Cyber Intelligence Weekly (February 19, 2023): Our Take on Three Things You Need to Know
Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!
To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe
Also, we are always looking for great people to join our team. If you know anyone who fits the profiles for any of our open positions, drop me a line and let me know!
Before we get started on this week’s CIW, I’d like to highlight an article by our own very talented Evan Isaac, where he shares his experiences for preparing and taking the eJPTv2 certification. Thanks for sharing your experiences, Evan!
Away we go!
1. GoDaddy Suffers Three-Year Cyberattack Siege by Hackers
GoDaddy revealed in a SEC filing on Thursday that it had found evidence of persistent hackers who had stolen some of its source code and placed malware on its network. The company says that in December 2022, customers began claiming that their websites were inexplicably being diverted to other domains. The company has not specified how many customers reported this. They believe the that hackers' goal was to infect websites and servers with malware for phishing attacks, malware distribution, and other nefarious activities.
What’s worse is that GoDaddy believes these hackers are the same ones that have been giving them problems since 2020. They also noted in their SEC filing that in March of 2020, they noted that they, “discovered a threat actor compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts as well as the login credentials of a small number of our personnel.” The SEC filing also states, “In November 2021, using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress (MWP), which impacted up to 1.2 million active and inactive MWP customers across multiple GoDaddy brands.”
That is certainly a damaging run of cyber attacks for one of the biggest hosting brands out there.
2. Cybersecurity Incident at MKS Blamed for Sales Shortfall for Applied Materials
Silicon Valley based Applied Materials, which is one of the world’s largest suppliers of equipment, services and software for the manufacture of semiconductor chips for various types of electronics, recently announced on their earnings call that their financials would be significantly impacted due to a “cybersecurity event” at a large supplier of theirs.
In the recent investor call, Gary Dickerson (President & CEO) noted, “Very recently, one of our major suppliers encountered a disruption that will impact our second quarter shipments. Brice will provide more details about this when he shares our guidance.” Brice Hill (CFO), later noted, “This guidance includes a negative adjustment of $250 million related to a cybersecurity event that was recently announced by one of our suppliers.” While Hill did not name the supplier, there has been much speculation that it is MKS Instruments Inc.
Reuters reported back on February 6 that MKS was investigating a ransomware attack. This situation is a stark reminder of just how fragile the supply chain can be, and the dire consequences of poor cybersecurity controls at critical third-party organizations. The importance of an effective third-party risk management program has never been more important.
3. CNN Reports that FBI Systems Were Breached by Hackers
On Friday, in an exclusive report, CNN reported that the FBI’s systems were breached by hackers, although, what they were able to gain access to was limited. According to CNN's sources, the event took place at the New York Field Office, and the attack deliberately targeted the systems utilized for the organization's investigation of child exploitation images.
Details surrounding the hack were hard to come by apparently, as the CNN report was rather light on details. In a statement to CNN, the FBI had the following to say, “The FBI is aware of the incident and is working to gain additional information. This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time.”
It will be interesting to follow this story to see if anything further comes from this. It is hard to understand why and how a system that would hold this type of CSAM information would be hacked, and it leaves so many questions.
Thanks for reading!
About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about