Tuesday, September 27, 2022

Cybersecurity news weekly roundup September 26, 2022

roundup September 26

SAN MATEO, CA, September 26, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

“Metador” hacking group discovered

Security researchers have dubbed a hacking group “Metador” which has reportedly been lurking in the shadows for around two years. Targeting telecoms and ISPs, the group’s incentive seems to be espionage. The group appears to be highly capable and experienced in operations security. While information is not sufficient to determine the group’s origin or affiliation, their tactics and skillset imply that they are state-sponsored. Read more.

Australian telco company hit with a ransomware attack

Optus, the second largest Australian telecom, has suffered a data breach that has exposed the sensitive data of millions of current and former customers. Security researchers have validated the hacker’s claims, asking for $1 million in crypto in exchange for not leaking the stolen data to the web. Optus is facing customer backlash, as the breach was not disclosed to them directly but reported in the media days after the company was aware of the situation. Read more.

Game publisher 2K hacked

2K, a major game publisher best known for its NBA titles, has reported that it has been hacked. The company’s support system was compromised, allowing hackers to send out legitimate-looking emails that led users to download malicious software. 2K shares the same parent company as Rockstar Games, Take-Two Interactive. However, at this point, there is no indication that the two breaches are related. Read more.

Wintermute crypto market maker hacked

In the latest DeFi hack, crypto market maker Wintermute has found itself the victim. Attackers have made off with $160 million after hacking 90 assets. Wintermute has, in a statement, assured users that the company remains solvent despite the attack but has not yet disclosed how the hack took place or who they believe may be responsible. Read more.

Rockstar Games breached

Rockstar Games, best known for their Grand Theft Auto Series, has suffered a hack that resulted in a trove of unfashioned gameplay footage for their upcoming installment in the series leaked online. The hacker claiming responsibility posted the clips to an online forum and purports to be the same individual who recently hacked Uber. The hacker has also claimed to have stolen the game’s source code. Read more.

Uber blames Lapsus$ for hack

Last week’s brazen hack of Uber was at the hands of an attacker associated with the Lapsus$ cybercrime collective. Uber has refuted some of the hacker’s initial claims about how they were able to breach the company and is working with law enforcement and several third-party forensic firms to recover from the attack. Uber has stated that the hacker did not access sensitive user information and that any such data is encrypted. Read more.

American Airlines discloses data breach

American Airlines has reported that the company experienced a data breach in July of 2022 that affected a limited number of employee email accounts. American Airlines has not disclosed the number of affected employees or customers, only stating that the number is “very small” and that the breach resulted from a phishing attack. Those affected are being offered two years of identity theft protection and monitoring. Read more.

North Korean hackers using a new method in spear-phishing campaign

New findings from Mandiant report that North Korean hacker gangs are using a new spear phishing technique to get victims to install a backdoor on their system via “trojanized versions of the PuTTY SSH open-source terminal emulator.” The hackers lure victims with fraudulent job offerings from Amazon. Over WhatsApp, the targeted individuals are provided with a link that installs malicious code into their system. Read more. 

LastPass: attackers had four days of internal access

In an update regarding the recent hack of LastPass, the company revealed that the hackers responsible for the breach had access to internal systems for four days before they were detected. LastPass still maintains that the attackers had no access to sensitive customer data or encrypted password vaults. The criminals gained access to LastPass after impersonating a developer and successfully authenticating their multi-factor authentication. Read more.

More cybersecurity news

What is a social engineering hack?

social engineering hack

NetworkTigers discusses the dangers of a social engineering hack.

“Social engineering” is a term that is becoming increasingly common in descriptions of hacks, data breaches, and cyberattacks. 

The average person thinks of a cyberattack as a highly sophisticated, technical campaign by someone expertly skilled in coding and computer programming. This is true in some cases, especially regarding government-led cyber campaigns. However, most cybercriminals are not genius supervillains but opportunists with just enough know-how to achieve their goals.

This is where social engineering comes into play.

Social engineering explained

Social engineering is when a criminal manipulates a victim into handing over login credentials or other information that can be used to stage a cyberattack or steal data.

This can be done via text message, email, chat, or even a phone call. A criminal may also ask for the ability to use your computer remotely to provide tech support, only to install malware to commandeer your system otherwise. 

A common thread among all forms of social engineering is that it usually involves one-on-one interaction with someone trying to fool you. In this way, social engineering is more about hacking people than computers.

Why is social engineering effective?

Most people wouldn’t regard themselves as gullible or easily fooled. However, the effectiveness of social engineering techniques suggests otherwise.

Much of this comes down to targeting. From overworked desk clerks eager to make a good impression when someone alleges to be a superior reach out to them to older members of the workforce who may not be up to speed on cybersecurity best practices, criminals know how to spot an easy mark.

Social engineering often takes the form of a phishing campaign. If a criminal can successfully access someone else’s email account, they can reach out to their personal or business contacts with questions regarding sensitive data.

Noteworthy examples of social engineering hacks

Google and Facebook

This scam involved hackers posing as businesses that had previously worked with Google and Facebook. The criminals emailed invoices for services that the legitimate business had provided. However, the invoice payment link instead sent money directly to the hackers. Over two years, criminals stole more than $100 million from the two companies using this technique.

