Security

Risk Based Vulnerability Management – Let’s Begin With the “Why?”on June 18, 2021 at 10:05 pm Feedzy

FeedzyRead MoreAny organization’s vulnerability management program must be a cornerstone of its cybersecurity initiative. Security vulnerabilities, if left unidentified and/or unaddressed, can bring the business down like a house of cards. As your organization adopts emerging innovation and technology, it also correspondingly outgrows in the threat landscape. This makes the protection of your most critical business […]
The post Risk Based Vulnerability Management – Let’s Begin With the “Why?” appeared first on CISO MAG | Cyber Security Magazine.

Any organization’s vulnerability management program must be a cornerstone of its cybersecurity initiative. Security vulnerabilities, if left unidentified and/or unaddressed, can bring the business down like a house of cards. As your organization adopts emerging innovation and technology, it also correspondingly outgrows in the threat landscape. This makes the protection of your most critical business assets all the more difficult.

By Doug Drew, Client Solutions Advisor, Americas, Optiv

The number (and sophistication) of threat actors continue to spiral upwards. However, the larger problem has been finding, prioritizing, and fine-tuning the response to these susceptibilities. This has always been a top priority for security professionals, but the growing number of traditional and zero-day vulnerabilities makes it difficult, if not impossible, for legacy vulnerability assessment tools to be effective.

Legacy vulnerability assessment tool? What’s that?
A legacy vulnerability assessment tool is commonly used for scanning business networks and applications for “known weaknesses.” It checks for predefined exploitable characteristics which expose business networks to possible cyberattacks. Once the scanning is complete, the tool then sends a standard report notifying IT administrators of the vulnerabilities that need remediation. This, though, is a protracted process, as administrators must manually prioritize, align and remediate the vulnerabilities.

It’s time to move away from this one-dimensional approach – the future of cybersecurity is risk-based vulnerability management (RBVM). Your vulnerability management program needs to evolve, prioritize and continue to protect the most critical business assets rather than burning time on exposures that are unlikely to be exploited. An RBVM approach is a perfect fit for this. It reduces vulnerabilities across your attack surface by prioritizing remediation based on the risks they pose to your organization.

So, how is RBVM adopted and managed? It depends on these six simple principles.

1. See the forest through the trees

The threat landscape has evolved dramatically over the past 10 years in ways that have challenged our ability to understand, manage and predict threats. This trend is continuing at an unprecedented rate and with the attack surface growing around cloud-based services, IoT and OT, the security borders are becoming more transparent, raising the bar for security teams trying to protect business assets.

Managing vulnerabilities in today’s connected landscape requires us to understand both the extent of our attack surface and also the value of each target. Without marking your operational boundaries, you can’t predict threats in the darker side of the woods; without tagging the risk value we can’t ascertain what needs to be guarded.

So, make contextual and informed decisions using a risk-based approach. Sift through the clutter of the vulnerability trees and draw parallels between essential vulnerability characteristics. Combine the criticality of the assets affected, the threat identified and the exploit intelligence available along with other key contextual elements. What you have then is a formula that helps your organization understand the actual risk posed by each vulnerability.

2. You can’t boil the ocean

There is no way to fix it all. Time is a tremendous constraint in today’s business world. 24/7 operations, limited change windows, and staffing pressures force us to focus on what matters the most – addressing risk. However, when it comes to legacy vulnerability management practices, remediation timeframes are often based on outdated industry standards like the Common Vulnerability Scoring System (CVSS).

CVSS is an open framework that defines severity scores to software vulnerabilities based on a theoretical calculation. However, a vulnerability is only as dangerous as the threat exploiting it. 95% of “high severity” CVSS score vulnerabilities have never been exploited in the wild. This means the attackers don’t care about the vulnerability score as long as they can successfully leverage these attack vectors.

In contrast, RBVM helps in prioritizing efforts based on business risks. Acting on what is specific to the real-world activities of hostile actors is requisite to staying ahead of them.

3. Don’t ignore what’s beneath the tip of the iceberg

Seven-tenths of an iceberg never appears above water, but that doesn’t mean it can’t sink your ship. Today’s tip of the iceberg involves IoT, OT, and cloud technologies – with DevOps being an important addition to the list. The landscape has changed. But, organizations need to look below the surface into traditional IT environments too. Because traditional vulnerabilities often sink the security ship. So adopt a risk-based vulnerability management approach to cover the entire attack surface. Determine the vulnerabilities and prioritize remediation of critical assets that lie both above and below the water.

4. The tail can’t wag the dog

The strategy must drive tactics, not the reverse. Some security teams have a thought process that vulnerability scanning is the “endgame.” The risk goes beyond vulnerabilities. There is an entire set of data and tools, like application scanning, configuration scanning, and pen-testing data, which gives you a different POV of your business environment and can provide valuable vulnerability insights. Focus on what matters to your business and remediate those things or you can be consumed with repetition fatigue and staff burnout.

5. Don’t be the slowest gazelle

Always remember, “if everything is important, then nothing is important.” A risk-based vulnerability management approach allows the organization to effectively assess the problem and then appropriately prioritize or deprioritize it. But true risk-based vulnerability information doesn’t just provide a complete overview of the threat landscape; it also speeds decision-making.

Combined with orchestration and automation efforts, an RBVM program can reduce both the need for human intervention and the time to remediation and validation by integrating your security tools properly. This approach will help keep you ahead of the pack and minimize disruption in your environment.

6. Risk is a team sport; lean on your teammates

Football is a classic example of a team sport. Every touchdown scored is a well-orchestrated symphony. Every player has a different role, yet the play is carried out with one end goal – putting the ball in the end zone. It’s the same with risk management in the business world.

Facing adversaries on your own can be a daunting task. This can especially seem very difficult in the case of zero-day attacks. Your defense partner may be able to hold the fort against it – or maybe not. For such scenarios, there is one team member who creates and executes the strategy – the head coach.

Organizations need to ask who are their head coaches and how well-prepared are they? If you aren’t comfortable with your answer to this question, it’s time to upgrade your operations with a prudent risk-based vulnerability management program and tools like the one from Optiv.

Need more information on this? Click here to know how Optiv can take care of your organization’s RBVM needs right away!

The post Risk Based Vulnerability Management – Let’s Begin With the “Why?” appeared first on CISO MAG | Cyber Security Magazine.

Any organization’s vulnerability management program must be a cornerstone of its cybersecurity initiative. Security vulnerabilities, if left unidentified and/or unaddressed, can bring the business down like a house of cards. As your organization adopts emerging innovation and technology, it also correspondingly outgrows in the threat landscape. This makes the protection of your most critical business assets all the more difficult.

By Doug Drew, Client Solutions Advisor, Americas, Optiv

The number (and sophistication) of threat actors continue to spiral upwards. However, the larger problem has been finding, prioritizing, and fine-tuning the response to these susceptibilities. This has always been a top priority for security professionals, but the growing number of traditional and zero-day vulnerabilities makes it difficult, if not impossible, for legacy vulnerability assessment tools to be effective.

Legacy vulnerability assessment tool? What’s that?
A legacy vulnerability assessment tool is commonly used for scanning business networks and applications for “known weaknesses.” It checks for predefined exploitable characteristics which expose business networks to possible cyberattacks. Once the scanning is complete, the tool then sends a standard report notifying IT administrators of the vulnerabilities that need remediation. This, though, is a protracted process, as administrators must manually prioritize, align and remediate the vulnerabilities.

