(In) Secure digest: the science of information security, death cyberattack, and bank leaks

Printer rebellion

What happened:

Image for post

CyberNews journalists (aka cybersecurity experts) hacked 27,944 printers around the world and sent a quick information security guide to print. The prankers used the Internet of things search engines like Shodan and Censys to search for devices with open ports and an Internet connection. To print the documents, they wrote a special script.

Who is to blame:

The gamble was successful because the captured printers were not hidden from public access. For example, printers had default passwords, no firewall was enabled, wireless connections to the router were allowed, and so on. The authors of the experiment claim that the most vulnerable devices are in the United States, China, Hong Kong, Germany, and France.

Shoo, shoo, spammers

Image for post

What happened:

39 million records about US citizens featuring names, home and email addresses, phone numbers, and zip code were found in an open database on the Amazon Web Services server. The database belongs to the View Media marketing company, which provides digital services, in particular, organizes advertising newsletters. Besides email addresses shared access was provided to emails, advertising flyers, banners.

Who is to blame:

It’s just like we used to see it…the database owners neglected the privacy settings, so anyone could access it.

Eyes wide shut…d’oh!

What happened:

British construction company Amber Windows distinguished itself significantly. The organization (as it goes) inadvertently leaked information about 500 thousand customers. The database comprised of extremely sensitive personal information such as health and marital status.

Who is to blame:

The reason for the leak is trivial. They stored the database with no password. Both the media and the community of information security experts who indicated the vulnerability were outraged that the company did not notify the victims of the incident, did not report the leak to regulators, and flatly refused to give public comments on the topic. Although it is unlikely that the company will be able to elude the GDPR sanctions.

Deadly <but still cyber> attack

Image for post

What happened:

An urgent female patient died as a result of a hack on Düsseldorf University Hospital’s computer systems. The woman was sent to the nearby city of Wuppertal which is 32 km away. The time for rescue was lost, the patient died.

Who is to blame:

Attackers took advantage of a vulnerability in “widely used commercial software”. During the attack, the hospital’s servers broke down. As a result, the staff was forced to cancel all planned operations, and gravely affected urgent patients were sent to other hospitals. The media write that this is the first time in history when a cyber attack led to a fatality.

Yikes support

What happened:

Shopify, a Canadian developer of online shopping platforms collaborated with the FBI and other law enforcement agencies to investigate the leak after discovering unauthorized access to user data. It is assumed that the incident affected customers of 200 stores.

Who is to blame:

The company is confident that the leak was caused by unscrupulous insiders. It was two employees from the technical support department who tried to steal customers’ transaction data from sellers. Attackers could gain access to email addresses, names, residential addresses, as well as information about orders. Luckily, bank card details and other financial information were not highlighted.

Snowden successors

Image for post

What happened:

BuzzFeed News journalists published a high-profile investigation based on 2,100 reports from 2000–2017 that leaked from the US Treasury’s financial crimes unit (FinCEN). The investigation showcases multimillion-dollar money laundering schemes involving major banks (such as Bank of America, Deutsche Bank), well-known politicians, and businessmen.

Who is to blame:

The documents were passed to the media by a FinCEN employee. Information security experts communicate that this leak proves the inadequacy of internal threat protection in the public sector. At the same time, the breach casts a huge shadow on the reputation of organizations and individuals who were included in the reports. Humpf…public sector stores huge amounts of vulnerable information.

Cybersecurity tip of the month:

Learning from other people’s mistakes is a truism that almost no one follows. But in the fall, when new knowledge is absorbed best, it would be a great idea to conduct an information security education program for your employees. And then…check their understanding via SearchInform DLP.

Leading Analyst at https://searchinform.com/, I’m here to address those human factor risks many businesses often neglect or aren’t even aware of

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store