Following the news about the cyber attack at Three Mobile that potentially placing six million users’ information at risk, IT security experts from InfoArmor, Balabit and Duo Security commented below. Christian Lees, CTO and CSO and InfoArmor: “As organizations continue to bolster their security postures at the perimeter / public offering, it’s logical for threat actors to migrate to and even expand internal lateral movement campaigns often fueled by compromised credentials. Compromised credentials are widely available, low cost and offer a low likelihood of detection to the threat actor.”
“Information surfaced that the hackers used a legit login or password in the Three Mobile breach. While the method of obtaining these credentials is unknown it is evident that it allowed them to gain hold of several clients’ personal information and 6 million customers’ personal data is put at risk.
“Hackers tend to use this method as it is the easiest way to stay under the radar and as more and more data breaches involve user account misuse in this term we should address the elephant in the room.
“This issue also highlights that one-off authentication methods such as passwords on their own are simply not enough to protect sensitive data. It must be complemented with continuous identification: a method to not only identify the account once, at the beginning of the session, but the user operating under those credentials. It is important to have real time information on the user’s behavior so that is then compared to the already learned behaviors of known user profiles. Continuous authentication is achievable via machine learning based systems which are capable of pinpointing user related anomalies and potential data breaches.
“In the case of Three mobile, the system would have recognized the difference in the user’s typing pattern, use of command set and accessed network areas. This information would have appeared on the security analytic display and if the situation got worse the system would terminate the connection of the suspicious user in real-time.”
Steve Manzuik, Director of Security Research at Duo Security: “This is a great example of why two factor authentication is a key defence in preventing attacks. If this organization had two factor authentication in place – the attack would not have been able to proceed beyond obtaining the employee credentials. The details of this scam also raise other security questions such as why this type of data is easily accessed by any employee via the Internet and why isn’t PII better protected, even from employees. However, despite those failings, two factor authentication would have prevented this attack.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.