Happy Friday. There’s a lot going on in cybersecurity day to day—or even hour to hour—and it’s a Herculean challenge to try and stay current with emerging threats, trending cybersecurity news, and innovative new cybersecurity tools and technologies. We’re here to help with the launch of this new weekly roundup of cybersecurity news.
It is by no means comprehensive. It’s not possible to fit all of the news in one blog post—that’s called the internet. The goal isn’t to convey all of the cybersecurity news, but this weekly blog post will focus on some of the key events and stories from the past week and keep you informed as you head off for the weekend.
With that said, let’s kick things off.
Texas Ransomware Attacks
This news actually comes from the end of the previous week, but it’s still worth mentioning. 23 cities across Texas were targeted in a ransomware attack that is believed to be a coordinated attack from a single threat actor. The widespread attacks prompted Texas governor Greg Abbott to order a Level 2 Escalated Response and involve state level resources to help the small local governments recover.
What does that mean for everyone else? Ransomware attacks continue to be one of the biggest cybersecurity threats facing organizations, and in some cases—like the recent attacks across Texas—it seems that they are more organized. Common wisdom suggests that you should restore from your backups and never pay the ransom. Every business needs to ensure they have adequate disaster recovery and business continuity plans in place and that they are prepared to respond to breaches and ransomware outbreaks with minimal disruption to business.
According to Dan Pitman, Principal Security Architect at Alert Logic, “Organizations who do not have a good vulnerability patching schedule, endpoint protection and system monitoring in place open themselves up to a variety of attacks from multiple attack vectors, in today’s threat landscape defense in breadth is more important than defense in depth.”
Fraudulent Social Media Logins
A report released this week from Arkose Labs revealed that 53% of all logins on social media sites are fraudulent and 25% of all new accounts are fake. Organizations that do business online should be aware that fraudsters have the tools to automate and scale online fraud attacks.
“We are entering an era where online identity, intent, business, metrics and content can all be faked, while the good user behavior can rapidly evolve,” explained Kevin Gosschalk, CEO and founder of Arkose Labs, in the report. “This can have serious security and financial repercussions for any business with an online presence, especially as they try to balance risk management with delivering exceptional customer experience.”
Jonny Milliken, Threat Research Manager for Alert Logic’s Active Intelligence team, stressed, “Social media is a huge industry and the anonymity it provides can make the lives of criminals and scammers much easier. Organized gangs make significant money from these gambits and it’s important to remain vigilant.”
Rhino Security Labs Container Attack Tool
Containers, and container platforms such as Docker and Kubernetes, have evolved to become part of mainstream application development, which makes container security a critical concern. To help organizations test the security of their cloud container environments, Rhino Security Labs developed the Cloud Container Attack Tool (CCAT).
Milliken stated, “New attack tools and methods of exploiting systems appear across the internet every day. It’s important to monitor their existence and react quickly to those which can pose a real threat to your business. Cloud and containers are two massive technologies in rapid deployment across the world, and often with this rapid deployment security can be an afterthought. These types of tools are reminders that people are always looking to demonstrate new ways to exploit systems, and if you don’t understand them and shut the door then the wrong person may just walk right in.”
Alert Logic researchers are currently assessing the tool for inclusion in their processes.
Magecart Scourge Continues
Magecart has been making headlines for so long now that it would be easy to dismiss a headline as “old news”. Alas, Magecart attacks are still a very current threat. It was reported just this week that 80 global ecommerce sites—mostly luxury apparel and motorsports sites—were actively compromised by Magecart groups.
“Magecart is a well-established threat to users and infrastructure across the internet and has been for the last year—particularly for Content Management Systems,” said Milliken. “They are largely implicated in the reported explosion in formjacking attacks and validate one of the most important tenets of good security hygiene: monitor for security issues and patch them as soon as possible.”
Imperva Firewall Breach
We will end this week’s cybersecurity roundup with some cybersecurity news that has a bit of a silver lining. Imperva announced details of a security incident with their Cloud Web Application Firewall that resulted in data exposure. In a blog post, Imperva shared what they know, detailed the actions they have taken, and provided recommendations to help customers. The blog post from CEO Chris Hylen ends with a sincere statement of apology and a commitment to share what they learn from the investigation with the broader industry so it can be a learning experience for everyone.
It would be easy to kick Imperva while it’s down, so to speak, but it’s a truism in cybersecurity that it’s more a matter of when, not if, you will experience a breach. Rather than poke fun at Imperva for its misfortune, they deserve some praise for their response to this issue.
Milliken shared, “Imperva have shown here that when a breach is discovered they react quickly, with clarity and in an open and public way. Whilst any breach is incredibly unfortunate for the business and users affected, this should be seen as a good model for how to handle the aftermath in a professional way.”
That’s all for this week. For those in the United States, celebrate the end of summer responsibly and enjoy the extended Labor Day weekend. Feel free to share your feedback or ask questions in the comments below.
About the Author
*** This is a Security Bloggers Network syndicated blog from Alert Logic - Blogs Feed authored by Tony Bradley. Read the original post at: https://blog.alertlogic.com/this-week-in-cybersecurity-august-30/