It’s time to move away from this one-dimensional approach – the future of cybersecurity is risk-based vulnerability management (RBVM). Your vulnerability management program needs to evolve, prioritize and continue to protect the most critical business assets rather than burning time on exposures that are unlikely to be exploited. An RBVM approach is a perfect fit for this. It reduces vulnerabilities across your attack surface by prioritizing remediation based on the risks they pose to your organization.

So, how is RBVM adopted and managed? It depends on these six simple principles.

1. See the forest through the trees

The threat landscape has evolved dramatically over the past 10 years in ways that have challenged our ability to understand, manage and predict threats. This trend is continuing at an unprecedented rate and with the attack surface growing around cloud-based services, IoT and OT, the security borders are becoming more transparent, raising the bar for security teams trying to protect business assets.

Managing vulnerabilities in today’s connected landscape requires us to understand both the extent of our attack surface and also the value of each target. Without marking your operational boundaries, you can’t predict threats in the darker side of the woods; without tagging the risk value we can’t ascertain what needs to be guarded.

So, make contextual and informed decisions using a risk-based approach. Sift through the clutter of the vulnerability trees and draw parallels between essential vulnerability characteristics. Combine the criticality of the assets affected, the threat identified and the exploit intelligence available along with other key contextual elements. What you have then is a formula that helps your organization understand the actual risk posed by each vulnerability.

2. You can’t boil the ocean

There is no way to fix it all. Time is a tremendous constraint in today’s business world. 24/7 operations, limited change windows, and staffing pressures force us to focus on what matters the most – addressing risk. However, when it comes to legacy vulnerability management practices, remediation timeframes are often based on outdated industry standards like the Common Vulnerability Scoring System (CVSS).

CVSS is an open framework that defines severity scores to software vulnerabilities based on a theoretical calculation. However, a vulnerability is only as dangerous as the threat exploiting it. 95% of “high severity” CVSS score vulnerabilities have never been exploited in the wild. This means the attackers don’t care about the vulnerability score as long as they can successfully leverage these attack vectors.

In contrast, RBVM helps in prioritizing efforts based on business risks. Acting on what is specific to the real-world activities of hostile actors is requisite to staying ahead of them.

3. Don’t ignore what’s beneath the tip of the iceberg

Seven-tenths of an iceberg never appears above water, but that doesn’t mean it can’t sink your ship. Today’s tip of the iceberg involves IoT, OT, and cloud technologies – with DevOps being an important addition to the list. The landscape has changed. But, organizations need to look below the surface into traditional IT environments too. Because traditional vulnerabilities often sink the security ship. So adopt a risk-based vulnerability management approach to cover the entire attack surface. Determine the vulnerabilities and prioritize remediation of critical assets that lie both above and below the water.

4. The tail can’t wag the dog

The strategy must drive tactics, not the reverse. Some security teams have a thought process that vulnerability scanning is the “endgame.” The risk goes beyond vulnerabilities. There is an entire set of data and tools, like application scanning, configuration scanning, and pen-testing data, which gives you a different POV of your business environment and can provide valuable vulnerability insights. Focus on what matters to your business and remediate those things or you can be consumed with repetition fatigue and staff burnout.

5. Don’t be the slowest gazelle

Always remember, “if everything is important, then nothing is important.” A risk-based vulnerability management approach allows the organization to effectively assess the problem and then appropriately prioritize or deprioritize it. But true risk-based vulnerability information doesn’t just provide a complete overview of the threat landscape; it also speeds decision-making.

Combined with orchestration and automation efforts, an RBVM program can reduce both the need for human intervention and the time to remediation and validation by integrating your security tools properly. This approach will help keep you ahead of the pack and minimize disruption in your environment.

6. Risk is a team sport; lean on your teammates

Football is a classic example of a team sport. Every touchdown scored is a well-orchestrated symphony. Every player has a different role, yet the play is carried out with one end goal – putting the ball in the end zone. It’s the same with risk management in the business world.

Facing adversaries on your own can be a daunting task. This can especially seem very difficult in the case of zero-day attacks. Your defense partner may be able to hold the fort against it – or maybe not. For such scenarios, there is one team member who creates and executes the strategy – the head coach.

Organizations need to ask who are their head coaches and how well-prepared are they? If you aren’t comfortable with your answer to this question, it’s time to upgrade your operations with a prudent risk-based vulnerability management program and tools like the one from Optiv.

Need more information on this? Click here to know how Optiv can take care of your organization’s RBVM needs right away!

Risk Based Vulnerability Management – Let’s Begin With the “Why?”CISOMAGon June 18, 2021 at 10:05 pm CISO MAG | Cyber Security Magazine

Features, Sponsored Content, iot, operational technology, OT, RBVM, Risk based vulnerability management, risk based vulnerability prioritization, risk decisions, risk-based approach, threat landscape, vulnerability management, vulnerability risk managementCISO MAG | Cyber Security MagazineRead MoreAny organization’s vulnerability management program must be a cornerstone of its cybersecurity initiative. Security vulnerabilities, if left unidentified and/or unaddressed, can bring the business down like a house of cards. As your organization adopts emerging innovation and technology, it also correspondingly outgrows in the threat landscape. This makes the protection of your most critical business
The post Risk Based Vulnerability Management – Let’s Begin With the “Why?” appeared first on CISO MAG | Cyber Security Magazine.

Any organization’s vulnerability management program must be a cornerstone of its cybersecurity initiative. Security vulnerabilities, if left unidentified and/or unaddressed, can bring the business down like a house of cards. As your organization adopts emerging innovation and technology, it also correspondingly outgrows in the threat landscape. This makes the protection of your most critical business assets all the more difficult.

By Doug Drew, Client Solutions Advisor, Americas, Optiv

The number (and sophistication) of threat actors continue to spiral upwards. However, the larger problem has been finding, prioritizing, and fine-tuning the response to these susceptibilities. This has always been a top priority for security professionals, but the growing number of traditional and zero-day vulnerabilities makes it difficult, if not impossible, for legacy vulnerability assessment tools to be effective.

Legacy vulnerability assessment tool? What’s that?
A legacy vulnerability assessment tool is commonly used for scanning business networks and applications for “known weaknesses.” It checks for predefined exploitable characteristics which expose business networks to possible cyberattacks. Once the scanning is complete, the tool then sends a standard report notifying IT administrators of the vulnerabilities that need remediation. This, though, is a protracted process, as administrators must manually prioritize, align and remediate the vulnerabilities.

It’s time to move away from this one-dimensional approach – the future of cybersecurity is risk-based vulnerability management (RBVM). Your vulnerability management program needs to evolve, prioritize and continue to protect the most critical business assets rather than burning time on exposures that are unlikely to be exploited. An RBVM approach is a perfect fit for this. It reduces vulnerabilities across your attack surface by prioritizing remediation based on the risks they pose to your organization.

So, how is RBVM adopted and managed? It depends on these six simple principles.

1. See the forest through the trees

The threat landscape has evolved dramatically over the past 10 years in ways that have challenged our ability to understand, manage and predict threats. This trend is continuing at an unprecedented rate and with the attack surface growing around cloud-based services, IoT and OT, the security borders are becoming more transparent, raising the bar for security teams trying to protect business assets.

Managing vulnerabilities in today’s connected landscape requires us to understand both the extent of our attack surface and also the value of each target. Without marking your operational boundaries, you can’t predict threats in the darker side of the woods; without tagging the risk value we can’t ascertain what needs to be guarded.

