We had pretty severe leaks this year, right? Equifax being the top of the list, until Alteryx stepped up and redefined the concept of leaked personal data.
GOT(IT) #12! State-sponsored attacks are starting to build up as the future of global warfare, with a cold-war vibe that starts to generate tensions between the one who points the finger, and the accused; but that’s not all for the week! We have a major breach that exposed the American household and the permanent debate on passwords.
|North Korea Accused of WannaCry Ransomware|
The US officially accused the North Korean government of being behind this year’s most mischievous ransomware: WannaCry. The accusation came directly from Trump’s administration, with Australia, Canada, and New Zealand’s support, according to Thomas P. Bossert’s communicate.
The claim is backed with classified evidence that still hasn’t been disclosed; however the event does resemble past incident when North Korea was accused by Obama’s administration of targeting Sony Pictures Entertainment, and it isn’t the first time experts point at the country for hacking organizations, like Lazarus, who were tracked back to the state’s interests.
However a breaking point in the story is that experts explain that the tools utilized in WannaCry’s massive attack were in fact NSA originated; stolen by an anonymous group (Shadow Brokers), made public, and re-utilized in WannaCry’s code.
Talk about the future of cyber-warfare! Each day this concept moves forward a little bit, and scares us another bit. Specially with a year fueled with the mighty love-triangle of cyber-warfare: Russia – US – North Korea.
|123 Million US Households Data Exposed|
Huge piece of advice. Don’t. Leave. Public. AWS. Databases. 120 million American households were exposed when one of Alteryx’s Amazon databases was left public for anyone to access and download the data. How bad is it? Bad bad. Equifax bad.
The investigation lead by UpGuard revealed that, even if no names where exposed, the magnitude of the data and the type of information leaked does represent the exposure of the American consumer; the database included demographics, addresses, phone numbers, emails, banking activity, property and mortgage status, census related data (like number of children), and more financial analysis.
We’re talking about a database that’s a marketing asset as it is; 248 data fields for each household, usually at sale for commercial purposes and campaigns. Once again, the lack of regulations strikes back.
|The Password Debate|
Time to bring up a recurrent topic. Passwords. There isn’t an end to the password debate. Splashdata’s shared this year’s worst passwords and guess what… People still use “password” as their credentials, and “starwars” too apparently.
A staggering 10% of the people use one of the top 25 worst passwords according to the study. We know 100% of that 10% also wrote it on a post it note next to their PC’s, it simply adds up.
All jokes aside, it’s known that 2017 was not a good year for credentials. If it wasn’t cracked, it might be stolen through phishing, or worst, forgotten. Thus, password organizers were born to keep track, secure, and organize.
But, in a world where the rule is different passwords for different platforms, do we want to pursue a solution that offers a single key? Maybe. It depends on the solution. Encrypted keys with physical accesses (like a pendrive key!) certainly do help.
But this latest trend doesn’t: Notebook password organizers. We’re talking about books, physical books, where you write down your credentials. Books that say “password” on their cover. Simply, don’t.
So, what’s the future of passwords? Some say phrases might help against brute-force, great tip. However the concept of credentials is adapting to it’s own vulnerabilities. Take two-factor authentication as an example, it was born because millions of pass codes have been and continue to be breached.
Fingerprints and faces have now become a standard for mobile devices, but deploying them as a standard solution is quite limited by the platform, and the hardware; so the question is: is it possible to generate a global solution to passwords, that isn’t a patch? At the moment, we’re stuck with overly-complex phrases that most of us mix up…
Who won this year’s worst breach award? Was it finally Equifax, or did Alteryx step up and take the gold with the leaked marketing database?