Newsletter
Eun-Joy Newsletter
Eun-Joy's posts on Cybersecurity
January 2023
Back up Plan
E4.2023.1.14
By Eun-Joo Lee
Recently, on Wednesday, January 11, 2023, the Federal Aviation Administration(FAA) system went down for about 9 hours due to an overnight computer outage causing over 10,561 delays and 1,353 cancellation on January 13, 2023. One data file was corrupted and all the US flights were grounded. This is a single point of failure which we definitely need to avoid by creating a proper back up plan. In October, 2022, one of the internet giants called Kakao located in Seoul, Korea had a security incident due to the lack of a proper Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP). Kakao’s services went offline for approximately 11 hours because 32,000 Kakao servers were affected by a fire at the SK C&C data center.
The proper BCP/DRP plan should provide mechanisms from Natural Disasters like earthquakes, floods, storms, outages or fires. The power outages should be protected by Uninterruptible Power Supply (UPS) devices to keep them running to get emergency generators up and working. Businesses need to identify and prioritize critical business units and functions so that they can restore the highest priority units first then move on to lower priority units. When a disaster occurs in an organization, people panic, so it is a good idea to have crisis training personnels for key employees who know how to handle emergency situations properly. It is also important to communicate internally and inform the outside world. The organization must have alternate ways to communicate in case normal communication is not available. When designing a disaster recovery plan, it is essential to develop separate recovery facilities. The organization should consider proper alternate processing sites depending on the organization’s goals such as cold sites, hot sites, warm sites, mobile sites or multiple sites. In order to recover from a disaster, access to back up data is very important. The organizations need a proper backup strategy that combines more than one of the three backup types (full, incremental and differential backup plans). In addition, the storage of the backup media is critical to keep copies of the media in at least an offsite location. The FAA should have owned server infrastructures and a well designed backup process to prevent this disruption in the future. Action plans should be placed before, not after the disaster happens.
Top 5 Cyber Security Movies
E3.2023.1.7
By Eun-Joo Lee
Happy New Year! I would like to introduce some good cyber movies you can watch during your break time. First movie you can watch is WarGames (1983): a young computer genius kid accidentally connects into a top-secret super-computer to impress a girl, which has complete control over the U.S. nuclear system. President Reagan watched this movie and raised a cyber security concern to the U.S government. Second movie is The Social Network (2010): this is a story about the founder of facebook, Mark Zuckerberg in 2004. Facebook started with Harvard students and expanded with other universities like Yale, Columbia, and Stanford. Now, Facebook is the world’s largest social networking website. In October 2021, Facebook changed the company name to META, which owns Facebook, Instagram, and WhatsApp. As of today, META was fined $414 million for using personal data without user consent from the Irish Data Protection Commision (DPC). MET violated the EU’s General Data Protection Regulation (GDPR). The third movie is The Imitation Game (2014): It is a story about Alan Turing who saved millions of lives during World War 2 by cracking Germany’s Enigma secret code. And the fourth movie is Sneakers (1992): This movie is about a group of spies who discover a cyber attack program can be penetrated. The fifth movie is Enemy of State(1998): This action movie stars the famous actor, Will Smith who is a successful Washington D.C. Attorney, involved with a top-secret video from the National Security Agency. There are more good movies: Hackers (1995), The Net (1995), and Steve Jobs (2015). I want you to smell the roses during your journey and have some quality time to enjoy your life with your loved ones. Enjoy the movies!
Watch out for the EarSpy attack!
E2.2022.12.31
By Eun-Joo Lee
Today is the last day of 2022. Happy New Year! Wishing you a joyous 2023! There is an attack called EarSpy that eavesdrops on ear speakers on Android 12 or higher phones via motion sensors discovered by five American University researchers (Texas A&M university, New Jersey Institute of Technology, Temple University, University of Dayton, and Rutgers University). Ear speaker is a built-in internal speaker located on top of the smartphone. The user uses an ear speaker to listen to the conversation while the phone is held to the ear. Researchers analyze the motion sensor (accelerometer) data and use machine learning algorithms and deep learning techniques to find out if they can detect the caller’s speech information. They used the MATLAB and third-party app Physics Toolbox Sensor Suite to analyze the data for this study. As a result, researchers reveal that attackers can recognize the caller’s gender, identity and even private speech. Ear speakers used to be too weak to generate vibration for eavesdropping than the loudspeaker (located bottom of the smartphone). However, newer versions of smartphones produce much better stereo sound quality and stronger vibrations. In order to prevent the EarSpy attack, users should reduce the volume levels at a reasonable level during a phone conversation and also be more comfortable for the ears. In addition, smartphone manufacturers should design larger volume control options and properly place the motion sensor to minimize the vibration impact. This EarSpy brings more opportunities to work on preventive and mitigative plans for eavesdropping from ear speakers. The powerful speakers have benefits but it also could cause potential risk to cyber attacks.
Read the original article on Cyware
Educational Institutes are Targeted by Ransomware!
E1.2022.12.26
By Eun-Joo Lee
Happy Holidays! Let’s take a look at what’s going on during holiday seasons before we end 2022. There is lots of news on ransomware. Ransomware attacks take advantage of cryptography to exfiltrate data from compromised systems and threaten victims to leak it online if ransom is not paid. Vice Society is one of the hacking gang groups targeting U.S. educational institutions in 2022. Typically, Vice Society uses a countdown timer before publishing files online. Vice Society uses common tools like custom PowerShell scripts, backdoors (SystemBC or PortStarter) and Advanced Port/IP scanner. In June 2022, the Austrian university had a cyberattack by Vice Society affected 3,400 students and 2.200 employees. In September 2022, Los Angeles, the second largest school district with more than 640,000 students in the US, was another victim that lost 500 GB of data from Vice Society. Here’s how the attack works. First, the attacker gains access from the weak valid accounts to foot in the networks. Then, the group gathers credentials using RDP (remote desktop protocol) and gains elevated privileges to deploy ransomware. Why does Vice Society target educational organizations? Because this Vice Society gang targets organizations with weak security systems. After the cyberattack, Los Angeles district is strengthening user accounts by a multi-factor authentication process. CISA (Cybersecurity and Infrastructure Security Agency) announced the #STOPRANSOMEWARE to help network defenders to mitigate cyber threats from ransomware to proactively reduce the likelihood and impact of ransomware incidents. According to CISA, organizations prioritize and remediate known exploited vulnerabilities, train users and enforce multi-factor authentication. It is a wakeup call for other education organizations to review their current vulnerabilities and take proper procedures to protect against cyberattacks.