Page 3 - Threat Intelligence 8-16-2019
P. 3
Perspective:
State of the
Marketplace
Just when you thought that you might have a handle on physical
security, a new attack vector arrives. “Warshipping” is a new take on an
old practice of mailing users compromised devices. Instead of mailing
people USB drives, the packages they receive have hidden low-voltage
wireless attacking tools embedded in them. The attackers are hoping
that the mail room that the package is stored in is close to critical
systems that can be hacked via a wireless network, or that users can be
forced to authenticate to the attackers’ device using a variety of attack
methods. Keep your eyes open, and your mail room away from critical
systems.
New York has recently passed the SHIELD act, which amends the State’s
current data breach notification laws. It has refined definitions of
private and public data, as well as what is defined as a breach. One of
the key elements is that it covers access to data, as opposed to
acquisition of data, which would broaden the definition of a breach to
include more incident scenarios. “Any person or business that owns or
licenses computerized data which includes private information of New
York residents must comply with breach notification requirements,
regardless of whether the person or business conducts business in New
York” so be aware and informed.
A new scam involving LinkedIn as the delivery has been tied to the
cyberespionage group APT34. While the initial campaign has targeted
the government and utilities, it’s another reason to be wary of allowing
LinkedIn and other social media platforms on business systems without
having layers of compensating controls. Ensure that your systems are
protected and that you have updated your risk assessment prior to
allowing social media inside your business environment.
3
~Stay Secure
www.accumepartners.com
