CTC’s July 2018 Threat Report

Ukraine authorities raise red flags about the early stages of a widespread cyberattack. Meanwhile, a Florida marketing firm demonstrates that lax security measures can be as bad as a cyberattack. (At least as far as these 230 million people are concerned, anyway.) Good thing WPA3 is here; security efforts could use a boost.

Russian cyber attack on Ukraine alleged

Russian hackers are readying a massive, coordinated attack designed to unleash malware across an array of Ukranian companies, banks, and energy infrastructure firms. That’s the warning from the country’s top cyber cop.

Experts have already identified infected files across many targets. Hackers with ties to Russian sometimes target their cyber attacks against Ukraine during national holidays. Ukraine has two such holidays approaching.

Malware attacks of this size cannot be contained within a single country’s borders, however. That makes a cyber attack of this size a concern for the international community, and Ukrainian officials are working with authorities from other countries to stem any potential damage.

A Wi-Fi boost: WPA3 launches

The next generation of Wi-Fi security is now available. WPA3 promises greater protection for both professional and personal networks than its predecessor, WPA2. According to the Wi-Fi Alliance, the critical capabilities of WPA3 include:

  • For WPA3-Personal: More resilient, password-based authentication even when users choose passwords that fall short of typical complexity recommendations. WPA3 leverages Simultaneous Authentication of Equals (SAE). That’s a secure key establishment protocol between devices. It provides stronger protections for users against password guessing attempts by third parties.
  • For WPA3-Enterprise: The equivalent of 192-bit cryptographic strength, providing additional protections for networks transmitting sensitive data, such as government or finance. The 192-bit security suite ensures a consistent combination of cryptographic tools is deployed across WPA3 networks.

Hacker News provides an expanded rundown of what the protocol offers by way of security.

Propagating the WPA3 throughout the Wi-Fi industry is a years-long effort. Because of that, WPA2 devices will continue to interoperate and provide recognized security.

Personal data of every U.S. adult possibly leaked

Are you a dog person or a cat person? Do you smoke? What’s your religious affiliation?

Anyone who gained entry to the database of a Florida marketing company — held on a public server and accessible via the internet — now knows the answers to those questions for about 230 million adults in the U.S. Well, those questions and roughly 400 more personal characteristics and interests. And while no financial data or Social Security numbers were included in the database, it did contain postal and email addresses as well as phone numbers. It isn’t difficult to see how such information could be leveraged for identity theft.

Security researcher Vinny Troia uncovered the problem. He told Wired: “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.”

According to Troia, he informed the marketing company and the FBI. The data no longer appears to be publicly accessible.

How does your network security measure up?

Is your network well-protected against a cyberattack? Is the data with which you’re entrusted by colleagues and clients alike vulnerable? We can ensure a confident “yes” to those and other crucial network security questions. Follow us on Twitter or Facebook for our monthly security updates.

Reliable Security Assessments

CTC Technologies helps businesses and enterprise organizations with their cybersecurity needs, ranging from network security assessments to implementation of endpoint protection solutions, firewalls, and data loss protection. Reach out to us at 734-408-0200 to speak to one of our cybersecurity specialists or click here today.