“Out of these recent cyber crime events, which is the most concerning to you?”We asked this question recently in a poll on our LinkedIn page. In looking at the poll results, there is no wrong answer when it comes to the incident that is most concerning. Each of these incidents is concerning in its own way. Only you can evaluate the impact and threat to your business and organization. We reviewed these results with our Director of Cybersecurity, Leo Cuellar, here is his take and a greater explanation of the recent events.
Colonial Pipeline Ransomware – 63% of people found this incident concerning.*
Photo courtesy of abcnews.go.com.
Colonial Pipeline Chief Executive Joseph Blount told a U.S. Senate committee that the attack occurred using a legacy Virtual Private Network (VPN) system that did not have multifactor authentication in place. That means it could be accessed through a password without a second step such as a text message, a common security safeguard in more recent software.The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack.
Solarwinds Cyber Attack – 26% of people found this incident concerning.*
Photo courtesy of businessinsider.com.
We learned more about the sophisticated attack first disclosed on December 8th when security firm FireEye reported it had been the victim of a state-sponsored adversary that stole Red Team assessment tools.On December 13th, there was a new development when IT company SolarWinds announced it had been hacked and that its compromised software channel was used to push out malicious updates onto 18,000 of its Orion platform customers.This scenario, referred to as a supply-chain attack, is perhaps the most devious and difficult to detect as it relies on software that has already been trusted and that can be widely distributed at once. Among the victims who received the malicious update are FireEye, Microsoft , and the US Treasury and Commerce departments, making this one of the biggest cyber incidents we have witnessed in years.
JBS: Cyber Attack (Still Under Investigation) – only 4% of people found this incident concerning.*
Photo courtesy of wsj.com.
The world’s largest meat processing company has been targeted by a sophisticated cyber-attack.Computer networks at JBS were hacked, temporarily shutting down some operations in Australia, Canada, and the US, with thousands of workers affected.The company believes the ransomware attack originated from a criminal group likely based in Russia, the White House said.
RockYou2021 Data Breach – just 7% of people found this incident concerning.*
Personally, I view the RockYou2021 Data Breach as the most concerning in that it illustrates a tool available to malicious parties to attack across multiple industries, sectors, technologies, levels of sophistication, and functional use.
The JBS Cyber Attack, Solarwinds Cyber Hack, and Colonial Pipeline Ransomware are examples of case studies that can be examined and threat chain on applicability/threat to one’s own company and processes. While they are good lessons learned that occurred to other companies, or maybe not, they really are case studies.
I would not be surprised if RockYou2021 data was used in the other three Incidents. This Lexicon of user data/passwords can/has been used to target individuals, businesses, industries, and technologies. It is a multi-tool of potential attacks that target a fundamental authentication process that is problematic and convoluted to address. In some cases, legacy technology is locked to limited complexity and flexibility to implement a secure process. such as MFA and complex/lengthy passphrases. Additionally, human creativity and lack thereof, has helped develop this extensive collection of passwords that can no longer be considered unique or creative. There are only so many permeations of English words. It’s almost sad, how many times I’ve heard “but who’s ever going to guess that I used (insert password)”. It’s not that anyone is going to guess, as much as an individual really come up with a unique password that has been used over the years. And more importantly, that has not been exposed in some service’s data breach. In personal experience, I’ve had some creative passwords and Yes, used in services that had a data breach which is now in RockYou2021. For years now, I recommend using a password manager of some kind to create, allocate, and manage unique complex lengthy passwords per service and wherever possible enable MFA.
Given the scope and impact of exposed and vulnerable passwords, RockYou2021 is of most concern in my review of these cyber crimes.
As an experienced Information Security professional, Leo has focused on IT Security Operations, IT Governance, Secure Development, Compliance, Risk, and Privacy. His experience blends a diverse mix of small and Fortune 100 companies and a real-world understanding of the challenges and opportunities of PCI, SOX, PII, HIPAA, NIST, and International regulatory requirements. Leo provides strategic advice as well as practical expertise in information security, compliance, and risk management.