Earlier this year, law enforcement took down Emotet’s malware botnet, back in January. “The Emotet malware botnet was taken down by law enforcement in the US, Canada, and Europe, disrupting what Europol said was the world’s most dangerous botnet that had been plaguing the internet since 2014.” (zdnet.com, 2021) The FBI collected the email addresses and other personal data from the servers and handed the sum of 4.3 million emails over to a service called Have I Been Pwned (HIBP). The goal of this handoff was to make the process of notifying those who were affected by the hack easier. “HIBP currently contains 11 billion ‘pwned’ accounts from a range of data breaches that have happened over the past decade, as well as huge credential-stuffing lists found on the internet that are used by criminals to hijack accounts with previously breached email addresses and passwords.” (zdnet.com, 2021)
More recently discovered, hackers repeatedly accessed and abused known vulnerabilities a widely used remote connectivity tool, Pulse Secure VPN, to gain access to government agencies. “At least five federal civilian agencies appear to have been breached in the latest hack to hit the US government, a discovery that follows emergency measures to mitigate potential damage from the incident.” (cnn.com, 2021) Over the past few weeks, the full extent of this breach has been being accessed to determine the damage. In the meantime, CISA has been encouraging the deployment of integrity tools to check for further compromise.
And as if news of our own government agencies being hacked doesn’t alarm you enough, recently Experian was forced to fix “a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address.” (krebsonsecurity.com, 2021)
How it Could Affect You:
If your data was included in the recovery, you may need to take action. Suggested steps include 1.) Keeping your antivirus security software up to date and 2.) Change your email account password and any other security questions and passwords that you keep stored in your inbox or web browser. (zdnet.com, 2021) The Pulse Secure attack is unlike and unrelated to the other major hacks that we have already witnessed this year. This attack was specific, targeted, and intentionally toward government agencies. Scary stuff! This, however, is further evidence that cybersecurity and exercised best practices are extremely important at all levels of business.
With regards to the credit bureau breach, “Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.” (krebsonsecurity.com, 2021)
Hodgson Can Help:
Hodgson Consulting & Solutions specializes in securing data and information loss prevention for companies with multiple locations and/or a remote workforce. We offer full solutions for your IT needs, not just quick fixes. Your business needs more! Hodgson Consulting & Solutions can provide the exact security solutions and IT best practices for your business. Contact us to receive a FREE 17-point Confidential Technology Security Consultation and also learn more about our Managed Security Service Plans. Sign up below for your FREE Dark Web Scan today!