Professional Documents
Culture Documents
Google China Hit by Cyber Attack: What Happened?
Google China Hit by Cyber Attack: What Happened?
cyber attack
WHAT HAPPENED?
Google said in a blog post on Tuesday that in mid-December it discovered a
"highly sophisticated and targeted attack" on its corporate infrastructure
originating from China that led to theft of its intellectual property. It said it
discovered as part of its investigation that at least 20 other large companies, in
the areas of Internet, finance, technology, media, and chemical, had been
similarly targeted.
The attack on Google involved attempts to access the Gmail accounts of Chinese
human rights activists, but only two accounts were accessed and the contents of
e-mails were not exposed--only account information like the date the account
was created, Google said.
Separately, Google discovered that accounts of dozens of Gmail users in the U.S.,
China, and Europe who are human rights advocates "appear to have been
routinely accessed by third parties," not through a security breach at Google, but
most likely as a result of phishing scams or malware placed on the users'
computers, the company said.
In a separate blog post, Google said it believed that Google Apps and related
customer data were not affected by the attack. "The route the attackers used was
malicious software used to infect personal computers," the post said.
Separately, a law firm in Los Angeles involved in litigation against China said on
Wednesday that it had been targeted in a China-based attack this week. Gipson
Hoffman & Pancione said employees received e-mails Monday and Tuesday
masquerading as communications from within the company that included Trojan-
laden attachments or Web links. The firm filed a $2.2 billion lawsuit last week on
behalf of Solid Oak Software against the Chinese government alleging code from
the Cybersitter Web content-filtering program was copied and put it in China-
created Green Dam Youth Escort software. It is unclear whether this attack is at all
linked to the attacks on Google and the other companies.
To avoid phishing scams, people should contact companies directly to verify that a
suspicious e-mail is legitimate, not give out personal information requested in e-
mail and change passwords frequently.
Alteryx Data Leak
what happened?
Cybersecurity company Upguard said it discovered the exposed data on
The repository that was exposed contained a range of U.S. household data
company.
agency.
Upguard alerted Alteryx about the exposed data sets, and Alteryx secured
Although individual names were not included in the data, it’s possible that data
thieves could cross-reference stolen information with other available public
information.
For instance, someone could use a street address to search for property tax
information. That property tax information often includes the name of the property
owner. In this way, someone could “piece together” an individual by combining
the different sources of information, which could ultimately lead to identity theft.
Equifax's Crisis
The credit bureau announced that they suffered a cybersecurity incident, where
over 143 million U.S. customers’ personally identifiable information (PII) was
breached. This is a big deal. In fact, it’s being referred to as one of the worst
breaches in history, considering the extent of the information that has been
stolen.
Timeline Of Response
Equifax told the world that they discovered the breach on July 29th, though only
announced it publicly on September 7th. That’s over a month later. they could
have come out with an announcement right away, and suffered through months
of worried customer complaints, media frenzy, criticism and so forth. On the other
hand, they could wait to have more information, develop a strong proactive
response strategy, and get ahead of the story from the beginning.
Their crisis website is clean, organized and detailed. One thing that is often
missing from organizations’ crisis response is clearly identified stakeholder
groups and answers to each group’s individual questions and concerns.
Equifax clearly understands the necessity of addressing and providing the
relevant information to each of their stakeholder groups, not just to
consumers, the media, or the general public, for example.
For example, on their crisis website, they have three dedicated FAQ’s: one
for general questions that apply to everyone, one specific to consumers (the
impacted stakeholder group), and one specific to investors. This is a strong,
needed, and often neglected, strategy of response.
Hold Security would not name the victims, citing nondisclosure agreements and a
reluctance to name companies whose sites remained vulnerable. At the request of
The New York Times, a security expert not affiliated with Hold Security analyzed
the database of stolen credentials and confirmed it was authentic. Another
computer crime expert who had reviewed the data, but was not allowed to
discuss it publicly, said some big companies were aware that their records were
among the stolen information.
“Hackers did not just target U.S. companies, they targeted any website they could
get, ranging from Fortune 500 companies to very small websites,” said Alex
Holden, the founder and chief information security officer of Hold Security. “And
most of these sites are still vulnerable.”
There is worry among some in the security community that keeping personal
information out of the hands of thieves is increasingly a losing battle. In
December, 40 million credit card numbers and 70 million addresses, phone
numbers and additional pieces of personal information were stolen from the retail
giant Target by hackers in Eastern Europe.
But the discovery by Hold Security dwarfs those incidents, and the size of the
latest discovery has prompted security experts to call for improved identity
protection on the web.
“Companies that rely on user names and passwords have to develop a sense of
urgency about changing this,” said Avivah Litan, a security analyst at the research
firm Gartner. “Until they do, criminals will just keep stockpiling people’s
credentials.”
Websites inside Russia had been hacked, too, and Mr. Holden said he saw no
connection between the hackers and the Russian government. He said he planned
to alert law enforcement after making the research public, though the Russian
government has not historically pursued accused hackers.
So far, the criminals have not sold many of the records online. Instead, they
appear to be using the stolen information to send spam on social networks like
Twitter at the behest of other groups, collecting fees for their work.But selling
more of the records on the black market would be lucrative.
While a credit card can be easily canceled, personal credentials like an email
address, Social Security number or password can be used for identity theft.
Because people tend to use the same passwords for different sites, criminals test
stolen credentials on websites where valuable information can be gleaned, like
those of banks and brokerage firms.
Like other computer security consulting firms, Hold Security has contacts in the
criminal hacking community and has been monitoring and even communicating
with this particular group for some time.
The hacking ring is based in a small city in south central Russia, the region flanked
by Kazakhstan and Mongolia. The group includes fewer than a dozen men in their
20s who know one another personally — not just virtually. Their computer servers
are thought to be in Russia.“There is a division of labor within the gang,” Mr.
Holden said. “Some are writing the programming, some are stealing the data. It’s
like you would imagine a small company; everyone is trying to make a living.”
Yahoo: hackers favourite
target?
In 2014, Yahoo! announced it had suffered a cyber attack in 2014 that affected
500 million user accounts constituting the largest massive hacking of individual
data directed against a single company. Names, dates of birth, telephone numbers
and passwords were stolen. While the company assured users that banking data
had not been affected, it nonetheless recommended caution. Prior to this event,
in 2012, the hacker “Peace” had sold 200 million usernames and passwords for
$1900.
in March, Yahoo! confessed to being hacked once again. This time, "only" 32
million accounts were affected. But the cyberattack relaunched the investigation
of the 2014 hack, as the attackers used a tool stolen that year, allowing them to
create malicious cookies and log in without passwords. A direct result of this is
that the firm was bought by Verizon in 2017 for $ 4.5 million instead of the $ 4.8
million announced in 2016. Update (Dec 2018): Yahoo has now admitted that all
of the 3 billion user accounts had been hacked in 2013. This cyber-attack is the
most significant in Internet history.
Our security experts suggest you have a solid security baseline (or ‘Cyber
Hygiene’), in which you ensure the most obvious risks are addressed early.
Amongst this should be a continuous Vulnerability Management program, with
periodic manual pen tests on key-risk areas. After setting this baseline, you should
start addressing focus areas that are most crucial to your organization and in turn
the most likely areas a hacker would be interested in. For example, if you see an
increase in targeted phishing campaign towards C-level executives, you want to
have specific phishing and awareness campaigns around that specific topic.
Critically take a look at what your organization’s security needs are and employ
the right security solution that best fit in with your business goals and your staff.