Friday Five: 6/14 Edition
A food bank hit by ransomware, advice on cybersecurity training, and a university data breach - catch up on the week's news with this recap!
1. 5G rollout will ‘make things better’ for cybersecurity, according to Verizon by Eustance Huang
With innovation, comes uncertainty. The next generation in wireless technology is the upcoming introduction of 5G networks, and although the possibilities are intriguing, the dangers of the technology are equally concerning. According to an expert from Verizon, the rollout of 5G wireless could actually improve the state of cybersecurity as shown in new research and developments. International corporations are already ahead of the game, with Huawei prepared to work with US companies to deploy their equipment and provide the first 5G coverage for a U.S. provider. Despite eagerness to blacklist Huawei, something that would prevent it from working with any American companies, the U.S. has permitted firms to work with Huawei in the name of technological advancement. U.S. President Donald Trump has become involved, stating that Huawei could be involved in the trade negotiations, directly contradicting Treasury Secretary Steven Mnuchin, who said the telecommunications company is too closely tied with the Chinese government and are considered a “national security issue, separate from trade.”
2. Food Bank Hit By Ransomware, Needs Your Charity to Rebuild by Ionut Ilascu
In more unfortunate news, the Auburn Food Bank in King County, Washington was targeted and attacked in a ransomware attack with a strain known as GlobelImposter2.0. There is no decryption available for this variant but the criminals offered to decrypt one file for free as a way to gain entry into the system, before demanding 1.2 bitcoins ($9,500 USD at the time) to release their computers. Without any guarantee their information would be returned safely and securely, the charitable organization refused to pay the money, often the action recommended. Now the food bank is asking for donations with the goal of $8,000 which will help with the expenses associated with recreating the targeted computer system. They have asked for help, by donating - which can be done here - to help the food bank rebuild in preparation for a busy summer.
Food bank photo via James Lee's Flickr photostream, Creative Commons
3. Why cybersecurity training is important for your business by Rob Waugh
A new emphasis is being put on cybersecurity training and cybercriminals know this, more often than not targeting employees with phishing emails and other ploys to get access to sensitive information and data. Spending on cyber defense is expected to expected to surpass $1 trillion dollars by 2021, but Oyku Isik, professor of information systems management at Vlerick Business School in Belgium, believes “all the investment in technology is necessary, but not enough" and that now "it is now time to invest in people.” Isik recommends three key practices to protect companies and its employees when faced with a security threat. The first is to keep employees trained and up to date with cybersecurity trends to help avoid the most common type of attack: email phishing. The second tip is to employ intelligent experts in cybersecurity who also have the communication skills necessary to report findings and necessary practices. The last piece of advice is to hire people with the skill and potential to become a useful cybersecurity professional. He preaches that too much emphasis is put on education and experience when companies are hiring, instead of focusing recruitment on skilled people that can be trained into useful assets.
4. 8.4TB in email metadata exposed in university data leak by Charlie Osborn
A database at Shanghai Jiao University did not meet authentication requirements and led to the exposure of 8.4 TB in email metadata. Email threads between users were visible but subject lines and email content were not. Justin Paine, Cloudflare’s Director of Trust & Security, noticed the exposed server on May 22 while using Shodan, a search engine that helps researchers find unsecure servers or databases. Fortunately, Shanghai Jiao University was able to fix the open server within 24 hours of being notified of it.
5. Data breach! 800 million sensitive mortgage documents by George Cox
First American Financial suffered a data breach due to their own employees’ negligence rather than due to cybercriminals. People could view private mortgage information, tax records, and social security numbers on the company website without any authentication. Brian Krebs from Krebs on Security, a security news and investigation site, revealed that a real estate developer noticed the data breach when he found his own private documents online. Until it was notified of the data breach, people’s private documents had been available to anyone using a web browser since about March, 2017. Clearly, First American Financial did not have proper security procedures in place. Consumers are urged to research financial organizations’ credibility for protecting sensitive information, as well as the security procedures they follow.