Security Spotlight: iPhones Susceptible to a Hack via Text

By Juan Lugo, Product Marketing Manager at Bitglass

Here are the top stories of recent weeks:  

Newspaper Icon with News Title - Red Arrow on a Grey Background. Mass Media Concept.
  • iPhones Susceptible to a Hack via Text
  • Democratic Senate campaign group exposed emails of 6.2 million Americans
  • State Farm says Hackers Successfully Conducted a Credentials Stuffing Attack
  • 96 Million Stream Gamers Susceptible to Breach
  • Bluetooth Security Vulnerability Exposes Millions Of Devices

iPhones Susceptible to a Hack via Text

Earlier this month, Natalie Silvanovich, a Google Project Zero researcher, presented multiple interaction-less bugs in Apple’s iOS iMessage client during the Black Hat security conference in Las Vegas. Silvanovich asserts that these bugs can be used to interact with a user’s device and exploit it. Although Apple has addressed the issue publically, the bugs have still not been patched. These bugs can be weaponized to infiltrate users’ data without having to click on a link or download a malicious file. There is a lot of focus on deploying cryptographic solutions to secure data but, it renders uselessly if there are bugs on the receiving end. 

Democratic Senate campaign group exposed emails of 6.2 million Americans

Similar to the recent Capital One breach, the DSCC (Democratic Senatorial Campaign Committee) stored sensitive data belonging to 6.2 million Americans which included their emails and political party affiliation. However, amongst the leaked data, 7,700 emails belonged to government officials and 3,400 belonging to active duty members. Even though the DSCC was able to recover and secure the leaked information reactively, far more damage could have been caused in the hands of a malicious entity. 

State Farm says Hackers Successfully Conducted a Credentials Stuffing Attack

A malicious character was able to mitigate State Farm’s security solution by implementing a credential stuffing attack. This yielded countless valid usernames and passwords for State Farm online accounts. Credential stuffing is a viable solution for hackers when usernames and passwords are made public via security breaches at other companies. This is a double-edged sword for organizations that choose to be transparent in the midst of a breach, and in turn, grant the public access to sensitive data. Hackers will then use this information and attempt to gain access to other platforms and services using the same credentials. It is estimated that 3.5 billion credential stuffing requests aimed at financial institutions have been made in the past 18 months.

96 Million Stream Gamers Susceptible to Breach

The results of a stress test on the Steam Client Service concluded that there were vulnerabilities within the platform that enable bad actors to deploy malware onto the network – potentially affecting 96 million users. A privilege escalation vulnerability allows an attacker with minimal authority to forcefully gain administrative access. This kind of vulnerability would open user devices to the risk of being taken over by an attacker who could then steal data, compromise passwords, and more. This is done by modifying the system registry to enable application executions. The user could then deploy a malicious app via the steam service. Game over! 

Bluetooth Security Vulnerability Exposes Millions Of Devices 

KNOB or Key Negotiation of Bluetooth is being coined the new gateway to your data via connection infiltration. IoT has been adopted by the masses, but how many users actually remember to update their devices firmware? Forgetting this seemingly trivial task can make your device susceptible to data breaches. Additionally, it enables attack vectors to interfere with the connection encryption process – stealing the encryption key and ultimately accessing the data moving between paired devices. The list of vulnerable tested Bluetooth chips included Apple, Intel, Broadcom, and Qualcomm.

Read more security spotlights by visiting Bitglass’s blog here

“Collection #1” Data Breach

By Paul Sullivan, Software Engineer, Bitglass

hacker in hoodie sitting in front of a laptop

News of the 773 million email data breach that Troy Hunt announced for Have I Been Pwned certainly got a lot of coverage a few months ago. Now that the dust has settled, let’s cut through some of the hype and see what this really means for enterprise security.

First, let’s clear some things up – the data itself is actually several years old, but it looks like the seller of the data has more recent material, as well. Also, this data did not come from a specific company, but was a composite of various sources that cybercriminals stitched together. It is unclear what these sources are, but some of them are likely to be breaches that have been widely known for some time. This is demonstrated by the fact that Have I Been Pwned has already seen about 82 percent of the compromised emails in previous breaches.

However, the above could also mean that individual emails have been breached multiple times across different services. Unfortunately, people commonly reuse passwords, which means if a cybercriminal gains access to one password or account, they can potentially gain access to various accounts on different websites.

This is important because this kind of data is used in credential stuffing attacks to automate trying to log in to various services with stolen data. Since passwords are often reused, criminals run all this data against other accounts (Spotify, Netflix, Amazon or other paid subscription accounts), hijack them, and resell them.

