expert-profile | Information Security Buzz

Chloé Messdaghi

VP of Strategyfeature_status*/ ?>

Point3 Security

Comments Dotted : 53

January 22, 2021

Cyber Criminals Left Stolen Phishing Credentials Exposed To Google Searches

The attack approach was also clever.

It’s interesting that they are targeting construction – that’s an industry that hasn’t received as much attention from attackers as other sectors. Usually, attackers are focused on healthcare, finance, energy, and retail – but those industries have certainly increased their investments in cybersecurity training over the last two years, so these attackers cleverly shifted to construction, where every initiative involves tens of millions or often hundreds of millions of dollars, and

The attack approach was also clever: a fake login that already self-populates, so that most people wouldn’t be suspicious of the possibility of a phishing attack. Usually, when something self populates it’s viewed as legit and trusted. That’s why this campaign went undetected so often. They were clever but not clever enough, since they forgot to close their own server down and as a result, blew their chance to monetize their loot.

We need to understand that these phishing attacks are getting more and more realistic, and the public needs to know that if they don’t consider their sector a target, it’s a very safe bet that it actually is.

Read Less

January 22, 2021

A Chinese Hacking Group Is Stealing Airline Passenger Details

We’re optimistic that we now have a president who will evaluate and act upon trustworthy information.

The questions to ask are who are they, who are they watching, and why? It’s a given that this type of data stalking on a mass scale is criminal - there’s a very clear and thick legal line of privacy and data that this group is on the other side of with their data extraction.

While we don’t know if this is a state-sponsored actor, a proxy for a nation-state, or a monetization player, we do that the Biden Administration will be tackling cybersecurity policy on these types of threats with new ferocity and historic vigor. While we all hope that the Biden Administration gets the 100-day honeymoon that most newly elected presidents get to shape and invoke policy, it appears that bad actors won’t be giving that to them. We’re optimistic that we now have a president who will evaluate and act upon trustworthy information, and is taking preemptive actions to strengthen our cybersecurity, risk mitigation, and personal privacy. We are confident that this situation is on their radar.

Read Less

January 22, 2021

FreakOut Botnet Targets Linux- Experts Offer Perspective

You have to be on top of updates at all times, and these industries are known for not updating when they should.

This FreakOut malware is just at the beginning of its infancy, but it’s a great reminder that even if you think you’re not a target, you absolutely are, and we all need to do whatever we can to stay safe and keep our risks as low as possible. You must always assume that the vulnerability is out there.

This malware attacks Linux devices that haven’t been updated. Once it’s gains access to a network, it does port scanning, sending TCP packets, network sniffing, etc. But, if you’ve been

This malware attacks Linux devices that haven’t been updated. Once it’s gains access to a network, it does port scanning, sending TCP packets, network sniffing, etc. But, if you’ve been updating things in a timely manner, you should be safe right now.

What’s interesting is that the top industries that malware affects – banking, healthcare, and government – are the exact ones that are struggling the most with this. You have to be on top of updates at all times, and these industries are known for not updating when they should. Especially since COVID, these industries are most definitely always a huge target.

Read Less

January 14, 2021

Healthcare Web App Attacks Up 51%; 498 Attacks/month, Per Org. – Experts Perspectives

Attackers are not backing down in 2021.

Healthcare was hard hit in 2020 and 2021 looks like it will bring more of the same. The COVID19 pandemic changed how we work, with a massive shift to remote work for those who can do it, and that brought new cybersecurity challenges as organizations brought their security up to deal with the new threat surfaces. This was especially challenging for Healthcare, which had the added challenge of an unprecedented number of patients stressing their resources to the limit and leaving few cycles to

Cybercriminals have been taking advantage of the new threat surface without regard to the consequences for their victims. The best Healthcare organizations can do is implement industry standard cybersecurity defenses, including security analytics, train their workforce to recognize the threats against them, and review their security stack to make sure it's up to the task. Attackers are not backing down in 2021, which means organizations can't neglect their cybersecurity going into this new year.

Read Less

January 12, 2021

Experts Insight On UN’s Environmental Program Breach-100K+ Employee Records Leaked

These researchers have enormous respect for those at the UN who handled this matter.

Our applause to Sakura Samurai’s team – what they did was worthy of it! This was successful because the UN’s vulnerability disclosure policy was transparent – that’s why they decided to look for the vulnerabilities. There was a sense of trust that they would be recognized, not persecuted.

Also, it wasn’t well known that the UN has a vulnerability disclosure policy, and that’s ironic as these types of organizations are the ones that need it the most. The process the researchers faced could have been a bit more transparent. When a researcher reports something, the organization’s contact person needs to know who to direct the information to in order to immediately get the ball rolling – otherwise it slows down the process. An automated ticketing process isn’t appropriate for vulnerability disclosure input.

But as soon as these researchers did get direct contact, they were met with people who probably didn’t understand the problem but did fully realized the importance of fixing it immediately. These researchers have enormous respect for those at the UN who handled this matter.

Also, Sakura Samurai made sure NOT to disclose anything until the problem was patched, in order to sustain and support the UN’s compliance with GDPR regulations.

This is a good example of how vulnerability disclosure policies work, and the value of working closely with independent researchers, i.e., hackers.

Read Less

December 17, 2020

EU’s Digital Services Act And Digital Markets Act – Experts’ Perspectives

I applaud the EU for taking these big steps.

