Hacker Tracker | September

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates.

These hackers used Log4Shell vulnerability to target US energy firms | 9.9.22

• Lazarus hackers used the flaw to target servers of energy providers in the US, Canada, and Japan.
• Cisco’s Talos security analysts say Lazarus hackers are exploiting flaws in Log4J — an open-source application logging component — in unpatched internet-facing VMware Horizon servers to gain initial access at energy providers in the US, Canada, and Japan. The North Korea-backed attackers deploy custom malware for long-term espionage.
• Lazarus, also tracked as Hidden Cobra and APT38, is known for stealing hundreds of millions in cryptocurrency from crypto firms. 
• View the Source

Uber security breach ‘looks bad’, potentially compromising all systems | 9.15.22

• A hacker is believed to have breached Uber’s entire network in a social engineering attack, which one security vendor says is more extensive than the company’s 2016 global data breach and access logs potentially altered.
• It’s believed that the hacker breached multiple internal systems, with administrative access to Uber’s cloud services including on Amazon Web Services (AWS) and Google Cloud (GCP). 
• Uber since shut down online access to its internal communications and engineering systems while it investigated the breach.
• View the Source

Optus security breach compromises customers’ passport details | 9.21.22

• Optus suffered a security breach that it says may have compromised various customer data, including dates of birth, email addresses, and passport numbers. Information belonging to both current and former customers of the Australian mobile operator are impacted in the security incident. 
• Financial details and account passwords were not affected by the breach, the Australian operator said. However, it said major financial institutions were notified about the breach. It also urged customers to keep watch on unusual or potential fraudulent activities.
• The carrier was involved in previous data privacy incidents, including a 2013 breach in which the operator accidentally published the names, addresses, and mobile phone numbers of 122,000 customers without their consent.
• View the Source

Lessons Learned

#1- While attacks like the Log4Shell vulnerability targeting US energy companies can sound daunting–remember, many known vulnerabilities are avoidable by applying available security patches. The organizations that were attacked should have patched this flaw months ago. In fact, the Cybersecurity and Infrastructure Security Agency (CISA) warned organizations in early September about the Log4Shell flaws. 

#2- Big-time companies will always be big-time targets. This means, if you operate a very public-facing company, every employee, third-party vendor, and c-suite executive is a potential victim. While every business is subject to cybersecurity breach, big companies often have more to lose when it comes to bad publicity. To make matters worse, Uber was known to have concealed their 2016 breach for over a year, making any communications around the 2022 attack questionable at best.

#3- This is not the first breach that Optus has experienced–and likely not the last. But, they still remain around as a company. What can we learn from this? In each attack, Optus operated in accordance with Australia’s Cybersecurity reporting laws. This, coupled with clear customer communication, has helped them withstand attacks over the years. Transparency and compliance is key if your organization is the victim of a cybersecurity attack.