So, make contextual and informed decisions using a risk-based approach. Sift through the clutter of the vulnerability trees and draw parallels between essential vulnerability characteristics. Combine the criticality of the assets affected, the threat identified and the exploit intelligence available along with other key contextual elements. What you have then is a formula that helps your organization understand the actual risk posed by each vulnerability.

2. You can’t boil the ocean

There is no way to fix it all. Time is a tremendous constraint in today’s business world. 24/7 operations, limited change windows, and staffing pressures force us to focus on what matters the most – addressing risk. However, when it comes to legacy vulnerability management practices, remediation timeframes are often based on outdated industry standards like the Common Vulnerability Scoring System (CVSS).

CVSS is an open framework that defines severity scores to software vulnerabilities based on a theoretical calculation. However, a vulnerability is only as dangerous as the threat exploiting it. 95% of “high severity” CVSS score vulnerabilities have never been exploited in the wild. This means the attackers don’t care about the vulnerability score as long as they can successfully leverage these attack vectors.

In contrast, RBVM helps in prioritizing efforts based on business risks. Acting on what is specific to the real-world activities of hostile actors is requisite to staying ahead of them.

3. Don’t ignore what’s beneath the tip of the iceberg

Seven-tenths of an iceberg never appears above water, but that doesn’t mean it can’t sink your ship. Today’s tip of the iceberg involves IoT, OT, and cloud technologies – with DevOps being an important addition to the list. The landscape has changed. But, organizations need to look below the surface into traditional IT environments too. Because traditional vulnerabilities often sink the security ship. So adopt a risk-based vulnerability management approach to cover the entire attack surface. Determine the vulnerabilities and prioritize remediation of critical assets that lie both above and below the water.

4. The tail can’t wag the dog

The strategy must drive tactics, not the reverse. Some security teams have a thought process that vulnerability scanning is the “endgame.” The risk goes beyond vulnerabilities. There is an entire set of data and tools, like application scanning, configuration scanning, and pen-testing data, which gives you a different POV of your business environment and can provide valuable vulnerability insights. Focus on what matters to your business and remediate those things or you can be consumed with repetition fatigue and staff burnout.

5. Don’t be the slowest gazelle

Always remember, “if everything is important, then nothing is important.” A risk-based vulnerability management approach allows the organization to effectively assess the problem and then appropriately prioritize or deprioritize it. But true risk-based vulnerability information doesn’t just provide a complete overview of the threat landscape; it also speeds decision-making.

Combined with orchestration and automation efforts, an RBVM program can reduce both the need for human intervention and the time to remediation and validation by integrating your security tools properly. This approach will help keep you ahead of the pack and minimize disruption in your environment.

6. Risk is a team sport; lean on your teammates

Football is a classic example of a team sport. Every touchdown scored is a well-orchestrated symphony. Every player has a different role, yet the play is carried out with one end goal – putting the ball in the end zone. It’s the same with risk management in the business world.

Facing adversaries on your own can be a daunting task. This can especially seem very difficult in the case of zero-day attacks. Your defense partner may be able to hold the fort against it – or maybe not. For such scenarios, there is one team member who creates and executes the strategy – the head coach.

Organizations need to ask who are their head coaches and how well-prepared are they? If you aren’t comfortable with your answer to this question, it’s time to upgrade your operations with a prudent risk-based vulnerability management program and tools like the one from Optiv.

Need more information on this? Click here to know how Optiv can take care of your organization’s RBVM needs right away!

The post Risk Based Vulnerability Management – Let’s Begin With the “Why?” appeared first on CISO MAG | Cyber Security Magazine.

Any organization’s vulnerability management program must be a cornerstone of its cybersecurity initiative. Security vulnerabilities, if left unidentified and/or unaddressed, can bring the business down like a house of cards. As your organization adopts emerging innovation and technology, it also correspondingly outgrows in the threat landscape. This makes the protection of your most critical business assets all the more difficult.

By Doug Drew, Client Solutions Advisor, Americas, Optiv

The number (and sophistication) of threat actors continue to spiral upwards. However, the larger problem has been finding, prioritizing, and fine-tuning the response to these susceptibilities. This has always been a top priority for security professionals, but the growing number of traditional and zero-day vulnerabilities makes it difficult, if not impossible, for legacy vulnerability assessment tools to be effective.

Legacy vulnerability assessment tool? What’s that?
A legacy vulnerability assessment tool is commonly used for scanning business networks and applications for “known weaknesses.” It checks for predefined exploitable characteristics which expose business networks to possible cyberattacks. Once the scanning is complete, the tool then sends a standard report notifying IT administrators of the vulnerabilities that need remediation. This, though, is a protracted process, as administrators must manually prioritize, align and remediate the vulnerabilities.

It’s time to move away from this one-dimensional approach – the future of cybersecurity is risk-based vulnerability management (RBVM). Your vulnerability management program needs to evolve, prioritize and continue to protect the most critical business assets rather than burning time on exposures that are unlikely to be exploited. An RBVM approach is a perfect fit for this. It reduces vulnerabilities across your attack surface by prioritizing remediation based on the risks they pose to your organization.

So, how is RBVM adopted and managed? It depends on these six simple principles.

1. See the forest through the trees

The threat landscape has evolved dramatically over the past 10 years in ways that have challenged our ability to understand, manage and predict threats. This trend is continuing at an unprecedented rate and with the attack surface growing around cloud-based services, IoT and OT, the security borders are becoming more transparent, raising the bar for security teams trying to protect business assets.

Managing vulnerabilities in today’s connected landscape requires us to understand both the extent of our attack surface and also the value of each target. Without marking your operational boundaries, you can’t predict threats in the darker side of the woods; without tagging the risk value we can’t ascertain what needs to be guarded.

So, make contextual and informed decisions using a risk-based approach. Sift through the clutter of the vulnerability trees and draw parallels between essential vulnerability characteristics. Combine the criticality of the assets affected, the threat identified and the exploit intelligence available along with other key contextual elements. What you have then is a formula that helps your organization understand the actual risk posed by each vulnerability.

2. You can’t boil the ocean

There is no way to fix it all. Time is a tremendous constraint in today’s business world. 24/7 operations, limited change windows, and staffing pressures force us to focus on what matters the most – addressing risk. However, when it comes to legacy vulnerability management practices, remediation timeframes are often based on outdated industry standards like the Common Vulnerability Scoring System (CVSS).

CVSS is an open framework that defines severity scores to software vulnerabilities based on a theoretical calculation. However, a vulnerability is only as dangerous as the threat exploiting it. 95% of “high severity” CVSS score vulnerabilities have never been exploited in the wild. This means the attackers don’t care about the vulnerability score as long as they can successfully leverage these attack vectors.

In contrast, RBVM helps in prioritizing efforts based on business risks. Acting on what is specific to the real-world activities of hostile actors is requisite to staying ahead of them.

3. Don’t ignore what’s beneath the tip of the iceberg

Seven-tenths of an iceberg never appears above water, but that doesn’t mean it can’t sink your ship. Today’s tip of the iceberg involves IoT, OT, and cloud technologies – with DevOps being an important addition to the list. The landscape has changed. But, organizations need to look below the surface into traditional IT environments too. Because traditional vulnerabilities often sink the security ship. So adopt a risk-based vulnerability management approach to cover the entire attack surface. Determine the vulnerabilities and prioritize remediation of critical assets that lie both above and below the water.

