– InfoSec stories scavenged for you from across the internet –
Your three stories for this week are:
- How to Stuff a Chicken (Dailymotion Gets Attacked)
- Old Ladies Making Payments (Mikko on Payment System Segregation)
- Cyber Attacks In Real Life (Great Awareness Video from Hiscox)
1_ How To Stuff A Chicken
(Dailymotion suffers a credential stuffing attack)
If you are on the market for some roast chicken tips, here are a few great ones from Jamie: https://www.youtube.com/watch?v=bJeUb8ToRIw
Back to today’s actual program: Credential Stuffing Attacks.
The online video streaming site Dailymotion (which is a treasure trove for bootlegging MasterChef Australia episodes) was recently the target of a Credential Stuffing Attack. According to their website, Dailymotion attracts “300 million users from around the world, who watch 3.5 billion videos on its player each month.“
Dailymotion published the following alert on January 25th 2019:
The attack consists in “guessing” the passwords of some dailymotion accounts by automatically trying a large number of combinations, or by using passwords that have been previously stolen from web sites unrelated to dailymotion.
Credential Stuffing attacks aren’t anything new. In October 2018, the American Cloud Services Provider, Akamai, published a report on Credential Stuffing attacks. They recorded around 8.35 billion credential stuffing attempts world wide between May and June 2018, with the US and Russia being the main attack sources.
The report further notes:
“These botnets attempt to log into a target site in order to assume an identity, gather information, or steal money and goods. They use lists of usernames and passwords gathered from the breaches you hear about nearly every day on the news. They’re also one of the main reasons you should be using a password manager to create unique and random strings for your passwords. Yes, remembering that “*.77H8hi9~8&” is your password is difficult, but having your login at the bank compromised is a much bigger hassle.”
There you go, don’t reuse passwords!
2_ Old Ladies and Payment Systems
(I’m not going to write too much about this one)
Mikko Hypponen from the Finnish Cyber Security company, F-Secure, did a keynote at BSides London in June 2018. During his talk ‘State of the Net’, he addressed the common issue of securing computer systems used for financial payments. However, he was not talking about securing servers and things making up advanced payment systems. He was rather talking referring to the laptops and desktops used by employees who make the actual payments that keep your business running.
And… he makes a very valid point:
Don’t use the same computer that you use for things like Facebook, Twitter, Email and Instagram for your business’ online banking system. Rather use a designated and segregated computer to load and process your payments. This simple step will go a long way in ensuring that the computers used for payments remain secure.
Have a look at the talk here:
3_ Cyber Attacks In Real Life
UK company Hiscox has made a clever video illustrating how a cyber attack would look if it happened in real life.
They show three attack scenarios:
• IP Theft: Robbing companies of their ideas and inventions.
• Phishing: Fraudulently pretending to be someone else.
• Denial of Service: Flooding the target with traffic triggering a crash.
I think this is quite effective in order to create awareness for espcially small businesses, without the usual FUD (Fear, Uncertainty and Doubt) used by lots of security vendors.
Have a look: