At a glance.
- Data breach at NTT Communications.
- Artists' market Minted breached.
- Cisco servers exploited.
- Ransomware attack and data exposure at Michigan State University.
NTT Communications data breach.
NTT Communications, the Tokyo-based telecommunications service provider giant, has disclosed that one of its servers was breached. A relatively small number of customers is so far thought to be affected, a little more than six hundred. The attack began in a Singapore cloud server from where the attackers moved to an internal server, and then to an NTT Active Directory server, from which the data were taken. We received some observations on the breach from Timothy Chiu, Vice President of Marketing at K2 Cyber Security:
"NTT’s security breach is another indication that criminals are using more and more sophisticated hacks to get confidential data. Like other well-planned attacks, this one appears to have required knowledge of, and access to, multiple systems in order to access the final target.
"With this increased level of sophistication used by cyber criminals, organizations should be reminded that they need to have security on every system, including and especially the server where the organization’s assets are located. The latest NIST Framework SP 800-53 draft’s inclusion of RASP as a requirement is a great reminder that security is needed on the application server too."
Artists' market Minted breached.
In response to reports that Minted, a US-based marketplace for independent artists, has disclosed a data breach after a hacker sold a database containing 5 million user records on a dark web marketplace, a cybersecurity expert from KnowBe4 offers perspective.
James McQuiggan, Security Awareness Advocate, KnowBe4
"Criminal hacking groups are all about getting the most money for the records they steal or collect from various data breaches that organizations experience. By compiling all of these records, the criminal groups can reverse engineer the passwords to build up a database for credential stuffing. This type of attack is when users' accounts are a target to see if the user has the same password as the one site which was involved in the breach. This is an attempt to gain access and use the information towards phishing attacks or identity theft.
"End users will want to continue vigilance when it comes to spear phishing or targeted emails about their accounts. By sharing their password or some other sensitive information from the breach, a criminal's email will entice them to open attachments or click on links related to these attacks and thus compromise their systems further. People need to make sure they are using different passwords for various sites and accounts. In the unfortunate event of a data breach, they only need to change the one password versus now being susceptible to attacks on their accounts on different sites because they used the same password."
Cisco servers breached.
A vulnerability in Cisco's SaltStack framework is being exploited. The bug was fixed last month, but attackers are successfully going after unpatched instances. Jayant Shukla, CTO and co-founder of K2 Cyber Security, commented by email, "The Cisco breach is a good reminder that the first line of defense for any organization is to make sure that their infrastructure is up to date and patched with the latest software releases. It may sound obvious, but it's also critical to make sure they are patched correctly, as misconfiguration is another common reason an attack is successful."
Michigan State University data breach.
The criminal proprietors of NetWalker ransomware have also been active. They’ve hit Michigan State University and given the administration until next Thursday to pony up the ransom. If the university doesn’t come up with ransom--the amount of which isn’t yet publicly known--the extortionists will release the sensitive data they’ve stolen. To show that they’re in earnest, the gang has posted images of directories, a passport scan, and financial documents, BleepingComputer reports.
ZDNet notes that NetWalker has recently been used against the Australian logistics company Toll Group and the Austrian city of Weiz [VAITZ]. NetWalker is a ransomware-as-a-service operation that’s actively recruiting new affiliates.
We received email comments on the incident at Michigan State from SonicWall and Lucy Security. SonicWall's CEO Bill Conner wrote:
"News of the Michigan State University breach further exposes the deep vulnerabilities of American school systems. At this time, it’s imperative that academic institutions understand the implications of weak cybersecurity infrastructure and take critical steps to protect student and faculty endpoint devices, which they will continue to use on less secure, at-home networks for the foreseeable future.
"We must also consider the essential role U.S. colleges and universities play in supporting critical government and organizational research. MSU is home to various research centers, including the Institute for Cyber-Enabled Research (iCER). A breach on any one of these centers could irreparably disrupt work being done to develop a COVID-19 vaccine, assist the economic crisis, or protect U.S. government agencies and businesses from a nation-state campaign.
"Bottom line: If government entities are able to get DoD-level security from home, so too should the academic institutions fueling their research.
"This should be a wake-up call for academic institutions — they are just as vulnerable to major cyberattacks as large global corporations, if not more so. Faculty can fall victim to threat actors if they are careless or not practicing good security hygiene. Acting now to stop cyberattacks has never been more important in today’s new normal. There is a clear need for universities to ensure their organization is protected using cloud-based security services, secure email solutions and endpoint protection technology for employees, students and staff working remotely."
Colin Bastable, CEO of security awareness training company Lucy Security, noted that there's a strong component of regulatory risk to the incident. He had this to say:
“More and more, we see that ransomware is not a technology issue per se. This is about human behavior. Exerting pressure, exploiting human weaknesses. Applying psychology to gain advantage. We have learned how the FBI leaked the dossier story, to create news, establish momentum and pressure Trump. The hackers have learned how valuable that approach can be in aid of their extortion.
“When you are in a knife fight, bring a gun!” CISOs and their security teams keep turning up with penknives. Hackers are turn[ing] up with guns.
"Last week, we saw an attack on a law firm, in which the attackers took a page out of the media playbook, throwing Donald Trump into the mix to get maximum publicity, doubling the ransom demand and teasing out a few details. Now we see the attackers leaking and leading the news again, forcing the MSU attack onto the public forum. This increases the general fear of ransomware, at no cost to the hackers. Every university will now be checking their insurance for ransomware payments, which makes it more likely that ransoms can be paid in the future. We are not dealing with ethics here – it’s all about the money, with a side-helping of chaos.
"Incidentally, universities have HIPAA obligations, PCI obligations, PII obligations – so this could get messy.”