The US Democratic Party

In the lead-up to the 2016 presidential election, a Russian phishing attack levied against members of the US Democratic Party resulted in the leaking of personal emails. This campaign used nothing more sophisticated than fraudulent email warning recipients of unusual activity on their account that requested that they click a link to change their password. 

Axie Infinity 

In the largest crypto theft thus far, North Korea’s Lazarus hacker gang made off with $620 million after tricking Axie Infinity employees with fake job offers. The scam went so far as to put victims through multiple interviews before finally offering them a position with a generous compensation package described in a PDF. However, the file contained malware that gave criminals the access they needed to steal from the company.    

How to spot social engineering

Because no single technique is applied to all social engineering campaigns, it can be challenging to know when you are being targeted. However, there are some basic things to look out for:

  • Links. Watch out for messages that contain a link, as these can often land you on a malicious website or result in you downloading malware.
  • Videos or photos of you. Social engineering scams on social media often include a link with language that implies it will take you to an image or video of you that may be embarrassing or shocking.
  • Urgency. From emails that need immediate responses to emergency requests for login data, criminals know that urgency can cause people to set aside common sense instead of a quick response.
  • Sign-in requests. Some scams take the form of a message that appears to be from a legitimate source, such as Paypal. These emails may inform you that your account has been breached and that you need to enter your login credentials to change your password.
  • Notifications of purchases you didn’t make. Sometimes campaigns involve emails that inform you of a purchase you never made or tell you that something you didn’t buy has shipped.
  • Donation requests. Criminals may try to exploit your generosity by posing as a charity.
  • Atypical communication. Most of us know how our contacts communicate. If you receive a message from a company or trustworthy person that contains unusual typos or is otherwise contrary to what you have come to expect, it is likely a scam.
  • Too good to be true. Whether it’s a lucrative job offer or a contest you don’t recall entering, messages that seem too good to be true typically are.

How to prevent social engineering

  • Training. One of the most effective ways to keep hackers at bay is to stay privy to how they try to take advantage of people. Employees who receive and respond to high volumes of emails, phone calls, and other correspondences are on the front lines and need to be able to recognize a suspicious inquiry or message.
  • Think before you respond. Criminals love applying pressure on their victims because stress can make people throw caution to the wind. Slow down if you receive an urgent request or message before responding. Reach out to the sender using a different avenue to confirm that the message is legitimate.
  • Reject and report. Emails that purport to be from companies asking for your login credentials or passwords are scams. If you receive one, inform your superiors as well as the company that is being impersonated.
  • Filter spam. Spam blockers can do a decent job of stopping suspicious emails before they appear in your inbox. Make sure that you’re using one.
  • Secure your system. Preventing an attack from ever being mounted is best, but antivirus software should be installed across all devices on your network. If a bad link is clicked or a malicious attachment is downloaded, an updated and robust security system might be the safety net that prevents a breach.
  • Update your hardware. Network equipment with outdated firmware should be replaced if the firmware cannot be updated to manage today’s threats from taking hold. You can update your equipment with refurbished gear from a reputable dealer.

The Uber hack explained

Uber hack explained

NetworkTigers on how the Uber hack happened.

Rideshare giant Uber fell victim to a cyberattack allegedly carried out by a teenage hacker. How did this hack happen? What has the fallout been so far? Could it have been prevented?

How the Uber hack happened

On Thursday, September 15th, users of Uber’s internal Slack message board discovered a curious message from a mysterious poster called “NWave” that read, “I announce I am a hacker and Uber has suffered a data breach.” The individual then posted confidential company information they claimed to have accessed, followed by a hashtag that read “#uberunderpaisdrivers.”

Due to the bold nature of the post, Uber employees initially assumed that it was a prank of some kind. Some even went so far as to interact with the poster, replying to the message with memes or humorous quips.

Shortly after, Uber revealed in a tweet from their Uber Comms account that a legitimate breach had occurred and that they were “in touch with law enforcement and will post additional updates here as they become available.” The company’s Slack and other systems were taken down as Uber attempted to understand what had taken place fully.

For their part, the hacker claiming responsibility showed little restraint in communicating with security researchers, bragging about the breach and explaining how easy it had been for them to initiate.

According to a report from Wired that referenced the attacker’s conversation with security researcher Corben Leo, the hacker reports having “first gained access to company systems by targeting an individual employee and repeatedly sending them multifactor authentication login notifications. After over an hour, the attacker claims, they contacted the same target on WhatsApp, pretending to be an Uber IT person and saying that the MFA notifications would stop once the target approved the login.

Based on their claims, it would appear that social engineering allowed the hacker to infiltrate a targeted system not through elaborate code navigation but by convincing an employee to hand over access by posing as a trusted source. 

The technique used here is called an “MFA fatigue” attack. One can easily imagine the worker’s eagerness to end the persistent notification interruptions that disrupted their day.

The hacker’s conversations and shared screenshots reveal that they were able to dig deep into the company’s source code once initial access had been achieved.

Additionally, they commandeered Uber’s HackerOne account, where the company privately discloses the information for bug bounty hunters. These vulnerability correspondences are meant to be kept secret until the company issues a patch.

Before losing access, the attacker is believed to have downloaded this information, although Uber reports that any bugs within the system have already been fixed.

