Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.
Twitter hacked: worst cybersecurity disaster to hit a social media company
Several high-profile, verified Twitter accounts were hacked this week, as part of a coordinated social engineering attack to promote a bitcoin scam, reports ZDNet. Accounts included Bill Gates, Elon Musk, Barrack Obama, Joe Biden, Kim Kardashian, Apple, and Uber. Twitter responded with an investigation that revealed that a hack occurred to gain access to its backend and use internal tools to send out tweets on behalf of verified high-user-count profiles, writes a follow-up ZDNet article.
As CNN reports, this “could merely be the tip of a very large iceberg with vast security implications…the attack is a stark reminder, in the middle of a pivotal election year, about the power of social media…to destabilize America and the world.” The FBI is investigating and the Federal Trade Commission is likely to investigate.
Lawmakers say Twitter must do a better job to stop this from happening again, writes Sara Morrison in her Vox article. She quotes Oregon Sen. Ron Wyden, who expressed concern over the security of direct messages in the attack and said he felt let down by Twitter and its executives, especially as they promised him they would improve their security. In a statement, Wyden writes:
“In September of 2018, shortly before he testified before the Senate Intelligence Committee, I met privately with Twitter’s CEO Jack Dorsey. During that conversation, Mr. Dorsey told me the company was working on end-to-end encrypted direct messages. It has been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access. While it still isn’t clear if the hackers behind yesterday’s incident gained access to Twitter direct messages, this is a vulnerability that has lasted for far too long, and one that is not present in other, competing platforms. If hackers gained access to users’ DMs, this breach could have a breathtaking impact, for years to come.”
The New York Times reports that the problem was caused by a security flaw in Twitter’s service. “This demonstrates a real risk for the elections. Twitter has become the most important platform when it comes to discussion among political elites, and it has real vulnerabilities,” states Alex Stamos, director of the Stanford Internet Observatory and the former chief security officer at Facebook.
Cyberwar heating up
Iran. Hackers. Military. Google. All collide in the latest leak, unveiling a hack to the U.S. government. According to Forbes, IBM cyber intelligence researchers uncovered “a simple misconfiguration of a server that left the data wide open,” which led Iranian government hackers to breach Google accounts of U.S. State Department officials. Hackers were using a number of fake online personas to get access, according to the article. This is concerning because, as reporter Thomas Brewster states, the hackers could gain enough information to “help Iran map out military bases or even gain information about sensitive government operations.”
IBM senior cyber threat analyst, Allison Wikoff, warns “It was alarming just how quickly they were able to navigate through these different flavours of account…[this indicated] they’ve been doing this a really long time and they’re really good at it.” Case in point: this same hacker group had previously tried to break into the Gmail accounts of President Trump and his staff, according to the article.
“American and Iranian spies have been fighting a cold war from behind their keyboards for over a decade,” writes Brewster. “Since the death of Iranian general Qassem Soleimani in an American airstrike in January this covert cyberwar has heated up.”
COVID-19: increased risk of security threats
Cyberthreats and financial risks have increased in the first half of 2020. Not surprising, given newly remote workforces and budget issues. TechRepublic covers the research findings of the latest report from Exabeam, who surveyed 1,000 IT security professionals at small and midsized companies. Of those,
- 80% said they experienced slightly to considerably more cyberattack attempts in the first half of the year
- 70% of respondents in the U.S. said their companies deferred all security hiring from March through June
- 75% were impacted by furloughs of security team members
- 68% said that security staffers were laid off
“Companies are grappling with the security fallout from an unexpected shift to remote work, but it’s business as usual for cybercriminals and foreign adversaries with unprecedented opportunity. The rise in attempted cyberattacks while companies experience staff reductions is a harsh reminder of the security and financial challenges created by the pandemic,” said Steve Moore, chief security strategist at Exabeam.
Six steps to cybersecurity resilience
As COVID-19 continues to fuel so many changes in companies of all sizes in all industries, resilience has been a key word for success. “No business is too small to face a security crisis,” writes Jamie Zajac in StartupNation. To keep data safe in the new normal of a remote-working world, Zajac suggests these steps to build a solid cyber resilience strategy:
- Create a culture of cybersecurity through education. Education is the first stepping stone in any resilience plan. Your team has to know and understand the potential threats they could face from things like deceptive emails, attachments and web links. Cyberattack methods are becoming more sophisticated, so it’s important to educate your team members on what to watch out for and what kinds of malicious behaviors to avoid.
- Advanced threats require advanced Internet security and threat intelligence. Your security and IT teams should start by auditing your company’s current antivirus platform. Then, take it to the next level with endpoint security to protect all devices and applications used to access network data.
- Backup and disaster recovery. Know your data, including its value and what is most important. An audit should be the first step. Know what critical information your team members have, where it lives, and how it is organized and accessed.
- Keep the lights on: The 3-2-1 golden rule. To keep your startup’s data safe and accessible at all times, we recommend the following 3-2-1 golden rule:
- Keeping three copies of your data, one original file and two backups.
- Choosing two different storage types to mitigate the failure of one of them.
- Maintaining one copy of your data offsite.
- Test and adapt. Testing the procedures you’ve set in place is the best way to know if there are any issues, making sure your plan will function in the event of a potential disaster. As a best practice, test your procedures once every quarter or, at a minimum, once a year.
- Move beyond the pandemic into full cyber resilience. Many lessons learned during the pandemic will be applicable to other potential crises, from natural disasters to cyberattacks, and organizations need to be ready to face these attacks head on in order to keep the lights on.
Partner blog post of interest: Eclypsium: Screwed Drivers Open ATMs to Attack