Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Brand Breached: How data breaches erode brand value

    • Most brand custodians and consumers continue to think of cybersecurity as little more than a hygiene factor. It’s almost ironical that the presence of a robust cybersecurity system in itself is never reason enough for a customer to trust a brand, but the absence of it certainly drives them away.
    • A brand’s relative strength is impacted by a cybersecurity incident, most notably, in three ways:
      1. Presence - The degree to which a brand feels omnipresent to relevant audiences, is talked about positively, and is easily recalled when a customer has a need in the brand’s category.
      2. Affinity - The degree to which customers feel a positive connection with the brand, based on the functional and/or emotional benefits provided, and a sense of having shared values.
      3. Trust - The extent to which a brand is seen to deliver against the (high) expectations that customers have of it, is perceived to act with integrity and with customers’ interests in mind.
    | March 31, 2021
  • (hak-iq.us20.list-manage.com)
  • Whistleblower claims Ubiquiti Networks data breach was ‘catastrophic’

    • On January 11, the networking equipment and Internet of Things (IoT) devices provider began sending out emails to customers informing them of a recent security breach.
    • Several months later, however, a source who "participated" in the response to the security breach told security expert Brian Krebs that the incident was far worse than it seemed and could be described as "catastrophic."
    • In a letter penned to European regulators, the whistleblower wrote:
    • "It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers. The breach was massive, customer data was at risk, access to customers' devices deployed in corporations and homes around the world was at risk."
    • The source also told Krebs that in late December, Ubiquiti IT staff found a backdoor planted by the threat actors, which was removed in the first week of January. A second backdoor was also allegedly discovered, leading to employee credentials being rotated before the public was made aware of the breach. 
    • The cyberattackers contacted Ubiquiti and attempted to extort 50 Bitcoin (BTC) -- roughly $3 million -- in return for silence. However, the vendor did not engage with them.
    - Charlie Osborne | March 31, 2021
  • (hak-iq.us20.list-manage.com)
  • Up, Up, and Away – With Your IoT Data?

    • The flying IoT is essentially drones fully equipped with network connectivity capabilities and it marks a new frontier for smart devices—one that comes with a host of challenges. One key challenge for the flying IoT is security and it goes far beyond a consumer’s smart device unknowingly being used in a botnet distributed denial-of-service (DDoS) attack.
    • At the end of 2019, another group of researchers used a DJI drone to take over a smart TV.
    • According to OWASP, the top ten vulnerabilities in any IoT device, drones included, are:
    - Cheryl Ajluni | March 29, 2021
  • (hak-iq.us20.list-manage.com)
  • Hackers Tried To Backdoor Code Used by 80% of All Websites

    • Unknown attackers tried to compromise the source code of the PHP programming language in what would have been a dangerous supply chain hack.
    • PHP is used to program the servers behind almost 80 percent of websites on the internet, which means that this attack, if it had gone undetected, could have given the hackers the ability to take control of thousands of sites.
    • The hackers uploaded two pieces of malicious code as part of a commit to the PHP code base using the names of two core PHP developers, Rasmus Lerdorf and Nikita Popov, the developer who disclosed the breach. 
    • "We don't yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account)," Popov wrote. 
    • Popov also announced that the PHP project would now move to Github rather than use its own internal code repository.
    • The investigation into this breach "is still underway" and that developers are checking that the hackers didn't make any other malicious changes.
    - Lorenzo Franceschi-Bicchierai | March 29, 2021
  • (hak-iq.us20.list-manage.com)
  • Stolen credit card forum hacked and user details published online

    • A major forum that deals with stolen credit cards has been hacked and the details of almost 300,000 users stolen and published online.
    • The forum, called Carding Mafia, operates on the regular internet and offers various forums discussing how to hack and steal credit cards, along with hacking tools, stolen credit numbers, bank account details and PayPal accounts.
    • The stolen data was being advertised for free on another hacking forum Jan. 27, suggesting that the theft of user data dates back at least several months. Along with offering the details of 290,000 users, the ad also offers 660,000 posts and 130,000 threads in a database totaling 990 gigabytes.
    • This is not the first time a hacking forum has itself been hacked. Stolen credentials forum OGUsers was hacked in May 2019 and then again in December, with user data stolen.
    - Duncan Riley | March 29, 2021
  • (hak-iq.us20.list-manage.com)
  • Multiple cyber threats lurking compromised systems: Microsoft

