At a glance.
- SolarWinds: the holiday gift no one wanted to receive.
- Microsoft boosts Azure AD security.
- Saskatchewan government impacted in health data breach.
- Comment on the EXMO cryptocurrency exchange breach.
SolarWinds: the holiday gift no one wanted to receive.
In the wake of the massive SolarWinds cyberattack, My TechDecisions provides an overview of what we know so far about an incident many experts are calling the biggest data breach ever to hit the US. What makes the SolarWinds incident so unique is that the hackers, likely tied to Russia, took advantage of the IT community’s trust in security updates by essentially smuggling in the malicious code in an otherwise legitimate patch to SolarWinds’ Orion IT management program. According to Vince Crisler, former government cybersecurity expert and current CEO of security company Dark Cubed, “This is a supply chain attack where the hackers...were able to distribute malicious software and backdoors across the entire customer base and have them backed up by valid certifications.”
Nearly 18,000 of SolarWinds’ over 300,000 clients were using the compromised software, and more victims are being identified each day. Case in point: NewsOn6 reported Monday that the City of Tulsa and the University of Oklahoma confirmed they were SolarWinds clients. Though the IT department updated their SolarWinds servers to a non-compromised version weeks before the breach, they are ceasing use of the products just to be on the safe side. Tulsa cybersecurity professor Tyler Moore said Fortune 500 companies and government agencies are the entities that really have a target on their backs, and indeed, the hackers have chosen to focus on around fifty of SolarWinds’ most high profile clients. Among those targeted are the US Departments of Commerce, Treasury, State, Energy, and Homeland Security. As well, household names like Microsoft, FireEye, and Cisco—companies with countless clients all over the country—have acknowledged using the compromised software and are still assessing the extent of their exposure.
The US Cybersecurity and Infrastructure Agency has stated they have reason to believe other supply chain attacks could be on the horizon, and researchers are analyzing similar systems to determine whether future compromises are imminent.
Microsoft boosts Azure AD security.
On the heels of being identified as one of the victims of the SolarWinds attack, Microsoft is rolling out several new measures to ramp up security of their access management service Azure AD, reports Dark Reading. Azure AD’s compromise prevention system, which uses supervised machine learning, has been updated to provide more accurate risk assessment by decreasing false alarms. Microsoft has also released a business plan to help organizations implement zero-trust models, complete with planning tips and measures of success. Other improvements include new features to Microsoft Authenticator and new security-related APIs for Microsoft Graph.
Saskatchewan government impacted in health data breach.
A ransomware attack on insurance provider eHealth has compromised the data of the Saskatchewan Health Authority (SHA) and the Ministry of Health, reports Global News. Encrypted files were restored from backups, but the possibility that personal health information was compromised cannot be ruled out. The Office of the Saskatchewan Information and Privacy Commissioner has been notified and is investigating. As the attack was traced back to a malicious link in an employee email, SHA has committed to improving employee security training.
Comment on the EXMO cryptocurrency exchange breach.
We heard from Cerberus Sentinel and Clear Skies about the recent EXMO breach. Their observations extend to why alt-coin exchanges are particularly appealing targets of crime, and to some commonsense suggestions about how to use those exchanges.
Chris Clements, VP of Solutions Architecture at Cerberus Sentinel, wrote in an email, "Cryptocurrency exchanges are attractive targets for cybercriminals for many reasons. First, the nature of many cryptocurrencies make it much easier to move funds without interference from government and traditional financial institution oversight. This means that the attackers are much more likely to keep any stolen funds. Secondly, many of the businesses that have sprung up around the cryptocurrency boom have done so extremely hastily to cash in the excitement. However, this often means cutting corners around secure software development, auditing, and testing. Inevitably this leads to situations where organizations like exchanges that control appealing crypto assets lack critical security controls and monitoring that expose their users."
And Brad Mackenzie, CEO of Clear Skies, thinks you might not want to put all of your nestegg in one hot wallet: "A best practice is not to store and hold large amounts of funds in hot wallets on exchanges but rather transfer to either a cold hardware wallet (that has appropriate recovery codes set and stored securely) or to a standard bank account as the case may be on completion of the exchange transaction. This seeks to reduce personal exposure and loss in case of an exchange compromise."