The Uber hack fallout thus far

In a tweet the following day, Uber provided the following updates:

  • We have no evidence that the incident involved access to sensitive user data (like trip history).
  • All our services, including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational.
  • As we shared yesterday, we have notified law enforcement.
  • Internal software tools we took down as a precaution yesterday morning are coming back online this morning.

However, researchers are skeptical of the company’s few official statements. 

Screenshots shared by the hacker lead some to believe that they gained access to OneLogin, which would allow them a look into every nook and cranny of Uber’s data, including the user data that the company claims was safe from the breach.

While initially the hacker did not appear to be financially motivated or connected with any malicious hacker gang or enterprise, Uber reported that they believe the individual is associated with the Lapsus$ hacker gang. However, they have not disclosed exactly how they have drawn that conclusion.

Lapsus$ has recently experienced a meteoric rise in notoriety due to the collective’s successful hacks and ransomware attacks against high-profile victims in the tech and gaming industries. The fact that most Lapsus$ members seem to be teenagers gives credence to the hacker’s claims, and the bold manner in which they announced their presence is also par for the course regarding the gang’s brand.

Regarding some of the hacker’s assertions, Uber believes that the individual purchased stolen login credentials from the dark web instead of relying exclusively on social engineering to conduct the breach.

Mere days after the Uber hack, an attacker alleging to be the same person using the name “teapotuberhacker” took credit for hacking Rockstar Games and leaking a tremendous amount of footage from the publisher’s upcoming entry into the Grand Theft Auto series. They claim to have also stolen the game’s source code and have expressed interest in holding the data for ransom.

The boldness of the two hacks, the targeted companies’ nature, and the attacks’ back-to-back nature fit in with previous patterns established by Lapsus$.

The timing couldn’t be worse for Uber. It takes place five years after the company had suffered an attack that saw them discreetly pay a hacker $100,000 to keep the breach a secret. Joe Sullivan, Uber’s former chief security officer, is currently on trial for criminal obstruction in that case.

Additionally, US lawmakers have been taking a hard look under the hood at big tech’s security policies. Elon Musk’s legal battle with Twitter, reinforced by a whistleblower’s statement, has again put Silicon Valley uncomfortably under the federal microscope.

However, the hack of Rockstar and the leaking of video related to one of the gaming industry’s most anticipated titles in nearly a decade will likely result in the attack on Uber fading from the public’s attention.

Could this hack have been prevented?

As with many recent attacks that relied heavily on phishing or social engineering tactics, the hacker may have been stopped in their tracks had the targeted employee not taken the bait and verified their attempts at authorizing their access. This reliance on human error has become a favored methodology for hackers, as even the tightest security is only as strong as peoples’ ability to keep login credentials private.

Hackers are acutely aware of this vulnerability. They know how to achieve success and that being given login credentials is the path of least resistance when mounting a successful attack.

Companies and organizations know this as well. However, it is impossible to completely prevent a breach that relies on trickery instead of brute force system penetration or the detectable insertion of malicious software.

Firewalls, antivirus, and antimalware programs are necessary lines of defense but do not affect someone who can simply walk through the front door. Even multi-factor authentication, a highly recommended security protocol, is obviously of limited usefulness against this strategy.

The most effective preventative measure for this type of hack is education. Employees need to know the telltale signs of a phishing scam when they encounter one.

Organizations need to put policies in place about verifying requests for sensitive data or login credentials. While many companies are loath to create additional hoops to jump through when it comes to seemingly mundane activity, the financial risk of a potentially devastating attack far outweighs the inconvenience of slightly slower response times.

While low-level workers tasked with high correspondence turnover are regularly targeted due to being on the front lines of email and message-based attacks, high-level employees are not immune.

From messages purported to originate from the IT department at Twilio to a fake job offered to a senior engineer at Axie Infinity, it would appear as though hackers have found the security Achilles heel that no amount of sophisticated coding or White Hat hacking can fully protect against.

Cybersecurity news weekly roundup September 19, 2022

roundup September 19

SAN MATEO, CA, September 19, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

Social engineering and bad password habits led to the IHG hack

Last week, the InterContintental Hotel Group (IHG) succumbed to a cyberattack that caused disruptions through the organization’s hotel chains. The hacker gang responsible for the attack, Vietnam-based TeaPea, has revealed to the BBC that they initially used social engineering to trick an employee into downloading malicious code. The attackers then accessed an internal password vault that was locked behind the password “QWERTY1234.” Read more.

Crypto scams poised to explode in popularity

According to researchers, the first half of 2022 saw the registration of fraudulent crypto sites skyrocket by 335%. 63% of the domains were registered with Russian registrars, and the scammers have been using hijacked YouTube channels to direct victims to sites that purport to offer crypto investment opportunities. One such campaign could steal almost $1.7 million in only three days using videos of famous crypto enthusiasts. Researchers expect crypto scams to escalate heavily, as the nature of the currency provides fertile ground for criminals to prey upon those looking for quick, easy money. Read more.

Russian hackers attacked 20 Japanese government websites

20 Japanese government websites have been disrupted by DDoS attacks launched by pro-Kremlin hacker gang Killnet. Killnet has been prolifically hacking on Russia’s behalf, lodging attacks at everything from government agencies deemed hostile to Moscow to the Eurovision Song Contest voting system in protest of Russia’s exclusion from the competition. According to Japanese authorities, no personal information was exposed in the attacks. Read more.

