Another week goes by and another series of major security breaches around the globe. This week, the spotlight turns to the story versus the facts: do we even ever really know the full story? What bits get fed to media sometimes do not match so well with presumed facts. But then, speculation (even by experts) could be just that.
Here are three top recent cyber attacks making waves and headlines around the globe.
First Stop: Singapore
On our global cyber security breach tour this week, the first stop is the Southeast Asian city-state of Singapore. This small but global country also claims two of the top-ranked higher learning research institutions in the world, both of which suffered network breaches in April: The National University of Singapore (NUS) and Nanyang Technological University (NTU).
In Singapore, the government branch responsible for this sort of thing is the Cyber Security Agency, CSA. What they appear to have discovered are two separate types of attacks, and they report that the cyber attacks likely had separate orchestrators. What they had in common, according to the authorities, was their sophistication. It was “not the work of casual hackers,” they said, speculating that the attacks may have been to steal government secrets (both universities do state-sponsored research).
At NUS a single server was breached by an Advanced Persistent Threat (APT) actors, allowing continuous access to information. At NTU a malware attack, presumably the result of a phishing breach or browsing of infected sites, gave continuous access to APT actors as well.
The Ministry of Education assured students that their personal data was not compromised and that the attacks have been contained. One hopes.
Next Stop: The USA
By now you have likely formed an opinion about net neutrality. You may have even tried to comment on the Federal Communications Commission’s (FCC’s) page about the proposed net neutrality rules reversal.
For thousands of attempted commentators, that didn’t work. The FCC claims that they suffered a major DDoS attack. Critics are saying: prove it. A petition requesting the FCC to release its website logs to the media, or an independent security researcher, to verify their claim of the DDoS attack. As of this writing, the FCC has not.
It seems we have one of these kinds of stories every week. Last week it was a questionable Twitter hijack. Consumers are wary of claims of digital foul play, and it lands even more squarely on the shoulders of individuals and customers to cover their own digital assets.
Final Jaunt: the UK
Between Valentine’s Day, Easter, and Mother’s Day, the turn from late winter to early spring is a popular flower and gift-buying season. It’s a terrible time to have a major security breach. Just ask retailer Debenhams, whose online florist service, DebenhamsFlowers.com, got hacked. The leak included names, addresses, and the financial information of an estimated 26,000 customers, over a 6-week period beginning in late February.
Debenhams took down the site and reached out to customers about the breach. The service was run by Ecomnova and since other Debenhams sites were also using the service, several other online resources were temporarily suspended.
Online consumers of any retailer should consistently monitor bank statements and in the event of a fraudulent charge, reach out immediately. If a card was likely compromised, such as in the Debenhams breach, most banks would sooner go ahead and replace your card.
So many of the biggest security breaches of 2016 involved similar tactics. We learn from these and as many as several hundred other cyber attacks each week.
So enjoy the headlines, but stay out of them.