How Did January Kick Off Threat Protection?

It is often said that each new year brings more cybersecurity threats than the previous one. So, how is 2019 shaping up so far compared to 2018? Has the new year kicked off with better threat protection than the last year, or are cyber threats getting worse?

Let’s look at some of the major events of January to see the state of the cyber threat environment thus far:

January Threat Protection Events: Schools Heavily Targeted for Network Security Breaches

According to an article by Edsurge.com: “Just a little over a month into 2019, already about a dozen cybersecurity incidents have struck U.S. school districts… A U.S. school district becomes the victim of a cyberattack almost as often as every three days.”

Worse yet, that “every three days” figure is a lowball estimate based on the school cybersecurity breaches that get reported, as stated in the EdSurge article, “as many as 10 or 20 times more undisclosed breaches could have occurred last year in the education sector, because many districts elect not to disclose such incidents to the public.”

While the goals of these attacks remain obscure, it is noted in the article that the majority (70%) of attacks targeted wealthier school districts—though that could be because “wealthier school communities may be relying on more technology than other district types and hence are exposed to greater risks.” Wealthier school districts are more likely to use IoT devices, have open Wi-Fi networks, and have more students using mobile devices (smartphones, laptops, etc.) on campus than less wealthy districts.

January Threat Protection Events: NASA Leaves Employee Information Exposed Due to Misconfiguration

The National Aeronautics and Space Administration (NASA) suffered a cybersecurity breach that was reported in January 2019. The breach was caused not by a new cyber threat, but by a misconfiguration of a third-party app for internal collaboration. As reported by ZDNet, “A NASA web app leaked details such as employee usernames, names, email addresses, and project names… The exposure originated from one of NASA's Jira installations, a web app that most companies use for tracking projects or internal bugs and issues.”

In Jira, there’s a configuration for “Everyone” and “All Users” for providing visibility privileges to the app’s contents. The difference is that the “everyone” setting literally means everyone, and not just “everyone in the organization,” while “all users” restricts access to users in the organization. As noted in the ZDNet article, “In the past, there have been many Jira admins who have mixed up the two terms by accidentally selecting ‘Everyone’ when setting the visibility of various Jira sections… This is what appears to have happened with this particular NASA Jira installation.”

Because of this configuration mistake, the names, email addresses, and usernames of NASA’s employees were exposed to anyone and everyone on the internet who may have wanted to take a look. While this data isn’t exposing major secrets, it does provide attackers with the information they need to create more effective spear-phishing campaigns—giving teeth to another cyber threat.

January Threat Protection Events: GoDaddy Authentication Vulnerability Discovered

GoDaddy, a major web domain registrar and hosting service that has millions of registered domains and customers across the world. And, in the last week of January, it was listed in a National Cyber Security Centre (NCSC) weekly threat report for a “vulnerability with GoDaddy.com which impacts the way it handles domain name server (DNS) change requests, allowing hackers to hijack domains.”

Around 553,000 domains were made vulnerable to hijack according to the NCSC report, empowering hackers to perform scams using the hijacked domains—including “a US bomb threat hoax and a sextortion email campaign.”

Lessons We Can Learn from These Cybersecurity Events

The cybersecurity events listed above are just a small subsection of the cyber threats and network security mistakes that either happened or were uncovered in January 2019. What these events demonstrate is that cybersecurity should remain a top priority for organizations of all sizes, and that there is no end in sight to cyber threats and vulnerabilities.

A few specific lessons about threat protection and vulnerability management that can be gleaned from these incidents include:

1. Every Organization Needs Threat Management. The targeted attacks against school districts show that no organization is safe from cyber threats. Even schools—despite often having limited budgets and few liquid assets that attackers can take—are popular targets for attackers. The data on students (names, addresses, grades, etc.) could help fuel social engineering attacks in the future. In fact, organizations with limited threat management resources might even be ideal targets for many attackers, even if they lack valuable assets that attackers can profit from immediately.
   
   
2. Having More IT Assets Means Having More Network Security Vulnerabilities. The increased resources that the wealthier school districts mentioned in the Edsurge.com article may have served to expose those districts to risk. So, organizations with more assets on their network may need to apply more threat protections to compensate for their increased attack surface.
   
   
3. Configurations of Third-Party Apps Can Have Grave Cybersecurity Consequences. The misconfiguration of the Jira app by NASA employees exposed the organization to significant risk by putting basic information out where virtually anyone with an internet connection could see it. This proves how critical it is for organizations to handle the installation and configuration of third-party applications with care.
   
   
4. Ongoing Vulnerability Management is a Critical Business Requirement. The flaw in GoDaddy’s DNS change request solution exposed hundreds of thousands of domains to hijacking risks—something which a penetration test could have exposed earlier. In fact, as reported by NCSC, it was a security researcher who discovered the vulnerability in the first place. Using penetration tests and other vulnerability and threat management tools can help organizations discover security flaws sooner rather than later—hopefully preventing malicious actors from using them to cause harm.

Need help improving your cybersecurity in the face of an ever-evolving threat environment? Reach out to the experts at Compuquip Cybersecurity today!