Cybersecurity News Roundup February 2023

Chinese Cybercriminals Obtain Thousands of Texans’ Driver’s Licenses

Image above by Gerd Altmann from Pixabay.

The Texas Department of Public Safety announced on February 27 that the personally identifiable information (PII) of a minimum of 3000 Texans with Asian descent have been compromised by an organized Chinese crime gang based in New York.

The modus operandi of the gang supposedly involved collecting the personal information of Asian-American targets from the dark web, using that information to crack password security questions on Texas.gov and finally, employing stolen credit cards to order duplicate copies of driver’s licenses that were reported to be missing. 

According to DPS, the cybercriminals took advantage of security vulnerabilities in Texas.gov, the state’s main portal which is used to order the licenses and is handled by a different agency, the Texas Department of Information Resources. The culprits created thousands of fake accounts and directed their orders to addresses that differ from those of the real license holders.  

At the time that the identity theft occurred, payment for replacement licenses were done by placing only the credit card number. The Credit Card Verification (CCV), the 3-digit code at the back of the card was not required. Due to this security lapse, the Texas DPS was duped into shipping thousands of Texans driver’s licenses to the wrong individuals.

SSL.com’s Takeaway: This case demonstrates the need for government agencies to work with cybersecurity companies to make sure that sensitive data they handle are kept secure. Steps like two-factor authentication, or in this case simply requiring the CCV would have mitigated this risk. Where specialized needs have to be met, solutions should be founded on expertise. Click here to access our PKI and Digital Certificates for Government article and learn more about how we help government institutions strengthen their cybersecurity.

Compromised Code Signing Certificates Revoked by GitHub

Image above by Pexels from Pixabay.

GitHub, a widely-used CI/CD platform for software devops, revealed that it experienced a cyberattack in December 2022. In that attack, malicious actors were able to steal code signing certificates used for Github’s Desktop and Atom applications after hacking into their repositories. 

“On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised Personal Access Token (PAT) associated with a machine account” Github said in a news release.

One certificate expired last January 4, another expired last February 1, while the third certificate was set to expire in 2027. Since the stolen code signing certificates were protected by password, GitHub maintains that they have not seen any evidence of these being used by the hackers.

The compromised credentials were immediately revoked by GitHub a day after the attack while the three stolen certificates were all revoked last February 2. In the event that any of the certificates were successfully used to sign code before their expiration date, the revocation would be able to nullify such action.

SSL.com’s Takeaway: Integrating automated code signing into a CI/CD pipeline can be challenging but SSL.com is able to offer this with certificate holder credential security through the eSigner cloud code signing service. eSigner securely stores code signing certificates in cloud-based FIPS compliant hardware appliances where only the authorized user can be given credentials and use the certificate for signing. eSigner also supports two-factor authentication for signing by using One Time Passwords (OTPs) delivered through Short Message Service (SMS) or authentication apps. Click here to learn more about SSL.com eSigner.

Activision Employee Slack Account Breached by Hacker

Image above by Kris from Pixabay.

Leading video game publisher Activision made headlines in the 3rd week of February when it gave confirmation that it suffered a data breach on December 4th of last year.  

An HR employee’s Slack account was infiltrated by hackers through social engineering, particularly SMS-based phishing. The employee was duped into providing the SMS 2FA code to the hackers leading to the data breach of other employees’ personal information and scheduled game content. 

The compromised data included the personally identifiable information of Activision employees, including names, addresses, phone numbers, and emails and the scheduled release date of future Call of Duty game content. 

Other employees were also targeted but they replied with curses, signaling that they were aware of the phishing scheme. Despite this, researchers do not think that anyone escalated the incident to the company’s cybersecurity team. Activision maintained that the hackers were not able to steal any game code.

Other companies in the entertainment software industry have also dealt with cyberattacks during the previous year. Source code for Riot Games’ popular League of Legends was breached. In September 2022, threat actors divulged upcoming footage for the newest release of Grand Theft Auto VI.

SSL.com’s Takeaway: Non-reporting by employees of security threats is one of the most common reasons why cyberattacks are able to push through. The fear of stigma or punishment associated with having been a victim of a cyberattack is one of the common reasons why employees choose not to report, thus increasing the success rate of cybercriminals. Companies should both encourage a dual culture of cyber caution and transparency of reporting whenever security errors have been committed by an employee. This will ensure that appropriate steps can be taken much quicker to stop the threat actors.    

SSL.com Client Authentication Certificates can also provide an extra layer of security that passwords alone cannot give. These can be very beneficial to video game publishers or other companies that use online workspaces because their employees are all over the world. Client Authentication Certificates restrict access to sensitive sites and applications and therefore shield online company accounts from malicious actors by ensuring that only the verified individual and holder of the digital certificate can access them. Click here for more information on SSL.com Client Authentication Certificates.

Cloudflare Overcomes Record-high Distributed Denial-of-Service (DDoS) Attack

Image by Benjamin Hartwich from Pixabay.

Cloudflare announced last February 13 that it was able to repel a massive DDoS attack that went as high as 71 millions requests per second (RPS).

Previously, Google Cloud held the record for the biggest DDoS attack which was at 46 million RPS DDoS. The attack on Cloudflare was 35% higher than Google Cloud. Included among the websites hit with the attack were hosting providers, cryptocurrency firms, and gaming companies.

A DDoS attack occurs when multiple machines disrupt the services of a host connected to a network resource by overwhelming the target computer with traffic until it ends up crashing.

Common targets are major web servers such as banks and government sites while services affected include online banking, email, and website access. With the continued popularity of video games and crypto companies, it is no wonder that threat actors targeted these industries.

SSL.com’s Takeaway: Distributed Denial of Service (DDoS) attacks can severely interrupt the operations of non-IT companies that do not have the necessary expertise and infrastructure. This is where SSL.com can help. Like Cloudflare, we also offer Content Delivery Network (CDN) service that effectively combats DDoS attacks. A CDN can dramatically decrease website load times by bringing bandwidth-intensive content closer to end users all over the globe. By establishing geographically-dispersed caches of web content on different networks, a CDN decreases a website’s vulnerability to isolated network and hardware failures. The global redundancy provided by a CDN can help insulate your origin servers and website from distributed denial of service (DDoS) attacks. Click here to know more about SSL.com’s Content Delivery Network Service.

SSL.com Announcements

1) For those looking for easy enrollment of a high volume of email signing and encryption S/MIME certificates for company staff members, Enterprise PKI (EPKI) Agreement is now available for Individual Validation + Organization Validation (IV+OV) S/MIME certificate validation. An Enterprise PKI (EPKI) Agreement allows an authorized representative to assume responsibility for retaining and validating identity evidence  of employees or contractors  within a company or organization, enabling a single validation process for an entire organization. Click this link to learn more about the EPKI Agreement Setup.

2) SSL.com’s Document Signing Watch Folder service is now available for our customers. This is a digital signing service for Windows and Linux that can be used to sign bulk volumes of electronic documents (including PDFs) by simply placing them into a local folder. Click here to learn more about the Document Signing Watch Folder service.

< p align=”justify”>3) With input from most of its membership, the CA/Browser Forum is changing the OV & IV Code Signing Key Storage Requirements. The change date is June 1, 2023. OV & IV Code Signing Certificates will be issued on Yubico USB Tokens or available via the SSL.com eSigner cloud signing service. Additional information on this change can be found on the CA/Browser Forum website. Learn more about the SSL.com eSigner cloud code signing solution: https://www.ssl.com/esigner/.

Subscribe to SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.