4. The tail can’t wag the dog

The strategy must drive tactics, not the reverse. Some security teams have a thought process that vulnerability scanning is the “endgame.” The risk goes beyond vulnerabilities. There is an entire set of data and tools, like application scanning, configuration scanning, and pen-testing data, which gives you a different POV of your business environment and can provide valuable vulnerability insights. Focus on what matters to your business and remediate those things or you can be consumed with repetition fatigue and staff burnout.

5. Don’t be the slowest gazelle

Always remember, “if everything is important, then nothing is important.” A risk-based vulnerability management approach allows the organization to effectively assess the problem and then appropriately prioritize or deprioritize it. But true risk-based vulnerability information doesn’t just provide a complete overview of the threat landscape; it also speeds decision-making.

Combined with orchestration and automation efforts, an RBVM program can reduce both the need for human intervention and the time to remediation and validation by integrating your security tools properly. This approach will help keep you ahead of the pack and minimize disruption in your environment.

6. Risk is a team sport; lean on your teammates

Football is a classic example of a team sport. Every touchdown scored is a well-orchestrated symphony. Every player has a different role, yet the play is carried out with one end goal – putting the ball in the end zone. It’s the same with risk management in the business world.

Facing adversaries on your own can be a daunting task. This can especially seem very difficult in the case of zero-day attacks. Your defense partner may be able to hold the fort against it – or maybe not. For such scenarios, there is one team member who creates and executes the strategy – the head coach.

Organizations need to ask who are their head coaches and how well-prepared are they? If you aren’t comfortable with your answer to this question, it’s time to upgrade your operations with a prudent risk-based vulnerability management program and tools like the one from Optiv.

Need more information on this? Click here to know how Optiv can take care of your organization’s RBVM needs right away!

The post Risk Based Vulnerability Management – Let’s Begin With the “Why?” appeared first on CISO MAG | Cyber Security Magazine.

Carnival Cruise Line Hacked Second Time in Two Yearson June 18, 2021 at 5:15 pm Feedzy

FeedzyRead MoreRecently, the U.S. Centers for Disease Control and Prevention (CDC) gave a green signal to Carnival Cruise Line to commence operations on the condition of meeting health safety protocols for its passengers. This came as a pleasant respite to the cruising industry, which had been grounded since COVID-19 ravaged through the Diamond Princess Cruise docked […]
The post Carnival Cruise Line Hacked Second Time in Two Years appeared first on CISO MAG | Cyber Security Magazine.

Recently, the U.S. Centers for Disease Control and Prevention (CDC) gave a green signal to Carnival Cruise Line to commence operations on the condition of meeting health safety protocols for its passengers. This came as a pleasant respite to the cruising industry, which had been grounded since COVID-19 ravaged through the Diamond Princess Cruise docked at the Yokohoma port in Japan. Many attributed this ship as the “Linchpin” for the spread of the virus and thus wished to stay away from such cruises. However, just when the light was finally appearing at the end of the tunnel, Carnival Cruise has been pushed back again; this time not with a biological virus but a cyberspace virus.

The world’s largest cruise ship operator has disclosed a data breach incident that took place in March and impacted an unknown number of customers, employees, and crew members of the fleet that includes Carnival Cruise Line, Holland America Line, and Princess Cruises. The data breach first came to light when the cruise line fired a notification mail to its customers. As per the notification, the company had detected unauthorized third-party access to a “limited number” of email accounts on March 19.

The data breach leaked the following information:

Data collected during the guest experience and travel booking process
Employment data of its employees
COVID and other safety test results of its employees and crew members

These data sets include “names, addresses, phone numbers, passport numbers, dates of birth, health information and in some limited instances additional personal information such as Social Security or national identification numbers.”

Incidentally, this is not the first time that Carnival Cruise Line has been under the radar of cybercriminals. In March 2020, a similar data breach incident rocked the cruise line, which was later followed by a ransomware attack in August 2020. During the ransomware incident, the company did not confirm the operators, or the amount of data compromised, but only said that some of its data files were “partly encrypted.”

However, Chris Hauk, Consumer Privacy expert at Pixel Privacy, said that it was “a case of a company not taking the steps to properly defend their networks against the bad actors of the world. As mentioned by cybersecurity firm Bad Packets, Carnival failed to patch its edge gateway devices and firewalls, even though patches have been available to fix both issues since earlier this year.”

Looking at the recurrence of these incidents, maybe Carnival Cruise Line should take its vulnerability management and threat detection programs more seriously, if not already. For the moment though, the firm has offered free credit monitoring and identity theft detection for 18 months to those affected by the latest data breach incident.

Related News:

These are the 5 Biggest Data Breaches in India in H1 2021

The post Carnival Cruise Line Hacked Second Time in Two Years appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

Recently, the U.S. Centers for Disease Control and Prevention (CDC) gave a green signal to Carnival Cruise Line to commence operations on the condition of meeting health safety protocols for its passengers. This came as a pleasant respite to the cruising industry, which had been grounded since COVID-19 ravaged through the Diamond Princess Cruise docked at the Yokohoma port in Japan. Many attributed this ship as the “Linchpin” for the spread of the virus and thus wished to stay away from such cruises. However, just when the light was finally appearing at the end of the tunnel, Carnival Cruise has been pushed back again; this time not with a biological virus but a cyberspace virus.

The world’s largest cruise ship operator has disclosed a data breach incident that took place in March and impacted an unknown number of customers, employees, and crew members of the fleet that includes Carnival Cruise Line, Holland America Line, and Princess Cruises. The data breach first came to light when the cruise line fired a notification mail to its customers. As per the notification, the company had detected unauthorized third-party access to a “limited number” of email accounts on March 19.

The data breach leaked the following information:

Data collected during the guest experience and travel booking process
Employment data of its employees
COVID and other safety test results of its employees and crew members

These data sets include “names, addresses, phone numbers, passport numbers, dates of birth, health information and in some limited instances additional personal information such as Social Security or national identification numbers.”

Incidentally, this is not the first time that Carnival Cruise Line has been under the radar of cybercriminals. In March 2020, a similar data breach incident rocked the cruise line, which was later followed by a ransomware attack in August 2020. During the ransomware incident, the company did not confirm the operators, or the amount of data compromised, but only said that some of its data files were “partly encrypted.”

However, Chris Hauk, Consumer Privacy expert at Pixel Privacy, said that it was “a case of a company not taking the steps to properly defend their networks against the bad actors of the world. As mentioned by cybersecurity firm Bad Packets, Carnival failed to patch its edge gateway devices and firewalls, even though patches have been available to fix both issues since earlier this year.”

Looking at the recurrence of these incidents, maybe Carnival Cruise Line should take its vulnerability management and threat detection programs more seriously, if not already. For the moment though, the firm has offered free credit monitoring and identity theft detection for 18 months to those affected by the latest data breach incident.

Related News:

These are the 5 Biggest Data Breaches in India in H1 2021

Carnival Cruise Line Hacked Second Time in Two YearsCISOMAGon June 18, 2021 at 5:15 pm CISO MAG | Cyber Security Magazine

News, Threats, Carnival Corporation, Carnival Cruise, Carnival Cruise Line data dreach, cruise line, cruise line data breach, data breach, second data breachCISO MAG | Cyber Security MagazineRead MoreRecently, the U.S. Centers for Disease Control and Prevention (CDC) gave a green signal to Carnival Cruise Line to commence operations on the condition of meeting health safety protocols for its passengers. This came as a pleasant respite to the cruising industry, which had been grounded since COVID-19 ravaged through the Diamond Princess Cruise docked
The post Carnival Cruise Line Hacked Second Time in Two Years appeared first on CISO MAG | Cyber Security Magazine.

