to only 28% of those over 40. Likewise, 34% under 40 shared work device(s) with family or friends and had a birthdate in their password, compared to 19% for those older than 40.
- The study also emphasized that there are regional differences relating to cybersecurity training. Notably, 54% of employees in China and 43% in France stated that there isn’t required cybersecurity training. In contrast, 17% of employees in the U.K, 30% in the U.S., and 22% in Germany do not provide mandatory cybersecurity training.
Microsoft: State-Backed Hackers Grow in Sophistication, Aggressiveness
Article Link: https://cyberscoop.com/iran-russia-microsoft-hacking-operations/
- Microsoft recently released a report that highlighted how state-sponsored hacking groups are growing in sophistication and aggression. Likewise, Microsoft noted that many state-sponsored actors are focusing on quieter cyber-espionage attacks instead of noisy, high-profile breaches.
- The report looks at state-sponsored hacking as a whole, but the article specifically discusses how Iranian hackers have shifted to the quieter cyber-espionage approach, among other entities.
- The report also identified that human-operated ransomware events have increased by 200% over the past year. Additionally, the report corroborated analysis by other researchers that network dwell time has decreased over the past year with attackers pivoting within networks more efficiently.
- Link to Microsoft’s Report: https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023?rtc=1
Evolving Conversations: Cybersecurity as a Business Risk
Article Link: https://www.helpnetsecurity.com/2023/10/03/ciso-board-relationship/
- This article highlights the importance of security leaders guiding effective and frequent conversations with senior leadership and board members. With a constant stream of evolving threats and various ways to mitigate risk, communication is vital.
- In general, board members tend to lack technical expertise and may not fully understand cyber risk, compared to security leaders like CISOs, who work within cyber risk management regularly. The article suggests bridging this understanding gap by having the CISO integrate with their respective organization’s C-suite and maintain a regular and collaborative relationship with their organization’s board of directors.
- The bottom line is that there is often a disconnect between an organization’s board and the CISO regarding priorities. In essence, CISOs should act as cyber risk translators when collaborating with members of the board.
- Beyond just having the CISO work closely with the board of directors, the article highlights the importance of critically assessing in-house cybersecurity capabilities. Just because a CISO is present doesn’t mean that effective security is a guarantee.
