Not all the organizations in the world think that transparency related to cyber attacks is needed, this is specially concerning when it comes from one of the famous organizations in the world, the United Nations.
The United Nations was (again) the victim of a massive, likely state-sponsored hacker attack this past summer, according to reports from Associated Press and other sources.
To make the matters worse, the organization didn’t disclose the details and severity of the hack until those publications obtained an internal documents on the situation.
“The attack resulted in a compromise of core infrastructure components.”
the exact nature and scope of the incident could not be determined as the UN decided not to publicly disclose the breach.
From public intelligence that can be found on the internet Sometime this past July, a group of hackers took advantage of a flaw in Microsoft’s SharePoint software and an unknown type of malware to gain access to dozens of servers at the UN’s Geneva and Vienna offices, as well as the Office of the United Nations High Commissioner for Human Rights. The three offices employ approximately 4,000 staff between them.
The hackers reportedly downloaded approximately 400GB of data. The servers they breached contained sensitive employee information, but it’s not clear exactly what they were able to download. The UN doesn’t know the full extent of all the damage yet. Sometime after the attack happened, it told employees to change their passwords but didn’t share full details on the situation.
This isn’t the first time the UN has failed to disclose a cyberattack. In 2016, Emissary Panda, a group with ties to the Chinese government, accessed servers of the International Civil Aviation Organization. The UN only shared information about the breach after the Canadian Broadcasting Corporation reported on it.
The UN is automatically assuming that the attacks are state sponsored and assumes that the data and details about incidents will remain hidden unlike other high profile attacks we see that are motivated by financial needs and cause hackers to share files that were retrieved during the cyber attacks.
Phishing attacks can take a lot of time and effort, therefor the name, but sometimes hackers are getting lucky and it is worth the effort involved.
A malicious hacker gained access to the employee emails of slot machine operator Golden Entertainment, the hackers also got access to one email, which containing a wealth of customer personal data.
In a press release posted on its website, Golden Entertainment said that it was not clear if the email containing this personal data was accessed by the hacker but was informing customers as a precaution.
The US firm provides more than 10,000 gaming devices across Nevada and Montana and owns ten casino resorts.
“It would also be wise for all users who may have been breached check they have two-factor authentication implemented as this makes Credential stuffing attacks much harder for cybercriminals. “As bank details have possibly been compromised too, people need to be more aware of forthcoming phishing attacks and should enable extra fraud alerts on their accounts.”
Credential stuffing is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach) are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.
Unlike password cracking, credential stuffing attacks do not attempt to brute force or guess any passwords – the attacker simply automates the logins for thousands to millions of previously discovered credential pairs using standard web automation tools.
Credential stuffing attacks are possible because many users reuse the same username/password combination across multiple sites, with one survey reporting that 81% of users have reused a password across two or more sites.
Now after you understand what is Credential stuffing attacks take some time and make sure each password you use is unique and not repeating.
That’s it for this podcast, stay safe and see you in the next podcast.
Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.