The Game Has Changed:
So, So Must We
In the 1960s, there was a Public Service Announcement (PSA) that intended to reinforce curfews implemented to keep minors off the streets and in their homes at various times determined by each city. In Los Angeles, late night local news broadcasts would begin with the tag question: "It's ten o'clock. Do you know where your children are?" The tag went from introducing the news to endless parodies by musicians, comedians, and other entertainers. In today's world, where the computing experience seems to be the most vital part of everyone's everyday life, and given the growing threat of data theft caused by the hacking of major corporations worldwide, might I suggest a new PSA for the 21st century.
It's ten o'clock. Do you know where your data is?
As of July 28, 2023, the count of US based victims of the CLOP MOVEit vulnerability is 380 breached US entities whose customers' and/or others' personal data now might well be up for sale on the Dark Web. The Tennessee based hospital giant HCA Corp. is now facing five class action lawsuits over the data breach that befell that entity, with new cases recently filed in California and Texas. Indeed, Healthcare is now the one sector of the economy most impacted by cyber crimes.
A
report issued by Cisco Talos Incident Response security services that
examines and documents cyber security incidents on a Quarterly basis
determined that Healthcare companies are now the entities in the economy most frequently
targeted by cybercooks, followed by the financial sector.
As the
Talos IR Executive Summary of the Q2 report stated the fact:
[pdf will open]
Continuing a trend from last quarter, healthcare was the most-targeted vertical this quarter, accounting for 22 percent of the total number of incident response engagements, closely followed by financial services.
The Talos IR report goes on to state that the most common situation that facilitated these attacks in the first place were stolen credentials that were otherwise considered valid. Nearly "nearly 40 percent of the total engagements" tracked by Talos IR were the result of stolen credentials. This represented "a 22 percent increase from Q1 2023." Yet, it must be noted that Talos IR researchers found that "It is difficult to say how adversaries obtained the compromised credentials used to access valid accounts." Furthermore, the Talos IR report noted that the goals of the cyber crooks have also changed over the past few months. Ransomware, at 17% of all attacks, is now second to "data extortion" as the top motivator for these cyber crimes. Data extortion is now the motivation for over 30% of attacks. This represents "a 25 percent increase in data theft extortion incidents compared to last quarter." Talos IR researchers clearly explained that: "In this type of attack, threat actors steal victim data and threaten to leak or sell it unless the victim pays varying sums of money, eliminating the need to deploy ransomware or encrypt data."
On the good news front, international law enforcement efforts, and increased cyber security techniques, are starting to have a positive effect in the war against ransomware. Thus, Talos IR surmised that:
Carrying out ransomware attacks is likely becoming more challenging due to global law enforcement and industry disruption efforts, as well as the implementation of defenses such as increased behavioral detection capabilities and endpoint detection and response (EDR) solutions.
Talos IR points to two effective actions that, I contend, all Consumers can take to better defend themselves against further digital damage. Talos IR research showed that Multi-Factor-Authentication (MFA), where a code is sent to a phone number or email address to further identify those demanding access to networks, was not implemented in 90% of successful attacks.
A lack of MFA or improper MFA implementation across critical services played a part in over 40 percent of the engagements Talos IR responded to this quarter. Talos IR frequently observes attacks that could have been prevented if MFA was enabled on critical services, such as VPNs. In nearly 40 percent of engagements, attackers were able to abuse compromised credentials to access valid accounts, 90 percent of which did not have MFA enabled.
Although the Talos IR report is more directed to large networks and entities, the report's admonition that "expanding MFA for all user accounts" is very good advice for all computer users. As Talos IR explained it, "Lack of MFA remains one of the biggest impediments for enterprise security." [Executive Summary]
Consumers should also adopt MFA as a simple fact of modern life. Most online vendors offer visitors the ability to further secure their accounts with MFA. This is certainly a recommended step to take with any online financial institution and account. Financial entities came in second only to healthcare in the Talos IR hierarchy of hacked entities. Admittedly, MFA is a major inconvenience in today's hectic world where every second seems precious. Nevertheless, "Stop and Smell the Roses" was good advice in 1956 — and, indeed, studies show that the old saw is still good advice today. And Stop and Do the MFA Two-Step each time you logon to any financial website is also, I think, good advice for the 21st century.
The second factor detailed by Talos IR that
Consumers can also use to take back some semblance of control of their
online
life, is that the "Exploitation of
vulnerabilities in
public-facing applications was seen in 22 percent of engagements this
quarter, a significant decrease from 45 percent last quarter."
On the street, they call this unpatched vulnerabilities in software and/or
hardware. Just as
CISA has made it part of its mission to ensure
all entities that interact or interface with Uncle Sam have all of their
vulnerable IT products patched and up to date, each individual Consumer
must now take control of their posture in cyberspace and equally ensure
that each Consumers' system is secured as best as humanly possible.
It
may well be that the cybercrooks no longer want your money or control of
your computer or small network. Our current crop of miscreants may
simply want your credentials to find what digital doors there are to open
and see what's inside. I say we all must stop making it so easy
for the crooks to invade our privacy; steal our property; and overall
make our pursuits of happiness so problematical.
In World War Two, all Citizens did their part, large or small, to contribute to the war effort. Whether it was Citizens' growing their own fruits and vegetables in Victory Gardens, or in a patriotic move, American ladies taking to nylon, instead of Japanese silk, in their stockings.
Of course, in the 1940s, the enemies from abroad intent on destroying Democracy and Republican forms of government were front and center on the World's Stage. Today's international pariahs may be more hidden from view, but their evil works are nevertheless self-evident. It is incumbent on all Computer Consumers to educate themselves about what are the update schedules of their own IT vendors. If a Consumer is not confident of their knowledge or ability to patch all their devices, then Consumers should seek out professional help in doing so. Bottom line here is this:
Stop Giving Aid and Comfort to the Enemy. All it takes is Brains, Heart, and Courage. Dorothy had them all. Remember?
¯\_(ツ)_/¯
Gerald Reiff