At a glance.
- Data breach at Bed Bath & Beyond.
- Israeli political party data left exposed on the web.
- Data sells like candy on the digital black market.
- Comment on media company cyber incidents.
Data breach at Bed Bath & Beyond.
For many, a visit to home goods retailer Bed Bath & Beyond’s shower curtain department already inspires visions of Psycho’s infamous bathroom scene, but now shoppers could have a new reason for fear. Reuters reports that the alliteratively-named big-box store has disclosed it’s investigating a potential data breach. The linens seller says a third party, equipped with info acquired through a phishing scam, was able to gain unauthorized access to a company hard drive and several employee shared drives. The potentially exposed data are being reviewed to determine whether any sensitive information was compromised.
Israeli political party data left exposed on the web.
The Jerusalem Post reports that the election management system of Israel’s Shas Party has possibly suffered a security breach, exposing sensitive voter data. News of the incident was leaked on the CyberCyber podcast by an anonymous source who said he’d discovered the issue via an online automated scanning tool. Later verified by software architect Ran Bar-Zik, the breach was the result of four-year-old vulnerability in a PHP-based system debugging tool. The bug has now been patched, but it’s unclear whether it was exploited before the system was secured. The compromised data includes detailed personal data on potentially millions of Israeli voters, including family info, phone numbers, and even bank account details. The Ministry of the Interior supplies Shas and all political parties with the voter register before each election, requiring the party to destroy the information once it is used, but it appears Shas failed to delete the data after each election round. A Shas spokesperson stated, "The Shas party has operated a professional and reliable election software for many years, like all the other parties in Israel, and maintains a legally registered database. All information held by Shas is legally collected by it and held and preserved in accordance with the law, accompanied by the best cybersecurity experts in Israel.”
Data sells like candy on the digital black market.
A slew of recent high-profile data breaches in Australia has led to citizens’ personal data popping up for sale on the dark web, and the Guardian takes a closer look at these underground marketplaces. Dean Williams, systems engineer at NortonLifeLock, explains that a hacker looking for data has many avenues at his fingertips. “You can often find verified data breach stores where you can search by the organisation name and have access to the entire list right down to buyer-seller platforms where you can buy different levels of [personal information] at different quantities,” Williams states. And with larger underground forums that offer cybercrime products as a service, even relative newbs can easily access the tools to pull off more sophisticated attacks. “It means that people can enter into the world of cybercrime without having traditional cyber skills because you are just ‘buying bad’, or renting,” explains Katherine Mansted, director of cyber intelligence at CyberCX. While police are able to locate and shut down these underground forums, much like zombies that just won’t die, they’re often resurrected in the same format under a new URL. As Emsisoft threat analyst Brett Callow summarizes, “Unfortunately, there’s so much money to be made from cybercrime that there will always be people who are willing to step up to fill gaps in the ecosystem.”
Comment on the Thomson Reuters data incident.
Observing the breach at Thomson Reuters (described here, by the Record) and the insider incident at the New York Post (described here by Variety), Dan Vasile, BlueVoyant vice president of strategic development and former vice president of information security at Paramount, shared some thoughts on the distinctive challenges media organizations face with respect to data security.
“The recently reported cybersecurity issues with Thomson Reuters and the New York Post spotlight the media industry’s cybersecurity challenges. The media industry can be targeted for the vast amount of data it holds. In the case of Thomson Reuters, it is reported that sensitive client data could have been leaked. While the company immediately fixed the issues, the incident highlights how easily malicious actors could take advantage of any cybersecurity weakness.
"In the case of The New York Post, one of the largest newspapers in New York, it is reported that access to its content management system and social media accounts was abused by an insider to post offensive articles and tweets. This highlights another reason the media can be targeted — for the eyeballs it receives. This is similar to the incident with Fast Company a few weeks ago, when it was targeted to send obscene messages to Apple News users.
Companies regardless of industry must now also be aware of digital supply chain defense. They may find themselves targeted for their access to one of their clients or vice-"versa. Generally speaking, large media organizations have structured cyber security programs in place. However, the sector has been evolving over the years, expanding content production and distribution by both traditional and new means, adopting new technologies, and that has created a more distributed and fragmented third-party ecosystem. In addition, as companies’ internal networks become more well-defended, often a member of their digital supply chain, like a vendor or supplier, is the weak link.
"Our own recent research on the media industry found security weaknesses and vulnerabilities across a number of vendors that support the media industry, suggesting that, as an industry, media faces significant cybersecurity challenges. The media third-party ecosystem is a complex one, which makes it challenging for companies to securely produce, distribute, and manage content. From concept to camera and from camera to consumer, media companies are dependent on vendors, service providers, partners, and technologies. Exploitation of the identified weaknesses and vulnerabilities can lead to potential loss of content and operational disruption.
"It is important to note that media companies, like companies in all industries, should continuously monitor their vendors to quickly remediate any potential attacks. Enterprises should also patch their systems quickly and ask their vendors to do the same. The time it takes for cybercriminals to exploit known vulnerabilities is decreasing so enterprises must patch quicker.”