Unfortunately, this data is out there now and new breaches are happening all the time. Luckily there are ways both individuals and companies can mitigate the damage. For individuals, using a password manager to create strong unique passwords is definitely a good idea. For companies, password expiration is now arguably a bad idea, but IT teams can monitor services like HIBP and let employees know when to change passwords after a breach. Companies can also cut down on the number of passwords running around by using single sign on (SSO) for their cloud services, and by enabling multi-factor authentication to make it harder for credential stuffing attacks to work. A cloud access security broker (CASB) can also alert IT teams when a strange login occurs so they can take action to protect their data.  

For more information, download the Top CASB Use Cases.

The Many Benefits of a Cloud Access Security Broker

By Will Houcheime, Product Marketing Manager, Bitglass

server hallway leading to blue sky with clouds

Today, organizations are finding that storing and processing their data in the cloud brings countless benefits. However, without the right tools (such as cloud access security brokers (CASBs), they can put themselves at risk. Organizations’ IT departments understand how vital cybersecurity is, but must be equipped with modern tools in order to secure their data. CASBs protect against a wide range of security concerns that enterprises face when migrating to the cloud. Consequently, they have quickly increased in popularity and have become a one-stop-shop for countless enterprise security needs.   

BYOD, SaaS or IaaS

Depending on the industry in which an organization operates, it may need to focus on security for managed devices, or perhaps it might need more of a bring your own device (BYOD) solution. While major SaaS applications improve organizational productivity and flexibility, they can serve as entry points for malicious threats such as malware or be used to share sensitive data with unauthorized parties. In infrastructure-as-a-service platforms, even a simple misconfiguration can cause data leakage and jeopardize an organization’s wellbeing. Without a solution designed to address these modern security concerns, organizations can fall victim to these and other threats.

In recent years, cloud access security brokers have been used to prevent these types of unfortunate scenarios from happening to organizations. Whether it’s securing data on personal devices, limiting external sharing, stopping cloud malware, or other security needs, CASBs have been stepping in and protecting data whether it is in transit or at rest. In our latest white paper, Top CASB Use Cases, we go into detail about how organizations have used cloud access security brokers to embrace both the cloud and BYOD without compromising on security.

For information about how CASBs help secure data, download the Top CASB Use Cases.

Bitglass Security Spotlight: Breaches Expose Millions of Emails, Texts, and Call Logs

By Will Houcheime, Product Marketing Manager, Bitglass

red arrow with news icon

Here are the top cybersecurity stories of recent weeks: 

—773 million email accounts published on hacking forum
— Unprotected FBI data and Social Security numbers found online
— Millions of texts and call logs exposed on unlocked server
—South Korean Defense Ministry breached by hackers
—Ransomware forces City Hall of Del Rio to work offline

773 million email accounts published on hacking forum
Data breaches have been a significant topic for organizations in the past few years, but this latest data breach in particular, emphasizes the importance of proper cybersecurity. This monumental breach revealed 772,904,991 unique email addresses and over 21 million unique passwords. This immense volume of credentials was posted to a hacking forum just two weeks into the new year.

Unprotected FBI data and Social Security numbers found online
A cybersecurity researcher by the name of Greg Pollock found 3 terabytes of unprotected data from the Oklahoma Securities Commission. This included sensitive FBI data, including files whose creation dated back to 2012. Social Security numbers were also found, some of which were collected as far back as the1980s. The FBI has not confirmed or denied the data breach but, according to UpGuard, the cybersecurity firm investigating, this data breach is significant and affects the entire agency statewide.

Millions of texts and call logs exposed on unlocked server
Voipo, a California communications provider, left a database full of text messages and call logs completely exposed. A cybersecurity researcher found this unprotected server with 6 million text messages and 8 million call logs. The data also included documents with encryptedpasswords that would put the company at risk if accessed by a malicious user.

South Korea Defense Ministry breached by hackers
Data on weapons and munitions acquisitions were exposed when a South Korean government agency’s computer systems were breached. This data included military weapons such as concepts of fighter aircrafts. The attackers were able to hack into an unsecured server for a program that is present on all government computers. The South Korean National Intelligence Service investigated the data breach and, although they have disclosed the occurrence to the public, they have not announced whether or not they’ve discovered the identity of the hackers.

Ransomware forces City Hall of Del Rio to work offline
Del Rio City Hall servers were shut down after a ransomware attack. The Management Information Systems (MIS) department had no choice but to stop all devices from connecting to the internet to halt the spread of the malware. With no access to data online, employees of each department were then forced to use pen and paper for all of their daily operations. City Hall officials have reported the incident to the FBI but it is still unclear whether or not data has been compromised or who was behind the attack.

To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from ransomware, data leakage, misconfigurations, and more, download the Definitive Guide to CASBs

Data Breaches on the Rise in Financial Services

By Jacob Serpa, Product Marketing Manager, Bitglass

Financial World: Breach Kingdom report coverFinancial services organizations are a prime target for hackers looking to steal and sell valuable data. This is because these firms handle sensitive information known as PII, personally identifiable information, as well as other financial data. In Financial World: Breach Kingdom, Bitglass’ latest financial breach report, the Next-Gen CASB reveals information about the state of security for financial services in 2018. Read on to learn more.