Uber hacked via social engineering

A hacker claiming to be 18 years old has seemingly hacked ride-sharing giant Uber in what would be a devastatingly deep breach if the attackers’ claims are all true. The hacker allegedly gained access to Uber’s system after gaining login credentials from an employee via social engineering. Once in, the attacker located high-value credentials and was then able to access all areas within Uber’s network. The hacker made their presence known by announcing the breach and interacting with Uber employees on the company’s Slack message board. Read more.

FBI indicts Iranian nationals in children’s hospital hacking attempt

Three Iranian nationals are on the FBI’s wanted list for allegedly attempting to engage in a cyberattack against Boston Children’s Hospital in 2021. According to the FBI, the three men have a history of hacking for personal gain and have been responsible for attacks against companies and organizations worldwide, even in their home country of Iran. Read more.

New “sock puppet” phishing scams on the rise

Threat actors are employing a technique called “multi-persona impersonation” (MPI), in which a fraudulent email is CC’d to other compromised or controlled email accounts. Responses from the other accounts make the original appear to be legitimate. The accounts used to add to the conversation threads are called “sock puppet” accounts. This technique requires more effort than most phishing attempts but can make even wary users confident enough to click a malicious link. Read more.

Hackers stealing Steam accounts with a new phishing attack

A new browser-in-the-browser attack is gaining popularity as hackers employ it to steal Steam account login credentials. The technique uses a pop-up window that appears to be the sign-in page for a targeted service. Steam users are sent a direct message that invites them to a game or tournament, provides a link to a fraudulent site, and then asks them to log in to their Steam account for access via the fake window. Read more.

U-Haul suffers data breach

Moving, shipping, and vehicle rental provider U-Haul has disclosed that the company has suffered a data breach that has exposed customer drivers’ licenses. On August 1st, an internal investigation into suspicious activity revealed that an unauthorized user had accessed customer rental contracts in July. The breach was able to take place after the attacker compromised two passwords. Read more.

Vulnerabilities in HP computers remain unpatched

Several HP computers contain firmware vulnerabilities that had been unfixed for more than a year, with the company not providing a means to patch them. There are six “high-severity” bugs, all of which could allow threat actors to install backdoors or malware onto a targeted device. Three of these bugs were publicly disclosed in July of 2021, meaning HP has had over a year to issue fixes. Read more.

More cybersecurity news

Five must-subscribe-to security alert warning services

security alert services

NetworkTigers on security alert services.

Security alerts help with detecting advanced cyberattacks in organizations. Most of the time, your organizations IT team gets bombarded with security alerts from several IT devices in use. However, most of these alerts turn out to be false positives. The most challenging task for your IT team would be to figure out the normal behavior, the false positives, and what the actual threats are.

Your security team should focus on the right security alerts. Below are some must-have security alerts to subscribe to and begin sifting through the false alerts.

1. Privileged User and Account Monitoring

One of the biggest security weaknesses for an organization is its privileged user accounts. End users with endpoints can have root or administrator privileges, leading to malware infiltration. This can further lead to changes to system networks or settings or even letting bad actors or hackers access sensitive data.

Dashboards should be created to monitor privileged user activity. Since privileged accounts are entry points to other systems and applications in your network, hackers always attempt to obtain access to them and escalate privileges. With access to these accounts, there is potential to work through firewalls or the Intrusion Detection Systems (IDS).

2. Abnormal Outbound Activity

Inbound traffic is always monitored by the security teams but are the abnormal outbound activity monitored similarly? External network communication can occur through an abnormal port or protocol. A firewall can only work on traffic filtration and may not catch everything. These external communications may deploy malware, carry on command-and-control activities or conduct swarm and hive bot activities.

Your security team should deploy mechanisms to filter, monitor, and block external communication. External communication towards an open source is normal until the communication is not for public resources. This could mean that it is an unauthorized communication. Any suspicious activity should be checked against your security policy and malicious patterns. Security alerts can be made from your firewalls, IDS/IPS, and switches to monitor these outbound activities. The best tried and tested way to monitor is with a Security Information and Event Management or SIEM.

3. Acceptable Use Policy Violations

As part of the onboarding process, every employee should undergo a security briefing, an annual review, and a sign-off. Your employees usually sign acceptable use policies while they join, but their importance may be ignored without the briefing and frequent check-ins. These policies are security rules employees need to follow regarding organizational technologies. AUPs protect the company’s network and resources from bad actors but are often not monitored as intended.

Dashboards to review security alters need to be set up by security teams. Downloading torrent content, browsing through inappropriate content, or phishing scams are just a few instances where your company’s network is vulnerable to malicious activity. Frequent check-ins and alerts can help find endpoints with malware quickly and thus help mitigate risk factors,

4. Data Exfiltration

One of the main purposes behind advanced persistent threats (APTs) is data exfiltration or unusual port activity. Ports that are used frequently can be used to go past firewalls and IDS, leading stealing of company information. Phishing scams and social media can also be used to infiltrate your company’s network. Ports like TTCP: 80 (HTTP), TCP: 443 (HTTPS), TCP/UDP:53(DNS)

Techniques used by hackers to conduct an attack is as follows:

  • Web applications: Ports can be used to access your data directly by threat actors.
  • Backdoors: It can be used to collect files and use ports to hide traffic
  • File Transfer Protocol: Hackers may use FTP or FTPS for transferring files or may use a cloud provider
  • Windows Management Instrumentation:  This can be used to access files and mail accounts on Microsoft Outlook

Security alerts can be set up with network intrusion and prevention systems logs to identify any malicious activity mentioned above. Alerts may be set up to let your security teams know when data is being shared externally beyond recommended.  SIEM configurations that help identify what normal traffic looks like and send alerts when traffic goes beyond this baseline will also be helpful.

