Introduction
For Week 8 there has been no shortage of news articles to pick from. I will be covering another data breach from a large company and a large phishing attempt. Companies seem to be giving less and less details about data breaches, so I have found I need to write about other topics.
Google Phishing Attack
With all the news about the “Great Google Phishing Email” I figured I would talk about it in my blog. It is a simple phishing attempt that many people fell for even security professionals. The phishing email was simple it said “(Person’s name) has invited you to view the following document” and a button to open the link into Google Docs. Below is a screenshot of the phishing message.
If a user clicks on the link “Open in Docs” it opens a screen that says a person must allow access to Google Docs for the purpose of reading, sending, deleting and managing a person’s email along with managing a person’s contacts (Khandelwal, 2017).
If a user clicks allow, the attackers have full control over the user's email. Once full control is gain over the user’s mailbox the attackers use it to spread the phishing email. If the user has two-factor authentication enabled, it will not stop the attackers from taking over the user’s email account. Per Google, only 1 percent of Gmail users were affected by this phishing attempt, which is about 1 million people (Khandelwal, 2017). Google has since blocked the fake application and phishing email.
Even Google can be a victim of a phishing attack, so it is best to be on alert when opening documents sent by contacts. With security professionals fooled by this phishing attack, it shows that these types of attacks can be complexed. Phishing attacks are thought to be easily spotted, but that is not always the case. Even simple attacks are missed because people don’t always read the entire email, which can lead to trouble. Google already does an excellent job of blocking most phishing emails, but if you use other email clients be aware and always read the email entirely. Another good tip is to look at the sender’s email address and if it is not recognizable don’t click on any links.
SynXis Data Breach
Sabre Corp has had a breach from their software as a service application called SynXis. The application comes from Sabre’s hospitality company called “Sabre Hospitality”. The SynXis system is a reservation software that hotels used to keep track of inventory and rate information. Per saberhospitality.com over 120 property management. 2 revenue management and 7 CRM organizations use the software (http://www.sabrehospitality.com/solutions/hotel-central-reservation-systems). The hackers gain access to the SynXis application, but there is no information on what information they got ahold of or how they gained access to the system. Sabre has said the unauthorized access to the system has been terminated and security firm Mandiant is investigating the breach after notifying law enforcement (Krebs, 2017). This breach is thought to be linked to the recent hotel breaches over the last several months. On Sabre’s SynXis system login only a username and password are required and the breach maybe a result of a credential stuffing attack from recent stolen username and passwords.
Sabre is a large organization with an annual revenue of over 3 billion dollars and it seems they have not invested in security. The SynXis system does not have two-factor authentication, which could have prevented the hackers from logging onto the system. Sabre paid for cyber security insurance, but without knowing more details it’s hard to say if the insurance will cover the breach. Cyber security insurance is new, but it is like covering a person’s house or car. For some companies, it may be cheaper to buy cyber security insurance then hire a whole security team. Without more information about how the breach occurred, it is hard to say what could have been done to prevent it. Hotel companies seem to have lax security practices, which seems why hackers target them for credit and debit card information. When more information surfaces about the breach I will write a follow-up entry.
References
Khandelwal, Swati. "Warning! Don't Click that Google Docs Link You Just Received in Your Email." The Hacker News. N.p., 03 May 2017. Web. 06 May 2017. <http://thehackernews.com/2017/05/google-docs-phishing-email.html>.
Krebs, Brian. "Krebs on Security." Brian Krebs. N.p., 2 May 2017. Web. 06 May 2017. <https://krebsonsecurity.com/2017/05/breach-at-sabre-corp-s-hospitality-unit/>.
No comments:
Post a Comment