After a cyberattack, companies remain vulnerable. What CIOs can do to protect their brands

APTFilter AVGNews CERT-LatestNews FSecureNews KasperskyNews Malware McAfeeNews Security News SocialEngineering SophosNews SymantecNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic TrendMicroNews Uncategorized VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesCrypto VulnerabilitiesDBMS VulnerabilitiesFirmware VulnerabilitiesGoogle VulnerabilitiesHardware VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS VulnerabilitiesVMWare VulnerabilitiesVOIP

Here’s a security scenario that’s all too common: A company suffers from a cyberattack, then responds to it promptly and alerts its customers, warning them to change their passwords. But the company remains vulnerable through the very means it uses to alert those customers: Email. In fact, attackers can exploit that vulnerability using email that pretends to be a security warning from the company, targeting customers and wreaking even more damage.

For example, on May 31, popular cloud-based password manager OneLogin announced that it had suffered a serious security breach, and it updated its report the next day with a few more details.

The company communicated with its customers and the public promptly. OneLogin said the breach involved a hacker obtaining a set of Amazon Web Service keys and using them to gain access to OneLogin’s servers on AWS and create several new instances, which they then used to do reconnaissance. According to a customer email reported by TechCrunch, “All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.” To its credit, OneLogin responded quickly, shutting down the hackers’ access within hours and alerting its community the same day.

One detail OneLogin has not shared yet is exactly how the attackers gained access to its AWS keys, so at this point, we can only speculate. We can say, however, that if this attack is like 91 percent of cybersecurity intrusions, the initial attack vector was a phishing email.

Tagged