This Week In Security - 04/06/2020
Marriott Hacked… Again
Hotel chain Marriott, announced last week it had fallen victim of yet another data breach, this one affecting around 5.2 million guests.
This is a drop in the ocean compared to the data breach two years ago, which impacted as many as 500 million guests. The most recent data breach saw hackers use stolen employee credentials to access an internal data system.
It’s believed the cybercrime activity started as early as January this year and that “personal information such as names, birthdates, and phone numbers may have been taken in the breach, along with language preferences and loyalty account numbers”.
Although Marriott stressed that “it had no reason to believe account passwords for Marriott’s Bonvoy rewards program or financial information such as credit card numbers, passport information or driver’s licenses were accessed”, experts say the breach could still be problematic.
According to the chief strategy officer at Terbium Labs, Tyler Carbone, “From what we know of the information exposed, this is the kind of data that provides good raw material for cybercrime”.
Marriott has informed affected customers of the breach and set up a dedicated website for customers to check to see if their data was affected by the incident.
UK PM Zooms into Cybersecurity Controversy
After testing positive for coronavirus, Boris Johnson turned to Zoom video conferencing software to host the last Cabinet meeting.
Clearly proud of his grasp of technology, he tweeted a photo of the meeting, inadvertently revealing the room ID for the meeting and, according to senior security strategist, Jonathan Knudsen, “one or two personal IDs that might correspond to email addresses”.
The Ministry of Defense raised concerns over Zoom’s security last week and Johnson’s posting of meeting details will only have exacerbated those anxieties. Cybersecurity experts have warned that “Zoom users should treat their Zoom meeting IDs as sensitive and should not share them on social media”.
Meanwhile, Downing Street defended the prime minister, saying the virtual Cabinet meeting was password protected and used a unique meeting ID. A government spokesperson went on to say it was following advice from the National Cyber Security Center (NCSC) which said, “there is no security reason for Zoom not to be used for conversations below a certain classification”.
Let’s hope they’re right and Johnson and his colleagues manage to avoid the embarrassment experienced by other officials who have already been the victims of so-called Zoombombing – in which uninvited guests disrupt meetings with offensive material.
Privacy Rights Trampled as Coronavirus Hits South Africa
The South African president, Cyril Ramaphosa, announced on Monday that the government will use mobile tracking technology to trace those infected with the virus.
Addressing the nation, Ramaphosa said, “Using mobile technology, an extensive tracing system will be rapidly deployed to trace those who have been in contact with confirmed Coronavirus cases and to monitor the geographical location of new cases in real-time”.
While the need for such technology is understandable, it nevertheless raises concerns about individuals’ privacy rights, just as it did when the US government floated the idea.
Speaking on behalf of Vodacom, the largest cell phone provider in South Africa, spokesperson Byron Kennedy said the government had approached them, requesting “high-level aggregated data on how people are moving to help curb the spread of COVID-19”.
According to Kennedy, such tracking “doesn’t not include personal information” and “won’t breach privacy laws”. Others argue that “the gathering of information about individuals and their movements, must be done with the consent of the community”.
Anne Liu, a global health expert at Columbia University also defended the concept, saying, “If you can package this … in a way that protects individual privacy as best you can, it can be something positive”.
Microsoft Warns Hospitals of Ransomware Risks
While healthcare services all over the world battle to control the coronavirus pandemic, technology giant Microsoft is trying to boost the immunity of its online systems.
Like millions of others, many non-essential healthcare workers are now working from home, triggering a cornucopia of cybersecurity concerns and vulnerabilities. Microsoft’s warning raises awareness of human-operated ransomware campaigns which it says “are a cut above “run-of-the-mill” commodity ransomware” attacks and pose a significant threat to healthcare facilities.
In a blog post, Microsoft said it had sent out a “targeted notification with important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular vulnerabilities and others”.
Vulnerabilities include gateways and VPN servers, the latter of which have already been targeted by the cybercrime group REvil which has been “preying on flaws in vulnerable VPN servers to steal passwords, which can then be used to infiltrate an organization’s IT infrastructure”.
With many healthcare facilities relying on outdated software, like Windows 7, making them even more vulnerable. Microsoft urged healthcare organizations to apply security patches and use strong passwords as well as multi-factor authentication where available to mitigate the threats.