Chuck Leaver – UK Email Attack Highlights Insecurities

Written By Dr Al Hartmann And Presented By Ziften CEO Chuck Leaver

 

In cyberspace the sheep get shorn, chumps get munched, dupes get duped, and pawns get pwned. We have actually seen another terrific example of this in the recent attack on the UK Parliament e-mail system.

Instead of admitting to an e-mail system that was insecure by design, the official statement read:

Parliament has robust procedures in place to secure all our accounts and systems.

Yeah, right. The one protective step we did see in action was blame deflection – the Russians did it, that constantly works, while accusing the victims for their policy offenses. While details of the attack are limited, combing various sources does help to put together a minimum of the gross outlines. If these accounts are fairly close, the UK Parliament email system failings are atrocious.

What went wrong in this scenario?

Count on single factor authentication

“Password security” is an oxymoron – anything password protected alone is insecure, period, no matter the password strength. Please, no 2FA here, might impede attacks.

Do not impose any limit on unsuccessful login efforts

Helped by single element authentication, this enables easy brute force attacks, no skill required. But when violated, blame elite state sponsored hackers – nobody can verify.

Do not carry out brute force attack detection

Allow opponents to perform (otherwise trivially detectable) brute force attacks for prolonged durations (12 hours versus the UK Parliament system), to take full advantage of account compromise scope.

Do not impose policy, treat it as merely tips

Integrated with single element authentication, no limitation on failed logins, and no brute force attack detection, do not impose any password strength recognition. Supply assailants with very low hanging fruit.

Count on anonymous, unencrypted e-mail for delicate communications

If hackers do succeed in compromising email accounts or sniffing your network traffic, supply plenty of chance for them to score high worth message material entirely in the clear. This also conditions constituents to rely on easily spoofable email from Parliament, producing an ideal constituent phishing environment.

Lessons found out

In addition to adding “Good sense for Dummies” to their summer reading lists, the UK Parliament email system admin might wish to take more actions. Enhancing weak authentication practices, implementing policies, enhancing network and end point visibility with continuous tracking and anomaly detection, and completely reconsidering safe messaging are suggested steps. Penetration testing would have discovered these fundamental weak points while staying outside the news headlines.

Even a few clever high schoolers with a complimentary weekend might have duplicated this attack. And lastly, stop blaming the Russians for your very own security failings. Presume that any weaknesses in your security architecture and policy structure will be probed and made use of by some cyber criminals someplace across the international web. Even more incentive to find and fix those weaknesses prior to the hackers do, so get started immediately. And after that if your defenders don’t cannot see the attacks in progress, update your monitoring and analytics.

~leaverchuck1


No Responses Yet to “Chuck Leaver – UK Email Attack Highlights Insecurities”

Leave a Reply