On December 31, 2018, a cybercrime group going by the handle The Dark Overlord (hereafter TDO) claimed he had hacked an unnamed company, and exfiltrated a large volume of sensitive documents related to the 9/11 terror attacks-related lawsuits. TDOaims to extort the impacted organizations into paying a Bitcoin ransom and he already published batches of the leakage after creating a public auction system, where anyone can contribute Bitcoins to unlock new documents. Continue reading “What will The Dark Overlord Do Next – a CTI Assessment”
We’ve all heard that the software company Adobe (maker of Flash, Acrobat and many more) was hacked and details of 150+ million users were stolen and then circulated on Russian Darknet forums.
So you ask yourself – so what? How does this affect me and my organization? Do I even have an Adobe account?
Well, thechances are that your organization is using Adobe products and many have either opened an account when downloading a sample product or had one created for them by their procurement division when purchasing an Adobe license for them to use (usually without their knowledge).
First of all, let’s review what was actually stolen – a list containing (per each user) a serial number (not interesting), the user’s email (very interesting), an encrypted password (which is easy to break if you know how) and the retrieval question.
So the main risk here appears to be that a hacker will break into the account (by guessing or cracking the password), steal the credit card details and use them. Right?
Well, this is certainly possible (and happens more often than most of us think), but the real risk is email address exposure.
A large percentage of all intrusion into large organizations occur through the use of “spear-phishing”, meaning a targeted email sent to a person within the organization.
The employee receives a credible-looking email, appearing to be sent from a business partner, conference organizer etc.
The email contains an attachment (most likely a PDF file, Excel sheet or Word doc) or a link.
Opening/clicking the link runs a malicious code that secretly installs itself, and from that moment forth, the network is open to the intruder.
Creating a spear-phishing email is easy. What was difficult until now was obtaining corporate email addresses (previously, hackers had to use social engineering to obtain these). No more! Literally millions of these addresses are now visible to all, making employees whose details have been leaked easy targets. So what needs to be done (because the breach and subsequent exposure can’t be undone)? Here are our actionable recommendations:
- Cancel the credit card which was used to make the purchase on the site
- Change the password of users of the Adobe site
- Conduct a full scan of the computers for malicious files
- Brief all employees that have leaked Adobe accounts/emails about this breach and the potential spear-phishing attempts that can follow it, and avoid opening any attachments from suspicious and unknown email addresses.
As the (even more recent) Target breach proves, we have not seen the last of these “mega information breaches”, so whenever such an incident is made public, we all need to ask ourselves – does this affect me? And, if so – what do I need to do? Remember, cyber security is not “the IT department’s problem”. We are all an important part of the solution.