Blog Layout

2022 is shaping up to be an epic fight to protect data

Jan 15, 2022

From ransomware attacks to election misinformation to consumer scams, the cybersecurity industry will be in overdrive.

Security  threats will likely accelerate in 2022 as cybercriminals refine tried-but-true ransomware methods and look to exploit weaknesses in the software that knits together the internet. US elections will also present a tempting target for spreading misinformation.

The expectation of a ramp-up in hacks, attacks and data theft comes after a  massive jump in ransomware  – takeovers of computer systems that remain locked down until a ransom is paid – that spilled into consumers’ lives in 2021. Cyberattacks that shut down oil transporter  Colonial Pipeline  and meat packer  JBS USA  contributed to temporary gas price increases and meat shortages in parts of the US.

 

The December discovery of the Log4j bug, a  critical flaw in logging software  that’s widely used around the internet, offered a glimpse of the vulnerability in the software supply chain, which had already taken a hit with  2020’s SolarWinds hack . Security experts say hackers are likely looking for ways to take advantage of Log4j and other weaknesses in the interconnected services we rely on.

The anticipated attacks come against the backdrop of a seemingly never-ending pandemic that creates additional weaknesses. With many people still working from home, attackers will seek to exploit remote connections to infiltrate corporate networks. Some scammers will also target everyday folks, who are spending more and more time in front of computer screens, in order to nab banking information, personal passwords and other data that can be used to compromise accounts.

Andrew Useckas, chief technology officer and co-founder of the cybersecurity firm ThreatX, says part of the problem is that companies don’t know the size of the problem, because so much information is on corporate networks.

“Many organizations simply don’t understand just how exposed they are,” Useckas said.

Many cybercrimes, both big and small, go unreported, making it difficult to track overall data. Still, experts say a handful of key metrics jumped last year, ringing alarms.

Notably, data breaches publicly reported in the first nine months of 2021 exceeded the total for all of 2020, according to the  Identity Theft Resource Center. Suspected ransomware payments reported by banks and other financial institutions  totaled $590 million  for the first six months of last year, according to an October  report  by the Department of the Treasury. The figure easily surpassed the $416 million in suspicious payments reported for all of 2020.

 

President Joe Biden’s administration  has taken steps  to curtail ransomware and other cyberattacks. The White House recently held a  global online counter-ransomware event  and promised sanctions against crypto exchanges and other financial institutions that facilitate ransomware.

In the wake of Log4j, the White House plans to hold a  gathering of software company executives  later this month to look for ways to boost software security.

Congressional elections in November could also result in new security priorities if the balance of power in the House and Senate change. The election will bring its own security risks, and experts warn that a flood of  misinformation  will swamp social media platforms as Nov. 8 nears.

Cyberattacks keep coming, but will the government take action?

Ransomware attacks that affect only corporate back office operations often escape public notice. But when hackers shut down companies that consumers rely on, everyone is aware.

The Treasury Department  said in September that it would start sanctioning cryptocurrency exchanges and other entities that launder ransomware payments. The idea behind the move: cracking down on shady activity surrounding crypto – the currency of choice for ransomware payments thanks to its largely untraceable nature – will discourage ransomware attackers.

Meanwhile, lawmakers in the US and other countries started crafting  legislation  that would require companies to disclose when a ransomware or other cyberattack has occurred. Many ransomware attacks go unreported, making it tough for law enforcement to keep track of how many attacks are happening, who’s being targeted and how much money is going to cybercriminals.

If the attacks and the demands continue to increase, politicians will need to push legislation in an attempt to show they’re combating the issue, said Tony Anscombe, chief security evangelist at the antivirus company ESET. That legislation might expand to include the prohibition of ransomware payments.

“This could then become a race around the world to enact legislation as cybercriminals will target those territories where paying is still permitted,” Anscombe said.

Worries about the software supply chain

A bug in Log4j, a widely used Java library that logs error messages in network applications, highlighted how reliant everything from government agencies to the consumer-focused internet of things is on freely used software that’s incorporated into a host of other software products.

The simple exploit, which allows attackers to take control of internet-connected devices running the affected software, is an example of vulnerabilities in the software supply chain. Often it can be unclear exactly what devices are running the software. Like cars, software relies on a supply chain. Engineers build software with premade parts that are often made up of smaller components.

Once a piece of software is finished, it can be tough to determine all of its individual parts and where they all came from.

Justin Cappos, an associate professor at New York University’s Tandon School of Engineering, says the current setup of the software supply chain isn’t transparent because so many products rely on open-source code. Even if you’re buying software from a major company, you don’t know what original code might have gone into it.

Cappos says the software industry would benefit if it disclosed the sources of the components it uses, sort of like food makers listing ingredients. “Software companies can contract out to a company, who then contracts out to another company,” Cappos said. “You don’t know where the source code is coming from.”

Experts also expect more hacks of the software supply chain in the coming year. Instead of exploiting existing flaws, cybercriminals could insert malicious code into commonly used software to infect corporate systems.

That happened two years ago, when hackers stealthily placed bad code into an  update of SolarWinds’ popular Orion IT software products . Corporate customers then incorporated those products into their own systems, giving cybercriminals access to their systems. Thousands of customers installed the tainted update, though SolarWinds says far fewer companies were actually hacked.

US officials say Russia was behind the attack. The Russian government has denied involvement.

“The fact that a nation-state actor went to these lengths to target [SolarWinds] is very concerning,” Cappos said. “I think, unfortunately, this is the start of a trend rather than a one-off incident.”

