VFEmail.net is breached and customers’ data is wiped out from all of her US servers. The event took place on Februaury 11 and since then company’s site and webmail client went down without notice. Here are the few tweets from the company highlighting the issue.
https://twitter.com/VFEmail/status/1095040044316925953
https://twitter.com/VFEmail/status/1095038701665746945
Experts Comments below:
Stephen Cox, Vice President and Chief Security Architect at SecureAuth:
“Two-factor authentication is certainly a step in the right direction, but as VFEmail founder Rick Romero points out, it falls well short of addressing today’s threat landscape. As we saw with some of the high-profile breaches of 2018, there are plenty of examples of attackers who bypassed or straight out defeated basic two-factor authentication methods. Attackers have proven that they can intercept SMS codes or hijack users through social engineering to redirect where the texts are sent.
Romero’s comments are on point. 2FA alone is not enough. Organizations need to have a strong vulnerability management program in place. They must continuously monitor and close the security gap that exists between when vulnerabilities are found and when vendors, or open source maintainers, patch them. In addition, organizations should move past basic two-factor authentication towards modern adaptive and risk-based approaches. Adaptive access control solutions can reposition themselves in real-time using metadata captured as part of the authentication workflow to thwart attackers, even if they have stolen passwords or intercepted SMS one-time passcodes. The risk-based model layers concepts such as device recognition, geolocation analysis, IP reputation and behavior analytics. This analysis is largely transparent to the user, so the technology has a rare quality of improving security posture without impacting user experience.”
Dr Darren Williams, CEO and Founder at BlackFog:
“Unfortunately, we now live in a world where this type of attack was inevitable. Many businesses today completely rely on technology to run their business and when that technology comes under attack, it can threaten a company’s very existence.
“The rise in major security incidents has certainly urged organisations to reassess their cybersecurity strategies in the past 12 months. This attack illustrates that cybersecurity defence requires multiple layers of defence which no single solution can provide. Today’s attacks are infinitely more sophisticated and more coordinated than five years – or even one year – ago. Cyber criminals are focused on stealing data for both corporate espionage and personal attacks. It is crucial that all devices are protected from such loss of data in this new era of cyber warfare.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.