There was a lot of important information security news coming out of the industry during the month of September, including: The Equifax breach, North Korean cryptocurrency targeting, and more. Here are just a few of the news highlights from last month that we think you need to know about. Leave your thoughts on these, and other Information Security news stories, in the comments section.
- Deloitte, one of the worlds “Big Four” accounting firms, was the victim of a sophisticated hack that allowed hackers to access confidential emails and data on some of their blue-chip clients. Hackers were able to access the global email server through an administrator’s account that gave them unrestricted access. The account only asked for one password. This is another example of why two-factor authentication should be required by all organizations.
- The Securities and Exchange Commission revealed that it was hacked. Confidential documents that had been filed by publicly traded companies was compromised in the hack. This information could have been used to make illegal trades on the market. An investigation into the matter is ongoing.
- Popular social media site, Instagram, was hacked. Email addresses and phone numbers associated with hundreds of well known celebrities, such as Emma Watson, Harry Styles, and Floyd “Money” Mayweather, were compromised and put on sale the dark web.
- Do you have a credit report? If you answered yes, there’s a good chance that you’re among the 143 million American consumers whose personal information was exposed in the breach at Equifax.
- The hack ran from mid-May until the breach was discovered on July 29th. This was a long enough time period for hackers to accrue millions of names, Social Security numbers, birth dates, addresses, drivers license numbers, basically everything you would need to impersonate someone.
- Equifax’s response to the breach was…less than adequate, as was reported by many news outlets. There were many, many things that they could have done differently once the breach was discovered.
- In the end, people were let go, Equifax apologized profusely, lawsuits were filed, and Congressional hearings took place.
- The silver lining, if there is any, is that this massive breach served as a wake up call for many businesses and reinforced what we have been saying here at FRSecure.
- The government of North Korea has turned to Bitcoin to fund its regime. North Korean agents have focused efforts on Bitcoin exchange heists and cryptocurrency mining in order to secure funds to fuel the government. As United Nation sanctions limit sources of income for North Korea, Bitcoin and other cryptocurrencies have become a way for the government to fill their pockets.
- The Department of Homeland Security ordered federal agencies and departments to remove software sold by the Russia-based IT firm Kaspersky Lab. DHS cited the cybersecurity company’s ties to the Russian government as rationale for the decision.
- The National Cybersecurity Center of Excellence at the National Institute of Standards and Technology has developed a recovery guide to help organizations that have been affected by a ransomware attack. The guide is designed to help organizations recover data, facilitate smooth recovery in the event of a compromise, and manage risk. If all the recent breaches have taught us anything it is that no organization, no matter how big or small, should be without a Disaster Recovery Plan.
- The Senate of the state of Massachusetts has established a special committee on cybersecurity as focus grows on improving cybersecurity policies. The Senate approved the creation of a special committee to review and improve upon the state’s existing cybersecurity policies. Several bills focused on cybersecurity are pending in the state legislature.
- The Department of Homeland Security published a new rule in the Federal Register, saying it wants to include social media data as part immigration files. The new requirement is set to take effect on October 18th. Proponents of the policy say that studying immigrants social media behavior could help identify possible radicals and prevent an attack on American soil while detractors claim the rule infringes on free speech rights and is just plain ineffective.
That is all for the Information Security News Recap for the month of September. Want to get more information security news? Check out FRSecure’s Twitter feed for updates on what’s going on in the world of information security.