The EU is showing leadership here in recognizing that we need to collectively retrace our steps because mega tech companies have become something akin to sovereign nations and it is impacting our privacy and security. They have substantial income and hold a huge percentage of the world’s information on consumers, and because of their behaviors, countries must now step in to protect their citizens. We don’t fully know what they have or where it’s being sold. We see trends where mega-tech companies glean intel from their competitors in unprecedented ways and then create products to undercut them, stifling innovation. I applaud the EU for taking these big steps, such as enabling consumers to uninstall apps, as just one example. The ban on mixing data and the move to enable businesses to free access their own data are two more. And just as NZ did, the EU is starting to lay meaningful legal boundaries for what constitutes privacy violation and put into place significant penalties and structural remedies. These big companies are gatekeepers suppressing smaller companies rather than allowing natural market competition. Maybe, just maybe, we’re approaching a meaningful point of reining in the unbridled power they’ve seized when they seized consumer data. Read Less

December 14, 2020

Spotify Pushes Pw. Reset After Leak – Gurucul, Point3 And YouAttest Perspectives

Breaches happen and loyal customers know this.

Spotify is saying that only a small percentage of customers are affected, but their customer base is so vast that this could mean a thousand or a million people are affected. Breaches happen and loyal customers know this, but they expect transparency in order to preserve trust. The natural instinct is for an organization to withhold information after a breach, but there’s such a substantial gap between the time of exposure, April 9, and the date of discovery, Nov. 12, that real transparency.....Read More

December 08, 2020

Randstad Attack – Expert Insights

The only way to avoid ransomware on backup systems is to have a plan in place, revisit it regularly, and back up very often.

As far as we know, Randstad never received a ransom note related to this attack, which is interesting. Since what makes ransomware so effective is if the attackers can slow down or shut down operations, they can then demand a ransom. In this case, though, from what we have learned, their operations weren’t slowed down, and companies typically pay ransom when they are. And kudos to Randstad for that – they did a good job at making sure that if they WERE ever compromised, that their data would be safe in other areas. We refer to the 3-2-1 approach: three copies of data stored across two mediums and one cloud storage provider, so you can recover from any of those three locations. The only way to avoid ransomware on backup systems is to have a plan in place, revisit it regularly, and back up very often. And there’s a good chance this is the exact kind of plan Randstad had in place. It’s important to note, though, that this HAD to have come from a phishing email, which means someone DID click on a link. This is yet another reminder to ensure your entire organization is always aware. Every single employee needs to understand how important they are in this chain of security. Every single person has the potential to be compromised, which could open up the entire organization. Just one person! Making sure everyone understands the potential effects of clicking on a link without confirming it first is so very important. Look at the details of the sender, make sure you’re fully awake, make sure you’ve had your caffeine, be on your toes at all times. Also, it’s good to see that they didn’t use the term “hacker” when referring to the Egregor attackers, recognizing the difference between those threat actors and the hacker community, which discovers and generally attempts to disclose vulnerabilities before an attacker can exploit them. Read Less

December 03, 2020

Philly Food Bank Hit With $1m Cyber Attack

It's time for cybersecurity professionals to step up and volunteer their expertise as advisors and helpers for our local food banks.

In the last week alone, some 5.6 million households in the US struggled for food. Local food banks are struggling to get food and find the resources to feed those in need in this surreal year, and are also working hard to find volunteers in a time where the need for them has skyrocketed and human contact equates with potential safety risks. Some statistics are saying that the 54 million families now facing food insecurity may well include 1 out of every 4 children in the US. Of the people receiving help from this organization, it’s estimated that 30% are children, and 16% are seniors. Those numbers may include veterans, single parents, disabled and working-class families who are experiencing unprecedented stress. This attack is inexcusable and might serve as a call to action for those of us in the cybersecurity community. It's time for cybersecurity professionals to step up and volunteer their expertise as advisors and helpers for our local food banks. It’s up to us at the grassroots level, because right now, there’s no one else who is doing it. From system analysis to BEC and anti-phishing advice, we can contribute to society in an incredibly meaningful way. If experts can donate their time pro bono, it will help us all. For those cybersecurity professionals who may not feel highly skilled enough to help in that way, they can share thoughts online (provided of course that they NOT reference the name of any food bank whose defenses they suspect may not be up to par – there’s no need to put other food banks at risk). Read Less

December 02, 2020

DarkIRC Bot Hits Oracle WebLogic vuln, Steals Bitcoin, Hijacks Browsers – Experts Perspective

It’s important that security team members have input into patch prioritization.

The fix for this vulnerability was issued two months ago and updated last month. We don’t know if the persons who started advertising this in Aug 2020 used it at some point, but it’s certainly possible. This is why updating and patching is so important, and why reliance on vulnerability scanners alone is a poor strategy. It’s important that security team members have input into patch prioritization, and that organizations look seriously at exactly how their patch priorities are set. Are they the head of IT or security? By team decision? The real question here is: why doesn't something get patched right away? What are the reasons for an outstanding vulnerability to linger? It’s discouraging that recently CISA needed to issue a warning asking companies to implement patches that in some cases had been available for over a year. Also, it’s good to see that more researchers are careful to use the term “attacker” for those who launch or enable attacks, recognizing the difference between those threat actors and the hacker community, which discovers and generally attempts to disclose vulnerabilities before an attacker can exploit them. Kudos there! Read Less