    • The key vulnerabilities in the Microsoft business email servers have left cyber security experts flummoxed as this free-for-all attack opportunity is now being exploited by vast numbers of criminal gangs, state-backed threat actors and opportunistic "script kiddies."
    • Although many on-premises Microsoft Exchange servers have been patched, New investigation has found that multiple threats are still lurking on already-compromised systems.
    • According to Microsoft 365 Defender Threat Intelligence Team, many of the compromised systems have not yet received a secondary action, "such as human-operated ransomware  attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions".
    • Microsoft said that it is important to note that with "some post-compromise techniques, attackers may gain highly privileged persistent access, but many of the impactful subsequent attacker activities can be mitigated by practicing the principle of least privilege and mitigating lateral movement".
    | March 28, 2021
  • (hak-iq.us20.list-manage.com)
  • 'ABSOLUTE DISGRACE' Pet owners brand Petlog a ‘shambles’ following database chaos

    • MILLIONS of pet owners need to create new microchip accounts after a database 'upgrade' caused havoc at Petlog.
    • The database company has been branded an "absolute disgrace" as furious users logged in to find that their beloved pets have vanished.
    • The firm, which is used by over 13.8million pet owners, says that all pet details have been "safely migrated" to the new system, but hundreds of people have commented on Facebook that their pets have disappeared.
    • As well as the issues with pets vanishing from accounts, several users have also reported that their login details are no longer working, meaning they can't get into their accounts in the first place.
    • Petlog says that customers whose pets aren’t displaying on their online account should fill in the ‘can’t see my pet’ form.
    - Sara Benwell | March 28, 2021
  • (hak-iq.us20.list-manage.com)
  • A Ransomware Gang Is Asking Victims’ Customers To Aid In Extortion Efforts

    • Like most of its criminal competition, Ransomware gang Clop steals data from its victims and uses that data to apply pressure. Pay up or we’ll start leaking your sensitive information, they threaten.
    • Clop has claimed a breach involving a major maternity clothing retailer. The hackers used the data stolen in the attack to contact customers and urge them to make the company pay.
    • Emails sent to the store’s customers look a bit like a breach notification. They are, in a way, but they don’t provide some critical information.
    • The note mentions that the recipient’s personal data was stolen and that it will soon be leaked on a Dark Web site. “Call or write this store and ask to protect your privacy!” the note urges.
    • If you’re unlucky enough to receive an email like this urging you to act, take a beat. Ask yourself: do you really want to be an accessory to a cyber extortion?
    - Lee Mathews | March 28, 2021
  • (hak-iq.us20.list-manage.com)
  • Was it a Breach or Credential Stuffing? The Difference Matters

    • Breaches are expensive and time consuming. They usually spark a mad dash to shore up cybersecurity defenses, implement new security and access policies, and lock down sensitive data. And then there is the damage to the company’s brand and the trust of their customers.
    • But what if it wasn’t actually a breach? According to headlines, Zoom and Nintendo both suffered major breaches in 2020. In reality, they were never breached. Their customers were the victims of credential stuffing attacks.
    • A breach exploits the company’s failure to protect its data. A credential stuffing attack is the result of consumers’ failure to protect themselves.
    • Both breaches and credential stuffing attacks will continue to happen, and it’s important for victims – both the companies and their end users – to recognize the difference so they can respond appropriately.
    • Consumers have a role to play to protect themselves: Stop reusing passwords across multiple accounts. Millions of people do this, and it is a cyber-criminal’s dream come true. All a bad actor has to do is get your credentials from one account with weak security to have access to everything else.
    - Olivia Fryt | March 25, 2021
  • (hak-iq.us20.list-manage.com)
  • FatFace tells customers to keep its data breach ‘strictly private’

    • The company sent an email to customers this week disclosing that it first detected a breach on January 17. A hacker made off with customers’ name, email and postal address, and the last four digits of their credit card. “Full payment card information was not compromised,” the notice reiterated.
    • But despite going out to thousands of customers, the email said to “keep this email and the information included within it strictly private and confidential."
    • Under the U.K. data protection laws, a company must disclose a data breach within 72 hours of becoming aware of an incident, but there are no legal requirements on the customer to keep the information confidential.
    - Zack Whittaker | March 25, 2021
  • (hak-iq.us20.list-manage.com)