Recently, the U.S. Centers for Disease Control and Prevention (CDC) gave a green signal to Carnival Cruise Line to commence operations on the condition of meeting health safety protocols for its passengers. This came as a pleasant respite to the cruising industry, which had been grounded since COVID-19 ravaged through the Diamond Princess Cruise docked at the Yokohoma port in Japan. Many attributed this ship as the “Linchpin” for the spread of the virus and thus wished to stay away from such cruises. However, just when the light was finally appearing at the end of the tunnel, Carnival Cruise has been pushed back again; this time not with a biological virus but a cyberspace virus.

The world’s largest cruise ship operator has disclosed a data breach incident that took place in March and impacted an unknown number of customers, employees, and crew members of the fleet that includes Carnival Cruise Line, Holland America Line, and Princess Cruises. The data breach first came to light when the cruise line fired a notification mail to its customers. As per the notification, the company had detected unauthorized third-party access to a “limited number” of email accounts on March 19.

The data breach leaked the following information:

Data collected during the guest experience and travel booking process
Employment data of its employees
COVID and other safety test results of its employees and crew members

These data sets include “names, addresses, phone numbers, passport numbers, dates of birth, health information and in some limited instances additional personal information such as Social Security or national identification numbers.”

Incidentally, this is not the first time that Carnival Cruise Line has been under the radar of cybercriminals. In March 2020, a similar data breach incident rocked the cruise line, which was later followed by a ransomware attack in August 2020. During the ransomware incident, the company did not confirm the operators, or the amount of data compromised, but only said that some of its data files were “partly encrypted.”

However, Chris Hauk, Consumer Privacy expert at Pixel Privacy, said that it was “a case of a company not taking the steps to properly defend their networks against the bad actors of the world. As mentioned by cybersecurity firm Bad Packets, Carnival failed to patch its edge gateway devices and firewalls, even though patches have been available to fix both issues since earlier this year.”

Looking at the recurrence of these incidents, maybe Carnival Cruise Line should take its vulnerability management and threat detection programs more seriously, if not already. For the moment though, the firm has offered free credit monitoring and identity theft detection for 18 months to those affected by the latest data breach incident.

Related News:

These are the 5 Biggest Data Breaches in India in H1 2021

The post Carnival Cruise Line Hacked Second Time in Two Years appeared first on CISO MAG | Cyber Security Magazine.

Recently, the U.S. Centers for Disease Control and Prevention (CDC) gave a green signal to Carnival Cruise Line to commence operations on the condition of meeting health safety protocols for its passengers. This came as a pleasant respite to the cruising industry, which had been grounded since COVID-19 ravaged through the Diamond Princess Cruise docked at the Yokohoma port in Japan. Many attributed this ship as the “Linchpin” for the spread of the virus and thus wished to stay away from such cruises. However, just when the light was finally appearing at the end of the tunnel, Carnival Cruise has been pushed back again; this time not with a biological virus but a cyberspace virus.

The world’s largest cruise ship operator has disclosed a data breach incident that took place in March and impacted an unknown number of customers, employees, and crew members of the fleet that includes Carnival Cruise Line, Holland America Line, and Princess Cruises. The data breach first came to light when the cruise line fired a notification mail to its customers. As per the notification, the company had detected unauthorized third-party access to a “limited number” of email accounts on March 19.

The data breach leaked the following information:

Data collected during the guest experience and travel booking process
Employment data of its employees
COVID and other safety test results of its employees and crew members

These data sets include “names, addresses, phone numbers, passport numbers, dates of birth, health information and in some limited instances additional personal information such as Social Security or national identification numbers.”

Incidentally, this is not the first time that Carnival Cruise Line has been under the radar of cybercriminals. In March 2020, a similar data breach incident rocked the cruise line, which was later followed by a ransomware attack in August 2020. During the ransomware incident, the company did not confirm the operators, or the amount of data compromised, but only said that some of its data files were “partly encrypted.”

However, Chris Hauk, Consumer Privacy expert at Pixel Privacy, said that it was “a case of a company not taking the steps to properly defend their networks against the bad actors of the world. As mentioned by cybersecurity firm Bad Packets, Carnival failed to patch its edge gateway devices and firewalls, even though patches have been available to fix both issues since earlier this year.”

Looking at the recurrence of these incidents, maybe Carnival Cruise Line should take its vulnerability management and threat detection programs more seriously, if not already. For the moment though, the firm has offered free credit monitoring and identity theft detection for 18 months to those affected by the latest data breach incident.

Related News:

These are the 5 Biggest Data Breaches in India in H1 2021

The post Carnival Cruise Line Hacked Second Time in Two Years appeared first on CISO MAG | Cyber Security Magazine.

Paying Ransom is the Primary Solution for 60% of Organizations: Studyon June 18, 2021 at 1:57 pm Feedzy

FeedzyRead MoreDespite several notices and awareness programs, most organizations are still paying ransom for data decryption post a ransomware attack. Earlier, the FBI warned companies to avoid ransom payments as it encourages others to follow suit. Recently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) also announced that paying ransom to cybercriminals […]
The post Paying Ransom is the Primary Solution for 60% of Organizations: Study appeared first on CISO MAG | Cyber Security Magazine.

Despite several notices and awareness programs, most organizations are still paying ransom for data decryption post a ransomware attack. Earlier, the FBI warned companies to avoid ransom payments as it encourages others to follow suit. Recently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) also announced that paying ransom to cybercriminals is illegal. Besides, several industry experts stated that the total cost of recovery from a ransomware attack almost doubles when organizations pay ransom to threat actors.

New research from the Neustar International Security Council (NISC) revealed that over 60% of organizations admitted that they would consider paying ransom in the event of a cyberattack. One in five organizations said they would consider paying 20% or more of their company’s annual revenue.

Key Findings

Nearly 28% of respondents said they are very confident that all members of their organization know the appropriate measures to take in the event of a ransomware attack, and a similar proportion (26%) lack confidence that this is the case.
Over 35% perceive guidance from government/official bodies to be insufficient and 26% perceive existing cybersecurity technology to be insufficient.
Ransomware, DDoS, and targeted hacking were most likely to be perceived as increasing threats to organizations during March-April 2021.
56% of enterprises surveyed in May 2021 outsource their DDoS mitigation, in line with the previous reporting period.
Enterprises were most likely to take between 60 seconds and 5 minutes to initiate DDoS mitigation in May 2021, in line with previous reporting periods.

“Companies must unite in not paying ransoms. Attackers will continue to increase their demands for ever-larger ransom amounts especially if they see that companies are willing to pay. This spiral upwards must be stopped. The better alternative is to invest proactively in mitigation strategies before the attacks, including the use of qualified providers of ‘always-on’ monitoring and filtering of traffic as part of a layered security approach,” said Rodney Joffe, NISC Chairman, SVP, and Fellow at Neustar.

Ransom Paying Trend Continues

Cybersecurity professionals are trying to place more emphasis to prevent the rising ransomware threats. Most organizations are turning to pay the ransom when their current solutions are not sufficient in detecting, mitigating, and preventing cyberthreats.

