Good day. As the FBI looks into the cyberattack on
Twitter
last week, corporate security chiefs say the hours and days after a major hack yield important evidence for investigators piecing together how the incident occurred and what the company must do next. WSJ Pro’s David Uberti and I talked to corporate security chiefs about the chaotic aftermath of an attack and provide an update about what’s known about the Twitter incident.
Other news: How routine data provided clues about Russian military moves; Russia’s U.K. ambassador denies Covid-19 hacking accusations; judge to hear credit union’s case against
Fiserv
over alleged software vulnerabilities; and FBI warns of spoofed airport websites.
Twitter Hack
The hours after a cyberattack can yield vital clues on hackers’ tactics. The immediate questions are, “How did they get in? And what did they do?” said Raj Badhwar, chief information security officer at Voya Financial Inc. “We obviously plug that hole and stop the bleeding.”
Twitter’s breach Wednesday blew up in public, with the verified accounts of influencers such as Barack Obama and Bill Gates urging users to send cash to cryptocurrency accounts.
Confusion can reign during such high-profile incidents. “If you’re a good attacker, you want to compromise an insider and look like an insider to try and cover your tracks as much as possible,” said Fredrick Lee, chief security officer for Gusto, a payroll and benefits platform.
Details of what happened to Twitter are emerging. The company said late Friday that “attackers targeted certain Twitter employees through a social engineering scheme”—trickery or coercion—got through two-factor security measures and accessed internal systems. Of 130 accounts targeted, the company said, hackers were able to reset passwords, login and tweet from 45 of them.
Read the full story.
Quotable
“We are continuing our investigation of this incident, working with law enforcement, and determining longer-term actions we should take to improve the security of our systems.”
— Twitter, in a blog post
More Cyber News
Academic project used marketing data to monitor Russian military sites. Commercially available location data is increasingly used for sensitive surveillance by researchers and government agencies, The Wall Street Journal reports. In 2019, academic researchers in Starkville, Miss., working with their graduate research assistants and undergraduate interns on the campus of Mississippi State University, used a commercially available software program to observe the cellphone signals coming from military sites across Eastern Europe.
Connecting dots: From the data, they could begin to make inferences: the Nyonoksa Missile Test Site in northern Russia, for instance, had the fewest devices present of any of the three sites they were monitoring, leading them to conclude either that it was more heavily restricted than the other three or that the recent radiation accident had forced an evacuation.
Upshot: The researchers’ experiment underscores how the global marketing industry’s practice of collecting and reselling reams of user data, often for marketing and advertising purposes, can be turned toward other ends. The data can be easily purchased and exploited by foreign and domestic national-security agencies, law-enforcement officials and others for surveillance and monitoring.
Russian ambassador denies Covid-19 hacking accusations. Andrei Kelin, Russia’s ambassador to the U.K., told a British news show that allegations last week from U.K. and U.S. officials that the country is pushing hackers to steal Covid-19 research makes “no sense,” the BBC reports. “In this world, to attribute any kind of computer hackers to any country, it is impossible,” he said. The officials blamed Russia for trying to steal intellectual property from governments, universities, private companies and others in several countries.
Credit union’s case against Fiserv over breach moves forward. Bessemer System Federal Credit Union’s 2019 lawsuit against Fiserv Inc., will continue in Pennsylvania court, CyberScoop reports. The judge in the case dismissed several of Bessemer’s allegations last week but agreed to hear arguments about two key claims: Whether Fiserv, which provides technology to small and regional banks, breached a contract with the credit union and violated trade-secrets law. Bessemer said Fiserv’s technology contains vulnerabilities that left credit-union members open to identity theft. A Fiserv spokeswoman told CyberScoop the allegations “have no merit.”
Beware fake airport websites and Wi-Fi, FBI warns. Hackers have created websites and Wi-Fi sign-on pages to mimic legitimate U.S. airport services to try to steal personal and financial data, KTSM reports. The spoofing schemes put personal and business information at risk, said Conal Whetten, cyber supervisory special agent at the Federal Bureau of Investigation.
%%
source https://jobsearchtips.net/cyber-daily-twitter-hack-aftermath-puzzling-out-russian-military-moves-through-cellphone-data-fake-airport-websites/
No comments:
Post a Comment