An employee fooled at the Robinhood trading platform, and more firms hit by ignoring security updates.
Welcome to Cyber Security Today. It’s Wednesday, November 10th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
A threat actor was able to fool a customer support employee at the Robinhood stock trading and investing platform last week. They got a big haul of data: Access to the personal information of 310 people, including their names, dates of birth and zipcodes. On top of that more extensive account information of 10 people was copied. The platform also admitted that the attacker got 5 million email addresses of people, plus a list of full names of 2 million other people. The information on names and birth dates could be used for impersonation. Those copied email addresses could be used for phishing attacks on people who might think a message was from Robinhood. This incident happened over the phone. No details were given, but one possibility is the employee was asked to reset what he thought was a customer’s password. By the way, when the data theft was discovered the attacker tried to extort the company, likely threatening to expose the data unless they were paid.
I’ve reported before that threat actors move fast when word of a software vulnerability becomes public. Here’s the latest example: On September 16th U.S. cyber authorities warned that an attacker was exploiting a hole in a self-service password management solution called ManageEngine ADSelfService Plus. The alert urged companies to patch the application fast. According to a report this week from Palo Alto Networks, starting on September 22nd — that’s five days after the alert — at least nine firms that apparently didn’t install the patch were compromised in a few weeks Those companies were found, perhaps, by a search for firms that use the ManageEngine applications and were open to the internet. Usernames and passwords were stolen, along with sensitive corporate information. That gives the impression the goal was espionage. The lesson is when a company issues a software security update get it tested and installed fast.
Speaking of security updates, remember yesterday was Microsoft’s monthly Patch Tuesday. Make sure home and corporate computers have the latest Windows security updates installed.
More on security updates: According to researchers at NCC Group, the Clop ransomware gang has been seen recently going after a vulnerability in SolarWinds’ Serv-U file transfer management application. SolarWinds and Microsoft warned IT departments about this vulnerability in July. Companies using Serv-U have to scan their IT systems for compromise and then install the update. But researchers say according to their scan of the internet there are still over 2,000 vulnerable instances of Serv-U, including over 500 in the U.S. and almost 100 in Canada. File transfer servers are a tempting target to attackers because they hold company documents.
Operational technology systems, which are computer-controlled systems running water and energy plants and factories, have been the target of attackers for years. You may recall earlier this year someone hacked into a water treatment plant in Florida and briefly changed some settings. How safe are companies with OT systems? A new survey by Skybox Security raises some questions. Eighty-three per cent of respondents said their OT system had been breached in the past three years. Perhaps their IT leaders have learned lessons, because 73 per cent of the ones surveyed said they are “highly confident” their organization won’t suffer an OT breach in the next 12 months. Interestingly only 37 per cent of plant managers were highly confident their OT systems wouldn’t be breached.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.