Expert(s):
CEOfeature_status*/ ?>
Gurucul

Comments Dotted : 85
January 22, 2021

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches
Organizations still need to maintain strong perimeter and interior defenses.

The report of malicious actors having their stolen user IDs and passwords revealed by a simple Google search is Karma in action.  It shows that attackers are susceptible to the same sort of simple configuration errors that many of them leverage against their targets.  But this case also shows that attackers can operate phishing schemes successfully for many months before they're exposed.

 

Sadly, users often remain the weakest link in the security chain.  While user education can help,

.....Read More

The report of malicious actors having their stolen user IDs and passwords revealed by a simple Google search is Karma in action.  It shows that attackers are susceptible to the same sort of simple configuration errors that many of them leverage against their targets.  But this case also shows that attackers can operate phishing schemes successfully for many months before they're exposed.

 

Sadly, users often remain the weakest link in the security chain.  While user education can help, organizations still need to maintain strong perimeter and interior defenses, including multi-factor authentication and security analytics, to resist intrusions when credentials are stolen through clever phishing or social engineering attacks.

  Read Less
January 22, 2021

A Chinese Hacking Group Is Stealing Airline Passenger Details
Victims of these attacks are not facing common cybercriminals. 

The revelation that advanced attackers, apparently based in China, have been targeting airline travel sites to track specific individuals is not a surprise.   Tracking the travel patterns of individuals involved in certain industries or areas of research is information of great value to a State level intelligence agency.  While it is the kind of specific information that might be useful to a cybercriminal going after a specific target, is guaranteed to be useful to a rival state agency. 

 

Victi

.....Read More

The revelation that advanced attackers, apparently based in China, have been targeting airline travel sites to track specific individuals is not a surprise.   Tracking the travel patterns of individuals involved in certain industries or areas of research is information of great value to a State level intelligence agency.  While it is the kind of specific information that might be useful to a cybercriminal going after a specific target, is guaranteed to be useful to a rival state agency. 

 

Victims of these attacks are not facing common cybercriminals.  They are likely facing State or State-Sponsored threat actors with a high degree of skill and effectively limitless resources.  They will have to up their game if they want to thwart these intrusions in the future and keep their customer's data safe.  They will have to follow industry best practices and deploy best in breed defenses, including security analytics tools that can help identify and remediate these intrusions before the data is compromised.

  Read Less
January 21, 2021

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For Free On Forum
Two million Pixlr user accounts did not include financial information.

While the revelation of details on almost two million Pixlr user accounts did not include financial information, it did include password hashes and enough information to be valuable for an attacker to launch carefully crafted spear phishing attacks, or a cast-netting attack against the Pixlr user base.

January 20, 2021

FreakOut Botnet Targets Linux- Experts Offer Perspective
Identifying an infection should be relatively straightforward using network monitoring or security analytics tools provided they are in place.

Historically, Linux systems have been reasonably secure and received patches quickly when a vulnerability comes to light. Unfortunately, Linux and Windows share the same problem in that applications that run on those platforms may not be patched as quickly as the underlying OS. The recent FreakOut botnet attack targets multiple recent application vulnerabilities that may not yet be patched on production systems.  Fortunately, the botnet is still quite small and relies on Internet Relay Chat

.....Read More

Historically, Linux systems have been reasonably secure and received patches quickly when a vulnerability comes to light. Unfortunately, Linux and Windows share the same problem in that applications that run on those platforms may not be patched as quickly as the underlying OS. The recent FreakOut botnet attack targets multiple recent application vulnerabilities that may not yet be patched on production systems.  Fortunately, the botnet is still quite small and relies on Internet Relay Chat (IRC) for command and control.  That means that identifying an infection should be relatively straightforward using network monitoring or security analytics tools provided they are in place.

  Read Less
January 13, 2021

Mimecast Compromised By Threat Actor
The attack against Mimecast and their secure connection to Microsoft's Office 365 infrastructure appears to be the work.

The attack against Mimecast and their secure connection to Microsoft's Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached Solarwinds and multiple government agencies. This shows the skill and tenacity State and State sponsored actors can bring to bear when they are pursuing their agenda.  Against this sort of opponent, civilian organizations will need to up their game if they don't want to become the next headline. Basic cybersecurity is not

.....Read More

The attack against Mimecast and their secure connection to Microsoft's Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached Solarwinds and multiple government agencies. This shows the skill and tenacity State and State sponsored actors can bring to bear when they are pursuing their agenda.  Against this sort of opponent, civilian organizations will need to up their game if they don't want to become the next headline. Basic cybersecurity is not enough.  Organizations need to employ industry best practices, and then go farther with user education, programs to review and update their security, and deploying best in breed security solutions, including security analytics. The long term advantage is that defenses designed to resist a State level attack should be more than enough to thwart the more common cybercriminal.

  Read Less
January 12, 2021

Experts Insight On UN’s Environmental Program Breach-100K+ Employee Records Leaked
Fortunately, the UN's IT team reacted quickly to close the hole.