5. File Integrity Monitoring

File Integrity Monitoring (FIM) is a tool that needs to be looked into closely. Alerts and dashboards that show file status when unexpected changes are made need to be set up. File access auditing lets your team know if any files were created or deleted, programs being used to execute a file, and what file is being viewed. Any unusual files must be run through an anti-virus tool to identify the malware.

Five ways to ensure enterprise network security

enterprise network security

NetworkTigers provided five ways to ensure enterprise network security.

In 2022, businesses are facing cyberattacks more than any other previous year. An IBM report conducted in 2018 found that the average cost of data breaches globally rose to 6.4%, reaching $3.86 million. This means that network security must be a daily priority. Consider it a discussion point for every network meeting.

With the rising number of platforms, apps, and devices being used in the workplace, vulnerabilities to prepare for have increased significantly, making securing and monitoring all these devices difficult. How can you ensure enterprise network security to minimize cybersecurity threats? Keep reading to learn more.

How to make your enterprise network secure

Whether you’re in charge of the security of a big business network, run a small business, or work for yourself, you must implement some basic enterprise network security measures to defend against potential attacks.

Follow these simple steps to create a secure network:

Conduct a network audit

Before improving your network security, conduct an audit to know the current position of your business. This step is crucial because you can’t improve underperforming areas without identifying your weaknesses. 

The objective of performing a network security audit is to evaluate the following:

  • Unnecessary or unused apps running in the background
  • The overall health of apps, software, and computers
  • Anti-malware and anti-virus software
  • Potential security vulnerabilities
  • Backup schedule and history
  • Strength of your firewall

Keep in mind that the number of connected applications and devices running on your network plus the size of your company will determine the depth of your network security audit. 

Remember that an enterprise security audit is part of your overall cybersecurity policies and processes and focuses on the network itself.

Visitors or employees sharing sensitive data with hackers or walking out with information on memory sticks fall under cybersecurity, while network security covers what users do on the network itself.

You can use the findings of a network security audit to create a plan for enhancing the areas identified as weaknesses, either through third-party network security companies or internally. 

Update anti-malware or anti-virus software

It’s not enough to ensure that all the devices connected to your network have adequate protection from such software. 

Most organizations buy anti-malware and anti-virus software that they deploy at an enterprise level to ensure all employee devices, such as mobile phones or laptops, have this software installed when a new device is assigned to a staff member.

However, over time, the software becomes outdated, and in most cases, workers rarely update the software again, exposing your network to vulnerabilities each time they connect. 

Since outdated software/firmware is a common breach point for hackers, updating your anti-malware and anti-virus software is a priority and a part of an ongoing and regular schedule for updating all employee software on connected devices across your business network.

Invest in a Virtual Private Network (VPN)

A VPN ensures online privacy for all your employees as it encrypts your network. VPNs make your online actions virtually untraceable by masking your internet protocol (IP). 

VPN services create encrypted and secure connections to offer greater privacy than a secured WiFi hotspot. Additionally, they block your browsing history, personal information, data, communications, and activities from potential cyber attackers. 

A VPN is an important line of defense if your workforce works remotely and regularly connects to public WiFi networks in airports or cafes, as it protects files when using such networks.

Set up a network security maintenance system

Although your initial network security setup is important, it’s also crucial to establish a network security maintenance schedule that covers the following key actions:

  • Setting up a regular schedule for updating network passwords and names
  • Scheduling training on emerging security developments
  • Updating user passwords occasionally
  • Ensuring software is up to date
  • Creating regular activity reports
  • Conducting regular backups

These basic steps should be part of your “network security maintenance schedule.” Depending on the complexity and size of your business, you may need to include more elements in your schedule to stay on top of network security threats.

Stay proactive because network security is an ongoing process.

Install a firewall

Like VPNs, a firewall is essential for your business network. Keeping the firmware updated and the technology current is a daily check.

While a firewall can be set up on individual devices, your anti-malware or anti-virus software might include firewall protection. However, you can also install a firewall as a web application firewall (WAF) in addition to protecting individual devices.

A WAF protects web applications by monitoring and filtering HTTP traffic between the internet and a web application. Usually, a shield is placed between the internet and a web application when a WAF is deployed in front of web applications.

Proxy servers tend to protect the user’s machine’s identity using intermediaries. At the same time, a WAF is a reverse proxy that protects computers from exposure by requiring users to pass through the WAF before reaching the computers. 

Installing a WAF is crucial for online stores that keep customers’ sensitive data as it can protect all your stored information.


Most network security breaches happen due to insufficient processes and appropriate software. Every business, large or small, should invest in cybersecurity solutions such as SonicWALL or Palo Alto Firewalls to protect their network and devices from cyber threats. 

