A spate of zero-day exploits against Twitter, Rackspace and others late last year showed the limits of a cybersecurity workforce under duress, a step behind and understaffed with some 3.4 million vacant seats.
This week rang in 2023 with a chorus of news on ransomware, DDoS, mass exfiltration, phishing attacks, revelations of attacks past, and threats of attacks to come.
For whom did the bell toll? Lately, it tolls for Twitter, the Los Angeles Housing Authority, The Guardian, Rackspace, financial institutions in Africa and several others — all thanks to threat actors like Royal, Play and Bluebottle.
SEE: Cloud email services bolster encryption against hackers (TechRepublic)
How was Twitter’s security breached?
The exfiltration of a reputed 230 million Twitter users’ private-date records was due to a zero-day application programming interface flaw by an attacker who may or may not be known as Ryushi.
The attack also shows that sometimes it pays to pay. Having obtained millions of email addresses and phone numbers from Twitter, the malefactor claimed to have requested $200,000 from Twitter before being rebuffed. They then exposed the private information in late December.
Crane Hassold, director of threat intelligence at Abnormal Security, said the incident underscores the importance of ensuring that APIs sending and receiving potentially sensitive information about user accounts are secured so a bad actor can’t exploit them for malicious purposes.
“By knowing which third-party applications are vulnerable, the team can understand the risk and take steps to mitigate it,” he said.
Hassold added that there’s a major difference between this incident and other attacks involving payment demands, like ransomware.
“There’s a sense of moral entitlement and victim-blaming instead of being motivated by pure financial gain, which is what we generally see in similar attacks,” he said.
Ceri Shaw, chief delivery officer at CodeClan, an SQA accredited digital skills academy, said that Twitter users who notice suspicious activity — such as password reset emails, unusual pop-ups on their device and targeted phishing emails — should review security settings and regularly update their passwords to include special characters, letters and numbers with no relevance to personal information.
Was this another leadership snafu at Twitter?
Dan O’Dowd, founder of The Dawn Project, said the data breach raised concerns about the level of security at Twitter in the wake of Elon Musk’s takeover.
“Given Elon Musk’s lackadaisical attitude toward regulation and his recent firing frenzy at Twitter, a breach of this severity was inevitable,” he said. “Urgent questions must now be asked of Twitter’s data protection capabilities, as the site’s popularity makes it a prime target for hackers.”
Pointing to recent issues with Tesla’s autonomous driving technology, he added that the data breach might not be terribly surprising given that Musk employed a large number of Tesla’s engineers at Twitter.
SEE: Machine-Learning Python package compromised in supply chain attack (TechRepublic)
How often were the academic and public sectors attacked in 2022?
EmiSoft’s yearly State of Ransomware in the US report detailed that last year, 106 local governments, 44 colleges and universities, 45 school districts and 25 healthcare providers were attacked for ransom. In the latter sector, the group said the most significant incident of the year was on CommonSpirit Health, which operates almost 150 hospitals.
The report also noted that the number of ransomware attacks on U.S. state and local governments has remained fairly flat since 2019, when the firm recorded 113 attacks, and 2022, when it recorded 106 attacks. The same is true for education, with the number of yearly attacks between 2019 and 2022 remaining in the high 80s.
Another observation by EmiSoft: Attacks have veered from major cities like Baltimore and Atlanta to smaller governments.
“This may indicate that larger governments are now making better use of their larger cybersecurity budgets, while smaller governments with smaller budgets remain vulnerable,” the group said.
SEE: FIN7 threat actor updated its ransomware activity (TechRepublic)
Is the workforce ready?
Short answer? No. (ISC)², in its 2022 survey on the state of the global cybersecurity workforce, wrote that there are far too few heads for all the vacancies. The firm’s 2022 Cybersecurity Workforce Study, based on a survey of some 11,779 international security practitioners and leaders, found that the global cyber workforce of 4.7 million is still about 3.4 million short of sufficient. In North America, the shortfall is over 436,000 workers.
“While the cybersecurity workforce is growing rapidly, demand is growing even faster,” said the study, which revealed that despite adding more than 464,000 workers in the past year, the cybersecurity workforce gap has grown more than twice as much as the workforce with a 26.2% year-over-year increase, “making it a profession in dire need of more people,” said the report.
To get up to speed on the best way to deal with network intrusion, in part by establishing guidelines for how to detect incursions on organizational networks, procedures for reacting and remediating threats, as well as ways to mitigate threats in the future, download TechRepublic Premium’s lowdown on Intrusion Detection Policy.