Ethical Hacking group Sakura Samurai's exposure of the United Nations Environment Program's git repositories is another classic example of the consequences of an unintentional misconfiguration.  Fortunately, the UN's IT team reacted quickly to close the hole, but it is likely that threat actors had already discovered the vulnerable data and acquired it themselves.

 

This shows that even multinationals with mature cybersecurity practices are not immune to this kind of misconfiguration, and

.....Read More

Ethical Hacking group Sakura Samurai's exposure of the United Nations Environment Program's git repositories is another classic example of the consequences of an unintentional misconfiguration.  Fortunately, the UN's IT team reacted quickly to close the hole, but it is likely that threat actors had already discovered the vulnerable data and acquired it themselves.

 

This shows that even multinationals with mature cybersecurity practices are not immune to this kind of misconfiguration, and points out the need for regular configuration reviews along with a full security stack that includes security analytics to identify and remediate these vulnerabilities before threat actors can discover them.

  Read Less
January 06, 2021

CISA Cites Likely Russian Solar Winds Involvement – Expert Perspective
The cold war isn't over. It just moved to the internet. 

The cold war isn't over. It just moved to the internet.  And the SolarWinds attack is a perfect example of a State or State Sponsored actor turning their resources to cyberattack.  Unlike typical cybercriminals, these threats at this level have almost unlimited resources and will target virtually anything that may forward their agenda.

 

It is likely the damage from this attack will run much deeper than is revealed to the public, but it may serve as a wakeup call that organizations and vendors

.....Read More

The cold war isn't over. It just moved to the internet.  And the SolarWinds attack is a perfect example of a State or State Sponsored actor turning their resources to cyberattack.  Unlike typical cybercriminals, these threats at this level have almost unlimited resources and will target virtually anything that may forward their agenda.

 

It is likely the damage from this attack will run much deeper than is revealed to the public, but it may serve as a wakeup call that organizations and vendors at all levels need to up their cybersecurity game.  They need to assess their current security posture and make sure they have the best possible components in place, including security analytics.  The benefit is that designing defenses to blunt State level attackers should be more than enough to thwart common cybercriminals.

  Read Less
January 05, 2021

Experts Reacted On Payment Processor Juspay Leaks 100 Mil+ Cardholders’ Data
Perhaps the biggest concern is the dwell time.

The Juspay breach shows that 2021 is starting off Business as Usual for malicious actors, with long dwell times between intrusion and discovery.  While some of the data in this breach were obfuscated, there is a very real possibility that the attackers could overcome the obfuscation.  Even if they don't, the stolen information could be used for sophisticated social engineering or spear-phishing attacks.

 

Perhaps the biggest concern is the dwell time.   The breach happening mid-August 2020 and

.....Read More

The Juspay breach shows that 2021 is starting off Business as Usual for malicious actors, with long dwell times between intrusion and discovery.  While some of the data in this breach were obfuscated, there is a very real possibility that the attackers could overcome the obfuscation.  Even if they don't, the stolen information could be used for sophisticated social engineering or spear-phishing attacks.

 

Perhaps the biggest concern is the dwell time.   The breach happening mid-August 2020 and only being reported now, indicates there may have been some gaps in Juspay's security stack or their security operations process.

 

  Read Less
January 05, 2021

1 Mil Gamers’ Acctounts Compromised By Major Gaming Firms – Expert Perspectives
User credential theft is nothing new. 

User credential theft is nothing new.  Phishing and Social Engineering schemes have been targeting user accounts almost since they've existed, and Kela's revelation of the scope of employee credential loss is, unfortunately, not a surprise.  Companies need to step up their AAA (Authentication, Authorization, Accounting) game to include multi-factor authentication and add security analytics to enable risk-based authentication as well.  Attackers will continue to find ways to gather user ID

.....Read More

User credential theft is nothing new.  Phishing and Social Engineering schemes have been targeting user accounts almost since they've existed, and Kela's revelation of the scope of employee credential loss is, unfortunately, not a surprise.  Companies need to step up their AAA (Authentication, Authorization, Accounting) game to include multi-factor authentication and add security analytics to enable risk-based authentication as well.  Attackers will continue to find ways to gather user ID and password combinations, but by adding additional defenses it's possible to reduce the risk of a serious breach.

  Read Less
January 04, 2021

Multi-Platform Credit Card Skimmer Discovered- Expert Offers Perspective
It is telling that this new strain appears to have gone undetected for several months.

Sansec's revelation of a Magecart style skimmer that can infect multiple platforms is another indication of how sophisticated the attackers have become, while their attack tools evolve to become more versatile and effective.  It is telling that this new strain appears to have gone undetected for several months.  However, the revealed details also point to ways we can defend against this recent generation of attack tools.  While home users can't be expected to have a full security stack,

.....Read More

Sansec's revelation of a Magecart style skimmer that can infect multiple platforms is another indication of how sophisticated the attackers have become, while their attack tools evolve to become more versatile and effective.  It is telling that this new strain appears to have gone undetected for several months.  However, the revealed details also point to ways we can defend against this recent generation of attack tools.  While home users can't be expected to have a full security stack, there are tools they can use locally, or hosted by their ISP, that could help prevent this sort of attack.

  Read Less