If You Want to Stop Big Data Breaches, Start with Databases*:
- Large-scale data breaches have become so common in the past few years that even tens of millions of records leaking feels unremarkable.
- One frequent culprit that gets buried beneath the headlines – poorly secured databases that connect directly to the internet.
- While companies commonly use these databases to store tempting troves of customer and financial data, they often do so with outdated and weak default security configurations.
- There are many types of hacks that can lead to data breaches, but securing exposed databases is a relatively easy and concrete step organizations can take to strengthen their data defense.
- Memorable unprotected database breaches include the 2015 MacKeeper incident in which usernames, passwords and other data leaked for more than 13 million of the security scanner’s customers.
- At the beginning of 2017, a rash of “ransomware” incidents hit exposed MongoDB databases.
- Security experts have been warning about NoSQL configuration insecurity for years.
- Unprotected databases are trivial to find; both criminals and researchers use network visibility tools like the search engine Shodan to learn how many exposed databases there are.
- Security researcher Chris Vickery, who has identified many high-profile database leaks over the last few years, says that poor institutional communication and planning hurdles when groups create NoSQL databases.
- The years of working to raise awareness, by researchers and companies like MongoDB, has resulted in mainstream recognition of the problem.
- The threat of losing entire databases that companies rely on for daily operations has forced people to pay attention.
*Source: Wired, March 29, 2017
North Korea’s Rising Ambition Seen in Bid to Breach Global Banks*:
- According to security researchers, when hackers associated with North Korea tried to break into Polish banks late last year they left a trail of information about their apparent intentions to steal money from more than 100 organizations around the world.
- A list of internet protocol addresses, which was supplied by the security researchers and analyzed, showed that the hacking targets included institutions like the World Bank, the European Central Bank, and big American companies including Bank of America.
- Security researchers said the hit list, found embedded in the code of the attack on more than 20 Polish banks, underlines how sophisticated the capabilities of North Korean hackers have become.
- Their goals have now turned financial, along with efforts to spread propaganda and heist data and to disrupt government and news websites in countries considered enemies.
- North Korea’s hacking network is immense, encompassing a group of 1,700 hackers aided by more than 5,000 trainers, supervisors and others in supporting roles, South Korean officials estimate.
- United States prosecutors are investigating North Korea’s possible role in the Bangladesh heist; some research links the Sony Pictures attack to the Bangladesh heist as well.
- North Korea has denied involvement in the attacks on Sony and others, instead accusing South Korea of disrupting its websites.
- South Korean cybersecurity officials began detecting attacks attributed to North Korean hackers around 2009.
- In the past, North Korean hackers usually attacked government websites with the goal of destroying systems and triggering confusion, but they have now shifted to making money, attacking banks and private companies.
*Source: New York Times, March, 25, 2017
UK Targets WhatsApp Encryption after London Attack*:
- The British government said that its security services must have access to encrypted messaging applications such as WhatsApp, revealing it was used by the killer behind the parliament attack.
- The 52-year-old who killed four people before being shot in a rampage in Westminster reportedly used the Facebook-owned service moments before the assault.
- Home secretary Amber Rudd said, “We need to make sure that organisations like WhatsApp – and there are plenty of others like that – don’t provide a secret place for terrorists to communicate with each other.”
- She said end-to-end encryption was vital to cyber security, to ensure that business, banking and other transactions were safe – but said it must also be accessible.
- Rudd does not yet intend to force the industry’s hand with new legislation, but would meet key players on Thursday to discuss this issue.
- US authorities last year fought a legal battle with tech giant Apple to get it to unlock a smartphone used by the perpetrator of a terror attack in California.
- Social media giants are also coming under pressure over extremist content posted on their sites.
*Source: Live Mint, March 27, 2017
Congress Just Killed Your Internet Privacy Protections*:
- The House of Representatives voted to repeal Internet privacy protections that were approved by the Federal Communications Commission in the final days of the Obama administration.
- The rules, which had not yet gone into effect, would have required Internet service providers to get your permission before collecting and sharing your data.
- The privacy rules were intended to give consumers extra control over their personal data online at a time.
- Opponents of the privacy rules argued it would place an undue burden on broadband providers while leaving large Internet companies like Facebook and Google free to collect user data without asking permission.
- Democrats and privacy advocates have argued this approach effectively hands over the customer's personal information to the highest bidder.
- Many broadband providers already share some of their customers’ browsing behaviour with advertisers; providers typically offer the choice to opt out, but consumers may not even be aware of this data collection – let alone how to get out of it.
- Most people can’t walk away from their internet service provider; they need the internet and may not have another option.
- A virtual private network, or VPN, is one option to protect your online activity.
- The repeal is a big win for large providers like AT&T and Verizon, and they have bet billions on content, including AT&T's pending acquisition of Time Warner, the parent company of CNN.
- This content can potentially be paired with subscriber data to build up lucrative targeted advertising businesses that compete with Google and Facebook.
*Source: Money, March 28, 2017
Millions of Stolen US University Email Credentials for Sale on the Dark Web*:
- Stolen email addresses and passwords from the largest US universities are offered for sale on the Dark Web at anywhere from $3.50 to $10 apiece.
- New research found 13,930,176 credentials from big schools, with the University of Michigan, Penn State, University of Minnesota, Michigan State and Ohio State with the most credentials for sale.
- In 2016 there were about 2.8 million .edu email addresses on the Dark Web, and now almost 14 million a year later – a significant spike.
- The massive increase likely has to do with third-party website breaches where university users register with their .edu email addresses.
- Buyers can use those stolen credentials to cash in on university discounts, such as software and Amazon Prime memberships.
- They can also use them for phishing or gaining further access to university financial, research, and other potentially lucrative information.
- Many breaches of all types begin with stolen user credentials; some estimate that 94% of network login attempts are executive via automated scripts of reused credentials.
- University email accounts are juicy targets for opportunistic cybercriminals.
*Source: Dark Reading, March 29, 2017