Recently, multiple popular organizations have paid huge ransoms to recover their data after a ransomware attack. The largest meat-processing giant JBS confirmed that it had paid $11 million to the REvil ransomware gang after attackers compromised its systems. The U.S. Colonial Pipeline reportedly paid $4.4 million ransom after sustaining a sophisticated ransomware attack that caused panic and massive fuel shortages in the country. Also, several industry experts raised concerns over CNA’s failure in detecting the ransomware attack, which led the company to pay a $40 million ransom to recover its systems.

The post Paying Ransom is the Primary Solution for 60% of Organizations: Study appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

Despite several notices and awareness programs, most organizations are still paying ransom for data decryption post a ransomware attack. Earlier, the FBI warned companies to avoid ransom payments as it encourages others to follow suit. Recently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) also announced that paying ransom to cybercriminals is illegal. Besides, several industry experts stated that the total cost of recovery from a ransomware attack almost doubles when organizations pay ransom to threat actors.

New research from the Neustar International Security Council (NISC) revealed that over 60% of organizations admitted that they would consider paying ransom in the event of a cyberattack. One in five organizations said they would consider paying 20% or more of their company’s annual revenue.

Key Findings

Nearly 28% of respondents said they are very confident that all members of their organization know the appropriate measures to take in the event of a ransomware attack, and a similar proportion (26%) lack confidence that this is the case.
Over 35% perceive guidance from government/official bodies to be insufficient and 26% perceive existing cybersecurity technology to be insufficient.
Ransomware, DDoS, and targeted hacking were most likely to be perceived as increasing threats to organizations during March-April 2021.
56% of enterprises surveyed in May 2021 outsource their DDoS mitigation, in line with the previous reporting period.
Enterprises were most likely to take between 60 seconds and 5 minutes to initiate DDoS mitigation in May 2021, in line with previous reporting periods.

“Companies must unite in not paying ransoms. Attackers will continue to increase their demands for ever-larger ransom amounts especially if they see that companies are willing to pay. This spiral upwards must be stopped. The better alternative is to invest proactively in mitigation strategies before the attacks, including the use of qualified providers of ‘always-on’ monitoring and filtering of traffic as part of a layered security approach,” said Rodney Joffe, NISC Chairman, SVP, and Fellow at Neustar.

Ransom Paying Trend Continues

Cybersecurity professionals are trying to place more emphasis to prevent the rising ransomware threats. Most organizations are turning to pay the ransom when their current solutions are not sufficient in detecting, mitigating, and preventing cyberthreats.

Recently, multiple popular organizations have paid huge ransoms to recover their data after a ransomware attack. The largest meat-processing giant JBS confirmed that it had paid $11 million to the REvil ransomware gang after attackers compromised its systems. The U.S. Colonial Pipeline reportedly paid $4.4 million ransom after sustaining a sophisticated ransomware attack that caused panic and massive fuel shortages in the country. Also, several industry experts raised concerns over CNA’s failure in detecting the ransomware attack, which led the company to pay a $40 million ransom to recover its systems.

Paying Ransom is the Primary Solution for 60% of Organizations: StudyCISOMAGon June 18, 2021 at 1:57 pm CISO MAG | Cyber Security Magazine

News, Threats, Cyberattacks, cybersecurity news, DDoS mitigation, NISC, paying ransom, Ransomware AttacksCISO MAG | Cyber Security MagazineRead MoreDespite several notices and awareness programs, most organizations are still paying ransom for data decryption post a ransomware attack. Earlier, the FBI warned companies to avoid ransom payments as it encourages others to follow suit. Recently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) also announced that paying ransom to cybercriminals
The post Paying Ransom is the Primary Solution for 60% of Organizations: Study appeared first on CISO MAG | Cyber Security Magazine.

Despite several notices and awareness programs, most organizations are still paying ransom for data decryption post a ransomware attack. Earlier, the FBI warned companies to avoid ransom payments as it encourages others to follow suit. Recently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) also announced that paying ransom to cybercriminals is illegal. Besides, several industry experts stated that the total cost of recovery from a ransomware attack almost doubles when organizations pay ransom to threat actors.

New research from the Neustar International Security Council (NISC) revealed that over 60% of organizations admitted that they would consider paying ransom in the event of a cyberattack. One in five organizations said they would consider paying 20% or more of their company’s annual revenue.

Key Findings

Nearly 28% of respondents said they are very confident that all members of their organization know the appropriate measures to take in the event of a ransomware attack, and a similar proportion (26%) lack confidence that this is the case.
Over 35% perceive guidance from government/official bodies to be insufficient and 26% perceive existing cybersecurity technology to be insufficient.
Ransomware, DDoS, and targeted hacking were most likely to be perceived as increasing threats to organizations during March-April 2021.
56% of enterprises surveyed in May 2021 outsource their DDoS mitigation, in line with the previous reporting period.
Enterprises were most likely to take between 60 seconds and 5 minutes to initiate DDoS mitigation in May 2021, in line with previous reporting periods.

“Companies must unite in not paying ransoms. Attackers will continue to increase their demands for ever-larger ransom amounts especially if they see that companies are willing to pay. This spiral upwards must be stopped. The better alternative is to invest proactively in mitigation strategies before the attacks, including the use of qualified providers of ‘always-on’ monitoring and filtering of traffic as part of a layered security approach,” said Rodney Joffe, NISC Chairman, SVP, and Fellow at Neustar.

Ransom Paying Trend Continues

Cybersecurity professionals are trying to place more emphasis to prevent the rising ransomware threats. Most organizations are turning to pay the ransom when their current solutions are not sufficient in detecting, mitigating, and preventing cyberthreats.

Recently, multiple popular organizations have paid huge ransoms to recover their data after a ransomware attack. The largest meat-processing giant JBS confirmed that it had paid $11 million to the REvil ransomware gang after attackers compromised its systems. The U.S. Colonial Pipeline reportedly paid $4.4 million ransom after sustaining a sophisticated ransomware attack that caused panic and massive fuel shortages in the country. Also, several industry experts raised concerns over CNA’s failure in detecting the ransomware attack, which led the company to pay a $40 million ransom to recover its systems.

The post Paying Ransom is the Primary Solution for 60% of Organizations: Study appeared first on CISO MAG | Cyber Security Magazine.

Despite several notices and awareness programs, most organizations are still paying ransom for data decryption post a ransomware attack. Earlier, the FBI warned companies to avoid ransom payments as it encourages others to follow suit. Recently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) also announced that paying ransom to cybercriminals is illegal. Besides, several industry experts stated that the total cost of recovery from a ransomware attack almost doubles when organizations pay ransom to threat actors.

New research from the Neustar International Security Council (NISC) revealed that over 60% of organizations admitted that they would consider paying ransom in the event of a cyberattack. One in five organizations said they would consider paying 20% or more of their company’s annual revenue.

Key Findings

Nearly 28% of respondents said they are very confident that all members of their organization know the appropriate measures to take in the event of a ransomware attack, and a similar proportion (26%) lack confidence that this is the case.
Over 35% perceive guidance from government/official bodies to be insufficient and 26% perceive existing cybersecurity technology to be insufficient.
Ransomware, DDoS, and targeted hacking were most likely to be perceived as increasing threats to organizations during March-April 2021.
56% of enterprises surveyed in May 2021 outsource their DDoS mitigation, in line with the previous reporting period.
Enterprises were most likely to take between 60 seconds and 5 minutes to initiate DDoS mitigation in May 2021, in line with previous reporting periods.