Cybersecurity news weekly roundup September 12, 2022

roundup September 12

SAN MATEO, CA, September 12, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events impacted the network security industry last week. Brought to you by NetworkTigers.

$30 million recovered from Axie Infinity hack.

The US government has reclaimed $30 million stolen from the game Axie Infinity by Lazarus Group. This is the first time funds have been recovered from the North Korean hacking collective, known for attacking crypto platforms to enrich the Kim Jong Un regime. The total amount stolen from Axie Infinity was $650 million. Read more.

North Korean hackers target energy providers.

North Korea’s notorious Lazarus hacker gang, best known recently for hacking crypto exchange platforms, exploits VMWare Horizon servers to access networks belonging to energy providers in the US, Canada, and Japan. Using a driver’s range of tactics, Lazarus focused on the energy sector from February to July of 2022. Because the group is so well known, they are heavily monitored by international authorities and continually evolving their strategies to prevent detection and achieve success. Read more.

0ktapus hacker gang obtain Okta credentials

A hacking campaign under the moniker of “0ktapus” has successfully compromised 9,931 accounts by spoofing multi-factor identification systems. As the name implies, the attackers focus their energy on Okta, an identity and access management platform used across many industries. The campaign has thus far affected 130 firms, 114 of which are based in the US. Researchers believe that the threat actors began the campaign by targeting telecom companies in search of phone numbers that could be used to achieve MFA access to Okta accounts. Read more.

Major hotel chain suffers a data breach.

IHG Hotel Group has been the victim of “unauthorized activity” that has affected booking platforms across all of their chains, including Holiday Inn, Crowne Plaza, Regent and more. The disruptions were referred to as “significant,” although the nature of the incident has not been revealed. Customers trying to book hotel rooms are met with a page that says that the company is working to restore systems as soon as possible. Read more.

EvilProxy lowers the bar of entry for phishing attacks.

EvilProxy, a new Phishing as a Service (PasS) platform, allows hackers of all skill levels to steal login information to break into accounts that are well protected via reverse proxies. While only seasoned hackers could navigate this technique in the past, EvilProxy’s simple user interface gives amateurs the tools they need to engage in and manage phishing campaigns. Read more.

Cyberattack takes down LA school system computers.

The Los Angeles Unified School District suffered a cyberattack that has taken computer systems down, affecting access to email and other tools teachers use. Despite the hack, the school does not intend to delay the opening of the school year. Both local law enforcement and federal agencies are investigating the attack. Read more.

TikTok denies hackers’ claims of a data breach.

The hacking group “AgainstTheWest” has claimed to have breached a TikTok server containing 2 billion records, including user data and source code. TikTok has denied the claims, stating that they have observed no suspicious activity and that users don’t need to take any proactive actions. The social media platform has stated that all the information the hackers have posted thus far is publicly available and has not been obtained via a breach. Read more.

China accuses the USA of a university breach.

According to Chinese officials, China’s Northwestern Polytechnical University has been targeted by the US in a cyber espionage campaign. The National Computer Virus Emergency Response Center has alleged that the attack was traced to the US National Security Agency but did not disclose how it came to that determination. The university in question is reported to provide research and assistance to the Chinese military. Read more.

More cybersecurity news

The future of cybersecurity

Future of cybersecurity

NetworkTigers discusses the future of cybersecurity. Will it get worse before it gets better?

Cybersecurity is one of the most important investments any company or individual can make in today’s interconnected world. Ensuring that your home or business is appropriately protected can save more than money – it can also protect your privacy in an era where data privacy is becoming even more precious and important to preserve. However, today’s cybersecurity landscape is an ever-evolving field of threats and dangers. Will cybersecurity get worse before it gets better? Experts seem to believe that the risks will only continue to evolve. The question is, how can we best ensure we are prepared to meet them when they do?

With the rise of remote work and multiple supply chain shocks that overtook the international datasphere throughout the global pandemic, cybersecurity was paramount in 2020. The COVID-19 era saw multiple new threat actors arise in how companies conducted remote work. Zoom bombers, new kinds of ransomware, and a rise in phishing attacks on employees working from home all contributed to increased cybersecurity risks in the past year. However, a new report shows an alarming trend in how often businesses have been hacked throughout 2021. According to Check Point Research, businesses weathered up to 50% more cyberattacks per week in 2021 than in 2020. The analytical firm only counted detected and blocked threats in their assessment, meaning that the actual number may be even higher. With numbers like these, it’s no wonder that businesses seem to have begun to accept cyberattacks as the new normal

Cyber threats on the rise

The data shows that cybersecurity seems to be getting worse before it gets better. Some of the latest cyber threats include: 

