Friday Five: 3/6 Edition
National security professionals tightly monitor Super Tuesday voting, Coronavirus complicates security operations, and more - catch up on the week's news with the Friday Five.
1. Names, Birthdays, Email Addresses of Thousands Potentially Exposed in SFU Data Breach by Simon Little
Simon Fraser University, a public research university in British Columbia, reported on Monday that it had been the target of ransomware attack. The breach could potentially affect thousands of people, including faculty, staff, students, alumni and retirees who joined the University prior to June 20, 2019. The exact number of people affected is unclear but the school is asking all students and staff to change their university passwords immediately. The data that was leaked is said to contain phone numbers, names, birth dates, email addresses, mailing list memberships, course enrollments and encrypted passwords. SFU has directly notified people who have been affected and is working diligently to contain the situation and diminish the potential harm to staff and students. Security experts are applauding the university for its response to the breach, as it took immediate steps to address the situation and provided victims with a comprehensive email regarding the data that was affected and the next steps that should be taken. The university has also made it clear that staff are available to help those affected protect themselves and their data.
2. Super Tuesday Voting so Far Free of Cyber Security Meddling, U.S. Officials Say by Christopher Bing
National security professionals were on high alert on Tuesday when fourteen states held primary presidential nominating elections. U.S. intelligence is especially on edge this election period after it was concluded that Russia interfered in the 2016 U.S. presidential election. New measures to combat hacking and foreign propaganda activities were introduced by the U.S. government to protect the integrity of the voting process. Representatives from the Homeland Security Department, FBI, National Security Agency and U.S. Cyber Command gathered in Northern Virginia at the Cybersecurity Infrastructure Security Agency to monitor and stop any possible cyberattacks or foreign disinformation. State and local election officials spread across the country were also monitoring the situation, and in a joint statement on Monday, officials wrote, “The level of coordination and communication between the federal government and state, local and private sector partners is stronger than it’s ever been.” Vulnerabilities still exist even though the government has made improvements in the strength and security of their systems but the only sign of interference during Tuesday’s elections were reports of robocalls providing false information, such as incorrect voting times, to voters.
3. Sodinokibi Ransomware Posts Alleged Data of Kenneth Cole Fashion Giant by Sergiu Gatlan
The ransomware-as-a-service group Sodinokibi or REvil recently published download links to sensitive data said to have been stolen from Kenneth Cole Productions, an American fashion house. The group claims that the files contain over 70,000 financial and work documents, as well as 60,000 records of customers’ personal data. Researchers say the leaked data appears to be legitimate but Kenneth Cole has not publicly responded or sent a statement to those possibly affected. The ransomware group is threatening to publish the full data cache in a statement that reads, “Kenneth Cole Productions, you have to hurry. When time is up and there is no feedback from you, the entire cloud data will be published, including your customers' personal data." This isn’t the first time that Sodinokibi has publicly shared data from their victims. The group's actions mirror other ransomware groups that have threatened to publish data if the requested ransom amount is not paid. A new trend adopted by ransomware gangs that's even more alarming is collecting and stealing sensitive data before encrypting systems with ransomware and then leaking the stolen data in stages until the victims give in and pay the ransom.
4. 4 Ways the Coronavirus May Affect Cybersecurity Operations by Dan Kaplan
The latest coronavirus has made its way into almost every news headline as of late but why should security analysts, engineers, and managers be concerned about a virus that transmits via respiratory droplets? Security Boulevard has listed the four main ways COVID-19 is affecting security operations, including how it can lead to a susceptible work environment, an increase in remote work, virus-related phishing emails, and an increase in responsibility for those in a crisis management role. Women and men in security operations are traditionally sitting and conversing in close quarters where there are many germ-prone surfaces such as keyboards and mice. The virus outbreak is also prompting a surge in investment for collaboration tools like Slack and Zoom as many companies are encouraging employees to work from home. This could force infosec professionals to rely on a security orchestration, automation and response platform that acts as the central hub for day-to-day SOC activities. Security professionals may also have to deal with phishing emails as many email-based threats rely on authenticity to be successful, and that often involves latching onto a popular news story such as coronavirus. Attackers have already sent messages claiming to be from the World Health Organization in order to instill a sense of panic and increase the chances of the malicious links being clicked. The coronavirus may cause an SOC’s role to extend beyond traditional alert detection, response and containment if a massive outbreak does occur as organizations may look to them to assist with disaster recovery.
5. Zynga Facing Lawsuit Over Data Breach by Sarah Coble
Gaming company Zynga Inc., known for games like Farmville, Words With Friends, and Draw Something, has recently come under fire for a breach that occurred back in September 2019. A Pakistani hacker, Gnosticplayers, claims to have breached the gaming center’s user database and gained access to 218 million user accounts. Two plaintiffs have no filed a class action lawsuit against Zynga and accused the company of “failure to reasonably safeguard” players’ personal information as well as deliberately to “intentionally and unconscionably” deceiving users regarding the safety of their personal information. In addition, the lawsuit is criticizing the company’s failure to notify the users of the breach in a timely manner. The company made a public player security announcement online on September 12th in the wake of the breach, but never officially notified users of the incident via email. The announcement was also very vague, stating only that “certain player account information may have been illegally accessed by outside hackers,” giving no details into exactly what information was accessed. According to the plaintiffs in the case, the personal data includes usernames, email addresses, login IDs, password reset tokens, Facebook ID’s, Zynga account IDs, and passwords stored with outdated cryptography. The lawsuit lists 14 separate counts of action and claims for relief, ranging from the violation of state data breach statutes to negligence.