Insights For Success

Strategy, Innovation, Leadership and Security

2017 has started as a busy year for hackers

GeneralEdward Kiledjian

2017 is shaping up to be a busy year for Information Security professionals. The last major hack was HipChat from Atlassian. Surprisingly most consumers still "don't care" about their data security and millions have bad security hygiene.

Visualizing the hacks

To make the data more palatable, firms have tried to create visually appealing representation of these hacks. The first is called the World's Biggest Data Breaches and provides a nice easy to understand list since 2004. 

In this case the size of bubble represents the size of the breached data.

Hovering your mouse over one of the bubbles provide a general summary regarding the breach.

Clicking on the bubble give a short description about what was taken.

Finally clicking on this information card takes you to a news article regarding the breach.

Who is attacking who (now)?

Cyber is the new attack space and people are attacking each other all the time. How do you visualize this constant barrage of attacks? Using a pew pew map (as we call it in the industry). It's called a pew pew map because one of the most used services adds a little pew pew sound to the attack map if you want.

It's important to know what these maps show and what they do not show. It is impossible to show all attacks in real time across the internet. Each of the companies providing these types of maps uses its own collection techniques and it is an attempt by them to show are realistically as possible what their tools are seeing. Their data could be based on customer site equipment they manage, honeypots (decoy systems used to gather information about attacks) and general monitoring of the internet. No one company has an all encompassing view and none of these should be considered as the absolute truth.

The grand daddy of this type of free attack mapping service is IPViking. This is probably the favorite most viewed free attack map on the internet. For each attack, they show attacking organization name, internet address, target city and target service. As I write this, the service seems to be down so I am not able to add a visual representation of it but it is worth checking out.

FireEye is the 800lb gorilla when it comes to incident response (since they bought Mandiant) and they have their own free attack map. The FireEye map is fairly basic with limited refresh and limited supporting data but it is still clean and easy to understand.

The next map comes from Arbor Networks. Arbor powers the network protection tools for many large national carriers and says their map is fed from 270+ ISP customers. What's unique about the Arbor offering is that it allows you to go back in time (to 2013). Additionally the arbor tool provides neat information (such as type of attack, port, unusual traffic, etc).

The OpenDNS map (Cisco) isn't something I use often but it is visually appealing so here it is for your viewing enjoyment. 

And of course there are many many many more on the web. 

Who got hacked in 2017

2017 has started with a bang and hopefully it isn't a sign of things to come. here are some of the more interesting ones:

  1. Washington school of medicine - A Washington School of Medicine employee is believed to have fallen victim to a phishing attack that may have compromised 80,270 patient records. 
  2. Intercontinental hotels group - IHG which owns prime hotel brands like Crowne Plaza, Holiday Inn and many, suffered a data breach on its payment processing systems which may have impacted 1,200 hotels. 
  3. Arby's - It looks like the chain was infected with a Point of Sales malware that may have stolen information from up to 355,000 credit and debit cards. 
  4. Saks Fifth Avenue - Buzzfeed reported that the chain may ave inadvertently exposed private customer information to the internet. They provided a snapshot of the information as proof.
  5. Free Application for Federal Student Aid - An IRS website designed to help students apply for student aid was "attacked" and the tax information of up to 100,000 taxpayers may have been taken. As I write this, the IRS believes 8,000 fraudulent returns were already files costing them $30M. 
  6. E-sport entertainment Association - On December 30 2016, ESEA issued a warning to its members after it discovered a breach. OVer 1.5M people were impacted by this breach. Information included username/encrypted password,  email address, date of birth, zip code, telephone number, website, steam ID, XBOX ID and PSN ID.
  7. Dun & Bradstreet - D&N found its marketing database with 33 M corporate contacts shared across the web in March. The company claimed it was not breached but likely one of it;s customers, who had bought the list, probably lost it. It contained information for millions of employees in companies like AT&T, Walmart, CVS Health and many more.
  8. Chipotle - The burrito restaurant posted a Notice o Data Security Incident to its website advising visitors that it had detected suspicious network activity in a system that supports in-restaurant payment processing. Information is scarce since their investigation is ongoing but this is the latest show to fall so far this year (April 25 2017).

What can you do?

A message to all consumers is that you are responsible for your data protection. If you are sloppy or careless, you will be impacted and you will have no one to blame but yourself. 

  1. Use a password manager like KeepassX, Lastpass or 1Password. [ Simplify password management [for free] with LastPass ], [ Protect your online accounts from compromise before its too late ]
  2. Generate long impossible to guess unique passwords for each internet service you register for [5 best Random Password Generators
  3. Enable 2 factor authentication on any site that supports it. A list of sites can be found here. An article comparing Authy to Google authenticator can be found here
  4. Clean up your social media authorizations regularly using this tool. Make sure only apps and services you currently use have access to your social media networks.
  5. Deal with firms that prioritize your privacy and security. Using any free email system means you are giving the provider access to your email so they can profile you and target advertising. This means they can access your data and if they have a rogue employee or hacked, those too will have access to your unprotected information. ProtonMail is an example of a paid provider that does not have access to your information unencrypted so even if they are hacked, hackers will not get anything usable. Instead of using Dropbox or OneDrive, check out SpiderOak for encrypted online storage. Like Protonmail, they store your information in encrypted form only and if they are hacked, any data gained by the attacker would be useless.
  6. Use fake information - Sites often ask you for personal information when you register so they can challenge "you" when you need a password reset. The problem is many of the questions have easy to find answers (like your mother's maiden name) and if one of these services is hacked, the attackers can use this information on other sites. I recommend providing fake answers to these questions and make them unique to each site. Use your password manager to store the answers.