Press "Enter" to skip to content

Who was breached now, how did hackers get in, which industry, and more

You knew we’d have to talk more security.

Who’s been breached?   Well, Electronic Arts lost source code for games, Food Service Supplier Edward Don had disrupted operations, McDonald’s lost customer and employee information for US, South Korean, and Taiwanese customers, and clean energy company Invenergy was hacked… and is indicating they will not be paying the ransom to group REvil.    The EA breach involved social engineering – the hackers tricked an employee over Slack to provide a login token.  

And the former COO of Securolytics, which supplies network security services for the health care industry, was charged with conducting an attack on a Georgia medical center.   Why?  “for the purpose of commercial advantage and private financial gain”.  

The Avaddon ransomware gang has shutdown their operations – they have gievn their decryption keys to BleepingComputer.    Quoting them: “ransomware negotiation firms and incident responders saw a mad rush by Avaddon over the past few days to finalize ransom payments from existing unpaid victims.”   The thinking – increased pressure from law enforcement and governments.   

Which sectors are being breached?   The Herjavec Group says 32% of the victims on data-leak websites in the first two quarters of the year fell broadly into the manufactured goods category.     That’s double tech firms and IT service providers at 18%.   

And on how… Nuspire is reporting a nineteen hundred percent jump against Fortinet VPNs and fifteen hundred percent jump against Pulse Secure ones in their new 2021 Q1 Threat Landscape report.  

Apple is testing a password less authentication called passkeys as part of its iCloud keychain.  Adapting existing webAuthn technology, it does require developers to implement.   This joins Microsoft and Google in their efforts to go password less.  

Microsoft revealed some information about their Compromise Recovery Security Practice team.  This professional services emergency team is usually only publishing internally, but with the rise in attacks, Microsoft is revealing more.    A generally reactive – and travel focused – team, they focus on securing and restoring the highest risk assets – Azure Active Directory, Exchange, and Certificate Authorities.    They focus on three functions.   

  • Compromise recovery: Giving customers back control of their environment after a compromise.
  • Rapid ransomware recovery: Restore business-critical applications and limit ransomware impact.
  • Advanced threat hunting: Proactively hunt for the presence of advanced threat actors within an environment.

Why do we care?

That Microsoft model is certainly a solid one for professional services organizations.  It’s also very, very hard to do.

If the question we keep asking is “what can we do differently”, I feel like pushing for passwordless solutions, funding law enforcement, and adding financial and responsibility incentives to prevention are the keys. 

And like the services offering, hard to do.  Then again, if it was easy, it would be done – and none of it nearly as profitable.