The rise of financial services breaches

2018 has seen the number of financial services breaches reach new heights. This is likely due to a large number of reasons. For example, some organizations may have an overreliance upon existing cybersecurity infrastructure and find it difficult to justify additional expenses in light of their existing sunk costs in security. Other firms may simply overestimate what traditional endpoint and premises-based tools can do to protect data from evolving threats. Regardless, the fact remains that financial services firms were breached in 2018 nearly three times more than they were in Bitglass’ previous, 2016 report.

Malware leads the pack

In prior years, the causes of financial services breaches were fairly diverse. Lost or stolen devices and hacking each caused about 20 percent of breaches, while unintended disclosures and malicious insiders were responsible for 14 percent and 13 percent, respectively.

However, this year saw a massive shift in the balance of power. Nearly three quarters of all financial services breaches in 2018 were caused by malware or hacking. This seems consistent with headlines over the last year – ransomware, cloud cryptojacking, and highly specialized malware variants have dominated the news when it comes to breaches.

What to do?

In financial services, far more must be done to secure sensitive information. While it is imperative that the enterprise can protect data against any threat, it is now clear that defending against malware deserves special attention. This is particularly true in light of the rise of cloud and BYOD. More devices and applications are storing and processing data than ever before, creating more opportunities for malware to infect the enterprise. Fortunately, there are appropriate solutions available.

To learn more about the state of cybersecurity in financial services, download Financial World: Breach Kingdom.

Pwned Passwords – Have Your Credentials Been Stolen?

By Paul Sullivan, Software Engineer, Bitglass

hacker in a hoodie with credit cards, computer screenData breaches now seem to be a daily occurrence. In recent months, Have I Been Pwned (HIBP) introduced  Pwned Passwords, which allows you to securely check your password against a database of breach data. There are over 280 breaches in the database, and that’s only the tip of the iceberg. Breaches aren’t just a problem for the users who lose their data, but for the companies responsible for it.   

So how does all this data get breached?

Surely, it was some sinister character in a hoodie with extensive knowledge of computers, right? As it turns out, many of the data breaches came from misconfigured databases and Amazon S3 buckets that were left wide open for anyone who knows where to look. S3 is easy to use, which is great for security-conscious developers. However, it also makes it easy for someone who doesn’t understand security to toss some data into the cloud (so that it’s publicly viewable) and forget about it. As noted by Troy Hunt, the security researcher who runs HIBP, one company was breached because it stored personal data from IoT devices in MongoDB and Amazon S3 buckets with no credentials. It’s not just small, unorganized companies that make these mistakes either. Big corporations are losing track of their configurations, too.

Proper training is a good way to help with these problems, but it’s not always enough. Fortunately, a cloud access security broker (CASB) can help keep S3 and other cloud data secure by encrypting the data at rest. That way, even if data can be accessed by unauthorized parties, it is still unreadable and protected. A CASB can also provide auditing and analytics tools to help detect suspicious activity so that data breaches can be detected early as well as prevented from happening in the first place.

Majority of Australian Data Breaches Caused by Human Error

By Rich Campagna, Chief Marketing Officer, Bitglass

world mapIt wasn’t long ago that the first breach under the Office of the Australian Information Commissioner’s (OAIC) Privacy Amendment Bill was made public. Now, OAIC is back with their first Quarterly Statistics Report of Notifiable Data Breaches. While the report doesn’t offer much in the way of detail, it does highlight a couple of interesting trends.

The statistic that jumps out most is that of the 63 reported breaches in this first (partial) quarter, the majority (51%) were the result of “human error.” According to OAIC, “human error may include inadvertent disclosures, such as by sending a document containing personal information to the incorrect recipient.” Sounds like too few Australian organizations are controlling things like external sharing, even though sharing (and many other potentially risky activities) can be controlled quite easily with a Cloud Access Security Broker (CASB).

human error leading cause of breaches

The report also breaks down number of breaches by industry. Health service provides had the misfortune of leading the charge in this initial quarter, representing nearly a quarter of breaches. Healthcare organizations have a particularly difficult task with data protection. On one hand, they have a very mobile workforce that requires immediate access to data, from anywhere and from any device. On the other hand, medical records are some of the most valuable sources of personal data, including not only medical history, but personal information, financial information, and more.

healthcare most breaches

Fortunately, this first quarter didn’t include any large, “mega-breaches,” as more than half involved the personal information of fewer than 10 individuals, and 73% involving fewer than 100 individuals.

most breaches small

It will be interesting to see whether schemes like this, and the upcoming GDPR, have an impact on overall data protection outcomes.