Tag Archives: Code Spaces

Google confirms ‘five million’ customer data dump but denies breach

13 September 2014

Google confirms ‘five million’ customer data dump but denies breach – IT News from V3.co.uk.

The news about the Google hack this week were somewhat puzzling at a first glance. Five million customer data stolen but no attack on internal systems? It took me some time to understand this.

In my opinion some hackers collected a large number of accounts from lots of companies, including some Google accounts. From my experience with phishing attacks, and the statements in several reports about the lousy data quality, this sounds quite plausible.

Some statements in post ‘Cleaning up after password dumps’ published by Google’s Spam and Abuse Team on 10 September in its Online Security Blog confirmed my impression:

It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources.

For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials.

How could we avoid such data theft in the future?

From a technical point of view only Two or Multiple Factor Authentication (MFA) could prevent such attacks. In post Google denies breach after hackers leak millions of user logins published on 11 September in Computerweekly.com, Yiannis Chrysanthou, security researcher in KPMG’s cyber security team, stated, that MFA is the sole means to prevent misuse of stolen credentials.

The last statement in this post was very puzzling:

“Of course this extra security comes with increased investment – but the improved customer protection makes it viable and valuable,” said Chrysanthou.

What increased investment? For usage of Google 2 Step Verification? Or TFA in Apple’s iCloud Services or WordPress.com? There are no additional costs! The only drawback of MFA is loss of comfort for the users of this services. But the gains in security are invaluable. I would be very pleased if Amazon, eBay, and Microsoft would add TFA to their services as soon as possible.

When it comes to implementation of MFA inside of companies we definitely talk about increased investment. Adding MFA to an Active Directory that serves ten thousands of internal users or to a service for external customers will result in an additional investment and higher operation costs. But with TFA the eBay data breach earlier this year would have been prevented. Just as the Code Spaces collapse.

The big question is as always: What is the total loss of turnover created by a data breach compared to the total costs of implementing TFA?

Can Code Spaces tell us?

E-book review: Staying Ahead in the Cyber Security Game

28 August 2014

Some weeks ago I attended the webinar ‘Staying Ahead in the Cyber Security Game: What matters Now’ sponsored by IBM and Sogeti.
The webinar is a good introduction to the free e-book with the same title. And the e-book is absolutely worth reading.

Chapter 10 is entitled ‘The data scientist will be your next security superhero’. Wow! Superhero reminds me always of the Queen song ‘Flash Gordon’:

Flash a-ah
Savior of the universe

In verse ‘Seemingly there is no reason for these extraordinary intergalactical upsets’ the work of a big data Analyst is well described. My favourite verse is at the end of the song:

Flash Flash I love you
But we only have fourteen hours to save the Earth
Flash

I love this song, I would really love to be a superhero … ;-). Back to the e-book!

‘We may have effective detection tools to reduce the impact of the attacks. But the real revolution will be with big data: We will be able to more finely analyze what is normal and what is not normal.’

This statement gives me pause. How long does it take to find a hint where seemingly is none? Do we really have fourteen hours in the case of an unknown attack to save the company? Would big data analytics have prevented the eBay or Code Spaces disaster? Should we rely on the good brains of a big data analyst only?

My answer is: Don’t just rely on a single technology! And don’t believe that everything is as easy as it sounds.

Big data technology can support us in boosting IT security but, of course, it will take some time before clear indications to data breaches could be generated.

First, you have to set up data sources like firewall or Windows event logs. In parallel, your analysts and your system must start learning what is normal to recognize what is abnormal, because abnormal events are a strong indicator of an advanced threat or breach. And finally you should make an incident response plan to do the right things when your systems detects an incident.

Sounds like a plan, doesn’t it?

By the way: The first security superhero was David Levinson in ‘Independence Day’. In an ocean of electromagnetic signals he detected an alien signal and identified it as countdown, and all within a few minutes. A true superhero!

Bromium – The Dawn Of A New Era In Corporate Cyber Threats?

14 July 2014

The Dawn Of A New Era In Corporate Cyber Threats? | A Collection of Bromides on Infrastructure.

Although the picture reminds me of some scenes of Terminator II, Bill Gardner does not announce the imminent end of the world. In this blog post he just creates awareness for a new kind of attacks with may have dramatic impact on businesses.

Fortunately, today’s attackers focus on new market businesses. The impact of a data theft, e.g. loss of reputation or annoyed customers, is costly and exasperating for companies, but not life-threatening. Destruction of data and of backups, as in the case of Code Spaces, might lead in the worst case to loss of business and disastrous effect on customers.

But the expansion of malicious activities to old market businesses, like chemical and pharmaceutical plants or basic infrastructure like national gas or power supply systems, could have  a catastrophic impact on businesses, environment and people.

In addition, a third type of damage, integrity loss, caused by tampering of data, makes things really worse, because this kind of damage is very hard, and often only after several years, to discover.

We urgently need to prepare for the “Maximum Credible Accident!

For a good starting point see Mark Brown’s article “Where should a CISO look for cyber security answers – hardware, software or wetware?”.

Don’t Panic – All will end well!

SearchSecurity: Multifactor authentication key to cloud security success

12 July 2014

Multifactor authentication key to cloud security success

In this great post Brandon Blevins provides a brief summary about the Code Spaces attack, the progression of the attack and the catastrophic consequences for the company and the customers. Moreover, he makes clear that Multi Factor Authentication is an essential requirement for running a successful business in the cloud. With Two- or Multi Factor Authentication in place this attack would not have been possible.

The attack pattern in the Code Spaces case differs only slightly from the patterns in the eBay, Target, and Office attacks. In all cases the attackers used stolen credentials of employees for unauthorized access to the company network and the data.

One Euro Cent Coin

From my point of view, Two or Multi Factor Authentication (MFA) would have prevented most of the published data breaches, irrespective of whether the services are hosted on premise or in the cloud.

Multi Factor Authentication is worth every Cent!

The main difference between the attacks exists in the amount of the damage, in the eBay case data theft and loss of reputation, irreversible destruction and discontinuation of Business in the Code Spaces case.

But a third, more important type of damage must be considered:

Integrity loss, caused by tampering of data.

Small changes to software products, to the formulation of drugs, or a bill of material could lead in the worst case to a catastrophic impact on people, businesses and the environment.

How often does this happen, without you ever noticing?  At this very moment? And, are you able to recognize such integrity losses to prevent larger damage?

We should ask ourselves these worrying questions. The statement “I always call it the Wal-Mart-Target competition … to see who can get to the lowest price and still provide good service. Security is what gets lost” gains a new meaning from the integrity point of view.

I would strongly recommend, that all businesses, in particular in the manufacturing industries and in the pharma sector, should decide about implementing MFA to prevent damage caused by integrity loss.

That will make our world a somewhat safer place.