  • Social engineering: Even as technology becomes more difficult to breach, human error remains the main form of cybersecurity weakness. Social engineering is a kind of attack method that targets human interactions. Socially engineered attacks often rely on peoples’ urges to be helpful or fear of punishment if they make a mistake. Many data security experts advocate for increased employee IT training and open communication among company strata to address socially engineered cybersecurity threats. Employees are less likely to believe they risk letting down a CEO or senior officer from a phony phishing attack if they can contact management to report attempts to target them. 
  • Sophisticated phishing: Phishing is particularly dangerous for employees working from home. As more business communication occurs via email or messaging, phishing attempts have become more prevalent and successful. In a recent development, certain industries, often medical and insurance, report facing a one-two punch of phishing attacks. Employees in these fields have received emails from realistic addresses posing as clients or vendors for the company. The only request in these emails is that the targeted employee give them a call. Scammers use these sophisticated phishing approaches to build rapport and trust before asking the targets to share information or send money. Because multiple forms of communication are used, these phishing attempts appear more trustworthy. A San Francisco report shows a 10% increase in email-to-phone phishing attacks, with businesses in the medical and insurance fields up to 60% likely to become targets. 
  • Credential compromise: The reuse of passwords is a common threat to even the best cybersecurity networks. Even with constant verifications or multi-factor authentication, re-used or commonly used passwords can undermine otherwise effective barriers to keep hackers at bay. A Google study shows that up to 65% of people reuse their passwords for multiple accounts. Much of this password reuse is across streaming sites, but many report mingling personal and professional passwords. Some recycling is understandable when the average person has to remember around 90 different passwords. However, doing so can substantially jeopardize the safety and security of your company’s network privacy. 

Cybersecurity reports and assessments

Will cybersecurity get worse before it gets better? Even the most optimistic data privacy experts say things will get more complicated before anyone can be sure. And most cybersecurity professionals say the outcome is bleak. Cybersecurity has gone from being a small-scale concern to a full-blown national and international security risk. Destructive hacks such as SolarWinds show that the extent of data privacy breaches is still fully understood. 
Ongoing hacks threaten the safety of every Internet user, with new risks being discovered daily. By updating and investing in cybersecurity to the fullest extent of your ability, you can hope to surf the wave of new worries in the cybersecurity sector. However, no one can fully outrun the onslaught of cyber risks. It’s going to get a lot worse before it gets better, but with the right focus and upgrades, we can weather the storm.

Scammers and hackers: what’s the difference?

Scammers and hackers

NetworkTigers discusses the difference between scammers and hackers.

When it comes to cybersecurity threats, the terms “hacker” and “scammer” are used regularly. To some, the words may seem interchangeable and, in fact, hackers and scammers often overlap in the methods they use to meet their goals. However, there are differences between the two that define them as separate threats.

What is a hacker?

A hacker is an individual who uses a computer to overcome a technical problem or obstacle. The term, coined in the 1960s, is used to refer to someone especially savvy with coding and programming as well as to describe one who uses said skills for criminal activity. 

While there are ethical, “white hat” hackers who are employed to work against criminals, most people associate the word with “black hat” hackers who steal data or commit otherwise unscrupulous deeds.

What hackers do

  • Create, deploy or install malicious code that is designed to penetrate victim networks.
  • Exploit vulnerabilities within systems to gain unauthorized access.
  • Vandalize targeted websites or social media accounts for reasons that range from political motivation to bragging rights.
  • Engage in corporate or political espionage by stealing data from competing companies or nations.
  • Employ ransomware in order to encrypt a victim’s network and extort them.
  • Break into systems to cause disruption.

What motivates hackers?

Because there are so many different kinds of hackers working from all over the world, their motivations vary greatly.

Hackers employed by governments, whether transparently or in secret, typically target websites or systems used by organizations associated with opposing countries. This can include those belonging to third-party contractors and other agencies who may be in possession of, or have access to, government information that is deemed to be valuable for purposes of sabotage or espionage.

In cases like North Korea, state-backed hackers are even used to hack into financial institutions or cryptocurrency exchanges to provide a source of revenue for the country.

Some hackers are motivated by social issues or work independently to bring attention to their causes and inflict damage on organizations and even governments that they disagree with politically. The hacking collective Anonymous is best known for performing this type of “hacktivism.”

Many other hackers are after money. Whether it’s through a ransom or by selling stolen data on the black market, information is valuable to those who wish to do harm to others.

What is a scammer?

A scammer, defined broadly, is a person who participates in a fraudulent scheme or operation.

In the context of cybersecurity, scammers use a variety of means to steal money or information from victims. While there are hackers on both sides of the law, scammers are, by definition, malicious.

What scammers do

  • Employ social engineering tactics to fool people into turning over sensitive information such as login credentials.
  • Engage in phishing schemes that impersonate trusted companies, organizations or even individuals to convince people to provide everything from financial data to personal information that can be sold.
  • Scammers sometimes study victims in order to create convincing fake correspondences or scenarios that encourage trust.
  • Blast out hundreds or thousands of emails or texts, hoping to play the numbers game and rope in unsuspecting or accidental victims.
  • Create “romance scams” in which they adopt a fake identity to gain someone’s affection and then ask for money. 

What motivates scammers?

Whereas hackers may be motivated by politics or social justice, scammers are exclusively interested in financial gain. This can be in the form of funds directly siphoned from a targeted victim or money exchanged for stolen data.

From shooting out hundreds of emails that mimic the look and branding of trusted institutions like banks or PayPal to engaging directly with their victims by impersonating a love interest or fellow employee, there are a myriad of ways that scammers can successfully part a target from their money. 

While most people can’t conceive of engaging in such unethical behavior, psychologists generally regard scammers and con artists as narcissists. Only interested in their own personal gain, they lack empathy and view themselves as superior to those who are foolish enough to fall for their tricks. 

