Tag Archive for: factor

Multi-Factor Authentication Fatigue Key Factor in Uber Breach


Earlier this week, Uber disclosed that the recent breach it suffered was made possible through a multi-factor fatigue (MFA) attack where the attacker disguised themselves as Uber IT.

MFA attacks are a form of social engineering consisting in spamming a target with repeated MFA requests until they eventually authorize access. This kind of attacks is possible when the threat actor has gained access to corporate login credentials but cannot access the account due to multi-factor authentication.

According to Uber,

It is likely that the attacker purchased the contractor’s Uber corporate password on the dark web, after the contractor’s personal device had been infected with malware.

To make sense of the likeliness of an MFA fatigue attack to succeed, security researcher Kevin Beaumont recalled on Twitter this is the same technique used in the recent LAPSUS$ attacks, about which the attacker allegedly explained: “call the employee 100 times at 1AM while he is trying to sleep and he will more than likely accept it”.

In Uber’s case, the approach was different, though. As reported by Lawrence Abrams for Bleeping Computer, security researcher Corben Leo got in touch with the hacker behind the breach and learned they contacted the targeted contractor on WhatsApp claiming they were from Uber IT and that the only way to get rid of the unstopping notifications was to accept one.

Once the attacker got their device authorized for access to Uber intranet, they began scanning the corporate network until they found a PowerShell script with admin credentials for the platform Uber uses to manage its login secrets, including DA, DUO, Onelogin, AWS, and Gsuite. This allowed them to grab source code and, more worryingly, to get access to Uber’s HackerOne bug bounty program. This in turn gave the attacker information about vulnerability reports that have not been fixed yet.

In conversation with InfoQ, Cerby’s chief trust officer Matt Chiodi stated that “if what’s being reported is true, this would be an unprecedented level of access, even when compared to SolarWinds”. One way to mitigate the impact of such incidents, according to Chiodi, is applying a Zero Trust strategy,…

Source…

Samsung unveils 512GB DRAM CXL module in E3.S form factor • The Register


Samsung has unveiled a 512-gigabyte Compute Express Link (CXL) DRAM module, which awaits servers to make it sing.

The device will ship in the EDSFF E3.S form factor – a standard most often employed in high-capacity solid-state disks (SSDs).

E3.S is expected to replace both M2 and 2.5-inch SSDs eventually, but Samsung has acknowledged that it may be some time before servers ready to handle the device appear. That time may well be spent figuring out how to make DRAM work well in E3.S, as DRAM is faster than the flash used in SSDs. The good news is PCIe 5.0 can handle that extra I/O action.

For now, the Korean giant is pleased that Lenovo has signed up to work on CXL devices.

The Chinese builder will likely get its hands on the 512GB CXL DRAM modules in Q3, when Samsung says “joint evaluation and testing” will commence, before “commercialization as next-generation server platforms become available.”

CXL matters because it enables the creation of switched fabrics that allow a host server to connect to resources on multiple other devices. Servers packing some of Samsung’s new 512GB monsters could therefore be accessed by other servers – the sort of thing VMware has started to build with its Project Capitola software-defined memory.

Samsung has its own software on the way to put the modules to work. The chaebol has an updated version of its open source Scalable Memory Development Kit in the pipeline and suggests it will take advantage of the new module and CXL.

Large memory modules are attractive because applications like AI, ML, ERP, and clouds all benefit from higher compute density and more opportunities to store data in-memory.

Samsung has previously teased 512GB DDR5 DIMMS, so it’s the implementation of CXL and form factor that makes this announcement most significant. ®

Source…

A Key Factor in Organizational Data Security





mobile-security

Smartphones have become an integral part of daily life, both personally and professionally. But their use is not risk-free.

One in three organizational data breaches are caused by a mobile device, so it is essential that all organizations develop a strong focus on mobile security.

Facial recognition or a strong pin might be enough to keep things safe from general threats, but it isn’t enough to keep mobile devices safe from cybercriminals trying to steal sensitive data.

The Numbers Speak for Themselves

Mobile devices are responsible for over 70% of online fraud. According to Statista, there are about 15 billion mobile devices in the world and one in 36 mobile devices have a high-risk app (apps that have a high number of downloads, making them prime targets of hackers) installed on them. That means 450 million devices are potential victims of cyberattacks. Users must be cautious about the kind of information they have stored on their smartphones.

Mobile Security Under Attack

With the increasing number of remote workers, mobile security needs to be a top priority for corporate security teams. Employees now routinely access company data on smartphones through emails and business communication platforms.

Mobile devices are convenient to use on the go, but that means sensitive company data is always vulnerable to attack. Here are some of the biggest threats to mobile security that employees can avoid:

  • Unsecured/Public Wi-Fi Networks: Connecting to open, unsecured Wi-Fi networks is a bad idea. Doing so could allow anyone to spy on a user’s activity, so users must never access information such as company, banking or even credit card information on such networks.
  • Weak Passwords: Do not use easily remembered passwords or those with personal, easy guessable significance, especially if the mobile devices contain both business and personal accounts.
  • Data Leaks: When users download an app, they’re prompted to allow various device permissions which often send data to remote servers. This data is often shared with advertisers to analyze user behavior, making an easy target for cybercriminals.
  • Gaps in…

Source…

The File Data Factor in Ransomware Defense: 3 Best Practices


Aside from the pandemic, ransomware has become one of the gravest threats to the global economy.  It is no longer a matter of “if” an organization is going to be attacked but “when,” according to Gartner.

The research firm predicts that 75% of organizations will face one or more attacks by 2025. National Security Institute found the average ransomware payout was $200,000 in 2020, up from just $5,000 two years ago as ransomware gangs resort to more aggressive tactics to get what they want.

Large-scale attacks on enterprises—the latest being one against Accenture—are creating regular headlines. The U.S. is the largest region for such attacks, and ransomware accounted for 30% of all U.S.-based cyberattacks in 2020, more than double the rate globally.

Why is ransomware worse now?

The word among security experts is that the Covid-19 pandemic, with its resulting lockdowns and work-from-home mandates, created an enticing new opportunity for hackers.

Employees sometimes use insecure personal devices and networks, accessing desktops over the easily-compromised Remote Desktop Protocol (RDP) software and connected by VPNs which aren’t always configured or secured properly. This has led to a perfect storm of vulnerability at even the largest corporations with massive IT budgets and large teams in place. Ransomware attacks are also becoming more sophisticated.

Ransomware software is now attacking in multiple stages, from penetrating the network, to stealing credentials, to attacking the backup systems. Over this entire time period, which can take weeks to months, companies typically don’t know they are under attack until finally someone suddenly notices files becoming encrypted and unusable.

How does this affect data storage?

Ransomware players are attacking all IT infrastructure, not just servers and applications. In 2021, the network attached storage (NAS) appliance maker QNAP alerted its customers that eCh0raix ransomware was attacking its NAS devices, especially those with weak passwords, as reported in this ransomware paper by ESET.

This is a disastrous prospect, since data growth is…

Source…