Security News Survey – January 18, 2019

A look at the world’s biggest credential dump, 3 terabytes of exposed FBI data, and running a business on pen and paper.

You don’t need to be in the cybersecurity industry to be familiar with the impact that cyber attacks can have on a business. One of the most challenging consequences of a serious attack is the loss of productivity. As a glued-to-my-computer employee, I shudder at the prospect of an entire business being taken offline entirely due to a cyber attack. How do you maintain productivity? Unfortunately, business interruptions happen, and for city officials in Texas, that prospect became a reality last week.

Ransomware shuts down City of Del Rio, Texas government servers

A ransomware attack on the City of Del Rio, Texas left the city officials without electronic services. According to the city, the ransomware (which attacked and disabled the city’s servers) was isolated and the incident was promptly reported to the FBI. They’re not sure yet if any sensitive data from customers or employees was compromised, so we’ll have to wait to learn more about that.

Apparently, without access to government systems, Del Rio city employees resorted to business via pen and paper—just like the good ol’ days.

Public server exposes 7 years’ worth of FBI investigation data

In other cybersecurity news, 3TB of confidential data was left unprotected and publicly available on a server by the Oklahoma Securities Commission (OSC), according to a security researcher with UpGuard. The files numbered in the millions and contained information on FBI investigations, including interview details, relevant emails, bank transaction histories, witness letters, and more. The compromised investigations appear to date back seven years. The OSC has been tight-lipped about the incident, stating that investigations are underway but unable to share more details. It does appear, at least, that the server has been removed from public access.

Information collected and stored by securities commissions is a treasure trove for hackers. If we think back just a couple of years, we remember that data exfiltrated from the 2016 Securities and Exchange Commission’s (SEC) data breach was allegedly used for insider trading. This week, U.S. federal prosecutors filed charges against Oleksandr Ieremenko, a Ukrainian hacker, for that 2016 hack on the agency’s EDGAR (Electronic Data Gathering, Analysis, and Retrieval) system.

And speaking of exposed data…

774 million email addresses, 21 million passwords dumped on hacker forum

Last but absolutely not least, Collection #1—the largest public data breach to-date yet in terms of volume. 772,904,991 unique emails and 21,222,975 unique passwords (dehashed) were published to MEGA, a cloud service, and subsequently on a hacker forum. Have I Been Pwned owner and security researcher Troy Hunt reported the breach and determined that the compromised credentials did not stem from a breach of a single website, but rather a collection of data from 2,000 databases.

If you haven’t yet, check to see if your email address(es) and password(s) have been affected by this data dump at Have I Been Pwned and Pwnd Passwords, respectively. Be sure to change your passwords, and not just on the compromised email account. Remember, cybercriminals often use compromised passwords to test if the password was used for a different account of yours through a process called “credential stuffing.” Also, where it’s an option, enable multi-factor authentication to ensure that even if someone has compromised your password, they still have to face another barrier to get into your account.

We’ll be keeping an eye to see if more information emerges about Collection #1, and if—God forbid—there is a Collection #2 out there somewhere. In the meantime, practice good cyber hygiene. Create strong passwords and change them regularly. And, if you need help remembering and managing your passwords, sign up for a password manager tool like LastPass or Password1.