“Companies must unite in not paying ransoms. Attackers will continue to increase their demands for ever-larger ransom amounts especially if they see that companies are willing to pay. This spiral upwards must be stopped. The better alternative is to invest proactively in mitigation strategies before the attacks, including the use of qualified providers of ‘always-on’ monitoring and filtering of traffic as part of a layered security approach,” said Rodney Joffe, NISC Chairman, SVP, and Fellow at Neustar.

Ransom Paying Trend Continues

Cybersecurity professionals are trying to place more emphasis to prevent the rising ransomware threats. Most organizations are turning to pay the ransom when their current solutions are not sufficient in detecting, mitigating, and preventing cyberthreats.

Recently, multiple popular organizations have paid huge ransoms to recover their data after a ransomware attack. The largest meat-processing giant JBS confirmed that it had paid $11 million to the REvil ransomware gang after attackers compromised its systems. The U.S. Colonial Pipeline reportedly paid $4.4 million ransom after sustaining a sophisticated ransomware attack that caused panic and massive fuel shortages in the country. Also, several industry experts raised concerns over CNA’s failure in detecting the ransomware attack, which led the company to pay a $40 million ransom to recover its systems.

The post Paying Ransom is the Primary Solution for 60% of Organizations: Study appeared first on CISO MAG | Cyber Security Magazine.

Another Case of Unprotected Database: 5 Bn Records from Previous Data Breaches LeakedCISOMAGon June 18, 2021 at 9:58 am CISO MAG | Cyber Security Magazine

News, Threats, Bob Diachenko, Comparitech, cybersecurity news, data breach, Elasticsearch, misconfigured database, risks from data breaches, unsecured Cognyte databaseCISO MAG | Cyber Security MagazineRead MoreUnsecured databases are potential cyberthreats for organizations. Perpetrators often look for unprotected/misconfigured servers to infiltrate and compromise sensitive corporate data. A recent security research by Comparitech, led by cybersecurity researcher Bob Diachenko, revealed that cybercriminals attacked an unsecured ElasticSearch database that affected over 5 billion records. According to the report, the exposed database belongs to
The post Another Case of Unprotected Database: 5 Bn Records from Previous Data Breaches Leaked appeared first on CISO MAG | Cyber Security Magazine.

Unsecured databases are potential cyberthreats for organizations. Perpetrators often look for unprotected/misconfigured servers to infiltrate and compromise sensitive corporate data. A recent security research by Comparitech, led by cybersecurity researcher Bob Diachenko, revealed that cybercriminals attacked an unsecured ElasticSearch database that affected over 5 billion records.

According to the report, the exposed database belongs to cybersecurity analytics firm Cognyte, which was exposed online without password protection, allowing open access to strangers. The exposed database was stored by Cognyte, a cybersecurity analytics firm that stores data as part of its cyber intelligence service, which is then used to alert customers about third-party data breaches. “If a client’s contact information appeared in the database, for example, they could receive an alert notifying them that one of their accounts had been compromised. Or if they use a password that has previously been breached, they could get a notification to change it,” Cognyte said.

The leaky database is now secured after Bob Diachenko reported the issue to Cognyte.

“Cognyte was able to rapidly respond to and block a potential exposure. We appreciate such a responsible and constructive approach, which helps to raise awareness and induces companies and organizations to implement security safeguards and better protect their data,” Cognyte said.

The Data Breach Timeline

While it is unknown whether any attackers misused the leaked data, the researchers stated that the database was exposed online for at least four days:

May 28, 2021: The database was indexed by search engines.
May 29, 2021: Diachenko discovered the leaky database and immediately notified Cognyte.
June 2, 2021: Cognyte secured the database.

What data was exposed?

The database held over 5,085,132,102 records that contained information including, name, email address, password, and data source. “Not all of the data breaches from which the data was sourced included passwords, however, we could not determine an exact percentage of records that contained a password. We do not know if any other third parties were accessing the data when it was exposed, nor do we know for how long it was exposed before being indexed by search engines. Our honeypot experiments show that attackers can find and access exposed data in a matter of hours,” Cognyte added.

Security Risks from Data Leaks

Cybercriminals often exploit the personal information obtained from data breaches to steal identities and misuse it to launch credential stuffing attacks, phishing, and other fraudulent scams. Several threat actor groups often get hold of such leaked data and threaten companies to expose it online or demand ransom.

Every minute is an opportunity for threat actors if they find an unsecured server left online. Attackers can find and access exposed data in a matter of seconds or hours. Another security experiment by Comparitech discovered that cybercriminals attacked a model of an unsecured database 18 times in a single day. The company set up a honeypot to know how quickly the hackers would attack an Elasticsearch server with a dummy database and fake data in it. It found 175 attacks in just eight hours after the server was deployed, and the number of attacks in one day totaled 22.

Talking about the incident to CISO MAG, Diachenko said, “It is not the first time I encounter this type of exposure. The amount and sensitive nature of previously leaked data is tremendous, so should be the efforts of any organization in possession of this data to keep it as secured as possible and prevent it from “re-leaking”. In my opinion such incidents are no less dangerous as the original data breaches collected in such troves.”

The post Another Case of Unprotected Database: 5 Bn Records from Previous Data Breaches Leaked appeared first on CISO MAG | Cyber Security Magazine.

Unsecured databases are potential cyberthreats for organizations. Perpetrators often look for unprotected/misconfigured servers to infiltrate and compromise sensitive corporate data. A recent security research by Comparitech, led by cybersecurity researcher Bob Diachenko, revealed that cybercriminals attacked an unsecured ElasticSearch database that affected over 5 billion records.

According to the report, the exposed database belongs to cybersecurity analytics firm Cognyte, which was exposed online without password protection, allowing open access to strangers. The exposed database was stored by Cognyte, a cybersecurity analytics firm that stores data as part of its cyber intelligence service, which is then used to alert customers about third-party data breaches. “If a client’s contact information appeared in the database, for example, they could receive an alert notifying them that one of their accounts had been compromised. Or if they use a password that has previously been breached, they could get a notification to change it,” Cognyte said.

The leaky database is now secured after Bob Diachenko reported the issue to Cognyte.

“Cognyte was able to rapidly respond to and block a potential exposure. We appreciate such a responsible and constructive approach, which helps to raise awareness and induces companies and organizations to implement security safeguards and better protect their data,” Cognyte said.

The Data Breach Timeline

While it is unknown whether any attackers misused the leaked data, the researchers stated that the database was exposed online for at least four days:

May 28, 2021: The database was indexed by search engines.
May 29, 2021: Diachenko discovered the leaky database and immediately notified Cognyte.
June 2, 2021: Cognyte secured the database.

What data was exposed?

The database held over 5,085,132,102 records that contained information including, name, email address, password, and data source. “Not all of the data breaches from which the data was sourced included passwords, however, we could not determine an exact percentage of records that contained a password. We do not know if any other third parties were accessing the data when it was exposed, nor do we know for how long it was exposed before being indexed by search engines. Our honeypot experiments show that attackers can find and access exposed data in a matter of hours,” Cognyte added.

Security Risks from Data Leaks

Cybercriminals often exploit the personal information obtained from data breaches to steal identities and misuse it to launch credential stuffing attacks, phishing, and other fraudulent scams. Several threat actor groups often get hold of such leaked data and threaten companies to expose it online or demand ransom.

