Dont Forget About Septembers Non Equifax Security Disasters

Don’t Forget About September’s Non-Equifax Security Disasters

Arraya Insights | October 6, 2017

October is National Cyber Security Awareness Month meaning that for one whole month issues such as security hygiene, data breaches, and defense strategies should take center stage. Although, after the September the business world just had, it might be hard to notice much of a difference. Even setting aside the near history-making cyber disaster that is still going on at Equifax – something Arraya’s resident security expert Tom Clerici has covered extensively – last month featured an astonishing number of high-profile incidents.

While there may be precious little awareness left to raise this October, that’s not going to stop us from trying. Let’s delve into the potential impact and the possible takeaways stemming from three recent (and non-Equifax-related) security catastrophes.

Hackers gain an edge on the stock market

Last month, the US Securities and Exchange Commission (SEC) announced one of its databases had been hacked way back in 2016. Attackers took advantage of a software vulnerability in the SEC’s filing system, known as EDGAR, to gain access to yet-to-be-disclosed corporate announcements. This data could have included corporate financial statements, merger news, etc. Or, to put it more plainly, attackers would have had access to exactly the kind of insider information needed to gain an illicit advantage while making trades on the market. This edge is something the SEC now believes the attackers took full advantage of.

The SEC stated that it immediately plugged the breach once it was discovered last year. However, in a report compiled and released earlier this year, the Department of Homeland Security still found five critical weaknesses on SEC computers. Even if these critical vulnerabilities had no connection to the EDGAR breach from 2016, it remains concerning to see so many weak points lingering – particularly so soon after such a painful attack.

Security incidents aren’t merely learning opportunities for everyone else. If there’s any semblance of an upside for the company affected, it should be the ability to use the breach as a learning experience and bolster their posture accordingly. At least on the surface, that doesn’t appear to have happened in this situation.

Security experts seem to fail Security 101

In the waning days of September, news broke that global consulting firm Deloitte had been victimized by cyber criminals. Attackers allegedly leveraged a weakness in Deloitte’s email security to gain access to client emails, user names, passwords, health information, etc. As per Deloitte’s official statement, only a tiny group – six total – of its clients had their data impacted, however some sources are questioning the accuracy of that assessment. These sources believe attackers were able to get their hands on far more data than indicated during the time in which they roamed freely in Deloitte’s network.

The optics on an incident like this are even worse than the average data breach. For one thing, Deloitte’s consulting business includes cyber security advisory work. Additionally, the way in which hackers allegedly gained entry to Deloitte’s system is not exactly flattering. The theory is the company failed to follow basic cyber security best practices, such as instituting multi factor authentication and securing large quantities of data with more than just a single password.

Too many companies – even those who are supposed to be experts – overlook the basic principles of security hygiene. These steps are often easy to execute and, more importantly, can make a big difference. Considering that fact, organizations failing to implement them seem to be making a bold (negative) statement about the value placed on their own reputation and the data they’re entrusted with from internal and external sources.

Attackers hide a backdoor in a seemingly harmless update

Roughly 700,000 users got far more than they bargained for in September when they downloaded the latest version of an application called CCleaner. It turns out the app – which is intended to help users clean junk files off their machines – had been compromised. Cyber criminals injected a malicious code into the update, giving themselves a backdoor into infected systems they could then use for further exploits.

Initially, it was believed the issue was caught before it made it to that second stage, however more recent indications are that at least 20 devices – and possibly more – were infected beyond the initial stage. The second stage of this attack seemed directed at mostly higher-profile targets, including Gmail, Microsoft and others.

It took a month for anyone to detect the compromise. In that time, the malware-laden version of CCleaner remained available to users. A month is far too much runway to afford cyber criminals. Cases such as this one are proof of the need for organizations to gain greater insight into the behavior of applications that are interacting with their network. Without this, hackers may have the ability to disappear into the shadows once they bypass a company’s exterior defenses.

Keep a closer eye on network activity

Timing is everything during a cyber security incident. The sooner an organization identifies malicious activity on its network, the sooner it can respond to and remediate the issue – and then report it to those affected. Delays can amplify the fallout from the incident in terms of actual damage and the negative public perception that follows.

There are many solutions offering organizations the insight they need to speed up response times. Some of these look for known negative behavior on the network. Others leverage machine learning to understand and catalogue the expected activity of applications. Beyond just the option for earlier warnings, many of these solutions can also orchestrate and automate efforts so that, if a malicious actor does breach a firewall, its window of opportunity won’t stay open for long.

Want to learn more about today’s top security trends and tactics? Have another question for our in-house cyber security team? Visit us at www.arrayasolutions.com/contact-us/ to strike up a conversation. Also, you can catch us on social media: LinkedIn, Twitter, and Facebook. Feel free to leave us comments on this or any of our blogs, or follow us to learn all about our upcoming IT learning experiences.