Scams get scarier, go mobile

COVID forever changed the way we work. Even in the highly unlikely event that the pandemic winds down this year, many people will keep working from home at least part of the time.

Cybercriminals will be working, too. They’ll be hunting for new ways to take advantage of the connections and devices that workers use to dial in remotely.

NYU’s Cappos says the cybersecurity industry will likely get a better handle on how to manage hybrid work situations, introducing new recommendations and products that boost security and make it easier for workers to connect.

Consumers will also need to up their security game, Clay says. Good methods of two-factor authentication, such as biometrics and push notifications, are going to be a must. Simpler verification methods, like codes sent as SMS messages, just can’t be trusted anymore.

That goes for  smartphones , too. Phishing, the practice of sending deceptive emails in order to get personal information, is going mobile. Similar attempts using SMS, known unimaginatively as smishing, and voice calls, which are called – you guessed it – vishing, will become more common this year as people move more of their online activity to mobile devices, Clay says. In addition, the use of scam QR codes, or quishing, is also on the rise.

“The attackers are going to continue their activities and they’re going to be targeting consumers,” Clay said. “People are going to need to secure their data.”

Security Lapse by Microsoft Employees Exposes Internal Passwords

26 Apr, 2024
In continuation of Microsoft’s series of data security incidents, employees accidentally exposed internal data to the public. The leak exposed an unprotected Azure storage server containing code, scripts, and configuration files. Microsoft has announced that it has fixed a security breach that exposed internal company credentials and files to the open internet. The breach was first discovered by security researchers from cybersecurity firm SOC Radar. According to their report, an internal error resulted in an Azure storage server without password protection being given public access. The exposed data was primarily related to Microsoft’s Bing search engine, including configuration files, code, and scripts that employees used to access a range of internal systems and databases. Consequently, bad actors could identify and access locations for Microsoft's internal data. So far, it has not been made clear how long the data has been exposed. Anuj Mudaliar Assistant Editor - Tech, SWZD opens a new window opens a new window Anuj Mudaliar is a content development professional with a keen interest in emerging technologies, particularly advances in AI. As a tech editor for Spiceworks, Anuj covers many topics, including cloud, cybersecurity, emerging tech innovation, AI, and hardware. When not at work, he spends his time outdoors - trekking, camping, and stargazing. He is also interested in cooking and experiencing cuisine from around the world.

AT&T experienced data breach that impacted 51 million customers (No one is immune)

26 Apr, 2024
AT&T is notifying 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. However, the company has still not disclosed how the data was obtained. These notifications are related to the recent leak of a massive amount of AT&T customer data on the Breach hacking forums that was offered for sale for $1 million in 2021. When threat actor ShinyHunters first listed the AT&T data for sale in 2021, the company told BleepingComputer that the collection did not belong to them and that their systems had not been breached. Last month, when another threat actor known as 'MajorNelson' leaked the entire dataset on the hacking forum, AT&T once again told BleepingComputer that the data did not originate from them and their systems were not breached. After BleepingComputer confirmed that the data belonged to AT&T and DirectTV accounts, and TechCrunch reported AT&T passcodes were in the data dump, AT&T finally confirmed that the data belonged to them. While the leak contained information for more than 70 million people, AT&T is now saying that it impacted a total of 51,226,382 customers. "The [exposed] information varied by individual and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and AT&T passcode," reads the notification. "To the best of our knowledge, personal financial information and call history were not included. Based on our investigation to date, the data appears to be from June 2019 or earlier." BleepingComputer contacted AT&T as to why there is such a large difference in impacted customers and was told that some of the people had multiple accounts in the dataset. "We are sending a communication to each person whose sensitive personal information was included. Some people had more than one account in the dataset, and others did not have sensitive personal information," AT&T told BleepingComputer. The company has still not disclosed how the data was stolen and why it took them almost five years to confirm that it belonged to them and to alert customers. Furthermore, the company told the Maine Attorney General's Office that they first learned of the breach on March 26, 2024, yet BleepingComputer first contacted AT&T about it on March 17th and the information was for sale first in 2021. While it is likely too late, as the data has been privately circulating for years, AT&T is offering one year of identity theft protection and credit monitoring services through Experian, with instructions enclosed in the notices. The enrollment deadline was set to August 30, 2024, but exposed people should move much faster to protect themselves. Recipients are urged to stay vigilant, monitor their accounts and credit reports for suspicious activity, and treat unsolicited communications with elevated caution. For the admitted security lapse and the massive delay in verifying the data breach claims and informing affected customers accordingly, AT&T is facing multiple class-action lawsuits in the U.S. Considering that the data was stolen in 2021, cybercriminals have had ample opportunity to exploit the dataset and launch targeted attacks against exposed AT&T customers. However, the dataset has now been leaked to the broader cybercrime community, exponentially increasing the risk for former and current AT&T customers. Update 4/10/24: Added statement from AT&T about discrepancy in numbers. BILL TOULAS Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Home Depot Data Compromised Through Third-Party SaaS Misconfiguration

26 Apr, 2024
Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party SaaS vendor inadvertently exposing a subset of employee data. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. A Home Depot software vendor suffered a data breach leading to the compromise of an undisclosed number of employees. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party software vendor inadvertently exposing a subset of employee data. Reportedly, the breach was caused by a misconfigured software-as-a-service (SaaS) application.
More Posts
Share by: