26 February 2015
In his report ‘Anthem: company says five employee’s credentials phished and used’ posted on IT Security Guru at 12 February 2015, Dan Raywood gives us some background details about how the hack occurred.
The attackers used a phishing attack to steal the credentials of employees. To be honest, I’m relieved to hear that. No rocket science! Phishing is and remains the #1 attack vector.
Awareness training and Two Factor Authentication are the preferred preventive protection measures. Anthem did the right thing. In report ‘Anthem’s IT system had cracks before hack’ we read: ‘Then on Feb. 7 and 8, Anthem reworked all its IT accounts that have privileged access to sensitive information to now require three layers of authentication—a permanent login, a physical token, and a temporary password that changes every few hours.’
If Two Factor Authentication could not be implemented, SmartScreen Filtering in Internet Explorer or the Reported Attack Site Blocker in Firefox could be helpful. The error messages can hardly be ignored:
SmartScreen Warning Phishing Attack
Some anti-malware packages, e.g. Trend Micro Maximum security, will also block access to malicious sites. But the above options are of limited use in the case of zero day exploits, although it’s amazing to see how fast the filters are updated.
Have a good day! … And, don’t forget to activate SmartScreen Filtering as soon as possible.
16 October 2014
I heard the news Tuesday evening at 10 o’clock: “Dropbox hacked”. About 7 million usernames and passwords stolen.” I could hardly believe it. My first thought was: Why only 7 million credentials? Dropbox has 200+ million users? Why should someone be satisfied with 7 million credentials if he could have 200 million? Something seems to be very wrong with this story. Moreover, the quality of the data is very bad. Please check the Pastebin site for a sample.
And then the recantation: Dropbox announced that there was no data breach. “‘These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks, and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well,’ a Dropbox spokesman said in an email to Reuters.” For details see Hundreds of alleged Dropbox passwords leaked.
Since the media interest is nearly zero today the story is certainly true.
What really annoys me is how sloppy user credentials are treated by the ‘other services’. Data and log-in credentials were stolen from third-party apps, which actually should simplify the daily life with Dropbox. For more details see the great report Snapchat And Dropbox Breaches Are Really Third-Party-App Breaches by Elise Hu from 14 October 2014.
Unfortunately these apps increase the complexity of our life and gadgets. Each app comes with its known and unknown vulnerabilities which could be used by an attacker to get access to our private data. But the worst is yet to come: You are surrounded by friends with buggy gadgets which will have an impact even on your life when hijacked by an attacker.
To put it concisely: The more apps you use, the greater becomes your attack surface and, the higher is the danger of a data breach.
How to solve this problem? Simplify! Focus on the really important apps and uninstall the others. Activate TFA and use strong passwords. And tell your friends to decrease their attack surface as well.