Verizon Breach

Following the news in the US that millions of Verizon customer records have been exposed in a security lapse. IT security experts commented below.

Jeff Nolan, CMO at SecureAuth:

 “With millions of exposed names, phone numbers and account PINs, the fallout from Verizon’s latest Amazon S3 leak will be felt for a long time to come. When an attacker has enough information about their target – gathered either through social engineering or from data breaches– they will contact the phone carrier and have the phone SIM card swapped to a new device. Once this is complete, all texts and phone calls will be sent to this device. Typically, the bad actor ports the number to some sort of virtual number, but there have been cases where the number is ported to a burner phone.

“This attack is a major wakeup call for organisations to move beyond two-factor authentication which is simply no longer enough to safeguard against today’s attacks. Between SIM card fraud, Signal System 7 (SS7) network intercepts, and NIST’s recent cautions of SMS-based 2FA, there is no question that organisations need to re-evaluate traditional authentication methods. Smart organisations are already moving to adaptive access control techniques, such as with phone number fraud prevention and identity based detection. This works invisibly to the user but protects, detects, and ultimately remediates attacks essentially rendering stolen credentials useless.”

Ermis Sfakiyanudis, Cybersecurity Expert and CEO at Trivalent:

“The Verizon data breach comes just days after the Hard Rock Hotels & Casinos and Loews Hotels breaches. Each of these highlight the critical need for better data protection within industries that utilize personally identifiable information (PII) data. In this case, the threat came from an insider at a third-party vendor Verizon relies on for back-office and call center operations. The insider logged Verizon customer data, including names, addresses, phone numbers and PIN codes via an Amazon Web Service S3 data store. Not only does this breach serve as an example of the dangers third party companies can pose to enterprise data that is not properly protected, it also opens up an important discussion around traditional encryption. With the consistent revelation of high profile breaches in 2017, encryption alone has proven it is no longer enough to protect sensitive information, especially against next level attackers. Every time a consumer engages with an organization, they are trusting that company to keep their data safe. The only way organizations can get ahead of data breaches is to address them as a likely probability—not an impossibility. Only then will enterprises be empowered with next generation protection that secures data at the file level, rendering it useless to unauthorized users—even if a breach occurs.”

Ryan Wilk, Vice President, Customer Satisfaction at NuData Security:

“This is the fourth exposure of sensitive user PII data on an unsecured server in less than a month. This mishandling of trusted data proves that just about anyone can obtain personally identifiable data to create fraudulent identities for account takeovers, opening lines of credit, or fraudulently buying products and services. Hackers use this information to form profiles of individuals that can be sold on the Dark Web and re-used across many sites at scale.

It’s important to note that these exposures are open vulnerabilities that almost anyone can access. It doesn’t take sophisticated hacking skills to access an unsecuredserver – fraudsters just need to know where to look. Companies that handle personal data need to up their game, not only by being vigilant about server security but also by incorporating the latest technologies to protect their consumer accounts. Advanced techniques like passive biometrics and behavioral analytics identify users by their personal behaviors, which can’t be mimicked by bad actors – even if these leaked but legitimate credentials are presented. The true value lies in the fact that even if consumer information is stolen, it worthless to anyone but the authentic user.”

Itsik Mantin, Director of Security Research at Imperva:

“The flourishing of ransomware is anything but surprising. In the recent years we’ve seen the ransomware economy going through industrialization, allowing attackers to build ransomware campaigns from building blocks they purchase or obtain in darknet forums, with the leading infection vector of 2017 being with no doubt EthernalBlue, which was used in several Ransomware campaigns like WannaCry.

However, with all due respect to the research, I believe the statistics are strongly biased towards noisy attacks and “deprives” other threats like data theft and recruitment of hijacked machines to variety of purposes including cryptomining and joining a botnet. The majority of the data theft attacks go undetected without the victim knowing he was attacked – a fact that holds for both insider and external data breaches. As opposed to data theft, ransomware is a noisy attack, noticed by the victim in 100% of the cases. Thus, even if from the victim’s perspective ransomware is the most prevalent attack, this victim may not know about the five hidden malwares crawling in his organization, collecting and exfiltrating stolen data, collecting credentials and taking over machines. Maybe a few hundred of his desktops might be mining cryptocurrencies for anonymous accounts, or waiting for command to join a DDoS attack on a joint target.”

Sam Elliott, Director of Security Product Management at Bomgar: 

“Ransomware attacks are a reality for many businesses, similar to what we saw in the City of Atlanta SamSam attack. However, there are steps organizations can take to protect themselves which includes adopting least privilege or zero trust security postures, implementing robust procedures for patching software and technologies against security vulnerabilities. Maintaining a regular patching routine closes potential holes in an organizations’ infrastructure, keeping attackers at bay. Infrastructure teams should also better segment their IT systems to prevent future malware from spreading laterally through connected networks, to prevent potential for extensive damage. Without any best practices in place, this trend can easily continue. And with continued success from ransomware attacks, cryptomining attacks could be on the rise too.

Oren Koriat, Information Security Specialist at Cynerio:

“Organized crime threat actors are leading in financial hacking for two apparent reasons, they’re only in it for the money, and they have extensive money siphoning operations that make financial hacking realistically beneficial.

We see two disturbing trends with ransomware attacks – one is they are clearly on the rise, and the more nuanced one is that they are not exclusive to user devices anymore and are increasingly infecting servers. This means they evolved to include advanced lateral movement behavior and now pose much greater risk to organizations.

Cryptominers will also continue to trend upwards and pose a new kind of threat to organizations since they’re much less conspicuous.

Mobile malware is appealing to news because everyone owns mobile devices and understands them to some degree, they also contain a lot of personal information that we consider very sensitive. On the flip side, this kind of information is valuable for espionage which happens on a micro scale and not on the scale of large ransomware campaigns for example.

Phishing needs to be handled in a way that sterilizes human error by applying the principle of least privileges on data access. Organizations that hold massive amounts of sensitive information should use solutions that make accessing and moving this data inherently non-trivial.”

Adrian Bisaz, VP of EMEA at CyberProof:

“This report confirms what we have been seeing across multiple markets and numerous industries. For example, we have seen the healthcare segment hit in recent months in the UK in particular with high profile headlines that not only cause damage to the organizations themselves, but also the thousands of patients that can’t get access to the healthcare services they needed. This also brings with it the anguish associated with the uncertainties that attacks of this form represents to the public.

Phishing sustains itself as the number one attack technique, and is so damaging as it is a gateway to whole spectrum of Computer Network Attacks (CNA), Computer Network Exfilteration (CNE), Leaving Logic Bombs, Backdoors, and other malicious activities.

Organizations that think they can build a robust security perimeter by simply meeting industry compliance guidelines are beginning to realize that they are under threat, and the specific nature of ransomware attacks can cause damage way beyond the financials. Organizations that don’t utilize a proactive and multi-layered cyber program,  that includes threat intelligence services, awareness programs and capabilities to respond immediately will face potentially devastating consequences of ransomware attacks, both short term interruption to normal business operations and in the long term brand and reputation damage that might result from media exposure that follows such attacks.”