As we look back at the week and some of the cyber security threats that made headlines, we will visit locations near (your pocket) and far (Russia), with a stateside stop at the Hollywood magazine Variety in between. This is your cyber threats weekly review.
1. Out-smarting the Smart Phone
We’ve known for years that smart phones are hackable. Malware, illegitimate apps and other security risks made the computer in your pocket an open door for cyber criminals. Still, until recently most people thought of iPhones as virtually unhackable. Then came the recent news that iPhones weren’t so invulnerable, and a security patch was issued along with alarming messages to update immediately.
If you’ve updated your phone and you don’t fall for malware, you are safe, right? Well, not likely. The flaws in SS7 networking that allow for hackers to access Facebook accounts, WhatsApp, and other social media tools can also be exploited to hack your phone. While stored data such as cache and voicemail might have been thought of as the most accessible, the SS7 exploit reveals the vulnerability of live calls and texts as well.
While of course the greatest cyber threat would be against “big players,” like political leaders and industry leaders, any revenge-fueled or competitive-fueled attack could fund a hacker-for-hire SS7 attack on a cell phone.
2. The Variety of OurMine
Broadcasting themselves as a cyber-security firm, OurMine (OurMine.org) has made headlines for hacking celebrities whilst advertising their services. Recently they got credit for hacking the Hollywood industry rag Variety, which left the magazine posting a public apology.
In the world of cyber security, generally, white hat hackers notify companies of risks to improve and protect against future cyber threat. The “good guy” hacking community often shares cyber threat intelligence news and notes to also improve results and piggyback on ideas for better security. Where OurMine lands in the hat color spectrum might be a little grayer. Then again, maybe it’s another case of “any publicity is good publicity,” and little more than an attempt to drum up new business.
3. Russia Under Fire, Again
Speaking of gray, we’ve been reporting on the news, notes and possibilities of Russia hacking the United States political process. It’s even been called the new cold war. This week, LeakedSource reported that nearly 100 million records from Rambler.ru were hacked back in 2012. The data breach reportedly included user accounts and login information.
The four year delay between breach and leak shines a spotlight on an alarming topic in the cyber security world: how little we actually hear about. The internet has made the world smaller and attacks can come from anywhere, often emanating from nations outside of the exploit. What gets shared on as actionable cyber threat intelligence feeds is merely the tip of the iceberg. Still, given that reality, it makes acting on the knowledge we acquire that much more paramount.
Sharing Data, Preventing Attack
If it might be said that a theme is arising in the cyber intelligence community, you might say that it is “sharing is caring.” Working in isolation, even in isolated teams, cannot possibly compete with the abundant, well-funded, increasingly sophisticated black hat hacking in the world today. When government organizations or industry players hesitate to share hacking tactics or work to hide data breaches, ultimately they harm themselves. Even the former director of the U.S. National Security Agency (NSA) warned against classifying security breaches.
Our inaction could be our undoing, but it just might take several years before anyone would hear about it on the news.