Facebook suffered significant downtime on Monday 4th October, taking around six hours to become available again. Its sister services Messenger, WhatsApp and Instagram also suffered complete outages, with billions of users around the globe unable to access the messaging platforms. Users first noticed that they could not access Facebook at around 5 pm UTC. It soon became apparent that “backbone routing settings” were the cause of the downtime, and Facebook engineers pinpointed an issue with Domain Name System (DNS) and Border Gateway Patrol (BGP) in particular. It was revealed that Facebook updates caused problems with BGP settings, and consequently, Facebook’s servers were unreachable until fixed.
A report published on 13th September has revealed how a cybersecurity researcher accidentally broke Apple Shortcuts for millions of users. In March 2021, Frans Rosén, a bug bounty hunter from Detectify, began investigating the Apple CloudKit framework for issues. Millions noticed his discovery. Among other things, Rosén triggered a flaw in the framework that caused all Apple Shortcuts sharing links to break, temporarily disabling Shortcuts for millions of users worldwide. Rosén reported the issue to Apple immediately, who got straight to work on a fix. No customer data was affected in the find, and Apple rewarded Rosén with a bounty for his troubles.
The United States has reaffirmed its intent to fight cybercrime. In fact, one general has revealed that ransomware in particular is now a concern of national security. General Paul Nakasone of the US Cyber Command revealed in an interview that specialists across the government are now looking to fight ransomware as a number one priority. Several high-profile attacks have caused concern to the US government in recent times, including the Kaseya and Colonial Pipeline attacks, and General Nakasone admitted that ransomware has grown from a criminal activity to become a threat to national security. He plans to expose the identity of hackers, as well as impose financial penalties, among other measures.
In an effort to avoid memorising all of their passwords, many users turn to centralised solutions such as password management software. However, there is one vital issue with centralised access or password managers: All of your passwords are all hidden behind a single door, either a master password, a token or a biometric. This creates a single point of failure scenario where one login opens all your systems or reveals your treasure trove of passwords to you… and to the criminal who has your master password, token or biometric.
If this happens, then the criminal has access to all of your passwords to do with as they wish – nowadays this usually ends in credentials being used or sold for use in costly ransomware attacks. While it is convenient to login only once, this critical weakness of centralised access is the reason ransomware can happen in the first place. Which means if you remove centralised access, you remove the threat of ransomware. On the contrary, decentralised access solutions removes that hugely risky single point of failure, combine layers of protection with automated password management. This means that even if one password is stolen, the rest are protected.
Around half a million passwords were leaked online on September 9th, affecting 87,000 devices across the world. Fortinet, a network security provider, revealed that all FortiGate VPN user credentials had been stolen, and advised customers to immediately stop using the VPN while fixes and upgrades were made. Users have also been told that their passwords were completely compromised, and that they should change them before logging in again. The leak is likely to have come through a vulnerability that had not been patched, with the login credentials available to hackers in plain text format.
According to the Incident Response Analyst Report 2021, brute force hacking is on the rise in a big way. In fact, it was the single most common method of gaining access to corporate networks. The number of attacks that came from brute force methods soared from 13% in 2020 to 31.6% in 2021, a massive overall increase of around 145%. The report highlighted the need for strong password precautions and showed that many businesses are highly vulnerable. The report suggested that the rise in brute force attacks may be down to more workers logging in remotely during the pandemic. Vulnerability exploitation was the second most common method of attack, at around 31% of all cases.
