U.S. Internet Leaked Years of Internal, Customer Emails
Article Link: https://krebsonsecurity.com/2024/02/u-s-internet-leaked-years-of-internal-customer-emails/
- Recently the cybersecurity firm Hold Security discovered that the Minnesota-based company Securence, an arm of the U.S. Internet Corporation, had an accidental data leak from an email server.
- Specifically, security researchers found a public link to an email server with over 6,500 domain names with the individual inboxes and emails for Securance users nested within the list of domain names.
- The public information has since been taken down and the CEO of U.S. Internet noted that the misconfigurations were put in place by a former employee and were never noticed afterwards.
- In addition to the exposed email data, the security researchers also discovered that malicious hackers were leveraging Securence’s link-scrubbing service, URL-Shield, to redirect visitors to malicious websites, which was the catalyst for the public email discovery.
Prudential Files Voluntary Breach Notice With SEC
Article Link: https://www.darkreading.com/cybersecurity-operations/prudential-files-voluntary-breach-notice-sec
- Recently, Prudential Financial reported to the SEC that their systems were breached in some capacity by an unknown actor accessing their network infrastructure tied to employee and contractor data on February 5th.
- As the article highlights, the details of the incident are limited; however, Prudential has initially determined that the incident likely did not have a material impact on Prudential’s operations.
- The article noted that due to the perceived impact of the incident, Prudential is not required to report to the SEC. As such, the voluntary report may serve as a tool for limiting reputational damage and/or getting ahead of any potential legal blowback as a result of the incident outcome ending up worse than initially thought.
U.S. State Government Network Breached via Former Employee’s Account
Article Link: https://thehackernews.com/2024/02/us-state-government-network-breached.html
- Recently, CISA revealed that an unnamed state government organization was compromised due to malicious hackers accessing a former employee’s administrator account.
- The article explains that the hackers accessed the account, used the organization’s internal VPN, and then attempted to blend in with legitimate network traffic. From there, the hackers accessed a virtualized SharePoint server, broke into another administrator account that had access to the Azure AD and on-premises network, and began sending LDAP queries to one of the organization’s domain controllers.
- It was noted that neither of the two compromised accounts had MFA enabled. Additionally, the first compromised account was presumably breached with credentials sourced from a separate data breach of a different organization.
Understanding the Tactics of Stealthy Hunter-Killer Malware
Article Link: https://www.helpnetsecurity.com/2024/02/15/hunter-killer-malware/
- According to researchers at Picus Security, who analyzed over 600,000 malware samples, there was a 333% increase in malware that can actively target network defenses to try and disable them. The article refers to these aggressive malware types as “hunter-killer” due to their stealth and danger.
- Picus Security also observed that there was a 150% increase in attackers obfuscating files or information and a 176% increase in the use of Application Layer protocols to exfiltrate data. Likewise, 70% of malware Picus Security analyzed leveraged stealth-oriented techniques.
- Overall, the article highlights how threat actors aren’t only trying to sneak around, but also actively attacking security tools on victim networks.
- Link to Picus Security’s Report: https://www.picussecurity.com/resource/blog/the-picus-red-report-2024-reveals-surge-in-hunter-killer-malware
How Businesses Can Safeguard Their Communication Channels Against Hackers
Article Link: https://thehackernews.com/2024/02/how-businesses-can-safeguard-their.html
- The article highlights the importance of continually maintaining appropriate and secure organizational communication. Specifically, if communication is disrupted, then your organization may be unable to effectively operate internally or with clients.
- At its core, secure communication is rooted in the communication platform(s) leveraged by your organization. Whether it be a text, email, or video call, a secure foundation is key.
- Other vital components of secure communication channels include a regular review of passwords and permissions, adequate investment in cybersecurity, regular cybersecurity awareness training, and a security routine enhanced with standard operating procedures.
It’s Time to Rethink Third-Party Risk Assessment
Article Link: https://www.darkreading.com/cyber-risk/it-s-time-to-rethink-third-party-risk-assessment-
- As a Gartner study, referenced in the article, states, 45% of organizations have experienced a third party-related business interruption despite increased investments in third party cybersecurity risk management.
- With the rise in software as a service (SaaS) tools, software procurement has grown from a long and drawn-out process that allowed for proper review and due diligence to a quick acceptance of terms of service with minimal review by all departments across many organizations.
- In response to SaaS sprawl, the article highlights various ways to enhance the review process. Specifically, the article looks at classifying vendors based on the level of risk they pose, continually monitoring third party risks, developing a standard process for third party risk assessments, evaluating the incident response processes of third parties, reviewing fourth party risk, and more.
- Link to Gartner’s Report: https://www.gartner.com/en/newsroom/press-releases/2023-12-13-gartner-survey-finds-45-percent-of-organizations-experienced-third-party-related-business-interruptions-during-the-past-two-years
Physical Security is Becoming a Top Priority in Building Design
Article Link: https://www.helpnetsecurity.com/2024/02/16/building-design-security/
- According to a survey of 800 building design decision-makers in the U.S., U.K., and Central Europe from Brivo Systems, a cloud-based physical security company, physical security is a top three consideration in initial building design, suggesting an increased focus on physical security.
- Likewise, the article emphasizes that physical security is in demand by many organizations engaging with building designers. Specifically, 89% of respondents reported that security was a part of the design briefs they received, and 88% have seen a rise in customer demand for security integration.
- However, when the designed buildings are actually built, a variety of post-build security issues remain which add up to an additional 20% cost to some projects. According to Brivo’s report, the key reasoning for costly post-build security improvements stems from initial budget limitations and a disconnect between secure designs and aesthetically-pleasing designs.
- Link to Brivo’s Report: https://www.brivo.com/secure-by-design-aims-fall-short/
