In the Know - Cyber Security update - Week of July 9th 2017
Eric Brown 07/16/2017
3 Minutes

Girl Scouts gear girls up for cybersecurity jobs, WWE exposes a massive amount of data on its customers, AT&T transfers a phone number to attacker, bitcoin mines beneath datacenters, and a study shows that Thursday is the day that receives the highest number of malicious attachments.

iStock-518729653 (1).jpg
  1. Girl Scouts continues STEM focus with cybersecurity badges
    Beginning in 2018, 18 new merit badges focused on cybersecurity will be available for the 1.8 million Girl Scouts to earn.

    New research shows that women hold a small percentage of cyber security jobs globally and in North America.  The information security is understaffed and trends indicate the field will continue to grow for some time.

    With the litany of cyberspace threats, it’s all hands on deck.  Education is the most important factor in preventing attacks associated with social engineering human error.
  1. WWE Data Breach impacts 3 million fans, and exposes questionable data collection practices.
    WWE left two Amazon S3 (Simple Storage Service) Buckets open and publically accessible.   The first S3 Bucket contained data from 2014-2015 and included fan names, address, phone number, cable provider, email address, age, education, race, and children’s age/gender.

    The second S3 Bucket contained a large amount of 2016 customer data and billing details for hundreds of thousands of European customers

    Other marketing information was discovered in the S3 Buckets including social media tracking, Twitter Posts, and YouTube likes and shares.

    More details from the Kromtech security researchers:
  1. SMS Two Factor Authentication foiled by human error.
    Justin Williams describes how his PayPal account was compromised even though he followed best practices by using a password manager, unique complex passwords, and 2-factor authentication (where possible).

    An attacker compromised Justin’s account by persistently calling into the AT&T call center trying to access Justin’s account, but had been denied because the attacker didn’t know Justin’s passcode.  Eventually, one of the AT&T call center employees broke protocol and didn’t require a password.

    This lead to the attacker switch Justin’s phone number to a burner phone owned by the attacker.  From there the attacker reset the password on Justin’s Paypal account and transferred out money.  PayPal only requires an email address and phone number to accept the verification code.  Since PayPal only supports SMS-based authentication the attacker just needed to be able to receive SMS messages to Justin’s number which had been compromised by the AT&T breach in protocol.

    Could Justin have done anything differently?  Not really, PayPal doesn’t offer app-based 2 factor authentication and only relies on SMS 2 factor authentication.  The fault lies with the AT&T employee who broke protocol and made the account change without a passcode.  Jason’s account security, as are most of ours, was only as secure as the weakest link in the infosec chain.  And for the foreseeable future, the weakest link is us (humans).
  1. Bring your own server – bitcoin mining from below
    During a presentation at a conference last week, security firm Darktrace shared some insights from its findings over the years.  One story was from the Bitcoin mining heyday of 2014.  Darktrace has found some employees at corporate data centers hid servers under the data center false flooring to mine coins 24/7.  

    Casual Bitcoin mining is now a thing of the past, as vast arrays of dedicated computers are now needed to produce enough coin to pay for themselves and the resources they consume.  However, other nefarious cyber activities could be occurring from stowaway servers quietly sipping on power, and enjoying cool conditioned air.

  2. The highest volume day for Ransomware is Thursday
    A recent study by Proofpoint highlights a few interesting patterns about malicious URL’s patterns from data collected in 2016.
  • Half of the   87% of clicks on malicious URLs occur within 24 hours after they are delivered
    • Half of the clicks occur within an hour after the message arrived.
    • A quarter of clicks occur just 10 minutes after arrival.
  • There is a 38% global increase on Thursdays over the average weekday volume for malicious attachment messages.
  • Top 3 credential phishing lures designed to steal Apple ID were #1 in credential attacks sent, and Google Drive phishing links were the most clicked.
  • 6% is the average click rate on malicious URLs across all industries.

Related Posts

It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout.

Cole Goebel 26 March, 2024

Why Your Cybersecurity's Biggest Risk Likes Coffee Breaks: The Human Element

Discover how the human element can be the biggest threat to cybersecurity and how tools like…

Matt Kanaskie 16 January, 2024

Minnesota’s Whole of State Cyber Security Plan

The state of Minnesota has delivered, alongside some bitter cold, a new initiative aimed at helping…