Singapore shipbuilder Sembcorp Marine has suffered a cyberattack that left information on employees and operations compromised, the firm announced Thursday.
Source: https://maritime-executive.com/article/sembmarine-reports-cyber-breach-affecting-information-on-personnel?utm_source=dlvr.it&utm_medium=twitter
Short story:
Home-grown fashion label Love, Bonito has been fined $24,000 over a 2019 data breach which saw personal information of more than 5,500 customers compromised. The root cause: The administrator account of a software used by Love, Bonito was compromised. It was used to manage its e-commerce website. An unknown third party accessed and obtained customers’ personal data via this gap.
Countermeasure: Try to apply Access control list to sensitive parts of your webapp. So that even if the admin account was compromised, it could not log in from just anywhere. It had to be accessed from within specific locations. Also enable multi factor authentication.
Source: https://www.straitstimes.com/tech/tech-news/love-bonito-fined-24000-over-data-breach-involving-over-5500-customers
The short story:
HOSPITALITY platform RedDoorz was found to have leaked the details of 5.9 million customer records in the largest data breach incident since Singapore’s Personal Data Protection Act came into force. The root cause was traced to the API key embedded in the mobile app that the developers used.
Even if ReDoorz had several pentests done. The mobile app was not screened. It however helped to reduce the overall fines levied on it.
Source: https://www.businesstimes.com.sg/garage/data-breach-at-reddoorz-hit-6m-customers-hospitality-platform-fined-s74000
Source: Cisco Breached by Ransomware Gang, 2.75GB Reportedly Stolen (webpronews.com)
Cisco confirmed the Yanluowang gang compromised the company’s network but said the bad actors only made off with non-sensitive data. The data was from an employee’s Box folder.
“Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that’s actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called “Follina” zero-day vulnerability in June. Two of the important vulnerabilities CVE-2022-35743 and CVE-2022-34713, are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers “more likely” to be exploited.” – SANS @RISK
In its 2022 Global Threat Report, CrowdStrike warned that cyberattacks are “moving beyond malware” and increasingly “living off the land,” or using legitimate credentials and built-in tools to access their victims’ networks. Of all the detections indexed by CrowdStrike Security Cloud in the fourth quarter of 2021, the report said, 62% of them were malware-free, “exploiting stolen user credentials and identity to bypass legacy security solutions.”
Source: https://thejournal.com/articles/2022/02/15/cybercrime-report-shows-2021-ransomware-data-leaks-doubled-in-education-sector.aspx
Stag Match Institute and EC Council to host a 2-hour Executive Discussion on cyber threats and what you can do about it. If you’re a decision maker in cyber-security initiatives, join us for the discussion. Seats are limited. Register now!
https://bit.ly/3BFORxW
#cybersecurity #cybersecurityawareness #stagmatchinstitute #eccouncil #cybersecuritytraining
Security breaches that are just waiting to happen here:
(there may be a need for better monitoring: https://bnshosting.net/pricing/network-monitoring-service/ )
BNShosting.Net is now a part of the Security and Protection Assessment by DICT in Recognizing Cybersecurity Assessment Providers.
DICT recognized Bitstop Network Services Inc. as a Cybersecurity Assessment Provider (ISMS) effective 3rd June 2022 and that Bitstop Network Services Inc., will now be included in the DICT-Recognized Cybersecurity Assessment Providers listed in the DICT website.
https://dict.gov.ph/recognition-scheme-cybersecurity-assessment-providers/
A DDoS attack is an attack that targets a website. It works by flooding the target website with bogus traffic. By doing this, the attackers are able to “flood” and disrupt the service. This makes it unavailable for legitimate users. The impact of such an attack can be significant. It can lead to prolonged downtime, lost revenue, and dissatisfied customers.
The most important step in dealing with DDoS is to be prepared. This is what you do BEFORE the attack is launched. Identify the potential targets: assets, including servers, applications, and services. Then, you need to determine what effect the outage will have on your customers and users. The cost of an outage is your justification for budgets to fund your countermeasures. Create an incident response playbook.
Preparation Step 1
Have you done capacity planning? How many concurrent visitors can your existing setup handle? Would it make sense to add more memory, CPUs, bandwidth and faster SSD to your storage? Have you optimized your current code so that more visitors can be served? Do you have SNMP monitoring and alerts? Did you enable firewall, web and event logging? It is also important to set up security policies to protect sensitive data. Are all your systems fully updated and patched?
Preparation Step 2
Have you hardened your defenses yet? Did you update your rules for Intrusion protection and detection systems? These are your first line of defense. The attacks that gets past your first line of defense can be stopped by a second line. This is your Web Application Firewall (WAF/modsec). The combination usually is enough to filter out a lot of unwanted traffic.
The key point is to filter out unwanted traffic. You need to create a filter that allows legitimate traffic and discards illegitimate traffic. But understand that it is still no defense against a flood of traffic that is 100X what the server is setup to handle.
Preparation Step 3
Notice that hackers concentrate their DDoS ‘firepower’ onto a target. You can force hackers to spread out their attacks by adding more webservers. You can use Content distribution Networks — CDNs Like CloudFlare, Google’s Project Shield, AWS Shield, Akamai to name but a few.
These CDNs not only provide more bandwidth but also diffuse the DDoS’ impact. The attacks are now spread across several locations. This is like the classic Colonel Blotto Game. It boils down to a matter of forcing your opponents to commit more resources. You do this by opening more ‘fronts’ in the battlefield. The CDN is one way to force the DDoS to attack multiple fronts — instead of just one.
Preparation Step 4
Have you considered a paradigm shift? An out of the box solution should consider the power of distributed web. Rather than a single source of web files, think of using a bit torrent like solution, where the web files sit on multitudes of PCs. The CDN killer app is Brave (browser) + IPFS.
You need to quickly identify the source of the problem. Your SNMP Monitoring can quickly zero in on the asset/s being attacked. You need to notify your customers as soon as you notice that they’re being attacked. It’s important that everyone is aware of the potential risk.
Your web and firewall log files come in handy to identify the assets that are impacted. You can use this data to see whether your customers are seeing a difference in service quality. Find out the Who, When, How of the attacks. And then respond accordingly.
Post Mortem
Hold a “Lessons Learned” after the attack and update your incident response playbook. How can your response teams react faster? Got more to add? Please share your thoughts.