J2SECOPS WEEKLY NEWS: This week in the J2 CSC, Data is breached again, now what? Your legal rights when your personal data gets leaked in South Africa, We can dream can’t we? and what we do in the shadows...
Every moment of every day, we remain connected to the digital world through multiple devices and the sharing of our transactional and personal information across multitudes of applications, connected networks, online businesses and all manners of service providers. Please take a moment and let that sink in, take a moment to think about the sheer volume of your personally identifiable information is actually outside of your control and where and how much might be analysed continuously by hordes of Bots, AI and good and evil Research Analyst types? What is known about you and your activities and what safeguards are followed throughout? Like your daily tracking of your banking payments and incomes, no-one I know is completely aware or recalls every time their digital persona such as Current Address, Physical location, Username, E-mail and associated passwords, ID numbers or payment mechanisms like PayPal, bitcoin or credit card details are accessed or used in order to secure a payment or verify access or authorisation to one of their many accounts. In the world that we find ourselves ,we are the digital subject of much digital foot printing and the digital trail in every activity we do. As we are the owners of this digital fingerprint, the question: for what purpose is this data collected, shared and used, and do we have solid understanding of this usage and most importantly have we provided ongoing consent based of this ongoing usage. Do you know what your recourse is if you feel violated or “knock on wood”, you are a victim or source of another massive data breach?
Insider threat visibility and detailed linkage to external threat detection and response is key – chat to us we can help; with this in mind, enjoy our roundup of stories for this week…
Your legal rights when your personal data gets leaked in South Africa
In a developing story iAfrikan.com will be updating us as new information and responses are available. they have already alerted South Africa's Hawks (cybercrime unit) as well as South Africa's Information Regulator on your behalf, if you are part of the breach.
In a recent article published on iAfrikan.com, another breach has occurred, this time South African traffic fines online payments website, ViewFines. In this breach, the personal records of 934,000 South African licensed drivers has been disclosed. Enter Troy Hunt, an Australian security consultant and founder of haveibeenpwned who worked with iAfrikan.com in researching the data leak, and has also been able to positively identify the leaked database as belonging to ViewFines.
The Dream of A More Secure Organization
There’s no way of completely ridding your enterprise of all risk. This realization can be an effective motivation to take appropriate measures to dramatically reduce your chances of a leak.
Use this motivation to provide focus and direction and address your risky behaviours and areas of current incidents as priority that may buy you valuable credibility and organisational currency by integrating these recommendations into your security strategy, you just might be able to add a few more hours of peaceful sleep to your nightly routine. The key is to take proactive steps before it’s too late. Sleep Well.
- Assume the Worst
When it comes to storing credentials, assume that your user database will be accessed and copied by criminals. It’s better to go into this with your eyes wide open.
- Store Credentials the Right Way
Recommend all credentials be stored by your corporate and customer facing applications using a strong cryptographic hashing algorithm like bcrypt, Argon2 or scrypt. If you mandate this across the board, you will make potentially leaked credentials nearly useless to criminals. The computational requirement make it infeasible to crack these algorithms (today), therefore any of these hashed passwords that are stolen cannot easily be decrypted and used against your customers, limiting your overall liability.
- Don’t Store Credentials the Wrong Way
The worst way to store credentials is to use SHA1 or MD5, even with salts. Don’t be fooled by their commonality. They are easily cracked and your customers’ passwords will be revealed in plaintext. Once in plaintext, the criminals have free reign to use and sell them at will, opening up risk to both your organization and your customers.
- Transform Bad to Good
Do a thorough scan of your credential stores. If you find any that use SHA1 or MD5, begin to migrate users to one of the stronger hashing algorithms we mentioned earlier. It’s worth the exercise to ensure all of your organization’s credentials are being stored securely and cannot be cracked.
- Enable Multi-Factor Authentication
Multi-factor Authentication (MFA) adds another layer of security between your customers’ credentials and the criminals, often squeezing out the less sophisticated and more numerous criminals. While this extra step boosts protection, it could also be perceived as friction for users to log in. Therefore, incentivize customers to implement MFA.
- Use An Exact Match Solution
The majority of criminals looking to find vulnerable accounts are relatively inexperienced and make use of simple ATO techniques that can be easily recognized by a variety of solutions. The more sophisticated criminals, however, know how to bypass MFA and other detection solutions. To block both kinds of criminals, use an exact match solution that compares your customers’ passwords to a comprehensive and current database of compromised accounts to see if there’s a match. When there is a match, a password reset is automatically enforced.
- Promote The Use of a Password Manager
Take the hassle out of remembering multiple passwords by championing password managers. Password Managers are effective tools to reduce the threat of employees or customers reusing passwords. They make it much easier to select unique strong passwords for every account. While password managers greatly reduce the potential for ATO via password reuse, they should be implemented in conjunction with the other recommendations above.
What we do in the shadows - Dark Networks?
Not all dark web data is the same. There are three distinct communities of actors and special-access sites: low-tier underground forums, higher-tier dark web forums, and dark web markets. These three clusters line up with expert intuition of the dark web, appearing almost as if no other sensible organisation is feasible. Notable discovery of cross-posting between low-tier and higher-tier forums and the results of this Recorded Future research are directly reflected in their product and ontology. This new approach to categorization assists security teams in obtaining targeted, relevant dark web intelligence, facilitates their understanding of threats, and opens a window into the methods, tactics, and motivations of threat actors.
Dark networks : Social network analysis of dark web communities| Adrian Tirados
- Hits: 547