24 Jul Security Breach – 24 July 2020
Today’s risk landscape is more complicated than ever. There’s a new danger to your systems and data lurking around every corner, and a new solution that you need to buy to mitigate it. Third-party data breaches are a constant worry not to mention the risk that comes from staff password recycling, or unintentional insider threats like falling for a phishing attack. So how can you provide an extra layer of security against most risks without spending a fortune?
Multifactor authentication (MFA). Adding MFA on every user account is a fast, easy way to secure your company’s entry points. Even if cybercriminals are able to obtain a credential that would allow them access to your systems and data from an outside source, that credential isn’t going to do them any good without an authentication token like a code that’s sent to the real account holder’s mobile.
It’s wise to put a complete suite of digital risk protection solutions in place but you may need to economise. That makes cost-effective, multifunctional tools like DUO the ideal choice.
By combining MFA with single sign-on, remote management, and seamless integration with over 100 common business applications, DUO gives a high return on investment and a high level of protection – because no one can afford a data breach in this economy.
United States – Twitter – Social Media Platform
Exploit: Account Compromise
Risk to Small Business: Extreme: The hack heard ‘round the world this week is a huge embarrassment for social media powerhouse Twitter, after dozens of high-profile accounts were accessed illegally and used to transmit messages inviting their followers to “invest” in a bitcoin scam. Some of the affected accounts included Bill Gates, Barack Obama, Elon Musk, and Jeff Bezos. The hack was quickly discovered, and those accounts were frozen briefly while Twitter assessed and fixed the security flaw.
Twitter is now reporting that the hacker targeted 130 accounts, were able to take control of 45, and 8 accounts had data downloaded. While early reports speculated on the threat actors as a sophisticated hacking group, The New York Times uncovered that the attack was actually carried out by a few unorganized hackers using a Discord server who obtained access through a “social engineering attack”. The attack is under investigation by numerous authorities including the FBI.
Risk to Exploited Individuals: Moderate: The hackers were able to obtain some personal information and change passwords for some of the celebrity accounts, but did not gain access to any financial information, past password records, or other sensitive data in all but 8 cases. Those 8 cases are still being investigated, but it’s unlikely that any sensitive data was compromised.
Customers Impacted: 130.
Australia – Western Australia Department of Health – Government Agency
Exploit: Unauthorized Database Access
Risk to Small Business: Severe: Confidential data from the state’s Department of Health was made publicly available on a website after it was distributed over a third-party paging service. Security researchers discovered that a website was recently set up which provided confidential information about Western Australian patients and doctors, including those with suspected COVID-19 infections. The State Government and Western Australia Police are working to have the site taken down, but it was still up as of a recent check.
Risk to Exploited Individuals: Moderate: No financial information was reported stolen, but sensitive health data may have been compromised. Affected users should be alert for potential spear phishing attempts or blackmail using this data.
Customers Impacted: Unknown.
Ensure you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan.
Talk to a TCT sales team member today and we can show you how.
Follow us on LinkedIn: