Cybersecurity Wrap-Up for December 2022

This month has been active for cybersecurity; as attacks ramp up, corporations have begun to take online threats more seriously. The pandemic changed how many companies do business, moving their transactions online for the convenience of their consumers. With this migration, there have been missteps in information security, and hostile actors have taken advantage. Older systems and ways of doing business are also beginning to show their age, and the need for more secure systems is becoming increasingly apparent.

In response, companies have been investing in more secure systems and protocols. This includes the implementation of multi-factor authentication, encryption of data, and better monitoring of user activity. Companies are also beginning to invest in artificial intelligence and machine learning technologies to help detect malicious behavior before it can cause harm. AI and ML have made massive leaps this year, but it has also been clear that these tools have a long way to go before we can rely on them.

Unfortunately, many companies have had difficulty keeping up with the ever-evolving threat landscape. Let's review a few of the more prominent cases this month and learn through their example:

LastPass Data Vault Breach

LastPass, a popular password manager, was breached this month. Hackers were able to gain access to the company's cloud-based storage environment through a developer's compromised endpoint, which was known to LastPass as early as August of this year. The information the hackers gathered was done by fairly traditional means. Phishing attacks were used against LastPass successfully and compromised endpoints led to this breach - no new tricks were used here, just old-fashioned skullduggery. This should underline the importance of ensuring your endpoints are secure and that you have an educated workforce hardened to phishing attacks.

It's worth mentioning here that iTecs has always relied on 1Password for our data vault needs, and in light of this information, we'll continue to do so. 1Password has written a blog recently nicely summarizing the event.

Twitter hacker releases data of 400 million users on the dark web

Breached.co, the new dark web hacker forum since RaidForums seizure in April, recently had a post from a member claiming to have the private and public data of over 400 million Twitter users for sale. This data was obtained through a vulnerability in the Twitter API, which has since been fixed.

This is a reminder of the importance of patching and updating systems regularly. Vulnerabilities can be exploited quickly, so it's important to stay on top of security updates and patches. Additionally, companies should consider investing in bug bounty programs to help identify potential vulnerabilities before they can be exploited. As technology advances, so do the threats. Therefore, companies must stay vigilant and invest in the right tools and personnel to secure their data.

Meta to pay $725 million to settle suit over Cambridge Analytica

Remember the Cambridge Analytica scandal ages ago? Quick refresh, Cambridge Analytica was a self-described 'global election management agency' that used a Facebook app/game called "This is Your Digital Life" to scrape data from millions of Facebook users. This data was used to create psychological profiles of American voters under the guise of collecting data for academic research purposes. The firm was utilized by Ted Cruz and Donald Trump, who used the data to increase online fundraising and reach out to undecided voters.

It's taken years in court through protracted battles, but this settlement shows that data privacy concerns are becoming increasingly important. Companies must be aware of the data they collect, how it's used, and who has access to it. Additionally, companies should consider investing in data privacy solutions such as encryption and tokenization to protect their customers' data. Governments that have long ignored data rights and privacy concerns are waking up to stories like these and choosing to pursue these cybercriminals and the faulty security from businesses that empowers them.

iTecs has your back in 2023 and beyond

As we wrap up 2022, it's important to remember that cybersecurity is an ever-evolving field. Companies must stay vigilant and invest in the right tools and personnel to secure their data. Responsibility is increasingly being placed on the companies that allow these breaches to occur, so it's important to stay on top of your security posture and ensure a strong front.

iTecs has been helping companies stay safe online for over 20 years, and we have the tools to keep hostile actors out of your systems. Contact us today to learn more about our cybersecurity solutions and how we can help you stay secure in the future.

‍