Every minute is an opportunity for threat actors if they find an unsecured server left online. Attackers can find and access exposed data in a matter of seconds or hours. Another security experiment by Comparitech discovered that cybercriminals attacked a model of an unsecured database 18 times in a single day. The company set up a honeypot to know how quickly the hackers would attack an Elasticsearch server with a dummy database and fake data in it. It found 175 attacks in just eight hours after the server was deployed, and the number of attacks in one day totaled 22.

Talking about the incident to CISO MAG, Diachenko said, “It is not the first time I encounter this type of exposure. The amount and sensitive nature of previously leaked data is tremendous, so should be the efforts of any organization in possession of this data to keep it as secured as possible and prevent it from “re-leaking”. In my opinion such incidents are no less dangerous as the original data breaches collected in such troves.”

The post Another Case of Unprotected Database: 5 Bn Records from Previous Data Breaches Leaked appeared first on CISO MAG | Cyber Security Magazine.

Another Case of Unprotected Database: 5 Bn Records from Previous Data Breaches Leakedon June 18, 2021 at 9:58 am Feedzy

FeedzyRead MoreUnsecured databases are potential cyberthreats for organizations. Perpetrators often look for unprotected/misconfigured servers to infiltrate and compromise sensitive corporate data. A recent security research by Comparitech, led by cybersecurity researcher Bob Diachenko, revealed that cybercriminals attacked an unsecured ElasticSearch database that affected over 5 billion records. According to the report, the exposed database belongs to […]
The post Another Case of Unprotected Database: 5 Bn Records from Previous Data Breaches Leaked appeared first on CISO MAG | Cyber Security Magazine.

Unsecured databases are potential cyberthreats for organizations. Perpetrators often look for unprotected/misconfigured servers to infiltrate and compromise sensitive corporate data. A recent security research by Comparitech, led by cybersecurity researcher Bob Diachenko, revealed that cybercriminals attacked an unsecured ElasticSearch database that affected over 5 billion records.

According to the report, the exposed database belongs to cybersecurity analytics firm Cognyte, which was exposed online without password protection, allowing open access to strangers. The exposed database was stored by Cognyte, a cybersecurity analytics firm that stores data as part of its cyber intelligence service, which is then used to alert customers about third-party data breaches. “If a client’s contact information appeared in the database, for example, they could receive an alert notifying them that one of their accounts had been compromised. Or if they use a password that has previously been breached, they could get a notification to change it,” Cognyte said.

The leaky database is now secured after Bob Diachenko reported the issue to Cognyte.

“Cognyte was able to rapidly respond to and block a potential exposure. We appreciate such a responsible and constructive approach, which helps to raise awareness and induces companies and organizations to implement security safeguards and better protect their data,” Cognyte said.

The Data Breach Timeline

While it is unknown whether any attackers misused the leaked data, the researchers stated that the database was exposed online for at least four days:

May 28, 2021: The database was indexed by search engines.

May 29, 2021: Diachenko discovered the leaky database and immediately notified Cognyte.

June 2, 2021: Cognyte secured the database.

What data was exposed?

The database held over 5,085,132,102 records that contained information including, name, email address, password, and data source. “Not all of the data breaches from which the data was sourced included passwords, however, we could not determine an exact percentage of records that contained a password. We do not know if any other third parties were accessing the data when it was exposed, nor do we know for how long it was exposed before being indexed by search engines. Our honeypot experiments show that attackers can find and access exposed data in a matter of hours,” Cognyte added.

Security Risks from Data Leaks

Cybercriminals often exploit the personal information obtained from data breaches to steal identities and misuse it to launch credential stuffing attacks, phishing, and other fraudulent scams. Several threat actor groups often get hold of such leaked data and threaten companies to expose it online or demand ransom.

Every minute is an opportunity for threat actors if they find an unsecured server left online. Attackers can find and access exposed data in a matter of seconds or hours. Another security experiment by Comparitech discovered that cybercriminals attacked a model of an unsecured database 18 times in a single day. The company set up a honeypot to know how quickly the hackers would attack an Elasticsearch server with a dummy database and fake data in it. It found 175 attacks in just eight hours after the server was deployed, and the number of attacks in one day totaled 22.

Talking about the incident to CISO MAG, Diachenko said, “It is not the first time I encounter this type of exposure. The amount and sensitive nature of previously leaked data is tremendous, so should be the efforts of any organization in possession of this data to keep it as secured as possible and prevent it from “re-leaking”. In my opinion such incidents are no less dangerous as the original data breaches collected in such troves.”

The post Another Case of Unprotected Database: 5 Bn Records from Previous Data Breaches Leaked appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

Unsecured databases are potential cyberthreats for organizations. Perpetrators often look for unprotected/misconfigured servers to infiltrate and compromise sensitive corporate data. A recent security research by Comparitech, led by cybersecurity researcher Bob Diachenko, revealed that cybercriminals attacked an unsecured ElasticSearch database that affected over 5 billion records.

According to the report, the exposed database belongs to cybersecurity analytics firm Cognyte, which was exposed online without password protection, allowing open access to strangers. The exposed database was stored by Cognyte, a cybersecurity analytics firm that stores data as part of its cyber intelligence service, which is then used to alert customers about third-party data breaches. “If a client’s contact information appeared in the database, for example, they could receive an alert notifying them that one of their accounts had been compromised. Or if they use a password that has previously been breached, they could get a notification to change it,” Cognyte said.

The leaky database is now secured after Bob Diachenko reported the issue to Cognyte.

“Cognyte was able to rapidly respond to and block a potential exposure. We appreciate such a responsible and constructive approach, which helps to raise awareness and induces companies and organizations to implement security safeguards and better protect their data,” Cognyte said.

The Data Breach Timeline

While it is unknown whether any attackers misused the leaked data, the researchers stated that the database was exposed online for at least four days:

May 28, 2021: The database was indexed by search engines.
May 29, 2021: Diachenko discovered the leaky database and immediately notified Cognyte.
June 2, 2021: Cognyte secured the database.

What data was exposed?

The database held over 5,085,132,102 records that contained information including, name, email address, password, and data source. “Not all of the data breaches from which the data was sourced included passwords, however, we could not determine an exact percentage of records that contained a password. We do not know if any other third parties were accessing the data when it was exposed, nor do we know for how long it was exposed before being indexed by search engines. Our honeypot experiments show that attackers can find and access exposed data in a matter of hours,” Cognyte added.

Talking about the incident to CISO MAG, Diachenko said, “It is not the first time I encounter this type of exposure. The amount and sensitive nature of previously leaked data is tremendous, so should be the efforts of any organization in possession of this data to keep it as secured as possible and prevent it from “re-leaking”. In my opinion such incidents are no less dangerous as the original data breaches collected in such troves.”

Security Risks from Data Leaks

Cybercriminals often exploit the personal information obtained from data breaches to steal identities and misuse it to launch credential stuffing attacks, phishing, and other fraudulent scams. Several threat actor groups often get hold of such leaked data and threaten companies to expose it online or demand ransom.

Every minute is an opportunity for threat actors if they find an unsecured server left online. Attackers can find and access exposed data in a matter of seconds or hours. Another security experiment by Comparitech discovered that cybercriminals attacked a model of an unsecured database 18 times in a single day. The company set up a honeypot to know how quickly the hackers would attack an Elasticsearch server with a dummy database and fake data in it. It found 175 attacks in just eight hours after the server was deployed, and the number of attacks in one day totaled 22.