The internet age puts new tools and more anonymity into the hands of scammers, but this behavior is not new. From tricking sailors into believing they were destined for a paradise of riches in the 1820s only to have them find themselves in Honduras to selling city monuments to people eager to make big investments, scammers have been preying on the trust of others for centuries.

How to avoid scammers and hackers

To prevent hacks, it’s important to ensure that your fortifications are strong. Be sure to keep your software and firmware regularly updated. Setting up automatic updates lets you keep your systems refreshed without the risk or forgetting to do so. They also let developers patch their products in the event of a newly discovered threat or vulnerability.

The best policy one can have with regard to scammers and hackers alike is one of vigilance. The confidence that most people have regarding how easily they may be fooled is often turned against them. Because no one believes in their own gullibility, con artists and criminals are able to manipulate people surprisingly easily.

Tips to avoid becoming a victim

  • Check for misspellings and typos in emails from supposedly trusted organizations or companies that have a sense of urgency or remind you of a purchase you don’t recall making.
  • Check the email address of origin for messages you receive. If the address is not one you recognize or contains misspellings or other suspicious characteristics, it is likely a scam. 
  • Never provide login information, personal data or financial information to someone over the phone or via email or text.
  • Stick to official platforms for communicating with colleagues at work. Scammers may attempt to impersonate an employee in need of help via messaging services that operate outside of your business.
  • If you receive a message from someone you trust that feels off, find another way to reach out to them to confirm that it’s legitimate.
  • Never send money to someone that you haven’t met. 
  • Keep up to date on the latest cybersecurity threats by regularly checking websites that feature news regarding today’s trends.

Cybersecurity news weekly roundup September 5, 2022

weekly news roundup September 5, 2022

SAN MATEO, CA, September 5, 2022 — Cybersecurity news weekly roundup: stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

New ransomware gang picking up steam

Researchers have observed that the new ransomware gang BianLian has tripled its infrastructure in the last month. The gang uses double-extortion tactics and has thus far targeted American, Australian, and British companies. The gang uses the open-source Go coding language to operate, which most threat researchers may not be very familiar with. This has made the gang difficult to track and their techniques hard to reverse engineer. Read more.

Samsung discloses breach

According to the electronics maker, some of Samsung’s US systems were breached to steal customer data. The hack, which took place in late July, saw exfiltrated data, including names, product registration information, and contact info. Samsung is notifying affected customers and has stated that no Social Security numbers or payment data had been leaked. Read more.

FBI investigates massive infrastructure cyberattack in Montenegro

An ongoing cyberattack targeting the country of Montenegro’s water supply, transportation, and online government services has drawn the attention of the nation’s NATO allies, with the FBI deploying a cyber team to the country. Montenegro officials are blaming the attack on Russian retaliation for their joining of NATO and their support of sanctions placed on the country in response to the invasion of Ukraine. Read more.

FBI issues warning about hackers and crypto platforms

In a public service announcement, the FBI issued a warning about the increasing frequency with which DeFi platforms are falling victim to hackers looking to steal crypto. Most hacks are carried out via security exploits and vulnerabilities within the platforms. In 2021, around 25% of all stolen crypto was eventually recovered. Thus far in 2022, however, no stolen funds have been returned. Read more.

Russian news site hacked.

Tass, a state-operated Russian news outlet, was hacked with anti-war messages appearing to those who visited the website. The text, which includes the phrase “Putin makes us lie,” implies that it originated from Tass workers and writers, but this is likely not the case. Additionally, an Anonymous logo appears under the statement. Anonymous has been publicly opposed to Russia’s ongoing war in Ukraine and has taken credit for several disruptive hacks carried out against Russian news organizations. Read more.

Authy 2FA app hacked.

Authy, one of the most popular and highly recommended 2FA apps, has been hacked following a successful phishing attack on the company’s employees. Only a small number of Authy customers were affected by the hack, with the criminals using their access to register unauthorized devices to only 93 accounts. It would appear that the accounts were highly targeted. Read more.

Hack exposes 2.5 million student loan accounts.

Oklahoma Student Loan Authority (OSLA) and EdFinancial have suffered a breach that has exposed the personal data of 2.5 million people. The breach appears to have resulted from a hack that targeted Nelnet Servicing, a third-party technology services provider. The data exposed includes names, addresses, Social Security numbers, and phone numbers. The hackers reportedly had access to Nelnet’s system from some time in June up until July 22. Read more.

Ransomware attacks rebound after a brief decline.

A report released by NCC Group reveals that ransomware attacks are on the rise again after a short decline. It is believed that the ebb and flow is related to the US government’s crackdown on cybercrime and the Conti ransomware gang. It would seem that the regression took place as ransomware purveyors reevaluated their tactics and regrouped in the face of increased pressure. LockBit has proven to be the most prevalent gang in this new surge, with HiveLeaks and BlackBasta, both offshoots of Conti, also hard at work. Read more.

Spyware firm looks to compete with Pegasus.

Intellexa, a little-known Europe-based spyware firm, appears to be positioning itself as an alternative to NSO Group’s Pegasus. For a fee of $8 million, Intellexa is offering to hack Android and iOS devices. Ten infections are up for grabs, and the firm claims to have a “magazine of 100 successful infections.” Read more.

More cybersecurity news